| taxon |
c# |
c/c++ |
cuda |
go |
java |
javascript |
kotlin |
objective-c |
php |
python |
ruby |
scala |
swift |
typescript |
vb.net |
| 1 DEPRECATED: Location |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 2 7PK - Environment |
- CONFIG.CONNECTION_STRING_PASSWORD none
- CONFIG.ENABLED_DEBUG_MODE none
- CONFIG.ENABLED_TRACE_MODE none
- CONFIG.MISSING_CUSTOM_ERROR_PAGE none
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- XSS none
- XSS stored_xss
|
- INCOMPATIBLE_CAST endianness
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
|
- INCOMPATIBLE_CAST endianness
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
|
- SENSITIVE_DATA_LEAK cleartext_transmission
- XSS none
|
- CONFIG.HTTP_VERB_TAMPERING none
- CONFIG.MISSING_GLOBAL_EXCEPTION_HANDLER none
- CONFIG.SPRING_SECURITY_DEPRECATED_XSS_HEADER deprecated_xss_header
- CONFIG.SPRING_SECURITY_LOGIN_OVER_HTTP spring_security_login_over_http
- INSECURE_COMMUNICATION insecure_communication
- INSECURE_COMMUNICATION none
- INSECURE_COMMUNICATION unencrypted_connection
- INSECURE_HTTP_FIREWALL spring_security
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- XSS none
- XSS stored_xss
|
- ANGULAR_SCE_DISABLED angular_sce_disabled
- CONFIG.MISSING_GLOBAL_EXCEPTION_HANDLER winston_exception_handling
- DOM_XSS none
- REACT_DANGEROUS_INNERHTML react_set_unsafe_html
- SENSITIVE_DATA_LEAK cleartext_transmission
- VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
- XSS none
|
- INSECURE_COMMUNICATION none
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
|
- INCOMPATIBLE_CAST endianness
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
|
- SENSITIVE_DATA_LEAK cleartext_transmission
- XSS none
|
- SENSITIVE_DATA_LEAK cleartext_transmission
- XSS none
|
- XSS cross_site_scripting_hi
- XSS cross_site_scripting_inline_hi
- XSS cross_site_scripting_inline_med
- XSS cross_site_scripting_low
- XSS cross_site_scripting_med
- XSS cve_2011_0446_hi
- XSS cve_2012_3464_med
- XSS cve_2016_6316_hi
- XSS cve_2016_6316_med
- XSS unquoted_attribute_hi
- XSS unquoted_attribute_low
- XSS unquoted_attribute_med
- XSS xss_content_tag_hi
- XSS xss_content_tag_med
- XSS xss_link_to_hi
- XSS xss_link_to_href_hi
- XSS xss_link_to_href_low
- XSS xss_link_to_med
- XSS xss_to_json_hi
- XSS xss_to_json_med
|
|
- INSECURE_COMMUNICATION none
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
|
- ANGULAR_SCE_DISABLED angular_sce_disabled
- CONFIG.MISSING_GLOBAL_EXCEPTION_HANDLER winston_exception_handling
- DOM_XSS none
- REACT_DANGEROUS_INNERHTML react_set_unsafe_html
- SENSITIVE_DATA_LEAK cleartext_transmission
- VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
- XSS none
|
- CONFIG.MISSING_CUSTOM_ERROR_PAGE none
- SENSITIVE_DATA_LEAK cleartext_transmission
- XSS none
- XSS stored_xss
|
| 3 DEPRECATED: Technology-specific Environment Issues |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 4 DEPRECATED: J2EE Environment Issues |
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
|
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
|
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
|
- SENSITIVE_DATA_LEAK cleartext_transmission
|
- CONFIG.DUPLICATE_SERVLET_DEFINITION none
- CONFIG.DWR_DEBUG_MODE none
- CONFIG.HTTP_VERB_TAMPERING none
- CONFIG.JAVAEE_MISSING_HTTPONLY none
- CONFIG.MISSING_GLOBAL_EXCEPTION_HANDLER none
- CONFIG.MISSING_JSF2_SECURITY_CONSTRAINT none
- CONFIG.SPRING_SECURITY_DISABLE_AUTH_TAGS none
- CONFIG.SPRING_SECURITY_HARDCODED_CREDENTIALS none
- CONFIG.SPRING_SECURITY_LOGIN_OVER_HTTP spring_security_login_over_http
- CONFIG.SPRING_SECURITY_REMEMBER_ME_HARDCODED_KEY none
- CONFIG.SPRING_SECURITY_SESSION_FIXATION none
- CONFIG.STRUTS2_CONFIG_BROWSER_PLUGIN none
- CONFIG.STRUTS2_DYNAMIC_METHOD_INVOCATION none
- CONFIG.STRUTS2_ENABLED_DEV_MODE none
- CONFIG.UNSAFE_SESSION_TIMEOUT none
- INSECURE_COMMUNICATION insecure_communication
- INSECURE_COMMUNICATION none
- INSECURE_COMMUNICATION unencrypted_connection
- INSECURE_HTTP_FIREWALL spring_security
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
|
- CONFIG.MISSING_GLOBAL_EXCEPTION_HANDLER winston_exception_handling
- SENSITIVE_DATA_LEAK cleartext_transmission
|
- INSECURE_COMMUNICATION none
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
|
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
|
- SENSITIVE_DATA_LEAK cleartext_transmission
|
- SENSITIVE_DATA_LEAK cleartext_transmission
|
|
|
- INSECURE_COMMUNICATION none
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
|
- CONFIG.MISSING_GLOBAL_EXCEPTION_HANDLER winston_exception_handling
- SENSITIVE_DATA_LEAK cleartext_transmission
|
- SENSITIVE_DATA_LEAK cleartext_transmission
|
| 5 J2EE Misconfiguration: Data Transmission Without Encryption |
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
|
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
|
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
|
- SENSITIVE_DATA_LEAK cleartext_transmission
|
- CONFIG.SPRING_SECURITY_LOGIN_OVER_HTTP spring_security_login_over_http
- INSECURE_COMMUNICATION insecure_communication
- INSECURE_COMMUNICATION none
- INSECURE_COMMUNICATION unencrypted_connection
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
|
- SENSITIVE_DATA_LEAK cleartext_transmission
|
- INSECURE_COMMUNICATION none
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
|
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
|
- SENSITIVE_DATA_LEAK cleartext_transmission
|
- SENSITIVE_DATA_LEAK cleartext_transmission
|
|
|
- INSECURE_COMMUNICATION none
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
|
- SENSITIVE_DATA_LEAK cleartext_transmission
|
- SENSITIVE_DATA_LEAK cleartext_transmission
|
| 6 J2EE Misconfiguration: Insufficient Session-ID Length |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 7 J2EE Misconfiguration: Missing Custom Error Page |
|
|
|
|
- CONFIG.MISSING_GLOBAL_EXCEPTION_HANDLER none
|
- CONFIG.MISSING_GLOBAL_EXCEPTION_HANDLER winston_exception_handling
|
|
|
|
|
|
|
|
- CONFIG.MISSING_GLOBAL_EXCEPTION_HANDLER winston_exception_handling
|
|
| 8 J2EE Misconfiguration: Entity Bean Declared Remote |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9 J2EE Misconfiguration: Weak Access Permissions for EJB Methods |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 10 DEPRECATED: ASP.NET Environment Issues |
- CONFIG.ASP_VIEWSTATE_MAC none
- CONFIG.CONNECTION_STRING_PASSWORD none
- CONFIG.ENABLED_DEBUG_MODE none
- CONFIG.ENABLED_TRACE_MODE none
- CONFIG.MISSING_CUSTOM_ERROR_PAGE none
|
|
|
|
|
|
|
|
|
|
|
|
|
|
- CONFIG.MISSING_CUSTOM_ERROR_PAGE none
|
| 11 ASP.NET Misconfiguration: Creating Debug Binary |
- CONFIG.ENABLED_DEBUG_MODE none
- CONFIG.ENABLED_TRACE_MODE none
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 12 ASP.NET Misconfiguration: Missing Custom Error Page |
- CONFIG.MISSING_CUSTOM_ERROR_PAGE none
|
|
|
|
|
|
|
|
|
|
|
|
|
|
- CONFIG.MISSING_CUSTOM_ERROR_PAGE none
|
| 13 ASP.NET Misconfiguration: Password in Configuration File |
- CONFIG.CONNECTION_STRING_PASSWORD none
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 14 Compiler Removal of Code to Clear Buffers |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 15 External Control of System or Configuration Setting |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 16 Configuration |
- CONFIG.ASPNET_VERSION_HEADER none
- CONFIG.ASP_VIEWSTATE_MAC none
- CONFIG.CONNECTION_STRING_PASSWORD none
- CONFIG.COOKIES_MISSING_HTTPONLY none
- CONFIG.DEAD_AUTHORIZATION_RULE dead_allow_rule
- CONFIG.DEAD_AUTHORIZATION_RULE dead_deny_rule
- CONFIG.ENABLED_DEBUG_MODE none
- CONFIG.ENABLED_TRACE_MODE none
- CONFIG.MISSING_CUSTOM_ERROR_PAGE none
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
|
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
|
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
|
- SENSITIVE_DATA_LEAK cleartext_transmission
|
- CONFIG.DUPLICATE_SERVLET_DEFINITION none
- CONFIG.DWR_DEBUG_MODE none
- CONFIG.HTTP_VERB_TAMPERING none
- CONFIG.JAVAEE_MISSING_HTTPONLY none
- CONFIG.MISSING_GLOBAL_EXCEPTION_HANDLER none
- CONFIG.MISSING_JSF2_SECURITY_CONSTRAINT none
- CONFIG.SPRING_SECURITY_DEBUG_MODE spring_debug_mode_enabled
- CONFIG.SPRING_SECURITY_DISABLE_AUTH_TAGS none
- CONFIG.SPRING_SECURITY_HARDCODED_CREDENTIALS none
- CONFIG.SPRING_SECURITY_LOGIN_OVER_HTTP spring_security_login_over_http
- CONFIG.SPRING_SECURITY_REMEMBER_ME_HARDCODED_KEY none
- CONFIG.SPRING_SECURITY_SESSION_FIXATION none
- CONFIG.STRUTS2_CONFIG_BROWSER_PLUGIN none
- CONFIG.STRUTS2_DYNAMIC_METHOD_INVOCATION none
- CONFIG.STRUTS2_ENABLED_DEV_MODE none
- CONFIG.UNSAFE_SESSION_TIMEOUT none
- INSECURE_COMMUNICATION insecure_communication
- INSECURE_COMMUNICATION none
- INSECURE_COMMUNICATION unencrypted_connection
- INSECURE_HTTP_FIREWALL spring_security
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
|
- CONFIG.ENABLED_DEBUG_MODE debug_mode_enabled
- CONFIG.HANA_XS_PREVENT_XSRF_DISABLED none
- CONFIG.MISSING_GLOBAL_EXCEPTION_HANDLER winston_exception_handling
- CONFIG.UNSAFE_SESSION_TIMEOUT client_sessions_unsafe_session_timeout
- CONFIG.UNSAFE_SESSION_TIMEOUT connect_mongo_session_timeout_too_long
- CONFIG.UNSAFE_SESSION_TIMEOUT connect_redis_session_timeout_too_long
- CONFIG.UNSAFE_SESSION_TIMEOUT google_cloud_connect_datastore_unsafe_session_timeout
- CORS_MISCONFIGURATION_AUDIT cors_preflight_age_too_long
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_max_age
- INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_aws
- INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_google
- SENSITIVE_DATA_LEAK cleartext_transmission
- TEMPORARY_CREDENTIALS_DURATION temporary_credentials_duration
|
- INSECURE_COMMUNICATION none
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
|
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
|
- CONFIG.SYMFONY_CSRF_PROTECTION_DISABLED none
- SENSITIVE_DATA_LEAK cleartext_transmission
|
- SENSITIVE_DATA_LEAK cleartext_transmission
|
|
|
- INSECURE_COMMUNICATION none
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
|
- CONFIG.ENABLED_DEBUG_MODE debug_mode_enabled
- CONFIG.HANA_XS_PREVENT_XSRF_DISABLED none
- CONFIG.MISSING_GLOBAL_EXCEPTION_HANDLER winston_exception_handling
- CONFIG.UNSAFE_SESSION_TIMEOUT client_sessions_unsafe_session_timeout
- CONFIG.UNSAFE_SESSION_TIMEOUT connect_mongo_session_timeout_too_long
- CONFIG.UNSAFE_SESSION_TIMEOUT connect_redis_session_timeout_too_long
- CONFIG.UNSAFE_SESSION_TIMEOUT google_cloud_connect_datastore_unsafe_session_timeout
- CORS_MISCONFIGURATION_AUDIT cors_preflight_age_too_long
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_max_age
- INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_aws
- INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_google
- SENSITIVE_DATA_LEAK cleartext_transmission
- TEMPORARY_CREDENTIALS_DURATION temporary_credentials_duration
|
- CONFIG.MISSING_CUSTOM_ERROR_PAGE none
- SENSITIVE_DATA_LEAK cleartext_transmission
|
| 17 DEPRECATED: Code |
- ASPNET_MVC_VERSION_HEADER none
- BAD_EQ referential
- BAD_EQ_TYPES none
- BAD_LOCK_OBJECT boxed_lock
- BAD_LOCK_OBJECT interned_string_lock
- BAD_LOCK_OBJECT none
- BAD_LOCK_OBJECT single_thread_lock
- BAD_LOCK_OBJECT unsafe_assign_to_locked_field
- CONFIG.ASPNET_VERSION_HEADER none
- CONFIG.CONNECTION_STRING_PASSWORD none
- CONFIG.COOKIES_MISSING_HTTPONLY none
- CONFIG.DEAD_AUTHORIZATION_RULE dead_allow_rule
- CONFIG.DEAD_AUTHORIZATION_RULE dead_deny_rule
- CONFIG.DYNAMIC_DATA_HTML_COMMENT none
- CONFIG.ENABLED_DEBUG_MODE none
- CONFIG.ENABLED_TRACE_MODE none
- CONFIG.MISSING_CUSTOM_ERROR_PAGE none
- CONSTANT_EXPRESSION_RESULT bit_and_with_zero
- CONSTANT_EXPRESSION_RESULT extra_high_bits
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT missing_parentheses
- CONSTANT_EXPRESSION_RESULT none
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT result_independent_of_operands
- CONSTANT_EXPRESSION_RESULT same_on_both_sides
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- COPY_PASTE_ERROR none
- CSRF database_update
- CSRF filesystem_modification
- CSRF none
- DEADCODE dead_case_in_switch
- DEADCODE dead_default_in_switch
- DEADCODE effectively_constant
- DEADCODE none
- DEADCODE redundant_test
- DIVIDE_BY_ZERO float_divisor
- DIVIDE_BY_ZERO none
- FORWARD_NULL deref_constant_null
- FORWARD_NULL deref_constant_zero
- FORWARD_NULL dynamic_cast
- FORWARD_NULL none
- FORWARD_NULL null_from_as
- FORWARD_NULL throws_on_null
- GUARDED_BY_VIOLATION none
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HEADER_INJECTION none
- IDENTICAL_BRANCHES case
- IDENTICAL_BRANCHES chain
- IDENTICAL_BRANCHES if
- IDENTICAL_BRANCHES ternary
- INSECURE_COOKIE dotnet
- INSECURE_RANDOM insecure_random_used
- INSECURE_RANDOM insecure_random_value
- LDAP_INJECTION none
- LDAP_NOT_CONSTANT none
- LOCK_EVASION none
- LOCK_INVERSION none
- LOG_INJECTION none
- MISSING_AUTHZ none
- MISSING_THROW none
- NESTING_INDENT_MISMATCH bad_indentation
- NESTING_INDENT_MISMATCH none
- NON_STATIC_GUARDING_STATIC none
- NOSQL_QUERY_INJECTION none
- NULL_RETURNS none
- NULL_RETURNS unimpl
- OPEN_REDIRECT none
- OS_CMD_INJECTION command_argument
- OS_CMD_INJECTION executable_file
- OS_CMD_INJECTION none
- OVERFLOW_BEFORE_WIDEN none
- PATH_MANIPULATION none
- PROPERTY_MIXUP none
- REGEX_INJECTION none
- RESOURCE_LEAK channel
- RESOURCE_LEAK database
- RESOURCE_LEAK exceptional_path
- RESOURCE_LEAK none
- RESOURCE_LEAK socket
- RESOURCE_LEAK stream
- REVERSE_INULL none
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- UNEXPECTED_CONTROL_FLOW continue_in_do_while_false
- UNKNOWN_LANGUAGE_INJECTION none
- UNLOGGED_SECURITY_EXCEPTION unlogged_security_exception
- UNREACHABLE none
- UNRESTRICTED_DISPATCH none
- UNSAFE_DESERIALIZATION none
- UNSAFE_NAMED_QUERY none
- UNUSED_VALUE adjacent
- UNUSED_VALUE none
- VOLATILE_ATOMICITY compare
- VOLATILE_ATOMICITY none
- VOLATILE_ATOMICITY semantic
- VOLATILE_ATOMICITY threshold
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
- XML_EXTERNAL_ENTITY entity_expansion
- XML_EXTERNAL_ENTITY external_entities
- XML_EXTERNAL_ENTITY unrestricted_dtds
- XML_INJECTION none
- XPATH_INJECTION none
- XSS none
- XSS stored_xss
|
- ALLOC_FREE_MISMATCH none
- ARRAY_VS_SINGLETON none
- ATOMICITY none
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK nested_memory_access
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK sensitive_data_comparison
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_execution_data_leak
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_uninitialized_use
- AUTOSAR C++14 A15-3-3 none
- BAD_ALLOC_ARITHMETIC none
- BAD_ALLOC_STRLEN none
- BAD_COMPARE comparator_misuse
- BAD_COMPARE misuse_of_not
- BAD_COMPARE string_lit_comparison
- BAD_FREE address
- BAD_FREE alloca
- BAD_FREE array
- BAD_FREE first_field_address
- BAD_FREE function_pointer
- BAD_FREE none
- BAD_SIZEOF none
- BAD_SIZEOF sizeof_ptr_expr
- BUFFER_SIZE fixed_size_dest
- BUFFER_SIZE likely_overflow
- BUFFER_SIZE no_null_terminator
- BUFFER_SIZE no_null_terminator_warn
- BUFFER_SIZE none
- BUFFER_SIZE overflow
- BUFFER_SIZE overlapping_buffer
- CHAR_IO none
- CHECKED_RETURN library_function
- CHECKED_RETURN none
- CHECKED_RETURN returns_error_info
- CHECKED_RETURN short_read
- CHECKED_RETURN unchecked_arg
- CHECKED_RETURN user_required
- CHROOT none
- COM.ADDROF_LEAK none
- COM.BAD_FREE none
- COM.BSTR.ALLOC double_free
- COM.BSTR.ALLOC free_uninit
- COM.BSTR.ALLOC leak
- COM.BSTR.ALLOC none
- COM.BSTR.ALLOC use_after_free
- COM.BSTR.ALLOC use_uninit
- COM.BSTR.CONV none
- CONSTANT_EXPRESSION_RESULT bit_and_with_zero
- CONSTANT_EXPRESSION_RESULT extra_high_bits
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT missing_parentheses
- CONSTANT_EXPRESSION_RESULT none
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT pointless_string_compare
- CONSTANT_EXPRESSION_RESULT result_independent_of_operands
- CONSTANT_EXPRESSION_RESULT same_on_both_sides
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- COPY_PASTE_ERROR none
- CTOR_DTOR_LEAK none
- DC.PREDICTABLE_KEY_PASSWORD none
- DC.STREAM_BUFFER none
- DC.STRING_BUFFER none
- DC.WEAK_CRYPTO none
- DEADCODE dead_case_in_switch
- DEADCODE dead_default_in_switch
- DEADCODE effectively_constant
- DEADCODE none
- DEADCODE redundant_test
- DELETE_ARRAY non_array_delete
- DELETE_ARRAY none
- DELETE_ARRAY object
- DELETE_ARRAY scalar
- DIVIDE_BY_ZERO float_divisor
- DIVIDE_BY_ZERO none
- ENUM_AS_BOOLEAN none
- FLOATING_POINT_EQUALITY none
- FORMAT_STRING_INJECTION none
- FORMAT_STRING_INJECTION paranoid
- FORWARD_NULL deref_constant_null
- FORWARD_NULL dynamic_cast
- FORWARD_NULL none
- FORWARD_NULL throws_on_null
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HEADER_INJECTION none
- IDENTICAL_BRANCHES case
- IDENTICAL_BRANCHES chain
- IDENTICAL_BRANCHES if
- IDENTICAL_BRANCHES ternary
- INCOMPATIBLE_CAST endianness
- INCOMPATIBLE_CAST float_vs_integral
- INCOMPATIBLE_CAST none
- INCOMPATIBLE_CAST overrun
- INTEGER_OVERFLOW array_index_read
- INTEGER_OVERFLOW array_index_write
- INTEGER_OVERFLOW const_overflow
- INTEGER_OVERFLOW critical_argument
- INTEGER_OVERFLOW none
- INTEGER_OVERFLOW pointer_deref_read
- INTEGER_OVERFLOW pointer_deref_write
- INTEGER_OVERFLOW return_value_error
- INVALIDATE_ITERATOR none
- LOCK double_lock
- LOCK lock_assert
- LOCK missing_unlock
- LOCK none
- MISMATCHED_ITERATOR mismatched_comparison
- MISMATCHED_ITERATOR none
- MISMATCHED_ITERATOR splice_iterator_mismatch
- MISRA C++-2008 Rule 15-3-2 none
- MISRA_CAST bitwise_op_bad_cast
- MISRA_CAST bitwise_op_no_cast
- MISRA_CAST float_complex_conversion
- MISRA_CAST float_narrowing_conversion
- MISRA_CAST float_non_constant_arg_conversion
- MISRA_CAST float_non_constant_conversion
- MISRA_CAST float_non_constant_rtn_conversion
- MISRA_CAST float_to_integer_cast
- MISRA_CAST float_to_integer_conversion
- MISRA_CAST float_widening_cast
- MISRA_CAST integer_complex_conversion
- MISRA_CAST integer_narrowing_conversion
- MISRA_CAST integer_non_constant_arg_conversion
- MISRA_CAST integer_non_constant_conversion
- MISRA_CAST integer_non_constant_rtn_conversion
- MISRA_CAST integer_signedness_changing_cast
- MISRA_CAST integer_signedness_changing_conversion
- MISRA_CAST integer_to_float_cast
- MISRA_CAST integer_to_float_conversion
- MISRA_CAST integer_widening_cast
- MISRA_CAST none
- MISSING_ASSIGN none
- MISSING_ASSIGN uncalled
- MISSING_BREAK none
- MISSING_COPY none
- MISSING_COPY uncalled
- MISSING_LOCK none
- MIXED_ENUMS inferred
- MIXED_ENUMS none
- NEGATIVE_RETURNS array_index_read
- NEGATIVE_RETURNS array_index_write
- NEGATIVE_RETURNS loop_bound
- NEGATIVE_RETURNS none
- NESTING_INDENT_MISMATCH bad_indentation
- NESTING_INDENT_MISMATCH none
- NO_EFFECT array_null
- NO_EFFECT bad_memset_fill_value
- NO_EFFECT bad_memset_truncated_fill
- NO_EFFECT bad_memset_zero_size
- NO_EFFECT extra_comma
- NO_EFFECT incomplete_delete
- NO_EFFECT no_effect_deref
- NO_EFFECT no_effect_test
- NO_EFFECT self_assign
- NO_EFFECT static_through_instance
- NO_EFFECT unsigned_compare
- NO_EFFECT unsigned_compare_macros
- NO_EFFECT unsigned_enums
- NO_EFFECT useless_continue
- NULL_RETURNS none
- NULL_RETURNS unimpl
- ORDER_REVERSAL none
- OS_CMD_INJECTION none
- OVERFLOW_BEFORE_WIDEN none
- OVERRUN illegal_address
- OVERRUN none
- OVERRUN read
- OVERRUN strlen
- OVERRUN write
- PASS_BY_VALUE none
- PATH_MANIPULATION none
- PRINTF_ARGS invalid_printf_format_string
- PW.* none
- PW.ASSIGN_WHERE_COMPARE_MEANT none
- PW.BAD_CAST none
- PW.BRANCH_PAST_INITIALIZATION none
- PW.CONVERSION_TO_POINTER_LOSES_BITS none
- PW.DIVIDE_BY_ZERO none
- PW.INTEGER_OVERFLOW none
- PW.INTEGER_TOO_LARGE none
- PW.NON_CONST_PRINTF_FORMAT_STRING none
- PW.RETURN_PTR_TO_LOCAL_TEMP none
- PW.SHIFT_COUNT_TOO_LARGE none
- PW.UNSIGNED_COMPARE_WITH_NEGATIVE none
- READLINK none
- RESOURCE_LEAK exceptional_path
- RESOURCE_LEAK fds_handles
- RESOURCE_LEAK none
- RETURN_LOCAL escape_local_addr_to_fields_or_globals
- RETURN_LOCAL none
- REVERSE_INULL none
- REVERSE_NEGATIVE array_index_read
- REVERSE_NEGATIVE array_index_write
- REVERSE_NEGATIVE critical_argument
- REVERSE_NEGATIVE none
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SECURE_CODING none
- SECURE_TEMP none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SIGN_EXTENSION none
- SIZECHECK ampersand_in_size
- SIZECHECK improper_new
- SIZECHECK incorrect_multiplication
- SIZECHECK likely_overflow
- SIZECHECK no_null_terminator
- SIZECHECK none
- SIZEOF_MISMATCH extra_sizeof
- SIZEOF_MISMATCH missing_parentheses
- SIZEOF_MISMATCH none
- SIZEOF_MISMATCH sizeof_punning
- SIZEOF_MISMATCH wrong_size_value
- SIZEOF_MISMATCH wrong_sizeof
- SLEEP none
- SQLI none
- STACK_USE none
- STRING_NULL none
- STRING_OVERFLOW fixed_size_dest
- STRING_OVERFLOW likely_overflow
- STRING_OVERFLOW none
- STRING_SIZE none
- TAINTED_SCALAR allocation
- TAINTED_SCALAR array_index_read
- TAINTED_SCALAR array_index_write
- TAINTED_SCALAR critical_argument
- TAINTED_SCALAR divisor
- TAINTED_SCALAR loop_bound
- TAINTED_SCALAR none
- TAINTED_SCALAR pointer_deref_read
- TAINTED_SCALAR pointer_deref_write
- TAINTED_STRING none
- TOCTOU none
- UNCAUGHT_EXCEPT none
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- UNEXPECTED_CONTROL_FLOW continue_in_do_while_false
- UNINIT array_index_read
- UNINIT array_index_write
- UNINIT none
- UNINIT pointer_deref_read
- UNINIT pointer_deref_write
- UNINIT_CTOR none
- UNINIT_CTOR pointer
- UNREACHABLE none
- UNUSED_VALUE adjacent
- UNUSED_VALUE none
- URL_MANIPULATION none
- USER_POINTER none
- USE_AFTER_FREE deref_read_after_free
- USE_AFTER_FREE deref_write_after_free
- USE_AFTER_FREE double_close
- USE_AFTER_FREE double_free
- USE_AFTER_FREE none
- USE_AFTER_FREE use_after_close
- VIRTUAL_DTOR empty_dtor
- VIRTUAL_DTOR none
- WEAK_GUARD dns
- WEAK_GUARD dns_sensitive_op
- WEAK_GUARD http_referer
- WEAK_GUARD http_referer_sensitive_op
- WEAK_GUARD ip_address
- WEAK_GUARD ip_address_sensitive_op
- WEAK_GUARD none
- WEAK_GUARD os_login
- WEAK_GUARD os_login_sensitive_op
- WEAK_GUARD principal_name
- WEAK_GUARD principal_name_sensitive_op
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
- WRAPPER_ESCAPE COM_deref_read_after_free
- WRAPPER_ESCAPE COM_deref_write_after_free
- WRAPPER_ESCAPE COM_use_after_free
- WRAPPER_ESCAPE deref_read_after_free
- WRAPPER_ESCAPE deref_write_after_free
- WRAPPER_ESCAPE none
- XPATH_INJECTION none
- Y2K38_SAFETY declaration_with_small_time_t
- Y2K38_SAFETY truncation_of_time_t
|
- ALLOC_FREE_MISMATCH none
- ARRAY_VS_SINGLETON none
- ATOMICITY none
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK nested_memory_access
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK sensitive_data_comparison
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_execution_data_leak
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_uninitialized_use
- AUTOSAR C++14 A15-3-3 none
- BAD_ALLOC_ARITHMETIC none
- BAD_ALLOC_STRLEN none
- BAD_COMPARE comparator_misuse
- BAD_COMPARE misuse_of_not
- BAD_COMPARE string_lit_comparison
- BAD_FREE address
- BAD_FREE alloca
- BAD_FREE array
- BAD_FREE first_field_address
- BAD_FREE function_pointer
- BAD_FREE none
- BAD_SIZEOF none
- BAD_SIZEOF sizeof_ptr_expr
- BUFFER_SIZE fixed_size_dest
- BUFFER_SIZE likely_overflow
- BUFFER_SIZE no_null_terminator
- BUFFER_SIZE no_null_terminator_warn
- BUFFER_SIZE none
- BUFFER_SIZE overflow
- BUFFER_SIZE overlapping_buffer
- CHAR_IO none
- CHECKED_RETURN library_function
- CHECKED_RETURN none
- CHECKED_RETURN returns_error_info
- CHECKED_RETURN short_read
- CHECKED_RETURN unchecked_arg
- CHECKED_RETURN user_required
- CHROOT none
- CONSTANT_EXPRESSION_RESULT bit_and_with_zero
- CONSTANT_EXPRESSION_RESULT extra_high_bits
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT missing_parentheses
- CONSTANT_EXPRESSION_RESULT none
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT pointless_string_compare
- CONSTANT_EXPRESSION_RESULT result_independent_of_operands
- CONSTANT_EXPRESSION_RESULT same_on_both_sides
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- COPY_PASTE_ERROR none
- CTOR_DTOR_LEAK none
- DC.PREDICTABLE_KEY_PASSWORD none
- DC.STREAM_BUFFER none
- DC.STRING_BUFFER none
- DC.WEAK_CRYPTO none
- DEADCODE dead_case_in_switch
- DEADCODE dead_default_in_switch
- DEADCODE effectively_constant
- DEADCODE none
- DEADCODE redundant_test
- DELETE_ARRAY non_array_delete
- DELETE_ARRAY none
- DELETE_ARRAY object
- DELETE_ARRAY scalar
- DIVIDE_BY_ZERO float_divisor
- DIVIDE_BY_ZERO none
- ENUM_AS_BOOLEAN none
- FORMAT_STRING_INJECTION none
- FORMAT_STRING_INJECTION paranoid
- FORWARD_NULL deref_constant_null
- FORWARD_NULL dynamic_cast
- FORWARD_NULL none
- FORWARD_NULL throws_on_null
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HEADER_INJECTION none
- IDENTICAL_BRANCHES case
- IDENTICAL_BRANCHES chain
- IDENTICAL_BRANCHES if
- IDENTICAL_BRANCHES ternary
- INCOMPATIBLE_CAST endianness
- INCOMPATIBLE_CAST float_vs_integral
- INCOMPATIBLE_CAST none
- INCOMPATIBLE_CAST overrun
- INTEGER_OVERFLOW array_index_read
- INTEGER_OVERFLOW array_index_write
- INTEGER_OVERFLOW const_overflow
- INTEGER_OVERFLOW critical_argument
- INTEGER_OVERFLOW none
- INTEGER_OVERFLOW pointer_deref_read
- INTEGER_OVERFLOW pointer_deref_write
- INTEGER_OVERFLOW return_value_error
- INVALIDATE_ITERATOR none
- LOCK double_lock
- LOCK lock_assert
- LOCK missing_unlock
- LOCK none
- MISMATCHED_ITERATOR mismatched_comparison
- MISMATCHED_ITERATOR none
- MISMATCHED_ITERATOR splice_iterator_mismatch
- MISRA C++-2008 Rule 15-3-2 none
- MISRA_CAST bitwise_op_bad_cast
- MISRA_CAST bitwise_op_no_cast
- MISRA_CAST float_complex_conversion
- MISRA_CAST float_narrowing_conversion
- MISRA_CAST float_non_constant_arg_conversion
- MISRA_CAST float_non_constant_conversion
- MISRA_CAST float_non_constant_rtn_conversion
- MISRA_CAST float_to_integer_cast
- MISRA_CAST float_to_integer_conversion
- MISRA_CAST float_widening_cast
- MISRA_CAST integer_complex_conversion
- MISRA_CAST integer_narrowing_conversion
- MISRA_CAST integer_non_constant_arg_conversion
- MISRA_CAST integer_non_constant_conversion
- MISRA_CAST integer_non_constant_rtn_conversion
- MISRA_CAST integer_signedness_changing_cast
- MISRA_CAST integer_signedness_changing_conversion
- MISRA_CAST integer_to_float_cast
- MISRA_CAST integer_to_float_conversion
- MISRA_CAST integer_widening_cast
- MISRA_CAST none
- MISSING_ASSIGN none
- MISSING_ASSIGN uncalled
- MISSING_BREAK none
- MISSING_COPY none
- MISSING_COPY uncalled
- MISSING_LOCK none
- MIXED_ENUMS inferred
- MIXED_ENUMS none
- NEGATIVE_RETURNS array_index_read
- NEGATIVE_RETURNS array_index_write
- NEGATIVE_RETURNS loop_bound
- NEGATIVE_RETURNS none
- NESTING_INDENT_MISMATCH bad_indentation
- NESTING_INDENT_MISMATCH none
- NO_EFFECT array_null
- NO_EFFECT bad_memset_fill_value
- NO_EFFECT bad_memset_truncated_fill
- NO_EFFECT bad_memset_zero_size
- NO_EFFECT extra_comma
- NO_EFFECT incomplete_delete
- NO_EFFECT no_effect_deref
- NO_EFFECT no_effect_test
- NO_EFFECT self_assign
- NO_EFFECT static_through_instance
- NO_EFFECT unsigned_compare
- NO_EFFECT unsigned_compare_macros
- NO_EFFECT unsigned_enums
- NO_EFFECT useless_continue
- NULL_RETURNS none
- NULL_RETURNS unimpl
- ORDER_REVERSAL none
- OS_CMD_INJECTION none
- OVERFLOW_BEFORE_WIDEN none
- OVERRUN illegal_address
- OVERRUN none
- OVERRUN read
- OVERRUN strlen
- OVERRUN write
- PASS_BY_VALUE none
- PATH_MANIPULATION none
- PRINTF_ARGS invalid_printf_format_string
- PW.* none
- PW.ASSIGN_WHERE_COMPARE_MEANT none
- PW.BAD_CAST none
- PW.BRANCH_PAST_INITIALIZATION none
- PW.CONVERSION_TO_POINTER_LOSES_BITS none
- PW.DIVIDE_BY_ZERO none
- PW.INTEGER_OVERFLOW none
- PW.INTEGER_TOO_LARGE none
- PW.NON_CONST_PRINTF_FORMAT_STRING none
- PW.RETURN_PTR_TO_LOCAL_TEMP none
- PW.SHIFT_COUNT_TOO_LARGE none
- PW.UNSIGNED_COMPARE_WITH_NEGATIVE none
- READLINK none
- RESOURCE_LEAK exceptional_path
- RESOURCE_LEAK fds_handles
- RESOURCE_LEAK none
- RETURN_LOCAL escape_local_addr_to_fields_or_globals
- RETURN_LOCAL none
- REVERSE_INULL none
- REVERSE_NEGATIVE array_index_read
- REVERSE_NEGATIVE array_index_write
- REVERSE_NEGATIVE critical_argument
- REVERSE_NEGATIVE none
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SECURE_CODING none
- SECURE_TEMP none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SIGN_EXTENSION none
- SIZECHECK ampersand_in_size
- SIZECHECK improper_new
- SIZECHECK incorrect_multiplication
- SIZECHECK likely_overflow
- SIZECHECK no_null_terminator
- SIZECHECK none
- SIZEOF_MISMATCH extra_sizeof
- SIZEOF_MISMATCH missing_parentheses
- SIZEOF_MISMATCH none
- SIZEOF_MISMATCH sizeof_punning
- SIZEOF_MISMATCH wrong_size_value
- SIZEOF_MISMATCH wrong_sizeof
- SLEEP none
- SQLI none
- STACK_USE none
- STRING_NULL none
- STRING_OVERFLOW fixed_size_dest
- STRING_OVERFLOW likely_overflow
- STRING_OVERFLOW none
- STRING_SIZE none
- TAINTED_SCALAR allocation
- TAINTED_SCALAR array_index_read
- TAINTED_SCALAR array_index_write
- TAINTED_SCALAR critical_argument
- TAINTED_SCALAR divisor
- TAINTED_SCALAR loop_bound
- TAINTED_SCALAR none
- TAINTED_SCALAR pointer_deref_read
- TAINTED_SCALAR pointer_deref_write
- TAINTED_STRING none
- TOCTOU none
- UNCAUGHT_EXCEPT none
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- UNEXPECTED_CONTROL_FLOW continue_in_do_while_false
- UNINIT array_index_read
- UNINIT array_index_write
- UNINIT none
- UNINIT pointer_deref_read
- UNINIT pointer_deref_write
- UNINIT_CTOR none
- UNINIT_CTOR pointer
- UNREACHABLE none
- UNUSED_VALUE adjacent
- UNUSED_VALUE none
- URL_MANIPULATION none
- USER_POINTER none
- USE_AFTER_FREE deref_read_after_free
- USE_AFTER_FREE deref_write_after_free
- USE_AFTER_FREE double_close
- USE_AFTER_FREE double_free
- USE_AFTER_FREE none
- USE_AFTER_FREE use_after_close
- VIRTUAL_DTOR empty_dtor
- VIRTUAL_DTOR none
- WEAK_GUARD dns
- WEAK_GUARD dns_sensitive_op
- WEAK_GUARD http_referer
- WEAK_GUARD http_referer_sensitive_op
- WEAK_GUARD ip_address
- WEAK_GUARD ip_address_sensitive_op
- WEAK_GUARD none
- WEAK_GUARD os_login
- WEAK_GUARD os_login_sensitive_op
- WEAK_GUARD principal_name
- WEAK_GUARD principal_name_sensitive_op
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
- WRAPPER_ESCAPE COM_deref_read_after_free
- WRAPPER_ESCAPE COM_deref_write_after_free
- WRAPPER_ESCAPE COM_use_after_free
- WRAPPER_ESCAPE deref_read_after_free
- WRAPPER_ESCAPE deref_write_after_free
- WRAPPER_ESCAPE none
- XPATH_INJECTION none
|
- ATOMICITY none
- CHECKED_RETURN none
- CHECKED_RETURN unchecked_arg
- CONSTANT_EXPRESSION_RESULT bit_and_with_zero
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT missing_parentheses
- CONSTANT_EXPRESSION_RESULT none
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT result_independent_of_operands
- CONSTANT_EXPRESSION_RESULT same_on_both_sides
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- COPY_PASTE_ERROR none
- DEADCODE dead_case_in_switch
- DEADCODE dead_default_in_switch
- DEADCODE effectively_constant
- DEADCODE none
- DEADCODE redundant_test
- DISTRUSTED_DATA_DESERIALIZATION none
- DIVIDE_BY_ZERO float_divisor
- DIVIDE_BY_ZERO none
- FORWARD_NULL deref_constant_null
- FORWARD_NULL none
- GUARDED_BY_VIOLATION none
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HEADER_INJECTION none
- IDENTICAL_BRANCHES case
- IDENTICAL_BRANCHES chain
- IDENTICAL_BRANCHES if
- IDENTICAL_BRANCHES ternary
- INSUFFICIENT_LOGGING logging_obligation
- LOCK double_lock
- LOCK lock_assert
- LOCK missing_unlock
- LOCK none
- LOCK_INVERSION none
- NOSQL_QUERY_INJECTION none
- NULL_RETURNS none
- NULL_RETURNS unimpl
- OPEN_REDIRECT none
- OS_CMD_INJECTION command_as_one_string
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- REVERSE_INULL none
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SLEEP none
- SQLI none
- SQLI nosink
- SQLI sink
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
- TEMPLATE_INJECTION none
- UNUSED_VALUE adjacent
- UNUSED_VALUE none
- URL_MANIPULATION none
- XML_EXTERNAL_ENTITY entity_expansion
- XML_EXTERNAL_ENTITY external_entities
- XSS none
|
- ANDROID_CAPABILITY_LEAK none
- ANDROID_DEBUG_MODE none
- ANDROID_WEBVIEW_FILEACCESS android_webview_file_access
- ATOMICITY none
- BAD_CERT_VERIFICATION bad_hostname_verifier
- BAD_CERT_VERIFICATION bad_revocation_check
- BAD_CERT_VERIFICATION bad_ssl_session
- BAD_CERT_VERIFICATION bad_trust_manager
- BAD_LOCK_OBJECT boxed_lock
- BAD_LOCK_OBJECT interned_string_lock
- BAD_LOCK_OBJECT none
- BAD_LOCK_OBJECT single_thread_lock
- BAD_LOCK_OBJECT unsafe_assign_to_locked_field
- CALL_SUPER clone
- CALL_SUPER finalize
- CHECKED_RETURN library_function
- CHECKED_RETURN none
- CHECKED_RETURN short_read
- CHECKED_RETURN user_required
- CONFIG.ANDROID_BACKUPS_ALLOWED android
- CONFIG.DWR_DEBUG_MODE none
- CONFIG.DYNAMIC_DATA_HTML_COMMENT none
- CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
- CONFIG.JAVAEE_MISSING_HTTPONLY none
- CONFIG.JAVAEE_MISSING_SERVLET_MAPPING javaee
- CONFIG.MISSING_GLOBAL_EXCEPTION_HANDLER none
- CONFIG.MISSING_JSF2_SECURITY_CONSTRAINT none
- CONFIG.MYBATIS_MAPPER_SQLI none
- CONFIG.SPRING_BOOT_SENSITIVE_LOGGING spring_boot_logging
- CONFIG.SPRING_BOOT_SSL_DISABLED spring_boot_certificate_validation_skipped
- CONFIG.SPRING_BOOT_SSL_DISABLED spring_boot_ssl_disabled
- CONFIG.SPRING_SECURITY_CSRF_PROTECTION_DISABLED spring_security
- CONFIG.SPRING_SECURITY_DEBUG_MODE spring_debug_mode_enabled
- CONFIG.SPRING_SECURITY_DEPRECATED_XSS_HEADER deprecated_xss_header
- CONFIG.SPRING_SECURITY_DISABLE_AUTH_TAGS none
- CONFIG.SPRING_SECURITY_EXPOSED_SESSIONID session_id_in_url
- CONFIG.SPRING_SECURITY_HARDCODED_CREDENTIALS none
- CONFIG.SPRING_SECURITY_LOGIN_OVER_HTTP spring_security_login_over_http
- CONFIG.SPRING_SECURITY_REMEMBER_ME_HARDCODED_KEY none
- CONFIG.SPRING_SECURITY_SESSION_FIXATION none
- CONFIG.SPRING_SECURITY_SESSION_FIXATION spring_security_source_code
- CONFIG.SPRING_SECURITY_UNSAFE_AUTHENTICATION_FILTER authentication_filter
- CONFIG.SPRING_SECURITY_WEAK_PASSWORD_HASH weak_encoding_for_password
- CONFIG.STRUTS2_CONFIG_BROWSER_PLUGIN none
- CONFIG.STRUTS2_DYNAMIC_METHOD_INVOCATION none
- CONFIG.STRUTS2_ENABLED_DEV_MODE none
- CONFIG.UNSAFE_SESSION_TIMEOUT none
- CONSTANT_EXPRESSION_RESULT bit_and_with_zero
- CONSTANT_EXPRESSION_RESULT extra_high_bits
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT missing_parentheses
- CONSTANT_EXPRESSION_RESULT none
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT result_independent_of_operands
- CONSTANT_EXPRESSION_RESULT same_on_both_sides
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- COPY_PASTE_ERROR none
- CORS_MISCONFIGURATION cors_with_credentials_http_origin
- CORS_MISCONFIGURATION cors_with_credentials_null_origin
- CORS_MISCONFIGURATION_AUDIT cors_expose_sensitive_header
- CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
- CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
- CSRF database_update
- CSRF filesystem_modification
- CSRF none
- DC.DANGEROUS none
- DC.DEADLOCK none
- DEADCODE dead_case_in_switch
- DEADCODE dead_default_in_switch
- DEADCODE effectively_constant
- DEADCODE none
- DEADCODE redundant_test
- DISABLED_ENCRYPTION text_encryptor
- DIVIDE_BY_ZERO float_divisor
- DIVIDE_BY_ZERO none
- EL_INJECTION none
- EXPOSED_PREFERENCES none
- FB.BC_IMPOSSIBLE_CAST none
- FB.BC_IMPOSSIBLE_DOWNCAST none
- FB.BC_IMPOSSIBLE_DOWNCAST_OF_TOARRAY none
- FB.BC_IMPOSSIBLE_INSTANCEOF none
- FB.BC_NULL_INSTANCEOF none
- FB.BC_VACUOUS_INSTANCEOF none
- FB.BX_BOXING_IMMEDIATELY_UNBOXED_TO_PERFORM_COERCION none
- FB.CN_IDIOM none
- FB.CN_IDIOM_NO_SUPER_CALL none
- FB.CN_IMPLEMENTS_CLONE_BUT_NOT_CLONEABLE none
- FB.DC_DOUBLECHECK none
- FB.DC_PARTIALLY_CONSTRUCTED none
- FB.DE_MIGHT_DROP none
- FB.DE_MIGHT_IGNORE none
- FB.DLS_DEAD_LOCAL_INCREMENT_IN_RETURN none
- FB.DLS_DEAD_LOCAL_STORE none
- FB.DLS_DEAD_LOCAL_STORE_IN_RETURN none
- FB.DLS_DEAD_LOCAL_STORE_OF_NULL none
- FB.DLS_DEAD_LOCAL_STORE_SHADOWS_FIELD none
- FB.DLS_DEAD_STORE_OF_CLASS_LITERAL none
- FB.DLS_OVERWRITTEN_INCREMENT none
- FB.DMI_CONSTANT_DB_PASSWORD none
- FB.DMI_EMPTY_DB_PASSWORD none
- FB.DM_EXIT none
- FB.EI_EXPOSE_REP none
- FB.EI_EXPOSE_REP2 none
- FB.EQ_ABSTRACT_SELF none
- FB.EQ_ALWAYS_FALSE none
- FB.EQ_ALWAYS_TRUE none
- FB.EQ_CHECK_FOR_OPERAND_NOT_COMPATIBLE_WITH_THIS none
- FB.EQ_COMPARETO_USE_OBJECT_EQUALS none
- FB.EQ_COMPARING_CLASS_NAMES none
- FB.EQ_DOESNT_OVERRIDE_EQUALS none
- FB.EQ_DONT_DEFINE_EQUALS_FOR_ENUM none
- FB.EQ_GETCLASS_AND_CLASS_CONSTANT none
- FB.EQ_OTHER_NO_OBJECT none
- FB.EQ_OTHER_USE_OBJECT none
- FB.EQ_OVERRIDING_EQUALS_NOT_SYMMETRIC none
- FB.EQ_SELF_NO_OBJECT none
- FB.EQ_SELF_USE_OBJECT none
- FB.EQ_UNUSUAL none
- FB.ESYNC_EMPTY_SYNC none
- FB.ES_COMPARING_PARAMETER_STRING_WITH_EQ none
- FB.ES_COMPARING_STRINGS_WITH_EQ none
- FB.FI_EMPTY none
- FB.FI_EXPLICIT_INVOCATION none
- FB.FI_FINALIZER_NULLS_FIELDS none
- FB.FI_FINALIZER_ONLY_NULLS_FIELDS none
- FB.FI_MISSING_SUPER_CALL none
- FB.FI_NULLIFY_SUPER none
- FB.FI_PUBLIC_SHOULD_BE_PROTECTED none
- FB.FI_USELESS none
- FB.HRS_REQUEST_PARAMETER_TO_COOKIE none
- FB.HRS_REQUEST_PARAMETER_TO_HTTP_HEADER none
- FB.ICAST_BAD_SHIFT_AMOUNT none
- FB.ICAST_IDIV_CAST_TO_DOUBLE none
- FB.ICAST_INTEGER_MULTIPLY_CAST_TO_LONG none
- FB.ICAST_INT_2_LONG_AS_INSTANT none
- FB.ICAST_INT_CAST_TO_DOUBLE_PASSED_TO_CEIL none
- FB.ICAST_INT_CAST_TO_FLOAT_PASSED_TO_ROUND none
- FB.ICAST_QUESTIONABLE_UNSIGNED_RIGHT_SHIFT none
- FB.IL_INFINITE_RECURSIVE_LOOP none
- FB.IP_PARAMETER_IS_DEAD_BUT_OVERWRITTEN none
- FB.IS2_INCONSISTENT_SYNC none
- FB.IS_FIELD_NOT_GUARDED none
- FB.IS_INCONSISTENT_SYNC none
- FB.LI_LAZY_INIT_STATIC none
- FB.LI_LAZY_INIT_UPDATE_STATIC none
- FB.MS_CANNOT_BE_FINAL none
- FB.NP_ALWAYS_NULL none
- FB.NP_ALWAYS_NULL_EXCEPTION none
- FB.NP_ARGUMENT_MIGHT_BE_NULL none
- FB.NP_BOOLEAN_RETURN_NULL none
- FB.NP_CLONE_COULD_RETURN_NULL none
- FB.NP_CLOSING_NULL none
- FB.NP_DEREFERENCE_OF_READLINE_VALUE none
- FB.NP_DOES_NOT_HANDLE_NULL none
- FB.NP_EQUALS_SHOULD_HANDLE_NULL_ARGUMENT none
- FB.NP_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR none
- FB.NP_GUARANTEED_DEREF none
- FB.NP_GUARANTEED_DEREF_ON_EXCEPTION_PATH none
- FB.NP_IMMEDIATE_DEREFERENCE_OF_READLINE none
- FB.NP_LOAD_OF_KNOWN_NULL_VALUE none
- FB.NP_METHOD_PARAMETER_RELAXING_ANNOTATION none
- FB.NP_METHOD_PARAMETER_TIGHTENS_ANNOTATION none
- FB.NP_METHOD_RETURN_RELAXING_ANNOTATION none
- FB.NP_NONNULL_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR none
- FB.NP_NONNULL_PARAM_VIOLATION none
- FB.NP_NONNULL_RETURN_VIOLATION none
- FB.NP_NULL_INSTANCEOF none
- FB.NP_NULL_ON_SOME_PATH none
- FB.NP_NULL_ON_SOME_PATH_EXCEPTION none
- FB.NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE none
- FB.NP_NULL_ON_SOME_PATH_MIGHT_BE_INFEASIBLE none
- FB.NP_NULL_PARAM_DEREF none
- FB.NP_NULL_PARAM_DEREF_ALL_TARGETS_DANGEROUS none
- FB.NP_NULL_PARAM_DEREF_NONVIRTUAL none
- FB.NP_OPTIONAL_RETURN_NULL none
- FB.NP_PARAMETER_MUST_BE_NONNULL_BUT_MARKED_AS_NULLABLE none
- FB.NP_STORE_INTO_NONNULL_FIELD none
- FB.NP_SYNC_AND_NULL_CHECK_FIELD none
- FB.NP_TOSTRING_COULD_RETURN_NULL none
- FB.NP_UNWRITTEN_FIELD none
- FB.NP_UNWRITTEN_PUBLIC_OR_PROTECTED_FIELD none
- FB.PT_ABSOLUTE_PATH_TRAVERSAL none
- FB.PT_RELATIVE_PATH_TRAVERSAL none
- FB.QBA_QUESTIONABLE_BOOLEAN_ASSIGNMENT none
- FB.RCN_REDUNDANT_COMPARISON_OF_NULL_AND_NONNULL_VALUE none
- FB.RCN_REDUNDANT_COMPARISON_TWO_NULL_VALUES none
- FB.RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE none
- FB.RCN_REDUNDANT_NULLCHECK_OF_NULL_VALUE none
- FB.RCN_REDUNDANT_NULLCHECK_WOULD_HAVE_BEEN_A_NPE none
- FB.REC_CATCH_EXCEPTION none
- FB.RE_BAD_SYNTAX_FOR_REGULAR_EXPRESSION none
- FB.RE_CANT_USE_FILE_SEPARATOR_AS_REGULAR_EXPRESSION none
- FB.RE_POSSIBLE_UNINTENDED_PATTERN none
- FB.RU_INVOKE_RUN none
- FB.RV_RETURN_VALUE_IGNORED_BAD_PRACTICE none
- FB.SF_DEAD_STORE_DUE_TO_SWITCH_FALLTHROUGH none
- FB.SF_DEAD_STORE_DUE_TO_SWITCH_FALLTHROUGH_TO_THROW none
- FB.SF_SWITCH_FALLTHROUGH none
- FB.SQL_NONCONSTANT_STRING_PASSED_TO_EXECUTE none
- FB.SQL_PREPARED_STATEMENT_GENERATED_FROM_NONCONSTANT_STRING none
- FB.STCAL_INVOKE_ON_STATIC_CALENDAR_INSTANCE none
- FB.STCAL_INVOKE_ON_STATIC_DATE_FORMAT_INSTANCE none
- FB.STCAL_STATIC_CALENDAR_INSTANCE none
- FB.STCAL_STATIC_SIMPLE_DATE_FORMAT_INSTANCE none
- FB.XSS_REQUEST_PARAMETER_TO_JSP_WRITER none
- FB.XSS_REQUEST_PARAMETER_TO_SEND_ERROR none
- FB.XSS_REQUEST_PARAMETER_TO_SERVLET_WRITER none
- FORWARD_NULL deref_constant_null
- FORWARD_NULL deref_constant_zero
- FORWARD_NULL needs_null_check
- FORWARD_NULL none
- GUARDED_BY_VIOLATION none
- GUARDED_BY_VIOLATION unlocked_read
- GUARDED_BY_VIOLATION unlocked_write
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HEADER_INJECTION none
- HIBERNATE_BAD_HASHCODE bad_equals
- IDENTICAL_BRANCHES case
- IDENTICAL_BRANCHES chain
- IDENTICAL_BRANCHES if
- IDENTICAL_BRANCHES ternary
- IMPLICIT_INTENT none
- INSECURE_COMMUNICATION insecure_communication
- INSECURE_COMMUNICATION none
- INSECURE_COMMUNICATION unencrypted_connection
- INSECURE_COOKIE java
- INSECURE_HTTP_FIREWALL spring_security
- INSECURE_RANDOM insecure_random_used
- INSECURE_RANDOM insecure_random_value
- INSECURE_REMEMBER_ME_COOKIE remember_me_cookie
- INVALIDATE_ITERATOR map_put
- INVALIDATE_ITERATOR none
- JAVA_CODE_INJECTION none
- JCR_INJECTION none
- JSP_DYNAMIC_INCLUDE none
- JSP_SQL_INJECTION none
- LDAP_INJECTION none
- LDAP_NOT_CONSTANT none
- LOCK_EVASION none
- LOCK_INVERSION none
- LOG_INJECTION none
- MISSING_AUTHZ none
- MISSING_BREAK none
- MISSING_HEADER_VALIDATION missing_header_validation
- MISSING_PERMISSION_FOR_BROADCAST none
- MISSING_PERMISSION_ON_EXPORTED_COMPONENT none
- MISSING_THROW none
- MOBILE_ID_MISUSE none
- NESTING_INDENT_MISMATCH bad_indentation
- NESTING_INDENT_MISMATCH none
- NON_STATIC_GUARDING_STATIC none
- NOSQL_QUERY_INJECTION none
- NULL_RETURNS none
- NULL_RETURNS unimpl
- OGNL_INJECTION none
- OPEN_REDIRECT none
- ORM_LOAD_NULL_CHECK none
- OS_CMD_INJECTION command_as_array_of_args
- OS_CMD_INJECTION command_as_one_string
- OS_CMD_INJECTION none
- OVERFLOW_BEFORE_WIDEN none
- PATH_MANIPULATION none
- PREDICTABLE_RANDOM_SEED random_seed
- PREDICTABLE_RANDOM_SEED secure_random_seed_const
- PREDICTABLE_RANDOM_SEED secure_random_seed_sys_time
- PROPERTY_MIXUP none
- REGEX_CONFUSION none
- REGEX_INJECTION none
- RESOURCE_LEAK exceptional_path
- RESOURCE_LEAK none
- RESOURCE_LEAK socket
- RESOURCE_LEAK stream
- REVERSE_INULL none
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_clipboard
- SENSITIVE_DATA_LEAK cleartext_storage_in_content_provider
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_intent
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SERVLET_ATOMICITY attribute_init_race
- SERVLET_ATOMICITY none
- SERVLET_ATOMICITY violation_on_session_object
- SESSION_FIXATION none
- SINGLETON_RACE none
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
- TRUST_BOUNDARY_VIOLATION none
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- UNEXPECTED_CONTROL_FLOW continue_in_do_while_false
- UNKNOWN_LANGUAGE_INJECTION none
- UNLIMITED_CONCURRENT_SESSIONS unlimited_concurrent_sessions
- UNLOGGED_SECURITY_EXCEPTION unlogged_security_exception
- UNREACHABLE none
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_access
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_read
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_write
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_access
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_read
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_write
- UNRESTRICTED_DISPATCH none
- UNSAFE_DESERIALIZATION none
- UNSAFE_JNI none
- UNSAFE_NAMED_QUERY none
- UNSAFE_REFLECTION none
- UNUSED_VALUE adjacent
- UNUSED_VALUE none
- URL_MANIPULATION bad_content_uri
- URL_MANIPULATION bad_intent_uri
- URL_MANIPULATION bad_web_uri
- USE_AFTER_FREE none
- VERBOSE_ERROR_REPORTING exception_information
- VERBOSE_ERROR_REPORTING stack_trace
- VOLATILE_ATOMICITY compare
- VOLATILE_ATOMICITY none
- VOLATILE_ATOMICITY semantic
- VOLATILE_ATOMICITY threshold
- WEAK_GUARD dns
- WEAK_GUARD dns_sensitive_op
- WEAK_GUARD http_referer
- WEAK_GUARD http_referer_sensitive_op
- WEAK_GUARD ip_address
- WEAK_GUARD ip_address_sensitive_op
- WEAK_GUARD none
- WEAK_GUARD os_login
- WEAK_GUARD os_login_sensitive_op
- WEAK_GUARD principal_name
- WEAK_GUARD principal_name_sensitive_op
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
- XML_EXTERNAL_ENTITY entity_expansion
- XML_EXTERNAL_ENTITY external_entities
- XML_EXTERNAL_ENTITY unrestricted_dtds
- XML_INJECTION none
- XPATH_INJECTION none
- XSS none
- XSS stored_xss
|
- ANGULAR_BYPASS_SECURITY none
- ANGULAR_ELEMENT_REFERENCE none
- ANGULAR_EXPRESSION_INJECTION none
- ANGULAR_SCE_DISABLED angular_sce_disabled
- AWS_SSL_DISABLED aws_ssl_disabled
- AWS_VALIDATION_DISABLED aws_credentials_validation
- AWS_VALIDATION_DISABLED aws_parameters_validation
- BAD_CERT_VERIFICATION bad_cert_verification
- BAD_CERT_VERIFICATION certificate_validation_disabled
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_fields
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_filesize
- CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
- CONFIG.CORDOVA_EXCESSIVE_LOGGING cordova
- CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_intent_whitelist
- CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_navigation_whitelist
- CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_network_request_whitelist
- CONFIG.CSURF_IGNORE_METHODS csurf_ignore_methods
- CONFIG.ENABLED_DEBUG_MODE debug_mode_enabled
- CONFIG.HANA_XS_PREVENT_XSRF_DISABLED none
- CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
- CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
- CONFIG.JSONWEBTOKEN_NON_EXPIRING_TOKEN jwt_non_expiring_token
- CONFIG.MISSING_GLOBAL_EXCEPTION_HANDLER winston_exception_handling
- CONFIG.MYSQL_SSL_VERIFY_DISABLED mysql_ssl_verify_disabled
- CONFIG.REQUEST_STRICTSSL_DISABLED request_strictssl_disabled
- CONFIG.SEQUELIZE_ENABLED_LOGGING sequelize_logging_enabled
- CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
- CONFIG.SOCKETIO_MAXHTTPBUFFERSIZE_SET_TOO_LARGE socketio_max_buffer_size
- CONFIG.SOCKETIO_ORIGINS_ACCEPT_ALL socketio_all_origins
- CONFIG.UNSAFE_SESSION_TIMEOUT client_sessions_unsafe_session_timeout
- CONFIG.UNSAFE_SESSION_TIMEOUT connect_mongo_session_timeout_too_long
- CONFIG.UNSAFE_SESSION_TIMEOUT connect_redis_session_timeout_too_long
- CONFIG.UNSAFE_SESSION_TIMEOUT google_cloud_connect_datastore_unsafe_session_timeout
- CONFIG.VUE_ROUTER_PARAMS_EXPOSED_TO_PROPS vuerouter_exposed_params
- CONSTANT_EXPRESSION_RESULT bit_and_with_zero
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT missing_parentheses
- CONSTANT_EXPRESSION_RESULT none
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT result_independent_of_operands
- CONSTANT_EXPRESSION_RESULT same_on_both_sides
- CONSTANT_EXPRESSION_RESULT typeof_misuse
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- COOKIE_INJECTION none
- COPY_PASTE_ERROR none
- CORS_MISCONFIGURATION cors_configured_globally
- CORS_MISCONFIGURATION cors_origin_string
- CORS_MISCONFIGURATION cors_with_credentials_all_origin
- CORS_MISCONFIGURATION cors_with_credentials_http_origin
- CORS_MISCONFIGURATION cors_with_credentials_null_origin
- CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
- CORS_MISCONFIGURATION_AUDIT cors_expose_sensitive_header
- CORS_MISCONFIGURATION_AUDIT cors_headers_allowed
- CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
- CORS_MISCONFIGURATION_AUDIT cors_origin_string
- CORS_MISCONFIGURATION_AUDIT cors_preflight_age_too_long
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_all_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_http_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_null_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
- CSRF database_update
- CSRF filesystem_modification
- CSRF none
- CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_cookie_name
- CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_no_validation
- CSRF_MISCONFIGURATION_HAPI_CRUMB insecure_cookie
- CSRF_MISCONFIGURATION_HAPI_CRUMB insufficient_token_entropy
- CSS_INJECTION none
- DEADCODE none
- DEADCODE redundant_test
- DNS_PREFETCHING helmet_dns_prefetching
- DOM_XSS none
- EXPRESS_SESSION_UNSAFE_MEMORYSTORE express_session_unsafe_memorystore
- EXPRESS_WINSTON_SENSITIVE_LOGGING error_logger
- EXPRESS_WINSTON_SENSITIVE_LOGGING meta_data
- EXPRESS_WINSTON_SENSITIVE_LOGGING request_logger
- EXPRESS_X_POWERED_BY_ENABLED x_powered_by_http_header
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_fields
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_filesize
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_use_temp_files
- FORWARD_NULL bad_null_value_use
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HEADER_INJECTION none
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_max_age
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_report_uri
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_set_if
- IDENTICAL_BRANCHES case
- IDENTICAL_BRANCHES chain
- IDENTICAL_BRANCHES if
- IDENTICAL_BRANCHES ternary
- INSECURE_ACL insecure_acl
- INSECURE_COMMUNICATION insecure_connection
- INSECURE_COOKIE client_sessions_express_session
- INSECURE_COOKIE hapi_server_session
- INSECURE_RANDOM insecure_random_used
- INSECURE_RANDOM insecure_random_value
- INSECURE_REFERRER_POLICY insecure_referrer_policy
- INSECURE_SALT hardcoded
- INSUFFICIENT_LOGGING logging_obligation
- INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_aws
- INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_google
- JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_exipration
- JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_not_before
- JSONWEBTOKEN_UNTRUSTED_DECODE jwt_untrusted_decode
- LOCALSTORAGE_MANIPULATION none
- LOCALSTORAGE_WRITE none
- MISSING_AUTHZ none
- MISSING_BREAK none
- MISSING_IFRAME_SANDBOX none
- MULTER_MISCONFIGURATION multer_applied_globally
- MULTER_MISCONFIGURATION multer_custom_file_filter
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_count
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
- MULTER_MISCONFIGURATION multer_misconfiguration_of_limits
- MULTER_MISCONFIGURATION multer_misconfiguration_of_storage
- NESTING_INDENT_MISMATCH bad_indentation
- NESTING_INDENT_MISMATCH none
- NOSQL_QUERY_INJECTION none
- NO_EFFECT none
- NO_EFFECT self_assign
- NULL_RETURNS none
- OPEN_REDIRECT none
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- REACT_DANGEROUS_INNERHTML react_set_unsafe_html
- REGEX_INJECTION none
- REVERSE_INULL none
- REVERSE_TABNABBING react_target_blank
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO insecure_cipher
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SA.RISKY_CRYPTO ssl_protocol
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SESSIONSTORAGE_MANIPULATION none
- SQLI none
- SQLI nosink
- SQLI sink
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
- TEMPLATE_INJECTION none
- TEMPORARY_CREDENTIALS_DURATION temporary_credentials_duration
- UNCHECKED_ORIGIN none
- UNEXPECTED_CONTROL_FLOW continue_in_do_while_false
- UNLESS_CASE_SENSITIVE_ROUTE_MATCHING express_unless_case_sensitive_route_matching
- UNREACHABLE none
- UNRESTRICTED_MESSAGE_TARGET none
- UNSAFE_BUFFER_METHOD unsafe_buffer_method
- UNSAFE_DESERIALIZATION none
- URL_MANIPULATION none
- VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
- WEAK_URL_SANITIZATION hostname_regular_expression
- WEAK_URL_SANITIZATION regular_expression_anchor
- WEAK_URL_SANITIZATION url_substring
- XML_EXTERNAL_ENTITY entity_expansion
- XML_EXTERNAL_ENTITY external_entities
- XSS none
|
- ANDROID_CAPABILITY_LEAK none
- ANDROID_DEBUG_MODE none
- BAD_CERT_VERIFICATION bad_hostname_verifier
- BAD_CERT_VERIFICATION bad_revocation_check
- BAD_CERT_VERIFICATION bad_ssl_session
- BAD_CERT_VERIFICATION bad_trust_manager
- CONFIG.ANDROID_BACKUPS_ALLOWED android
- EXPOSED_PREFERENCES none
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HEADER_INJECTION none
- IMPLICIT_INTENT none
- INSECURE_COMMUNICATION none
- INSECURE_RANDOM insecure_random_used
- INSECURE_RANDOM insecure_random_value
- MISSING_PERMISSION_FOR_BROADCAST none
- MOBILE_ID_MISUSE none
- OS_CMD_INJECTION command_as_array_of_args
- OS_CMD_INJECTION command_as_one_string
- PATH_MANIPULATION none
- PREDICTABLE_RANDOM_SEED random_seed
- PREDICTABLE_RANDOM_SEED secure_random_seed_const
- PREDICTABLE_RANDOM_SEED secure_random_seed_sys_time
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_clipboard
- SENSITIVE_DATA_LEAK cleartext_storage_in_content_provider
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_intent
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_access
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_read
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_write
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_access
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_read
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_write
- UNSAFE_DESERIALIZATION none
- URL_MANIPULATION bad_content_uri
- URL_MANIPULATION bad_intent_uri
- URL_MANIPULATION bad_web_uri
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
- XML_EXTERNAL_ENTITY entity_expansion
- XML_EXTERNAL_ENTITY external_entities
- XML_EXTERNAL_ENTITY unrestricted_dtds
|
- ALLOC_FREE_MISMATCH none
- ARRAY_VS_SINGLETON none
- ATOMICITY none
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK nested_memory_access
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK sensitive_data_comparison
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_execution_data_leak
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_uninitialized_use
- BAD_ALLOC_ARITHMETIC none
- BAD_ALLOC_STRLEN none
- BAD_COMPARE comparator_misuse
- BAD_COMPARE misuse_of_not
- BAD_COMPARE string_lit_comparison
- BAD_FREE address
- BAD_FREE alloca
- BAD_FREE array
- BAD_FREE first_field_address
- BAD_FREE function_pointer
- BAD_FREE none
- BAD_SIZEOF none
- BAD_SIZEOF sizeof_ptr_expr
- BUFFER_SIZE fixed_size_dest
- BUFFER_SIZE likely_overflow
- BUFFER_SIZE no_null_terminator
- BUFFER_SIZE no_null_terminator_warn
- BUFFER_SIZE none
- BUFFER_SIZE overflow
- BUFFER_SIZE overlapping_buffer
- CHAR_IO none
- CHECKED_RETURN library_function
- CHECKED_RETURN none
- CHECKED_RETURN short_read
- CHECKED_RETURN unchecked_arg
- CHECKED_RETURN user_required
- CHROOT none
- CONSTANT_EXPRESSION_RESULT bit_and_with_zero
- CONSTANT_EXPRESSION_RESULT extra_high_bits
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT missing_parentheses
- CONSTANT_EXPRESSION_RESULT none
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT pointless_string_compare
- CONSTANT_EXPRESSION_RESULT result_independent_of_operands
- CONSTANT_EXPRESSION_RESULT same_on_both_sides
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- COPY_PASTE_ERROR none
- CTOR_DTOR_LEAK none
- DC.PREDICTABLE_KEY_PASSWORD none
- DC.STREAM_BUFFER none
- DC.STRING_BUFFER none
- DC.WEAK_CRYPTO none
- DEADCODE dead_case_in_switch
- DEADCODE dead_default_in_switch
- DEADCODE effectively_constant
- DEADCODE none
- DEADCODE redundant_test
- DELETE_ARRAY non_array_delete
- DELETE_ARRAY none
- DELETE_ARRAY object
- DELETE_ARRAY scalar
- DIVIDE_BY_ZERO float_divisor
- DIVIDE_BY_ZERO none
- ENUM_AS_BOOLEAN none
- FORMAT_STRING_INJECTION none
- FORMAT_STRING_INJECTION paranoid
- FORWARD_NULL deref_constant_null
- FORWARD_NULL dynamic_cast
- FORWARD_NULL none
- FORWARD_NULL throws_on_null
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HEADER_INJECTION none
- IDENTICAL_BRANCHES case
- IDENTICAL_BRANCHES chain
- IDENTICAL_BRANCHES if
- IDENTICAL_BRANCHES ternary
- INCOMPATIBLE_CAST endianness
- INCOMPATIBLE_CAST float_vs_integral
- INCOMPATIBLE_CAST none
- INCOMPATIBLE_CAST overrun
- INTEGER_OVERFLOW array_index_read
- INTEGER_OVERFLOW array_index_write
- INTEGER_OVERFLOW const_overflow
- INTEGER_OVERFLOW critical_argument
- INTEGER_OVERFLOW none
- INTEGER_OVERFLOW pointer_deref_read
- INTEGER_OVERFLOW pointer_deref_write
- INTEGER_OVERFLOW return_value_error
- INVALIDATE_ITERATOR none
- LOCK double_lock
- LOCK lock_assert
- LOCK missing_unlock
- LOCK none
- MISMATCHED_ITERATOR mismatched_comparison
- MISMATCHED_ITERATOR none
- MISMATCHED_ITERATOR splice_iterator_mismatch
- MISRA_CAST bitwise_op_bad_cast
- MISRA_CAST bitwise_op_no_cast
- MISRA_CAST float_complex_conversion
- MISRA_CAST float_narrowing_conversion
- MISRA_CAST float_non_constant_arg_conversion
- MISRA_CAST float_non_constant_conversion
- MISRA_CAST float_non_constant_rtn_conversion
- MISRA_CAST float_to_integer_cast
- MISRA_CAST float_to_integer_conversion
- MISRA_CAST float_widening_cast
- MISRA_CAST integer_complex_conversion
- MISRA_CAST integer_narrowing_conversion
- MISRA_CAST integer_non_constant_arg_conversion
- MISRA_CAST integer_non_constant_conversion
- MISRA_CAST integer_non_constant_rtn_conversion
- MISRA_CAST integer_signedness_changing_cast
- MISRA_CAST integer_signedness_changing_conversion
- MISRA_CAST integer_to_float_cast
- MISRA_CAST integer_to_float_conversion
- MISRA_CAST integer_widening_cast
- MISRA_CAST none
- MISSING_ASSIGN none
- MISSING_ASSIGN uncalled
- MISSING_BREAK none
- MISSING_COPY none
- MISSING_COPY uncalled
- MISSING_LOCK none
- MIXED_ENUMS inferred
- MIXED_ENUMS none
- NEGATIVE_RETURNS array_index_read
- NEGATIVE_RETURNS array_index_write
- NEGATIVE_RETURNS loop_bound
- NEGATIVE_RETURNS none
- NESTING_INDENT_MISMATCH bad_indentation
- NESTING_INDENT_MISMATCH none
- NO_EFFECT array_null
- NO_EFFECT bad_memset_fill_value
- NO_EFFECT bad_memset_truncated_fill
- NO_EFFECT bad_memset_zero_size
- NO_EFFECT extra_comma
- NO_EFFECT incomplete_delete
- NO_EFFECT no_effect_deref
- NO_EFFECT no_effect_test
- NO_EFFECT self_assign
- NO_EFFECT static_through_instance
- NO_EFFECT unsigned_compare
- NO_EFFECT unsigned_compare_macros
- NO_EFFECT unsigned_enums
- NO_EFFECT useless_continue
- NULL_RETURNS none
- NULL_RETURNS unimpl
- ORDER_REVERSAL none
- OS_CMD_INJECTION none
- OVERFLOW_BEFORE_WIDEN none
- OVERRUN illegal_address
- OVERRUN none
- OVERRUN read
- OVERRUN strlen
- OVERRUN write
- PASS_BY_VALUE none
- PATH_MANIPULATION none
- PRINTF_ARGS invalid_printf_format_string
- READLINK none
- RESOURCE_LEAK exceptional_path
- RESOURCE_LEAK fds_handles
- RESOURCE_LEAK none
- RETURN_LOCAL escape_local_addr_to_fields_or_globals
- RETURN_LOCAL none
- REVERSE_INULL none
- REVERSE_NEGATIVE array_index_read
- REVERSE_NEGATIVE array_index_write
- REVERSE_NEGATIVE critical_argument
- REVERSE_NEGATIVE none
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SECURE_CODING none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SIGN_EXTENSION none
- SIZECHECK ampersand_in_size
- SIZECHECK improper_new
- SIZECHECK incorrect_multiplication
- SIZECHECK likely_overflow
- SIZECHECK no_null_terminator
- SIZECHECK none
- SIZEOF_MISMATCH extra_sizeof
- SIZEOF_MISMATCH missing_parentheses
- SIZEOF_MISMATCH none
- SIZEOF_MISMATCH sizeof_punning
- SIZEOF_MISMATCH wrong_size_value
- SIZEOF_MISMATCH wrong_sizeof
- SLEEP none
- SQLI none
- STACK_USE none
- STRING_NULL none
- STRING_OVERFLOW fixed_size_dest
- STRING_OVERFLOW likely_overflow
- STRING_OVERFLOW none
- STRING_SIZE none
- TAINTED_SCALAR allocation
- TAINTED_SCALAR array_index_read
- TAINTED_SCALAR array_index_write
- TAINTED_SCALAR critical_argument
- TAINTED_SCALAR divisor
- TAINTED_SCALAR loop_bound
- TAINTED_SCALAR none
- TAINTED_SCALAR pointer_deref_read
- TAINTED_SCALAR pointer_deref_write
- TAINTED_STRING none
- TOCTOU none
- UNCAUGHT_EXCEPT none
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- UNEXPECTED_CONTROL_FLOW continue_in_do_while_false
- UNINIT array_index_read
- UNINIT array_index_write
- UNINIT none
- UNINIT pointer_deref_read
- UNINIT pointer_deref_write
- UNINIT_CTOR none
- UNINIT_CTOR pointer
- UNREACHABLE none
- UNUSED_VALUE adjacent
- UNUSED_VALUE none
- URL_MANIPULATION none
- USER_POINTER none
- USE_AFTER_FREE deref_read_after_free
- USE_AFTER_FREE deref_write_after_free
- USE_AFTER_FREE double_close
- USE_AFTER_FREE double_free
- USE_AFTER_FREE none
- USE_AFTER_FREE use_after_close
- VIRTUAL_DTOR empty_dtor
- VIRTUAL_DTOR none
- WEAK_GUARD dns
- WEAK_GUARD dns_sensitive_op
- WEAK_GUARD http_referer
- WEAK_GUARD http_referer_sensitive_op
- WEAK_GUARD ip_address
- WEAK_GUARD ip_address_sensitive_op
- WEAK_GUARD none
- WEAK_GUARD os_login
- WEAK_GUARD os_login_sensitive_op
- WEAK_GUARD principal_name
- WEAK_GUARD principal_name_sensitive_op
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
- WRAPPER_ESCAPE COM_deref_read_after_free
- WRAPPER_ESCAPE COM_deref_write_after_free
- WRAPPER_ESCAPE COM_use_after_free
- WRAPPER_ESCAPE deref_read_after_free
- WRAPPER_ESCAPE deref_write_after_free
- WRAPPER_ESCAPE none
- XPATH_INJECTION none
|
- CONFIG.SYMFONY_CSRF_PROTECTION_DISABLED none
- CONSTANT_EXPRESSION_RESULT bit_and_with_zero
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT missing_parentheses
- CONSTANT_EXPRESSION_RESULT none
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT result_independent_of_operands
- CONSTANT_EXPRESSION_RESULT same_on_both_sides
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- COPY_PASTE_ERROR none
- DEADCODE none
- DEADCODE redundant_test
- FORWARD_NULL bad_null_value_use
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HEADER_INJECTION none
- IDENTICAL_BRANCHES case
- IDENTICAL_BRANCHES chain
- IDENTICAL_BRANCHES if
- IDENTICAL_BRANCHES ternary
- MISSING_AUTHZ none
- MISSING_BREAK none
- NESTING_INDENT_MISMATCH bad_indentation
- NESTING_INDENT_MISMATCH none
- NOSQL_QUERY_INJECTION none
- NO_EFFECT none
- NO_EFFECT self_assign
- OPEN_REDIRECT none
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- SYMFONY_EL_INJECTION none
- UNEXPECTED_CONTROL_FLOW continue_in_do_while_false
- UNREACHABLE none
- UNSAFE_DESERIALIZATION none
- UNSAFE_REFLECTION none
- XML_EXTERNAL_ENTITY external_entities
- XSS none
|
- CONSTANT_EXPRESSION_RESULT bit_and_with_zero
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT missing_parentheses
- CONSTANT_EXPRESSION_RESULT none
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT result_independent_of_operands
- CONSTANT_EXPRESSION_RESULT same_on_both_sides
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- COPY_PASTE_ERROR none
- CSRF database_update
- CSRF none
- DEADCODE none
- DEADCODE redundant_test
- FORWARD_NULL bad_null_value_use
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- IDENTICAL_BRANCHES chain
- IDENTICAL_BRANCHES if
- IDENTICAL_BRANCHES ternary
- MISSING_AUTHZ none
- NOSQL_QUERY_INJECTION none
- OPEN_REDIRECT none
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- REVERSE_INULL none
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- UNREACHABLE none
- UNSAFE_DESERIALIZATION none
- XML_EXTERNAL_ENTITY external_entities
- XSS none
|
- BAD_CERT_VERIFICATION ssl_verification_bypass_hi
- BLACKLIST_FOR_AUTHN auth_blacklist_med
- BLACKLIST_FOR_AUTHN csrf_blacklist_med
- CONSTANT_EXPRESSION_RESULT bit_and_with_zero
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT missing_parentheses
- CONSTANT_EXPRESSION_RESULT none
- CONSTANT_EXPRESSION_RESULT number_as_truth_value
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT result_independent_of_operands
- CONSTANT_EXPRESSION_RESULT same_on_both_sides
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- COOKIE_SERIALIZER_CONFIG unsafe_cookie_serialization_med
- COPY_PASTE_ERROR none
- CSRF csrf_not_protected_by_raising_exception_med
- CSRF csrf_protection_disabled_hi
- CSRF csrf_protection_missing_hi
- CSRF cve_2011_0447_hi
- DEADCODE none
- DEADCODE redundant_test
- DIVIDE_BY_ZERO divide_by_zero_low
- DIVIDE_BY_ZERO divide_by_zero_med
- DYNAMIC_OBJECT_ATTRIBUTES attr_protected_used_med
- DYNAMIC_OBJECT_ATTRIBUTES cve_2013_0276_hi
- DYNAMIC_OBJECT_ATTRIBUTES dangerous_attr_accessible_hi
- DYNAMIC_OBJECT_ATTRIBUTES dangerous_attr_accessible_low
- DYNAMIC_OBJECT_ATTRIBUTES dangerous_attr_accessible_med
- DYNAMIC_OBJECT_ATTRIBUTES dangerous_permit_key_hi
- DYNAMIC_OBJECT_ATTRIBUTES dangerous_permit_key_med
- DYNAMIC_OBJECT_ATTRIBUTES mass_assign_call_hi
- DYNAMIC_OBJECT_ATTRIBUTES mass_assign_call_low
- DYNAMIC_OBJECT_ATTRIBUTES mass_assign_call_med
- DYNAMIC_OBJECT_ATTRIBUTES mass_assign_permit_all_hi
- DYNAMIC_OBJECT_ATTRIBUTES mass_assign_permit_all_med
- DYNAMIC_OBJECT_ATTRIBUTES mass_assign_without_protection_hi
- DYNAMIC_OBJECT_ATTRIBUTES mass_assign_without_protection_med
- DYNAMIC_OBJECT_ATTRIBUTES no_attr_accessible_hi
- FORWARD_NULL bad_null_value_use
- HARDCODED_CREDENTIALS secret_in_source_med
- IDENTICAL_BRANCHES chain
- IDENTICAL_BRANCHES if
- IDENTICAL_BRANCHES ternary
- INSECURE_COOKIE cookie_missing_secure_flag_low
- INSECURE_COOKIE missing_httponly_low
- INSECURE_DIRECT_OBJECT_REFERENCE unscoped_find_low
- NO_EFFECT none
- NO_EFFECT self_assign
- OPEN_REDIRECT open_redirect_hi
- OPEN_REDIRECT open_redirect_low
- OS_CMD_INJECTION command_injection_hi
- OS_CMD_INJECTION command_injection_med
- PARSE_ERROR none
- PATH_MANIPULATION dynamic_render_path_hi
- PATH_MANIPULATION dynamic_render_path_low
- PATH_MANIPULATION dynamic_render_path_med
- PATH_MANIPULATION dynamic_render_path_rce_hi
- PATH_MANIPULATION file_access_hi
- PATH_MANIPULATION file_access_low
- PATH_MANIPULATION file_access_med
- RAILS_DEFAULT_ROUTES all_default_routes_hi
- RAILS_DEFAULT_ROUTES controller_default_routes_med
- RAILS_DEFAULT_ROUTES cve_2014_0130_hi
- RAILS_DEFAULT_ROUTES cve_2014_0130_med
- RAILS_DEVISE_CONFIG devise_encryptor_hi
- RAILS_DEVISE_CONFIG devise_lock_strategy_low
- RAILS_DEVISE_CONFIG devise_password_length_max_low
- RAILS_DEVISE_CONFIG devise_password_length_max_med
- RAILS_DEVISE_CONFIG devise_password_length_min_low
- RAILS_DEVISE_CONFIG devise_password_length_min_med
- RAILS_DEVISE_CONFIG devise_reset_timeout_hi
- RAILS_MISSING_FILTER_ACTION missing_action_filter_low
- REGEX_INJECTION regex_dos_hi
- REGEX_INJECTION regex_dos_low
- REGEX_INJECTION regex_dos_med
- REGEX_MISSING_ANCHOR validation_regex_hi
- RESOURCE_LEAK unsafe_symbol_creation_low
- REVERSE_INULL none
- REVERSE_TABNABBING reverse_tabnabbing_low
- RUBY_VULNERABLE_LIBRARY cve_2010_3933_hi
- RUBY_VULNERABLE_LIBRARY cve_2011_2929_hi
- RUBY_VULNERABLE_LIBRARY cve_2011_2930_med
- RUBY_VULNERABLE_LIBRARY cve_2011_2931_hi
- RUBY_VULNERABLE_LIBRARY cve_2011_2932_hi
- RUBY_VULNERABLE_LIBRARY cve_2011_3186_med
- RUBY_VULNERABLE_LIBRARY cve_2012_2660_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_2661_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_2695_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_3424_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_3424_low
- RUBY_VULNERABLE_LIBRARY cve_2012_3463_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_3465_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_5664_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_0155_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_0156_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_0269_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_0269_low
- RUBY_VULNERABLE_LIBRARY cve_2013_0269_med
- RUBY_VULNERABLE_LIBRARY cve_2013_0277_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_0277_med
- RUBY_VULNERABLE_LIBRARY cve_2013_0333_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_1854_med
- RUBY_VULNERABLE_LIBRARY cve_2013_1855_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_1857_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_4491_med
- RUBY_VULNERABLE_LIBRARY cve_2013_6414_med
- RUBY_VULNERABLE_LIBRARY cve_2013_6416_call_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_6416_med
- RUBY_VULNERABLE_LIBRARY cve_2013_6417_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_0080_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_0081_call_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_0081_med
- RUBY_VULNERABLE_LIBRARY cve_2014_0082_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_3482_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_3483_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_low
- RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_med
- RUBY_VULNERABLE_LIBRARY cve_2014_3514_med
- RUBY_VULNERABLE_LIBRARY cve_2014_7829_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_3226_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_3226_med
- RUBY_VULNERABLE_LIBRARY cve_2015_3227_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7576_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_7577_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7578_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_7578_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7579_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_7579_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7580_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_7580_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7581_med
- RUBY_VULNERABLE_LIBRARY cve_2016_0751_med
- RUBY_VULNERABLE_LIBRARY cve_2016_6317_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_3741_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_3741_med
- RUBY_VULNERABLE_LIBRARY cve_2018_3760_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_3760_low
- RUBY_VULNERABLE_LIBRARY cve_2018_8048_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_8048_med
- RUBY_VULNERABLE_LIBRARY safe_buffer_vuln_med
- RUBY_VULNERABLE_LIBRARY select_options_vuln_low
- RUBY_VULNERABLE_LIBRARY select_options_vuln_med
- RUBY_VULNERABLE_LIBRARY translate_vuln_hi
- RUBY_VULNERABLE_LIBRARY translate_vuln_med
- SCRIPT_CODE_INJECTION code_eval_hi
- SCRIPT_CODE_INJECTION code_eval_low
- SENSITIVE_DATA_LEAK detailed_exceptions_hi
- SENSITIVE_DATA_LEAK detailed_exceptions_med
- SENSITIVE_DATA_LEAK local_request_config_hi
- SESSION_MANIPULATION session_key_manipulation_hi
- SESSION_MANIPULATION session_key_manipulation_med
- SQLI sql_injection_calculate_hi
- SQLI sql_injection_calculate_low
- SQLI sql_injection_calculate_med
- SQLI sql_injection_connection_hi
- SQLI sql_injection_connection_low
- SQLI sql_injection_connection_med
- SQLI sql_injection_delete_hi
- SQLI sql_injection_delete_low
- SQLI sql_injection_delete_med
- SQLI sql_injection_dynamic_finder_med
- SQLI sql_injection_exists_hi
- SQLI sql_injection_find_by_hi
- SQLI sql_injection_find_hi
- SQLI sql_injection_find_low
- SQLI sql_injection_find_med
- SQLI sql_injection_from_hi
- SQLI sql_injection_from_low
- SQLI sql_injection_from_med
- SQLI sql_injection_group_low
- SQLI sql_injection_group_med
- SQLI sql_injection_having_low
- SQLI sql_injection_having_med
- SQLI sql_injection_hi
- SQLI sql_injection_interp_hi
- SQLI sql_injection_interp_low
- SQLI sql_injection_interp_med
- SQLI sql_injection_joins_hi
- SQLI sql_injection_joins_low
- SQLI sql_injection_joins_med
- SQLI sql_injection_limit_offset_hi
- SQLI sql_injection_limit_offset_low
- SQLI sql_injection_low
- SQLI sql_injection_med
- SQLI sql_injection_not_low
- SQLI sql_injection_order_hi
- SQLI sql_injection_order_low
- SQLI sql_injection_order_med
- SQLI sql_injection_pluck_hi
- SQLI sql_injection_pluck_low
- SQLI sql_injection_pluck_med
- SQLI sql_injection_reorder_hi
- SQLI sql_injection_reorder_low
- SQLI sql_injection_reorder_med
- SQLI sql_injection_select_hi
- SQLI sql_injection_select_med
- SQLI sql_injection_where_hi
- SQLI sql_injection_where_low
- SQLI sql_injection_where_med
- STRICT_TRANSPORT_SECURITY force_ssl_disabled_med
- UNESCAPED_HTML unescaped_output_low
- UNEXPECTED_CONTROL_FLOW continue_in_do_while_false
- UNREACHABLE none
- UNSAFE_BASIC_AUTH basic_auth_password_hi
- UNSAFE_BASIC_AUTH basic_auth_timing_attack_low
- UNSAFE_BASIC_AUTH basic_auth_usage_low
- UNSAFE_DESERIALIZATION unsafe_deserialize_hi
- UNSAFE_DESERIALIZATION unsafe_deserialize_med
- UNSAFE_REFLECTION dangerous_send_hi
- UNSAFE_REFLECTION unsafe_constantize_hi
- UNSAFE_REFLECTION unsafe_constantize_med
- UNSAFE_SESSION_SETTING http_cookies_hi
- UNSAFE_SESSION_SETTING secure_cookies_hi
- UNSAFE_SESSION_SETTING session_secret_hi
- WEAK_PASSWORD_HASH weak_hash_digest_hi
- WEAK_PASSWORD_HASH weak_hash_digest_med
- WEAK_PASSWORD_HASH weak_hash_hmac_med
- XSS cross_site_scripting_hi
- XSS cross_site_scripting_inline_hi
- XSS cross_site_scripting_inline_med
- XSS cross_site_scripting_low
- XSS cross_site_scripting_med
- XSS cve_2011_0446_hi
- XSS cve_2012_3464_med
- XSS cve_2016_6316_hi
- XSS cve_2016_6316_med
- XSS unquoted_attribute_hi
- XSS unquoted_attribute_low
- XSS unquoted_attribute_med
- XSS xss_content_tag_hi
- XSS xss_content_tag_med
- XSS xss_link_to_hi
- XSS xss_link_to_href_hi
- XSS xss_link_to_href_low
- XSS xss_link_to_med
- XSS xss_to_json_hi
- XSS xss_to_json_med
|
- CONSTANT_EXPRESSION_RESULT bit_and_with_zero
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT missing_parentheses
- CONSTANT_EXPRESSION_RESULT none
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT result_independent_of_operands
- CONSTANT_EXPRESSION_RESULT same_on_both_sides
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- COPY_PASTE_ERROR none
- DEADCODE dead_case_in_switch
- DEADCODE dead_default_in_switch
- DEADCODE effectively_constant
- DEADCODE none
- DEADCODE redundant_test
- FORWARD_NULL deref_constant_null
- FORWARD_NULL none
- IDENTICAL_BRANCHES case
- IDENTICAL_BRANCHES chain
- IDENTICAL_BRANCHES if
- IDENTICAL_BRANCHES ternary
- NESTING_INDENT_MISMATCH bad_indentation
- NESTING_INDENT_MISMATCH none
- NO_EFFECT none
- NO_EFFECT self_assign
- OVERFLOW_BEFORE_WIDEN none
- REVERSE_INULL none
- UNREACHABLE none
|
- BAD_CERT_VERIFICATION bad_trust_manager
- BAD_CERT_VERIFICATION none
- CONFIG.ATS_INSECURE none
- CONSTANT_EXPRESSION_RESULT bit_and_with_zero
- CONSTANT_EXPRESSION_RESULT none
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT result_independent_of_operands
- CONSTANT_EXPRESSION_RESULT same_on_both_sides
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- COPY_PASTE_ERROR none
- CUSTOM_KEYBOARD_DATA_LEAK none
- DEADCODE dead_case_in_switch
- DEADCODE dead_default_in_switch
- DEADCODE effectively_constant
- DEADCODE none
- DEADCODE redundant_test
- FORWARD_NULL deref_constant_null
- FORWARD_NULL none
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- IDENTICAL_BRANCHES case
- IDENTICAL_BRANCHES chain
- IDENTICAL_BRANCHES if
- IDENTICAL_BRANCHES ternary
- INSECURE_COMMUNICATION none
- INSECURE_MULTIPEER_CONNECTION none
- PATH_MANIPULATION none
- PROPERTY_MIXUP none
- PW.* none
- REGEX_INJECTION none
- REVERSE_INULL none
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- UNEXPECTED_CONTROL_FLOW continue_in_do_while_false
- UNEXPECTED_CONTROL_FLOW ignored_exception_to_optional
- UNEXPECTED_CONTROL_FLOW useless_defer
- WEAK_BIOMETRIC_AUTH none
- XML_EXTERNAL_ENTITY external_entities
- XPATH_INJECTION none
|
- ANGULAR_BYPASS_SECURITY none
- ANGULAR_ELEMENT_REFERENCE none
- ANGULAR_EXPRESSION_INJECTION none
- ANGULAR_SCE_DISABLED angular_sce_disabled
- AWS_SSL_DISABLED aws_ssl_disabled
- AWS_VALIDATION_DISABLED aws_credentials_validation
- AWS_VALIDATION_DISABLED aws_parameters_validation
- BAD_CERT_VERIFICATION bad_cert_verification
- BAD_CERT_VERIFICATION certificate_validation_disabled
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_fields
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_filesize
- CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
- CONFIG.CORDOVA_EXCESSIVE_LOGGING cordova
- CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_intent_whitelist
- CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_navigation_whitelist
- CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_network_request_whitelist
- CONFIG.CSURF_IGNORE_METHODS csurf_ignore_methods
- CONFIG.ENABLED_DEBUG_MODE debug_mode_enabled
- CONFIG.HANA_XS_PREVENT_XSRF_DISABLED none
- CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
- CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
- CONFIG.JSONWEBTOKEN_NON_EXPIRING_TOKEN jwt_non_expiring_token
- CONFIG.MISSING_GLOBAL_EXCEPTION_HANDLER winston_exception_handling
- CONFIG.MYSQL_SSL_VERIFY_DISABLED mysql_ssl_verify_disabled
- CONFIG.REQUEST_STRICTSSL_DISABLED request_strictssl_disabled
- CONFIG.SEQUELIZE_ENABLED_LOGGING sequelize_logging_enabled
- CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
- CONFIG.SOCKETIO_MAXHTTPBUFFERSIZE_SET_TOO_LARGE socketio_max_buffer_size
- CONFIG.SOCKETIO_ORIGINS_ACCEPT_ALL socketio_all_origins
- CONFIG.UNSAFE_SESSION_TIMEOUT client_sessions_unsafe_session_timeout
- CONFIG.UNSAFE_SESSION_TIMEOUT connect_mongo_session_timeout_too_long
- CONFIG.UNSAFE_SESSION_TIMEOUT connect_redis_session_timeout_too_long
- CONFIG.UNSAFE_SESSION_TIMEOUT google_cloud_connect_datastore_unsafe_session_timeout
- CONFIG.VUE_ROUTER_PARAMS_EXPOSED_TO_PROPS vuerouter_exposed_params
- CONSTANT_EXPRESSION_RESULT bit_and_with_zero
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT missing_parentheses
- CONSTANT_EXPRESSION_RESULT none
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT result_independent_of_operands
- CONSTANT_EXPRESSION_RESULT same_on_both_sides
- CONSTANT_EXPRESSION_RESULT typeof_misuse
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- COOKIE_INJECTION none
- COPY_PASTE_ERROR none
- CORS_MISCONFIGURATION cors_configured_globally
- CORS_MISCONFIGURATION cors_origin_string
- CORS_MISCONFIGURATION cors_with_credentials_all_origin
- CORS_MISCONFIGURATION cors_with_credentials_http_origin
- CORS_MISCONFIGURATION cors_with_credentials_null_origin
- CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
- CORS_MISCONFIGURATION_AUDIT cors_expose_sensitive_header
- CORS_MISCONFIGURATION_AUDIT cors_headers_allowed
- CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
- CORS_MISCONFIGURATION_AUDIT cors_origin_string
- CORS_MISCONFIGURATION_AUDIT cors_preflight_age_too_long
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_all_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_http_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_null_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
- CSRF database_update
- CSRF filesystem_modification
- CSRF none
- CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_cookie_name
- CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_no_validation
- CSRF_MISCONFIGURATION_HAPI_CRUMB insecure_cookie
- CSRF_MISCONFIGURATION_HAPI_CRUMB insufficient_token_entropy
- CSS_INJECTION none
- DEADCODE none
- DEADCODE redundant_test
- DNS_PREFETCHING helmet_dns_prefetching
- DOM_XSS none
- EXPRESS_SESSION_UNSAFE_MEMORYSTORE express_session_unsafe_memorystore
- EXPRESS_WINSTON_SENSITIVE_LOGGING error_logger
- EXPRESS_WINSTON_SENSITIVE_LOGGING meta_data
- EXPRESS_WINSTON_SENSITIVE_LOGGING request_logger
- EXPRESS_X_POWERED_BY_ENABLED x_powered_by_http_header
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_fields
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_filesize
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_use_temp_files
- FORWARD_NULL bad_null_value_use
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HEADER_INJECTION none
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_max_age
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_report_uri
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_set_if
- IDENTICAL_BRANCHES case
- IDENTICAL_BRANCHES chain
- IDENTICAL_BRANCHES if
- IDENTICAL_BRANCHES ternary
- INSECURE_ACL insecure_acl
- INSECURE_COMMUNICATION insecure_connection
- INSECURE_COOKIE client_sessions_express_session
- INSECURE_COOKIE hapi_server_session
- INSECURE_RANDOM insecure_random_used
- INSECURE_RANDOM insecure_random_value
- INSECURE_REFERRER_POLICY insecure_referrer_policy
- INSECURE_SALT hardcoded
- INSUFFICIENT_LOGGING logging_obligation
- INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_aws
- INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_google
- JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_exipration
- JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_not_before
- JSONWEBTOKEN_UNTRUSTED_DECODE jwt_untrusted_decode
- LOCALSTORAGE_MANIPULATION none
- LOCALSTORAGE_WRITE none
- MISSING_AUTHZ none
- MISSING_BREAK none
- MISSING_IFRAME_SANDBOX none
- MULTER_MISCONFIGURATION multer_applied_globally
- MULTER_MISCONFIGURATION multer_custom_file_filter
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_count
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
- MULTER_MISCONFIGURATION multer_misconfiguration_of_limits
- MULTER_MISCONFIGURATION multer_misconfiguration_of_storage
- NESTING_INDENT_MISMATCH bad_indentation
- NESTING_INDENT_MISMATCH none
- NOSQL_QUERY_INJECTION none
- NO_EFFECT none
- NO_EFFECT self_assign
- NULL_RETURNS none
- OPEN_REDIRECT none
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- REACT_DANGEROUS_INNERHTML react_set_unsafe_html
- REGEX_INJECTION none
- REVERSE_INULL none
- REVERSE_TABNABBING react_target_blank
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO insecure_cipher
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SA.RISKY_CRYPTO ssl_protocol
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SESSIONSTORAGE_MANIPULATION none
- SQLI none
- SQLI nosink
- SQLI sink
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
- TEMPLATE_INJECTION none
- TEMPORARY_CREDENTIALS_DURATION temporary_credentials_duration
- UNCHECKED_ORIGIN none
- UNEXPECTED_CONTROL_FLOW continue_in_do_while_false
- UNLESS_CASE_SENSITIVE_ROUTE_MATCHING express_unless_case_sensitive_route_matching
- UNREACHABLE none
- UNRESTRICTED_MESSAGE_TARGET none
- UNSAFE_BUFFER_METHOD unsafe_buffer_method
- UNSAFE_DESERIALIZATION none
- URL_MANIPULATION none
- VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
- WEAK_URL_SANITIZATION hostname_regular_expression
- WEAK_URL_SANITIZATION regular_expression_anchor
- WEAK_URL_SANITIZATION url_substring
- XML_EXTERNAL_ENTITY entity_expansion
- XML_EXTERNAL_ENTITY external_entities
- XSS none
|
- ASPNET_MVC_VERSION_HEADER none
- CONFIG.DYNAMIC_DATA_HTML_COMMENT none
- CONFIG.MISSING_CUSTOM_ERROR_PAGE none
- COPY_PASTE_ERROR none
- CSRF database_update
- CSRF filesystem_modification
- CSRF none
- DEADCODE dead_case_in_switch
- DEADCODE dead_default_in_switch
- DEADCODE effectively_constant
- DEADCODE none
- DEADCODE redundant_test
- DIVIDE_BY_ZERO float_divisor
- DIVIDE_BY_ZERO none
- FORWARD_NULL deref_constant_null
- FORWARD_NULL deref_constant_zero
- FORWARD_NULL dynamic_cast
- FORWARD_NULL none
- FORWARD_NULL null_from_as
- FORWARD_NULL throws_on_null
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HEADER_INJECTION none
- IDENTICAL_BRANCHES case
- IDENTICAL_BRANCHES chain
- IDENTICAL_BRANCHES if
- IDENTICAL_BRANCHES ternary
- INSECURE_RANDOM insecure_random_used
- INSECURE_RANDOM insecure_random_value
- LDAP_INJECTION none
- LDAP_NOT_CONSTANT none
- LOCK_EVASION none
- LOG_INJECTION none
- MISSING_AUTHZ none
- NULL_RETURNS none
- OPEN_REDIRECT none
- OS_CMD_INJECTION command_argument
- OS_CMD_INJECTION executable_file
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- PROPERTY_MIXUP none
- REGEX_INJECTION none
- RESOURCE_LEAK channel
- RESOURCE_LEAK database
- RESOURCE_LEAK exceptional_path
- RESOURCE_LEAK none
- RESOURCE_LEAK socket
- RESOURCE_LEAK stream
- REVERSE_INULL none
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
- UNEXPECTED_CONTROL_FLOW continue_in_do_while_false
- UNLOGGED_SECURITY_EXCEPTION unlogged_security_exception
- UNREACHABLE none
- UNRESTRICTED_DISPATCH none
- UNSAFE_DESERIALIZATION none
- UNSAFE_NAMED_QUERY none
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
- XML_EXTERNAL_ENTITY entity_expansion
- XML_EXTERNAL_ENTITY external_entities
- XML_EXTERNAL_ENTITY unrestricted_dtds
- XML_INJECTION none
- XPATH_INJECTION none
- XSS none
- XSS stored_xss
|
| 18 DEPRECATED: Source Code |
- ASPNET_MVC_VERSION_HEADER none
- BAD_EQ referential
- BAD_EQ_TYPES none
- BAD_LOCK_OBJECT boxed_lock
- BAD_LOCK_OBJECT interned_string_lock
- BAD_LOCK_OBJECT none
- BAD_LOCK_OBJECT single_thread_lock
- BAD_LOCK_OBJECT unsafe_assign_to_locked_field
- CONFIG.ASPNET_VERSION_HEADER none
- CONFIG.CONNECTION_STRING_PASSWORD none
- CONFIG.COOKIES_MISSING_HTTPONLY none
- CONFIG.DEAD_AUTHORIZATION_RULE dead_allow_rule
- CONFIG.DEAD_AUTHORIZATION_RULE dead_deny_rule
- CONFIG.DYNAMIC_DATA_HTML_COMMENT none
- CONFIG.ENABLED_DEBUG_MODE none
- CONFIG.ENABLED_TRACE_MODE none
- CONFIG.MISSING_CUSTOM_ERROR_PAGE none
- CONSTANT_EXPRESSION_RESULT bit_and_with_zero
- CONSTANT_EXPRESSION_RESULT extra_high_bits
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT missing_parentheses
- CONSTANT_EXPRESSION_RESULT none
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT result_independent_of_operands
- CONSTANT_EXPRESSION_RESULT same_on_both_sides
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- COPY_PASTE_ERROR none
- CSRF database_update
- CSRF filesystem_modification
- CSRF none
- DEADCODE dead_case_in_switch
- DEADCODE dead_default_in_switch
- DEADCODE effectively_constant
- DEADCODE none
- DEADCODE redundant_test
- DIVIDE_BY_ZERO float_divisor
- DIVIDE_BY_ZERO none
- FORWARD_NULL deref_constant_null
- FORWARD_NULL deref_constant_zero
- FORWARD_NULL dynamic_cast
- FORWARD_NULL none
- FORWARD_NULL null_from_as
- FORWARD_NULL throws_on_null
- GUARDED_BY_VIOLATION none
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HEADER_INJECTION none
- IDENTICAL_BRANCHES case
- IDENTICAL_BRANCHES chain
- IDENTICAL_BRANCHES if
- IDENTICAL_BRANCHES ternary
- INSECURE_COOKIE dotnet
- INSECURE_RANDOM insecure_random_used
- INSECURE_RANDOM insecure_random_value
- LDAP_INJECTION none
- LDAP_NOT_CONSTANT none
- LOCK_EVASION none
- LOCK_INVERSION none
- LOG_INJECTION none
- MISSING_AUTHZ none
- MISSING_THROW none
- NESTING_INDENT_MISMATCH bad_indentation
- NESTING_INDENT_MISMATCH none
- NON_STATIC_GUARDING_STATIC none
- NOSQL_QUERY_INJECTION none
- NULL_RETURNS none
- NULL_RETURNS unimpl
- OPEN_REDIRECT none
- OS_CMD_INJECTION command_argument
- OS_CMD_INJECTION executable_file
- OS_CMD_INJECTION none
- OVERFLOW_BEFORE_WIDEN none
- PATH_MANIPULATION none
- PROPERTY_MIXUP none
- REGEX_INJECTION none
- RESOURCE_LEAK channel
- RESOURCE_LEAK database
- RESOURCE_LEAK exceptional_path
- RESOURCE_LEAK none
- RESOURCE_LEAK socket
- RESOURCE_LEAK stream
- REVERSE_INULL none
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- UNEXPECTED_CONTROL_FLOW continue_in_do_while_false
- UNKNOWN_LANGUAGE_INJECTION none
- UNLOGGED_SECURITY_EXCEPTION unlogged_security_exception
- UNREACHABLE none
- UNRESTRICTED_DISPATCH none
- UNSAFE_DESERIALIZATION none
- UNSAFE_NAMED_QUERY none
- UNUSED_VALUE adjacent
- UNUSED_VALUE none
- VOLATILE_ATOMICITY compare
- VOLATILE_ATOMICITY none
- VOLATILE_ATOMICITY semantic
- VOLATILE_ATOMICITY threshold
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
- XML_EXTERNAL_ENTITY entity_expansion
- XML_EXTERNAL_ENTITY external_entities
- XML_EXTERNAL_ENTITY unrestricted_dtds
- XML_INJECTION none
- XPATH_INJECTION none
- XSS none
- XSS stored_xss
|
- ALLOC_FREE_MISMATCH none
- ARRAY_VS_SINGLETON none
- ATOMICITY none
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK nested_memory_access
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK sensitive_data_comparison
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_execution_data_leak
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_uninitialized_use
- AUTOSAR C++14 A15-3-3 none
- BAD_ALLOC_ARITHMETIC none
- BAD_ALLOC_STRLEN none
- BAD_COMPARE comparator_misuse
- BAD_COMPARE misuse_of_not
- BAD_COMPARE string_lit_comparison
- BAD_FREE address
- BAD_FREE alloca
- BAD_FREE array
- BAD_FREE first_field_address
- BAD_FREE function_pointer
- BAD_FREE none
- BAD_SIZEOF none
- BAD_SIZEOF sizeof_ptr_expr
- BUFFER_SIZE fixed_size_dest
- BUFFER_SIZE likely_overflow
- BUFFER_SIZE no_null_terminator
- BUFFER_SIZE no_null_terminator_warn
- BUFFER_SIZE none
- BUFFER_SIZE overflow
- BUFFER_SIZE overlapping_buffer
- CHAR_IO none
- CHECKED_RETURN library_function
- CHECKED_RETURN none
- CHECKED_RETURN returns_error_info
- CHECKED_RETURN short_read
- CHECKED_RETURN unchecked_arg
- CHECKED_RETURN user_required
- CHROOT none
- COM.ADDROF_LEAK none
- COM.BAD_FREE none
- COM.BSTR.ALLOC double_free
- COM.BSTR.ALLOC free_uninit
- COM.BSTR.ALLOC leak
- COM.BSTR.ALLOC none
- COM.BSTR.ALLOC use_after_free
- COM.BSTR.ALLOC use_uninit
- COM.BSTR.CONV none
- CONSTANT_EXPRESSION_RESULT bit_and_with_zero
- CONSTANT_EXPRESSION_RESULT extra_high_bits
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT missing_parentheses
- CONSTANT_EXPRESSION_RESULT none
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT pointless_string_compare
- CONSTANT_EXPRESSION_RESULT result_independent_of_operands
- CONSTANT_EXPRESSION_RESULT same_on_both_sides
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- COPY_PASTE_ERROR none
- CTOR_DTOR_LEAK none
- DC.PREDICTABLE_KEY_PASSWORD none
- DC.STREAM_BUFFER none
- DC.STRING_BUFFER none
- DC.WEAK_CRYPTO none
- DEADCODE dead_case_in_switch
- DEADCODE dead_default_in_switch
- DEADCODE effectively_constant
- DEADCODE none
- DEADCODE redundant_test
- DELETE_ARRAY non_array_delete
- DELETE_ARRAY none
- DELETE_ARRAY object
- DELETE_ARRAY scalar
- DIVIDE_BY_ZERO float_divisor
- DIVIDE_BY_ZERO none
- ENUM_AS_BOOLEAN none
- FLOATING_POINT_EQUALITY none
- FORMAT_STRING_INJECTION none
- FORMAT_STRING_INJECTION paranoid
- FORWARD_NULL deref_constant_null
- FORWARD_NULL dynamic_cast
- FORWARD_NULL none
- FORWARD_NULL throws_on_null
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HEADER_INJECTION none
- IDENTICAL_BRANCHES case
- IDENTICAL_BRANCHES chain
- IDENTICAL_BRANCHES if
- IDENTICAL_BRANCHES ternary
- INCOMPATIBLE_CAST endianness
- INCOMPATIBLE_CAST float_vs_integral
- INCOMPATIBLE_CAST none
- INCOMPATIBLE_CAST overrun
- INTEGER_OVERFLOW array_index_read
- INTEGER_OVERFLOW array_index_write
- INTEGER_OVERFLOW const_overflow
- INTEGER_OVERFLOW critical_argument
- INTEGER_OVERFLOW none
- INTEGER_OVERFLOW pointer_deref_read
- INTEGER_OVERFLOW pointer_deref_write
- INTEGER_OVERFLOW return_value_error
- INVALIDATE_ITERATOR none
- LOCK double_lock
- LOCK lock_assert
- LOCK missing_unlock
- LOCK none
- MISMATCHED_ITERATOR mismatched_comparison
- MISMATCHED_ITERATOR none
- MISMATCHED_ITERATOR splice_iterator_mismatch
- MISRA C++-2008 Rule 15-3-2 none
- MISRA_CAST bitwise_op_bad_cast
- MISRA_CAST bitwise_op_no_cast
- MISRA_CAST float_complex_conversion
- MISRA_CAST float_narrowing_conversion
- MISRA_CAST float_non_constant_arg_conversion
- MISRA_CAST float_non_constant_conversion
- MISRA_CAST float_non_constant_rtn_conversion
- MISRA_CAST float_to_integer_cast
- MISRA_CAST float_to_integer_conversion
- MISRA_CAST float_widening_cast
- MISRA_CAST integer_complex_conversion
- MISRA_CAST integer_narrowing_conversion
- MISRA_CAST integer_non_constant_arg_conversion
- MISRA_CAST integer_non_constant_conversion
- MISRA_CAST integer_non_constant_rtn_conversion
- MISRA_CAST integer_signedness_changing_cast
- MISRA_CAST integer_signedness_changing_conversion
- MISRA_CAST integer_to_float_cast
- MISRA_CAST integer_to_float_conversion
- MISRA_CAST integer_widening_cast
- MISRA_CAST none
- MISSING_ASSIGN none
- MISSING_ASSIGN uncalled
- MISSING_BREAK none
- MISSING_COPY none
- MISSING_COPY uncalled
- MISSING_LOCK none
- MIXED_ENUMS inferred
- MIXED_ENUMS none
- NEGATIVE_RETURNS array_index_read
- NEGATIVE_RETURNS array_index_write
- NEGATIVE_RETURNS loop_bound
- NEGATIVE_RETURNS none
- NESTING_INDENT_MISMATCH bad_indentation
- NESTING_INDENT_MISMATCH none
- NO_EFFECT array_null
- NO_EFFECT bad_memset_fill_value
- NO_EFFECT bad_memset_truncated_fill
- NO_EFFECT bad_memset_zero_size
- NO_EFFECT extra_comma
- NO_EFFECT incomplete_delete
- NO_EFFECT no_effect_deref
- NO_EFFECT no_effect_test
- NO_EFFECT self_assign
- NO_EFFECT static_through_instance
- NO_EFFECT unsigned_compare
- NO_EFFECT unsigned_compare_macros
- NO_EFFECT unsigned_enums
- NO_EFFECT useless_continue
- NULL_RETURNS none
- NULL_RETURNS unimpl
- ORDER_REVERSAL none
- OS_CMD_INJECTION none
- OVERFLOW_BEFORE_WIDEN none
- OVERRUN illegal_address
- OVERRUN none
- OVERRUN read
- OVERRUN strlen
- OVERRUN write
- PASS_BY_VALUE none
- PATH_MANIPULATION none
- PRINTF_ARGS invalid_printf_format_string
- PW.* none
- PW.ASSIGN_WHERE_COMPARE_MEANT none
- PW.BAD_CAST none
- PW.BRANCH_PAST_INITIALIZATION none
- PW.CONVERSION_TO_POINTER_LOSES_BITS none
- PW.DIVIDE_BY_ZERO none
- PW.INTEGER_OVERFLOW none
- PW.INTEGER_TOO_LARGE none
- PW.NON_CONST_PRINTF_FORMAT_STRING none
- PW.RETURN_PTR_TO_LOCAL_TEMP none
- PW.SHIFT_COUNT_TOO_LARGE none
- PW.UNSIGNED_COMPARE_WITH_NEGATIVE none
- READLINK none
- RESOURCE_LEAK exceptional_path
- RESOURCE_LEAK fds_handles
- RESOURCE_LEAK none
- RETURN_LOCAL escape_local_addr_to_fields_or_globals
- RETURN_LOCAL none
- REVERSE_INULL none
- REVERSE_NEGATIVE array_index_read
- REVERSE_NEGATIVE array_index_write
- REVERSE_NEGATIVE critical_argument
- REVERSE_NEGATIVE none
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SECURE_CODING none
- SECURE_TEMP none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SIGN_EXTENSION none
- SIZECHECK ampersand_in_size
- SIZECHECK improper_new
- SIZECHECK incorrect_multiplication
- SIZECHECK likely_overflow
- SIZECHECK no_null_terminator
- SIZECHECK none
- SIZEOF_MISMATCH extra_sizeof
- SIZEOF_MISMATCH missing_parentheses
- SIZEOF_MISMATCH none
- SIZEOF_MISMATCH sizeof_punning
- SIZEOF_MISMATCH wrong_size_value
- SIZEOF_MISMATCH wrong_sizeof
- SLEEP none
- SQLI none
- STACK_USE none
- STRING_NULL none
- STRING_OVERFLOW fixed_size_dest
- STRING_OVERFLOW likely_overflow
- STRING_OVERFLOW none
- STRING_SIZE none
- TAINTED_SCALAR allocation
- TAINTED_SCALAR array_index_read
- TAINTED_SCALAR array_index_write
- TAINTED_SCALAR critical_argument
- TAINTED_SCALAR divisor
- TAINTED_SCALAR loop_bound
- TAINTED_SCALAR none
- TAINTED_SCALAR pointer_deref_read
- TAINTED_SCALAR pointer_deref_write
- TAINTED_STRING none
- TOCTOU none
- UNCAUGHT_EXCEPT none
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- UNEXPECTED_CONTROL_FLOW continue_in_do_while_false
- UNINIT array_index_read
- UNINIT array_index_write
- UNINIT none
- UNINIT pointer_deref_read
- UNINIT pointer_deref_write
- UNINIT_CTOR none
- UNINIT_CTOR pointer
- UNREACHABLE none
- UNUSED_VALUE adjacent
- UNUSED_VALUE none
- URL_MANIPULATION none
- USER_POINTER none
- USE_AFTER_FREE deref_read_after_free
- USE_AFTER_FREE deref_write_after_free
- USE_AFTER_FREE double_close
- USE_AFTER_FREE double_free
- USE_AFTER_FREE none
- USE_AFTER_FREE use_after_close
- VIRTUAL_DTOR empty_dtor
- VIRTUAL_DTOR none
- WEAK_GUARD dns
- WEAK_GUARD dns_sensitive_op
- WEAK_GUARD http_referer
- WEAK_GUARD http_referer_sensitive_op
- WEAK_GUARD ip_address
- WEAK_GUARD ip_address_sensitive_op
- WEAK_GUARD none
- WEAK_GUARD os_login
- WEAK_GUARD os_login_sensitive_op
- WEAK_GUARD principal_name
- WEAK_GUARD principal_name_sensitive_op
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
- WRAPPER_ESCAPE COM_deref_read_after_free
- WRAPPER_ESCAPE COM_deref_write_after_free
- WRAPPER_ESCAPE COM_use_after_free
- WRAPPER_ESCAPE deref_read_after_free
- WRAPPER_ESCAPE deref_write_after_free
- WRAPPER_ESCAPE none
- XPATH_INJECTION none
- Y2K38_SAFETY declaration_with_small_time_t
- Y2K38_SAFETY truncation_of_time_t
|
- ALLOC_FREE_MISMATCH none
- ARRAY_VS_SINGLETON none
- ATOMICITY none
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK nested_memory_access
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK sensitive_data_comparison
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_execution_data_leak
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_uninitialized_use
- AUTOSAR C++14 A15-3-3 none
- BAD_ALLOC_ARITHMETIC none
- BAD_ALLOC_STRLEN none
- BAD_COMPARE comparator_misuse
- BAD_COMPARE misuse_of_not
- BAD_COMPARE string_lit_comparison
- BAD_FREE address
- BAD_FREE alloca
- BAD_FREE array
- BAD_FREE first_field_address
- BAD_FREE function_pointer
- BAD_FREE none
- BAD_SIZEOF none
- BAD_SIZEOF sizeof_ptr_expr
- BUFFER_SIZE fixed_size_dest
- BUFFER_SIZE likely_overflow
- BUFFER_SIZE no_null_terminator
- BUFFER_SIZE no_null_terminator_warn
- BUFFER_SIZE none
- BUFFER_SIZE overflow
- BUFFER_SIZE overlapping_buffer
- CHAR_IO none
- CHECKED_RETURN library_function
- CHECKED_RETURN none
- CHECKED_RETURN returns_error_info
- CHECKED_RETURN short_read
- CHECKED_RETURN unchecked_arg
- CHECKED_RETURN user_required
- CHROOT none
- CONSTANT_EXPRESSION_RESULT bit_and_with_zero
- CONSTANT_EXPRESSION_RESULT extra_high_bits
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT missing_parentheses
- CONSTANT_EXPRESSION_RESULT none
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT pointless_string_compare
- CONSTANT_EXPRESSION_RESULT result_independent_of_operands
- CONSTANT_EXPRESSION_RESULT same_on_both_sides
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- COPY_PASTE_ERROR none
- CTOR_DTOR_LEAK none
- DC.PREDICTABLE_KEY_PASSWORD none
- DC.STREAM_BUFFER none
- DC.STRING_BUFFER none
- DC.WEAK_CRYPTO none
- DEADCODE dead_case_in_switch
- DEADCODE dead_default_in_switch
- DEADCODE effectively_constant
- DEADCODE none
- DEADCODE redundant_test
- DELETE_ARRAY non_array_delete
- DELETE_ARRAY none
- DELETE_ARRAY object
- DELETE_ARRAY scalar
- DIVIDE_BY_ZERO float_divisor
- DIVIDE_BY_ZERO none
- ENUM_AS_BOOLEAN none
- FORMAT_STRING_INJECTION none
- FORMAT_STRING_INJECTION paranoid
- FORWARD_NULL deref_constant_null
- FORWARD_NULL dynamic_cast
- FORWARD_NULL none
- FORWARD_NULL throws_on_null
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HEADER_INJECTION none
- IDENTICAL_BRANCHES case
- IDENTICAL_BRANCHES chain
- IDENTICAL_BRANCHES if
- IDENTICAL_BRANCHES ternary
- INCOMPATIBLE_CAST endianness
- INCOMPATIBLE_CAST float_vs_integral
- INCOMPATIBLE_CAST none
- INCOMPATIBLE_CAST overrun
- INTEGER_OVERFLOW array_index_read
- INTEGER_OVERFLOW array_index_write
- INTEGER_OVERFLOW const_overflow
- INTEGER_OVERFLOW critical_argument
- INTEGER_OVERFLOW none
- INTEGER_OVERFLOW pointer_deref_read
- INTEGER_OVERFLOW pointer_deref_write
- INTEGER_OVERFLOW return_value_error
- INVALIDATE_ITERATOR none
- LOCK double_lock
- LOCK lock_assert
- LOCK missing_unlock
- LOCK none
- MISMATCHED_ITERATOR mismatched_comparison
- MISMATCHED_ITERATOR none
- MISMATCHED_ITERATOR splice_iterator_mismatch
- MISRA C++-2008 Rule 15-3-2 none
- MISRA_CAST bitwise_op_bad_cast
- MISRA_CAST bitwise_op_no_cast
- MISRA_CAST float_complex_conversion
- MISRA_CAST float_narrowing_conversion
- MISRA_CAST float_non_constant_arg_conversion
- MISRA_CAST float_non_constant_conversion
- MISRA_CAST float_non_constant_rtn_conversion
- MISRA_CAST float_to_integer_cast
- MISRA_CAST float_to_integer_conversion
- MISRA_CAST float_widening_cast
- MISRA_CAST integer_complex_conversion
- MISRA_CAST integer_narrowing_conversion
- MISRA_CAST integer_non_constant_arg_conversion
- MISRA_CAST integer_non_constant_conversion
- MISRA_CAST integer_non_constant_rtn_conversion
- MISRA_CAST integer_signedness_changing_cast
- MISRA_CAST integer_signedness_changing_conversion
- MISRA_CAST integer_to_float_cast
- MISRA_CAST integer_to_float_conversion
- MISRA_CAST integer_widening_cast
- MISRA_CAST none
- MISSING_ASSIGN none
- MISSING_ASSIGN uncalled
- MISSING_BREAK none
- MISSING_COPY none
- MISSING_COPY uncalled
- MISSING_LOCK none
- MIXED_ENUMS inferred
- MIXED_ENUMS none
- NEGATIVE_RETURNS array_index_read
- NEGATIVE_RETURNS array_index_write
- NEGATIVE_RETURNS loop_bound
- NEGATIVE_RETURNS none
- NESTING_INDENT_MISMATCH bad_indentation
- NESTING_INDENT_MISMATCH none
- NO_EFFECT array_null
- NO_EFFECT bad_memset_fill_value
- NO_EFFECT bad_memset_truncated_fill
- NO_EFFECT bad_memset_zero_size
- NO_EFFECT extra_comma
- NO_EFFECT incomplete_delete
- NO_EFFECT no_effect_deref
- NO_EFFECT no_effect_test
- NO_EFFECT self_assign
- NO_EFFECT static_through_instance
- NO_EFFECT unsigned_compare
- NO_EFFECT unsigned_compare_macros
- NO_EFFECT unsigned_enums
- NO_EFFECT useless_continue
- NULL_RETURNS none
- NULL_RETURNS unimpl
- ORDER_REVERSAL none
- OS_CMD_INJECTION none
- OVERFLOW_BEFORE_WIDEN none
- OVERRUN illegal_address
- OVERRUN none
- OVERRUN read
- OVERRUN strlen
- OVERRUN write
- PASS_BY_VALUE none
- PATH_MANIPULATION none
- PRINTF_ARGS invalid_printf_format_string
- PW.* none
- PW.ASSIGN_WHERE_COMPARE_MEANT none
- PW.BAD_CAST none
- PW.BRANCH_PAST_INITIALIZATION none
- PW.CONVERSION_TO_POINTER_LOSES_BITS none
- PW.DIVIDE_BY_ZERO none
- PW.INTEGER_OVERFLOW none
- PW.INTEGER_TOO_LARGE none
- PW.NON_CONST_PRINTF_FORMAT_STRING none
- PW.RETURN_PTR_TO_LOCAL_TEMP none
- PW.SHIFT_COUNT_TOO_LARGE none
- PW.UNSIGNED_COMPARE_WITH_NEGATIVE none
- READLINK none
- RESOURCE_LEAK exceptional_path
- RESOURCE_LEAK fds_handles
- RESOURCE_LEAK none
- RETURN_LOCAL escape_local_addr_to_fields_or_globals
- RETURN_LOCAL none
- REVERSE_INULL none
- REVERSE_NEGATIVE array_index_read
- REVERSE_NEGATIVE array_index_write
- REVERSE_NEGATIVE critical_argument
- REVERSE_NEGATIVE none
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SECURE_CODING none
- SECURE_TEMP none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SIGN_EXTENSION none
- SIZECHECK ampersand_in_size
- SIZECHECK improper_new
- SIZECHECK incorrect_multiplication
- SIZECHECK likely_overflow
- SIZECHECK no_null_terminator
- SIZECHECK none
- SIZEOF_MISMATCH extra_sizeof
- SIZEOF_MISMATCH missing_parentheses
- SIZEOF_MISMATCH none
- SIZEOF_MISMATCH sizeof_punning
- SIZEOF_MISMATCH wrong_size_value
- SIZEOF_MISMATCH wrong_sizeof
- SLEEP none
- SQLI none
- STACK_USE none
- STRING_NULL none
- STRING_OVERFLOW fixed_size_dest
- STRING_OVERFLOW likely_overflow
- STRING_OVERFLOW none
- STRING_SIZE none
- TAINTED_SCALAR allocation
- TAINTED_SCALAR array_index_read
- TAINTED_SCALAR array_index_write
- TAINTED_SCALAR critical_argument
- TAINTED_SCALAR divisor
- TAINTED_SCALAR loop_bound
- TAINTED_SCALAR none
- TAINTED_SCALAR pointer_deref_read
- TAINTED_SCALAR pointer_deref_write
- TAINTED_STRING none
- TOCTOU none
- UNCAUGHT_EXCEPT none
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- UNEXPECTED_CONTROL_FLOW continue_in_do_while_false
- UNINIT array_index_read
- UNINIT array_index_write
- UNINIT none
- UNINIT pointer_deref_read
- UNINIT pointer_deref_write
- UNINIT_CTOR none
- UNINIT_CTOR pointer
- UNREACHABLE none
- UNUSED_VALUE adjacent
- UNUSED_VALUE none
- URL_MANIPULATION none
- USER_POINTER none
- USE_AFTER_FREE deref_read_after_free
- USE_AFTER_FREE deref_write_after_free
- USE_AFTER_FREE double_close
- USE_AFTER_FREE double_free
- USE_AFTER_FREE none
- USE_AFTER_FREE use_after_close
- VIRTUAL_DTOR empty_dtor
- VIRTUAL_DTOR none
- WEAK_GUARD dns
- WEAK_GUARD dns_sensitive_op
- WEAK_GUARD http_referer
- WEAK_GUARD http_referer_sensitive_op
- WEAK_GUARD ip_address
- WEAK_GUARD ip_address_sensitive_op
- WEAK_GUARD none
- WEAK_GUARD os_login
- WEAK_GUARD os_login_sensitive_op
- WEAK_GUARD principal_name
- WEAK_GUARD principal_name_sensitive_op
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
- WRAPPER_ESCAPE COM_deref_read_after_free
- WRAPPER_ESCAPE COM_deref_write_after_free
- WRAPPER_ESCAPE COM_use_after_free
- WRAPPER_ESCAPE deref_read_after_free
- WRAPPER_ESCAPE deref_write_after_free
- WRAPPER_ESCAPE none
- XPATH_INJECTION none
|
- ATOMICITY none
- CHECKED_RETURN none
- CHECKED_RETURN unchecked_arg
- CONSTANT_EXPRESSION_RESULT bit_and_with_zero
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT missing_parentheses
- CONSTANT_EXPRESSION_RESULT none
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT result_independent_of_operands
- CONSTANT_EXPRESSION_RESULT same_on_both_sides
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- COPY_PASTE_ERROR none
- DEADCODE dead_case_in_switch
- DEADCODE dead_default_in_switch
- DEADCODE effectively_constant
- DEADCODE none
- DEADCODE redundant_test
- DISTRUSTED_DATA_DESERIALIZATION none
- DIVIDE_BY_ZERO float_divisor
- DIVIDE_BY_ZERO none
- FORWARD_NULL deref_constant_null
- FORWARD_NULL none
- GUARDED_BY_VIOLATION none
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HEADER_INJECTION none
- IDENTICAL_BRANCHES case
- IDENTICAL_BRANCHES chain
- IDENTICAL_BRANCHES if
- IDENTICAL_BRANCHES ternary
- INSUFFICIENT_LOGGING logging_obligation
- LOCK double_lock
- LOCK lock_assert
- LOCK missing_unlock
- LOCK none
- LOCK_INVERSION none
- NOSQL_QUERY_INJECTION none
- NULL_RETURNS none
- NULL_RETURNS unimpl
- OPEN_REDIRECT none
- OS_CMD_INJECTION command_as_one_string
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- REVERSE_INULL none
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SLEEP none
- SQLI none
- SQLI nosink
- SQLI sink
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
- TEMPLATE_INJECTION none
- UNUSED_VALUE adjacent
- UNUSED_VALUE none
- URL_MANIPULATION none
- XML_EXTERNAL_ENTITY entity_expansion
- XML_EXTERNAL_ENTITY external_entities
- XSS none
|
- ANDROID_CAPABILITY_LEAK none
- ANDROID_DEBUG_MODE none
- ANDROID_WEBVIEW_FILEACCESS android_webview_file_access
- ATOMICITY none
- BAD_CERT_VERIFICATION bad_hostname_verifier
- BAD_CERT_VERIFICATION bad_revocation_check
- BAD_CERT_VERIFICATION bad_ssl_session
- BAD_CERT_VERIFICATION bad_trust_manager
- BAD_LOCK_OBJECT boxed_lock
- BAD_LOCK_OBJECT interned_string_lock
- BAD_LOCK_OBJECT none
- BAD_LOCK_OBJECT single_thread_lock
- BAD_LOCK_OBJECT unsafe_assign_to_locked_field
- CALL_SUPER clone
- CALL_SUPER finalize
- CHECKED_RETURN library_function
- CHECKED_RETURN none
- CHECKED_RETURN short_read
- CHECKED_RETURN user_required
- CONFIG.ANDROID_BACKUPS_ALLOWED android
- CONFIG.DWR_DEBUG_MODE none
- CONFIG.DYNAMIC_DATA_HTML_COMMENT none
- CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
- CONFIG.JAVAEE_MISSING_HTTPONLY none
- CONFIG.JAVAEE_MISSING_SERVLET_MAPPING javaee
- CONFIG.MISSING_GLOBAL_EXCEPTION_HANDLER none
- CONFIG.MISSING_JSF2_SECURITY_CONSTRAINT none
- CONFIG.MYBATIS_MAPPER_SQLI none
- CONFIG.SPRING_BOOT_SENSITIVE_LOGGING spring_boot_logging
- CONFIG.SPRING_BOOT_SSL_DISABLED spring_boot_certificate_validation_skipped
- CONFIG.SPRING_BOOT_SSL_DISABLED spring_boot_ssl_disabled
- CONFIG.SPRING_SECURITY_CSRF_PROTECTION_DISABLED spring_security
- CONFIG.SPRING_SECURITY_DEBUG_MODE spring_debug_mode_enabled
- CONFIG.SPRING_SECURITY_DEPRECATED_XSS_HEADER deprecated_xss_header
- CONFIG.SPRING_SECURITY_DISABLE_AUTH_TAGS none
- CONFIG.SPRING_SECURITY_EXPOSED_SESSIONID session_id_in_url
- CONFIG.SPRING_SECURITY_HARDCODED_CREDENTIALS none
- CONFIG.SPRING_SECURITY_LOGIN_OVER_HTTP spring_security_login_over_http
- CONFIG.SPRING_SECURITY_REMEMBER_ME_HARDCODED_KEY none
- CONFIG.SPRING_SECURITY_SESSION_FIXATION none
- CONFIG.SPRING_SECURITY_SESSION_FIXATION spring_security_source_code
- CONFIG.SPRING_SECURITY_UNSAFE_AUTHENTICATION_FILTER authentication_filter
- CONFIG.SPRING_SECURITY_WEAK_PASSWORD_HASH weak_encoding_for_password
- CONFIG.STRUTS2_CONFIG_BROWSER_PLUGIN none
- CONFIG.STRUTS2_DYNAMIC_METHOD_INVOCATION none
- CONFIG.STRUTS2_ENABLED_DEV_MODE none
- CONFIG.UNSAFE_SESSION_TIMEOUT none
- CONSTANT_EXPRESSION_RESULT bit_and_with_zero
- CONSTANT_EXPRESSION_RESULT extra_high_bits
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT missing_parentheses
- CONSTANT_EXPRESSION_RESULT none
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT result_independent_of_operands
- CONSTANT_EXPRESSION_RESULT same_on_both_sides
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- COPY_PASTE_ERROR none
- CORS_MISCONFIGURATION cors_with_credentials_http_origin
- CORS_MISCONFIGURATION cors_with_credentials_null_origin
- CORS_MISCONFIGURATION_AUDIT cors_expose_sensitive_header
- CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
- CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
- CSRF database_update
- CSRF filesystem_modification
- CSRF none
- DC.DANGEROUS none
- DC.DEADLOCK none
- DEADCODE dead_case_in_switch
- DEADCODE dead_default_in_switch
- DEADCODE effectively_constant
- DEADCODE none
- DEADCODE redundant_test
- DISABLED_ENCRYPTION text_encryptor
- DIVIDE_BY_ZERO float_divisor
- DIVIDE_BY_ZERO none
- EL_INJECTION none
- EXPOSED_PREFERENCES none
- FB.BC_IMPOSSIBLE_CAST none
- FB.BC_IMPOSSIBLE_DOWNCAST none
- FB.BC_IMPOSSIBLE_DOWNCAST_OF_TOARRAY none
- FB.BC_IMPOSSIBLE_INSTANCEOF none
- FB.BC_NULL_INSTANCEOF none
- FB.BC_VACUOUS_INSTANCEOF none
- FB.BX_BOXING_IMMEDIATELY_UNBOXED_TO_PERFORM_COERCION none
- FB.CN_IDIOM none
- FB.CN_IDIOM_NO_SUPER_CALL none
- FB.CN_IMPLEMENTS_CLONE_BUT_NOT_CLONEABLE none
- FB.DC_DOUBLECHECK none
- FB.DC_PARTIALLY_CONSTRUCTED none
- FB.DE_MIGHT_DROP none
- FB.DE_MIGHT_IGNORE none
- FB.DLS_DEAD_LOCAL_INCREMENT_IN_RETURN none
- FB.DLS_DEAD_LOCAL_STORE none
- FB.DLS_DEAD_LOCAL_STORE_IN_RETURN none
- FB.DLS_DEAD_LOCAL_STORE_OF_NULL none
- FB.DLS_DEAD_LOCAL_STORE_SHADOWS_FIELD none
- FB.DLS_DEAD_STORE_OF_CLASS_LITERAL none
- FB.DLS_OVERWRITTEN_INCREMENT none
- FB.DMI_CONSTANT_DB_PASSWORD none
- FB.DMI_EMPTY_DB_PASSWORD none
- FB.DM_EXIT none
- FB.EI_EXPOSE_REP none
- FB.EI_EXPOSE_REP2 none
- FB.EQ_ABSTRACT_SELF none
- FB.EQ_ALWAYS_FALSE none
- FB.EQ_ALWAYS_TRUE none
- FB.EQ_CHECK_FOR_OPERAND_NOT_COMPATIBLE_WITH_THIS none
- FB.EQ_COMPARETO_USE_OBJECT_EQUALS none
- FB.EQ_COMPARING_CLASS_NAMES none
- FB.EQ_DOESNT_OVERRIDE_EQUALS none
- FB.EQ_DONT_DEFINE_EQUALS_FOR_ENUM none
- FB.EQ_GETCLASS_AND_CLASS_CONSTANT none
- FB.EQ_OTHER_NO_OBJECT none
- FB.EQ_OTHER_USE_OBJECT none
- FB.EQ_OVERRIDING_EQUALS_NOT_SYMMETRIC none
- FB.EQ_SELF_NO_OBJECT none
- FB.EQ_SELF_USE_OBJECT none
- FB.EQ_UNUSUAL none
- FB.ESYNC_EMPTY_SYNC none
- FB.ES_COMPARING_PARAMETER_STRING_WITH_EQ none
- FB.ES_COMPARING_STRINGS_WITH_EQ none
- FB.FI_EMPTY none
- FB.FI_EXPLICIT_INVOCATION none
- FB.FI_FINALIZER_NULLS_FIELDS none
- FB.FI_FINALIZER_ONLY_NULLS_FIELDS none
- FB.FI_MISSING_SUPER_CALL none
- FB.FI_NULLIFY_SUPER none
- FB.FI_PUBLIC_SHOULD_BE_PROTECTED none
- FB.FI_USELESS none
- FB.HRS_REQUEST_PARAMETER_TO_COOKIE none
- FB.HRS_REQUEST_PARAMETER_TO_HTTP_HEADER none
- FB.ICAST_BAD_SHIFT_AMOUNT none
- FB.ICAST_IDIV_CAST_TO_DOUBLE none
- FB.ICAST_INTEGER_MULTIPLY_CAST_TO_LONG none
- FB.ICAST_INT_2_LONG_AS_INSTANT none
- FB.ICAST_INT_CAST_TO_DOUBLE_PASSED_TO_CEIL none
- FB.ICAST_INT_CAST_TO_FLOAT_PASSED_TO_ROUND none
- FB.ICAST_QUESTIONABLE_UNSIGNED_RIGHT_SHIFT none
- FB.IL_INFINITE_RECURSIVE_LOOP none
- FB.IP_PARAMETER_IS_DEAD_BUT_OVERWRITTEN none
- FB.IS2_INCONSISTENT_SYNC none
- FB.IS_FIELD_NOT_GUARDED none
- FB.IS_INCONSISTENT_SYNC none
- FB.LI_LAZY_INIT_STATIC none
- FB.LI_LAZY_INIT_UPDATE_STATIC none
- FB.MS_CANNOT_BE_FINAL none
- FB.NP_ALWAYS_NULL none
- FB.NP_ALWAYS_NULL_EXCEPTION none
- FB.NP_ARGUMENT_MIGHT_BE_NULL none
- FB.NP_BOOLEAN_RETURN_NULL none
- FB.NP_CLONE_COULD_RETURN_NULL none
- FB.NP_CLOSING_NULL none
- FB.NP_DEREFERENCE_OF_READLINE_VALUE none
- FB.NP_DOES_NOT_HANDLE_NULL none
- FB.NP_EQUALS_SHOULD_HANDLE_NULL_ARGUMENT none
- FB.NP_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR none
- FB.NP_GUARANTEED_DEREF none
- FB.NP_GUARANTEED_DEREF_ON_EXCEPTION_PATH none
- FB.NP_IMMEDIATE_DEREFERENCE_OF_READLINE none
- FB.NP_LOAD_OF_KNOWN_NULL_VALUE none
- FB.NP_METHOD_PARAMETER_RELAXING_ANNOTATION none
- FB.NP_METHOD_PARAMETER_TIGHTENS_ANNOTATION none
- FB.NP_METHOD_RETURN_RELAXING_ANNOTATION none
- FB.NP_NONNULL_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR none
- FB.NP_NONNULL_PARAM_VIOLATION none
- FB.NP_NONNULL_RETURN_VIOLATION none
- FB.NP_NULL_INSTANCEOF none
- FB.NP_NULL_ON_SOME_PATH none
- FB.NP_NULL_ON_SOME_PATH_EXCEPTION none
- FB.NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE none
- FB.NP_NULL_ON_SOME_PATH_MIGHT_BE_INFEASIBLE none
- FB.NP_NULL_PARAM_DEREF none
- FB.NP_NULL_PARAM_DEREF_ALL_TARGETS_DANGEROUS none
- FB.NP_NULL_PARAM_DEREF_NONVIRTUAL none
- FB.NP_OPTIONAL_RETURN_NULL none
- FB.NP_PARAMETER_MUST_BE_NONNULL_BUT_MARKED_AS_NULLABLE none
- FB.NP_STORE_INTO_NONNULL_FIELD none
- FB.NP_SYNC_AND_NULL_CHECK_FIELD none
- FB.NP_TOSTRING_COULD_RETURN_NULL none
- FB.NP_UNWRITTEN_FIELD none
- FB.NP_UNWRITTEN_PUBLIC_OR_PROTECTED_FIELD none
- FB.PT_ABSOLUTE_PATH_TRAVERSAL none
- FB.PT_RELATIVE_PATH_TRAVERSAL none
- FB.QBA_QUESTIONABLE_BOOLEAN_ASSIGNMENT none
- FB.RCN_REDUNDANT_COMPARISON_OF_NULL_AND_NONNULL_VALUE none
- FB.RCN_REDUNDANT_COMPARISON_TWO_NULL_VALUES none
- FB.RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE none
- FB.RCN_REDUNDANT_NULLCHECK_OF_NULL_VALUE none
- FB.RCN_REDUNDANT_NULLCHECK_WOULD_HAVE_BEEN_A_NPE none
- FB.REC_CATCH_EXCEPTION none
- FB.RE_BAD_SYNTAX_FOR_REGULAR_EXPRESSION none
- FB.RE_CANT_USE_FILE_SEPARATOR_AS_REGULAR_EXPRESSION none
- FB.RE_POSSIBLE_UNINTENDED_PATTERN none
- FB.RU_INVOKE_RUN none
- FB.RV_RETURN_VALUE_IGNORED_BAD_PRACTICE none
- FB.SF_DEAD_STORE_DUE_TO_SWITCH_FALLTHROUGH none
- FB.SF_DEAD_STORE_DUE_TO_SWITCH_FALLTHROUGH_TO_THROW none
- FB.SF_SWITCH_FALLTHROUGH none
- FB.SQL_NONCONSTANT_STRING_PASSED_TO_EXECUTE none
- FB.SQL_PREPARED_STATEMENT_GENERATED_FROM_NONCONSTANT_STRING none
- FB.STCAL_INVOKE_ON_STATIC_CALENDAR_INSTANCE none
- FB.STCAL_INVOKE_ON_STATIC_DATE_FORMAT_INSTANCE none
- FB.STCAL_STATIC_CALENDAR_INSTANCE none
- FB.STCAL_STATIC_SIMPLE_DATE_FORMAT_INSTANCE none
- FB.XSS_REQUEST_PARAMETER_TO_JSP_WRITER none
- FB.XSS_REQUEST_PARAMETER_TO_SEND_ERROR none
- FB.XSS_REQUEST_PARAMETER_TO_SERVLET_WRITER none
- FORWARD_NULL deref_constant_null
- FORWARD_NULL deref_constant_zero
- FORWARD_NULL needs_null_check
- FORWARD_NULL none
- GUARDED_BY_VIOLATION none
- GUARDED_BY_VIOLATION unlocked_read
- GUARDED_BY_VIOLATION unlocked_write
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HEADER_INJECTION none
- HIBERNATE_BAD_HASHCODE bad_equals
- IDENTICAL_BRANCHES case
- IDENTICAL_BRANCHES chain
- IDENTICAL_BRANCHES if
- IDENTICAL_BRANCHES ternary
- IMPLICIT_INTENT none
- INSECURE_COMMUNICATION insecure_communication
- INSECURE_COMMUNICATION none
- INSECURE_COMMUNICATION unencrypted_connection
- INSECURE_COOKIE java
- INSECURE_HTTP_FIREWALL spring_security
- INSECURE_RANDOM insecure_random_used
- INSECURE_RANDOM insecure_random_value
- INSECURE_REMEMBER_ME_COOKIE remember_me_cookie
- INVALIDATE_ITERATOR map_put
- INVALIDATE_ITERATOR none
- JAVA_CODE_INJECTION none
- JCR_INJECTION none
- JSP_DYNAMIC_INCLUDE none
- JSP_SQL_INJECTION none
- LDAP_INJECTION none
- LDAP_NOT_CONSTANT none
- LOCK_EVASION none
- LOCK_INVERSION none
- LOG_INJECTION none
- MISSING_AUTHZ none
- MISSING_BREAK none
- MISSING_HEADER_VALIDATION missing_header_validation
- MISSING_PERMISSION_FOR_BROADCAST none
- MISSING_PERMISSION_ON_EXPORTED_COMPONENT none
- MISSING_THROW none
- MOBILE_ID_MISUSE none
- NESTING_INDENT_MISMATCH bad_indentation
- NESTING_INDENT_MISMATCH none
- NON_STATIC_GUARDING_STATIC none
- NOSQL_QUERY_INJECTION none
- NULL_RETURNS none
- NULL_RETURNS unimpl
- OGNL_INJECTION none
- OPEN_REDIRECT none
- ORM_LOAD_NULL_CHECK none
- OS_CMD_INJECTION command_as_array_of_args
- OS_CMD_INJECTION command_as_one_string
- OS_CMD_INJECTION none
- OVERFLOW_BEFORE_WIDEN none
- PATH_MANIPULATION none
- PREDICTABLE_RANDOM_SEED random_seed
- PREDICTABLE_RANDOM_SEED secure_random_seed_const
- PREDICTABLE_RANDOM_SEED secure_random_seed_sys_time
- PROPERTY_MIXUP none
- REGEX_CONFUSION none
- REGEX_INJECTION none
- RESOURCE_LEAK exceptional_path
- RESOURCE_LEAK none
- RESOURCE_LEAK socket
- RESOURCE_LEAK stream
- REVERSE_INULL none
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_clipboard
- SENSITIVE_DATA_LEAK cleartext_storage_in_content_provider
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_intent
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SERVLET_ATOMICITY attribute_init_race
- SERVLET_ATOMICITY none
- SERVLET_ATOMICITY violation_on_session_object
- SESSION_FIXATION none
- SINGLETON_RACE none
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
- TRUST_BOUNDARY_VIOLATION none
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- UNEXPECTED_CONTROL_FLOW continue_in_do_while_false
- UNKNOWN_LANGUAGE_INJECTION none
- UNLIMITED_CONCURRENT_SESSIONS unlimited_concurrent_sessions
- UNLOGGED_SECURITY_EXCEPTION unlogged_security_exception
- UNREACHABLE none
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_access
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_read
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_write
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_access
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_read
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_write
- UNRESTRICTED_DISPATCH none
- UNSAFE_DESERIALIZATION none
- UNSAFE_JNI none
- UNSAFE_NAMED_QUERY none
- UNSAFE_REFLECTION none
- UNUSED_VALUE adjacent
- UNUSED_VALUE none
- URL_MANIPULATION bad_content_uri
- URL_MANIPULATION bad_intent_uri
- URL_MANIPULATION bad_web_uri
- USE_AFTER_FREE none
- VERBOSE_ERROR_REPORTING exception_information
- VERBOSE_ERROR_REPORTING stack_trace
- VOLATILE_ATOMICITY compare
- VOLATILE_ATOMICITY none
- VOLATILE_ATOMICITY semantic
- VOLATILE_ATOMICITY threshold
- WEAK_GUARD dns
- WEAK_GUARD dns_sensitive_op
- WEAK_GUARD http_referer
- WEAK_GUARD http_referer_sensitive_op
- WEAK_GUARD ip_address
- WEAK_GUARD ip_address_sensitive_op
- WEAK_GUARD none
- WEAK_GUARD os_login
- WEAK_GUARD os_login_sensitive_op
- WEAK_GUARD principal_name
- WEAK_GUARD principal_name_sensitive_op
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
- XML_EXTERNAL_ENTITY entity_expansion
- XML_EXTERNAL_ENTITY external_entities
- XML_EXTERNAL_ENTITY unrestricted_dtds
- XML_INJECTION none
- XPATH_INJECTION none
- XSS none
- XSS stored_xss
|
- ANGULAR_BYPASS_SECURITY none
- ANGULAR_ELEMENT_REFERENCE none
- ANGULAR_EXPRESSION_INJECTION none
- ANGULAR_SCE_DISABLED angular_sce_disabled
- AWS_SSL_DISABLED aws_ssl_disabled
- AWS_VALIDATION_DISABLED aws_credentials_validation
- AWS_VALIDATION_DISABLED aws_parameters_validation
- BAD_CERT_VERIFICATION bad_cert_verification
- BAD_CERT_VERIFICATION certificate_validation_disabled
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_fields
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_filesize
- CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
- CONFIG.CORDOVA_EXCESSIVE_LOGGING cordova
- CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_intent_whitelist
- CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_navigation_whitelist
- CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_network_request_whitelist
- CONFIG.CSURF_IGNORE_METHODS csurf_ignore_methods
- CONFIG.ENABLED_DEBUG_MODE debug_mode_enabled
- CONFIG.HANA_XS_PREVENT_XSRF_DISABLED none
- CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
- CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
- CONFIG.JSONWEBTOKEN_NON_EXPIRING_TOKEN jwt_non_expiring_token
- CONFIG.MISSING_GLOBAL_EXCEPTION_HANDLER winston_exception_handling
- CONFIG.MYSQL_SSL_VERIFY_DISABLED mysql_ssl_verify_disabled
- CONFIG.REQUEST_STRICTSSL_DISABLED request_strictssl_disabled
- CONFIG.SEQUELIZE_ENABLED_LOGGING sequelize_logging_enabled
- CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
- CONFIG.SOCKETIO_MAXHTTPBUFFERSIZE_SET_TOO_LARGE socketio_max_buffer_size
- CONFIG.SOCKETIO_ORIGINS_ACCEPT_ALL socketio_all_origins
- CONFIG.UNSAFE_SESSION_TIMEOUT client_sessions_unsafe_session_timeout
- CONFIG.UNSAFE_SESSION_TIMEOUT connect_mongo_session_timeout_too_long
- CONFIG.UNSAFE_SESSION_TIMEOUT connect_redis_session_timeout_too_long
- CONFIG.UNSAFE_SESSION_TIMEOUT google_cloud_connect_datastore_unsafe_session_timeout
- CONFIG.VUE_ROUTER_PARAMS_EXPOSED_TO_PROPS vuerouter_exposed_params
- CONSTANT_EXPRESSION_RESULT bit_and_with_zero
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT missing_parentheses
- CONSTANT_EXPRESSION_RESULT none
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT result_independent_of_operands
- CONSTANT_EXPRESSION_RESULT same_on_both_sides
- CONSTANT_EXPRESSION_RESULT typeof_misuse
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- COOKIE_INJECTION none
- COPY_PASTE_ERROR none
- CORS_MISCONFIGURATION cors_configured_globally
- CORS_MISCONFIGURATION cors_origin_string
- CORS_MISCONFIGURATION cors_with_credentials_all_origin
- CORS_MISCONFIGURATION cors_with_credentials_http_origin
- CORS_MISCONFIGURATION cors_with_credentials_null_origin
- CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
- CORS_MISCONFIGURATION_AUDIT cors_expose_sensitive_header
- CORS_MISCONFIGURATION_AUDIT cors_headers_allowed
- CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
- CORS_MISCONFIGURATION_AUDIT cors_origin_string
- CORS_MISCONFIGURATION_AUDIT cors_preflight_age_too_long
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_all_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_http_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_null_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
- CSRF database_update
- CSRF filesystem_modification
- CSRF none
- CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_cookie_name
- CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_no_validation
- CSRF_MISCONFIGURATION_HAPI_CRUMB insecure_cookie
- CSRF_MISCONFIGURATION_HAPI_CRUMB insufficient_token_entropy
- CSS_INJECTION none
- DEADCODE none
- DEADCODE redundant_test
- DNS_PREFETCHING helmet_dns_prefetching
- DOM_XSS none
- EXPRESS_SESSION_UNSAFE_MEMORYSTORE express_session_unsafe_memorystore
- EXPRESS_WINSTON_SENSITIVE_LOGGING error_logger
- EXPRESS_WINSTON_SENSITIVE_LOGGING meta_data
- EXPRESS_WINSTON_SENSITIVE_LOGGING request_logger
- EXPRESS_X_POWERED_BY_ENABLED x_powered_by_http_header
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_fields
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_filesize
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_use_temp_files
- FORWARD_NULL bad_null_value_use
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HEADER_INJECTION none
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_max_age
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_report_uri
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_set_if
- IDENTICAL_BRANCHES case
- IDENTICAL_BRANCHES chain
- IDENTICAL_BRANCHES if
- IDENTICAL_BRANCHES ternary
- INSECURE_ACL insecure_acl
- INSECURE_COMMUNICATION insecure_connection
- INSECURE_COOKIE client_sessions_express_session
- INSECURE_COOKIE hapi_server_session
- INSECURE_RANDOM insecure_random_used
- INSECURE_RANDOM insecure_random_value
- INSECURE_REFERRER_POLICY insecure_referrer_policy
- INSECURE_SALT hardcoded
- INSUFFICIENT_LOGGING logging_obligation
- INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_aws
- INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_google
- JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_exipration
- JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_not_before
- JSONWEBTOKEN_UNTRUSTED_DECODE jwt_untrusted_decode
- LOCALSTORAGE_MANIPULATION none
- LOCALSTORAGE_WRITE none
- MISSING_AUTHZ none
- MISSING_BREAK none
- MISSING_IFRAME_SANDBOX none
- MULTER_MISCONFIGURATION multer_applied_globally
- MULTER_MISCONFIGURATION multer_custom_file_filter
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_count
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
- MULTER_MISCONFIGURATION multer_misconfiguration_of_limits
- MULTER_MISCONFIGURATION multer_misconfiguration_of_storage
- NESTING_INDENT_MISMATCH bad_indentation
- NESTING_INDENT_MISMATCH none
- NOSQL_QUERY_INJECTION none
- NO_EFFECT none
- NO_EFFECT self_assign
- NULL_RETURNS none
- OPEN_REDIRECT none
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- REACT_DANGEROUS_INNERHTML react_set_unsafe_html
- REGEX_INJECTION none
- REVERSE_INULL none
- REVERSE_TABNABBING react_target_blank
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO insecure_cipher
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SA.RISKY_CRYPTO ssl_protocol
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SESSIONSTORAGE_MANIPULATION none
- SQLI none
- SQLI nosink
- SQLI sink
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
- TEMPLATE_INJECTION none
- TEMPORARY_CREDENTIALS_DURATION temporary_credentials_duration
- UNCHECKED_ORIGIN none
- UNEXPECTED_CONTROL_FLOW continue_in_do_while_false
- UNLESS_CASE_SENSITIVE_ROUTE_MATCHING express_unless_case_sensitive_route_matching
- UNREACHABLE none
- UNRESTRICTED_MESSAGE_TARGET none
- UNSAFE_BUFFER_METHOD unsafe_buffer_method
- UNSAFE_DESERIALIZATION none
- URL_MANIPULATION none
- VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
- WEAK_URL_SANITIZATION hostname_regular_expression
- WEAK_URL_SANITIZATION regular_expression_anchor
- WEAK_URL_SANITIZATION url_substring
- XML_EXTERNAL_ENTITY entity_expansion
- XML_EXTERNAL_ENTITY external_entities
- XSS none
|
- ANDROID_CAPABILITY_LEAK none
- ANDROID_DEBUG_MODE none
- BAD_CERT_VERIFICATION bad_hostname_verifier
- BAD_CERT_VERIFICATION bad_revocation_check
- BAD_CERT_VERIFICATION bad_ssl_session
- BAD_CERT_VERIFICATION bad_trust_manager
- CONFIG.ANDROID_BACKUPS_ALLOWED android
- EXPOSED_PREFERENCES none
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HEADER_INJECTION none
- IMPLICIT_INTENT none
- INSECURE_COMMUNICATION none
- INSECURE_RANDOM insecure_random_used
- INSECURE_RANDOM insecure_random_value
- MISSING_PERMISSION_FOR_BROADCAST none
- MOBILE_ID_MISUSE none
- OS_CMD_INJECTION command_as_array_of_args
- OS_CMD_INJECTION command_as_one_string
- PATH_MANIPULATION none
- PREDICTABLE_RANDOM_SEED random_seed
- PREDICTABLE_RANDOM_SEED secure_random_seed_const
- PREDICTABLE_RANDOM_SEED secure_random_seed_sys_time
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_clipboard
- SENSITIVE_DATA_LEAK cleartext_storage_in_content_provider
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_intent
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_access
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_read
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_write
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_access
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_read
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_write
- UNSAFE_DESERIALIZATION none
- URL_MANIPULATION bad_content_uri
- URL_MANIPULATION bad_intent_uri
- URL_MANIPULATION bad_web_uri
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
- XML_EXTERNAL_ENTITY entity_expansion
- XML_EXTERNAL_ENTITY external_entities
- XML_EXTERNAL_ENTITY unrestricted_dtds
|
- ALLOC_FREE_MISMATCH none
- ARRAY_VS_SINGLETON none
- ATOMICITY none
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK nested_memory_access
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK sensitive_data_comparison
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_execution_data_leak
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_uninitialized_use
- BAD_ALLOC_ARITHMETIC none
- BAD_ALLOC_STRLEN none
- BAD_COMPARE comparator_misuse
- BAD_COMPARE misuse_of_not
- BAD_COMPARE string_lit_comparison
- BAD_FREE address
- BAD_FREE alloca
- BAD_FREE array
- BAD_FREE first_field_address
- BAD_FREE function_pointer
- BAD_FREE none
- BAD_SIZEOF none
- BAD_SIZEOF sizeof_ptr_expr
- BUFFER_SIZE fixed_size_dest
- BUFFER_SIZE likely_overflow
- BUFFER_SIZE no_null_terminator
- BUFFER_SIZE no_null_terminator_warn
- BUFFER_SIZE none
- BUFFER_SIZE overflow
- BUFFER_SIZE overlapping_buffer
- CHAR_IO none
- CHECKED_RETURN library_function
- CHECKED_RETURN none
- CHECKED_RETURN short_read
- CHECKED_RETURN unchecked_arg
- CHECKED_RETURN user_required
- CHROOT none
- CONSTANT_EXPRESSION_RESULT bit_and_with_zero
- CONSTANT_EXPRESSION_RESULT extra_high_bits
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT missing_parentheses
- CONSTANT_EXPRESSION_RESULT none
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT pointless_string_compare
- CONSTANT_EXPRESSION_RESULT result_independent_of_operands
- CONSTANT_EXPRESSION_RESULT same_on_both_sides
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- COPY_PASTE_ERROR none
- CTOR_DTOR_LEAK none
- DC.PREDICTABLE_KEY_PASSWORD none
- DC.STREAM_BUFFER none
- DC.STRING_BUFFER none
- DC.WEAK_CRYPTO none
- DEADCODE dead_case_in_switch
- DEADCODE dead_default_in_switch
- DEADCODE effectively_constant
- DEADCODE none
- DEADCODE redundant_test
- DELETE_ARRAY non_array_delete
- DELETE_ARRAY none
- DELETE_ARRAY object
- DELETE_ARRAY scalar
- DIVIDE_BY_ZERO float_divisor
- DIVIDE_BY_ZERO none
- ENUM_AS_BOOLEAN none
- FORMAT_STRING_INJECTION none
- FORMAT_STRING_INJECTION paranoid
- FORWARD_NULL deref_constant_null
- FORWARD_NULL dynamic_cast
- FORWARD_NULL none
- FORWARD_NULL throws_on_null
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HEADER_INJECTION none
- IDENTICAL_BRANCHES case
- IDENTICAL_BRANCHES chain
- IDENTICAL_BRANCHES if
- IDENTICAL_BRANCHES ternary
- INCOMPATIBLE_CAST endianness
- INCOMPATIBLE_CAST float_vs_integral
- INCOMPATIBLE_CAST none
- INCOMPATIBLE_CAST overrun
- INTEGER_OVERFLOW array_index_read
- INTEGER_OVERFLOW array_index_write
- INTEGER_OVERFLOW const_overflow
- INTEGER_OVERFLOW critical_argument
- INTEGER_OVERFLOW none
- INTEGER_OVERFLOW pointer_deref_read
- INTEGER_OVERFLOW pointer_deref_write
- INTEGER_OVERFLOW return_value_error
- INVALIDATE_ITERATOR none
- LOCK double_lock
- LOCK lock_assert
- LOCK missing_unlock
- LOCK none
- MISMATCHED_ITERATOR mismatched_comparison
- MISMATCHED_ITERATOR none
- MISMATCHED_ITERATOR splice_iterator_mismatch
- MISRA_CAST bitwise_op_bad_cast
- MISRA_CAST bitwise_op_no_cast
- MISRA_CAST float_complex_conversion
- MISRA_CAST float_narrowing_conversion
- MISRA_CAST float_non_constant_arg_conversion
- MISRA_CAST float_non_constant_conversion
- MISRA_CAST float_non_constant_rtn_conversion
- MISRA_CAST float_to_integer_cast
- MISRA_CAST float_to_integer_conversion
- MISRA_CAST float_widening_cast
- MISRA_CAST integer_complex_conversion
- MISRA_CAST integer_narrowing_conversion
- MISRA_CAST integer_non_constant_arg_conversion
- MISRA_CAST integer_non_constant_conversion
- MISRA_CAST integer_non_constant_rtn_conversion
- MISRA_CAST integer_signedness_changing_cast
- MISRA_CAST integer_signedness_changing_conversion
- MISRA_CAST integer_to_float_cast
- MISRA_CAST integer_to_float_conversion
- MISRA_CAST integer_widening_cast
- MISRA_CAST none
- MISSING_ASSIGN none
- MISSING_ASSIGN uncalled
- MISSING_BREAK none
- MISSING_COPY none
- MISSING_COPY uncalled
- MISSING_LOCK none
- MIXED_ENUMS inferred
- MIXED_ENUMS none
- NEGATIVE_RETURNS array_index_read
- NEGATIVE_RETURNS array_index_write
- NEGATIVE_RETURNS loop_bound
- NEGATIVE_RETURNS none
- NESTING_INDENT_MISMATCH bad_indentation
- NESTING_INDENT_MISMATCH none
- NO_EFFECT array_null
- NO_EFFECT bad_memset_fill_value
- NO_EFFECT bad_memset_truncated_fill
- NO_EFFECT bad_memset_zero_size
- NO_EFFECT extra_comma
- NO_EFFECT incomplete_delete
- NO_EFFECT no_effect_deref
- NO_EFFECT no_effect_test
- NO_EFFECT self_assign
- NO_EFFECT static_through_instance
- NO_EFFECT unsigned_compare
- NO_EFFECT unsigned_compare_macros
- NO_EFFECT unsigned_enums
- NO_EFFECT useless_continue
- NULL_RETURNS none
- NULL_RETURNS unimpl
- ORDER_REVERSAL none
- OS_CMD_INJECTION none
- OVERFLOW_BEFORE_WIDEN none
- OVERRUN illegal_address
- OVERRUN none
- OVERRUN read
- OVERRUN strlen
- OVERRUN write
- PASS_BY_VALUE none
- PATH_MANIPULATION none
- PRINTF_ARGS invalid_printf_format_string
- READLINK none
- RESOURCE_LEAK exceptional_path
- RESOURCE_LEAK fds_handles
- RESOURCE_LEAK none
- RETURN_LOCAL escape_local_addr_to_fields_or_globals
- RETURN_LOCAL none
- REVERSE_INULL none
- REVERSE_NEGATIVE array_index_read
- REVERSE_NEGATIVE array_index_write
- REVERSE_NEGATIVE critical_argument
- REVERSE_NEGATIVE none
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SECURE_CODING none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SIGN_EXTENSION none
- SIZECHECK ampersand_in_size
- SIZECHECK improper_new
- SIZECHECK incorrect_multiplication
- SIZECHECK likely_overflow
- SIZECHECK no_null_terminator
- SIZECHECK none
- SIZEOF_MISMATCH extra_sizeof
- SIZEOF_MISMATCH missing_parentheses
- SIZEOF_MISMATCH none
- SIZEOF_MISMATCH sizeof_punning
- SIZEOF_MISMATCH wrong_size_value
- SIZEOF_MISMATCH wrong_sizeof
- SLEEP none
- SQLI none
- STACK_USE none
- STRING_NULL none
- STRING_OVERFLOW fixed_size_dest
- STRING_OVERFLOW likely_overflow
- STRING_OVERFLOW none
- STRING_SIZE none
- TAINTED_SCALAR allocation
- TAINTED_SCALAR array_index_read
- TAINTED_SCALAR array_index_write
- TAINTED_SCALAR critical_argument
- TAINTED_SCALAR divisor
- TAINTED_SCALAR loop_bound
- TAINTED_SCALAR none
- TAINTED_SCALAR pointer_deref_read
- TAINTED_SCALAR pointer_deref_write
- TAINTED_STRING none
- TOCTOU none
- UNCAUGHT_EXCEPT none
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- UNEXPECTED_CONTROL_FLOW continue_in_do_while_false
- UNINIT array_index_read
- UNINIT array_index_write
- UNINIT none
- UNINIT pointer_deref_read
- UNINIT pointer_deref_write
- UNINIT_CTOR none
- UNINIT_CTOR pointer
- UNREACHABLE none
- UNUSED_VALUE adjacent
- UNUSED_VALUE none
- URL_MANIPULATION none
- USER_POINTER none
- USE_AFTER_FREE deref_read_after_free
- USE_AFTER_FREE deref_write_after_free
- USE_AFTER_FREE double_close
- USE_AFTER_FREE double_free
- USE_AFTER_FREE none
- USE_AFTER_FREE use_after_close
- VIRTUAL_DTOR empty_dtor
- VIRTUAL_DTOR none
- WEAK_GUARD dns
- WEAK_GUARD dns_sensitive_op
- WEAK_GUARD http_referer
- WEAK_GUARD http_referer_sensitive_op
- WEAK_GUARD ip_address
- WEAK_GUARD ip_address_sensitive_op
- WEAK_GUARD none
- WEAK_GUARD os_login
- WEAK_GUARD os_login_sensitive_op
- WEAK_GUARD principal_name
- WEAK_GUARD principal_name_sensitive_op
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
- WRAPPER_ESCAPE COM_deref_read_after_free
- WRAPPER_ESCAPE COM_deref_write_after_free
- WRAPPER_ESCAPE COM_use_after_free
- WRAPPER_ESCAPE deref_read_after_free
- WRAPPER_ESCAPE deref_write_after_free
- WRAPPER_ESCAPE none
- XPATH_INJECTION none
|
- CONFIG.SYMFONY_CSRF_PROTECTION_DISABLED none
- CONSTANT_EXPRESSION_RESULT bit_and_with_zero
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT missing_parentheses
- CONSTANT_EXPRESSION_RESULT none
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT result_independent_of_operands
- CONSTANT_EXPRESSION_RESULT same_on_both_sides
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- COPY_PASTE_ERROR none
- DEADCODE none
- DEADCODE redundant_test
- FORWARD_NULL bad_null_value_use
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HEADER_INJECTION none
- IDENTICAL_BRANCHES case
- IDENTICAL_BRANCHES chain
- IDENTICAL_BRANCHES if
- IDENTICAL_BRANCHES ternary
- MISSING_AUTHZ none
- MISSING_BREAK none
- NESTING_INDENT_MISMATCH bad_indentation
- NESTING_INDENT_MISMATCH none
- NOSQL_QUERY_INJECTION none
- NO_EFFECT none
- NO_EFFECT self_assign
- OPEN_REDIRECT none
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- SYMFONY_EL_INJECTION none
- UNEXPECTED_CONTROL_FLOW continue_in_do_while_false
- UNREACHABLE none
- UNSAFE_DESERIALIZATION none
- UNSAFE_REFLECTION none
- XML_EXTERNAL_ENTITY external_entities
- XSS none
|
- CONSTANT_EXPRESSION_RESULT bit_and_with_zero
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT missing_parentheses
- CONSTANT_EXPRESSION_RESULT none
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT result_independent_of_operands
- CONSTANT_EXPRESSION_RESULT same_on_both_sides
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- COPY_PASTE_ERROR none
- CSRF database_update
- CSRF none
- DEADCODE none
- DEADCODE redundant_test
- FORWARD_NULL bad_null_value_use
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- IDENTICAL_BRANCHES chain
- IDENTICAL_BRANCHES if
- IDENTICAL_BRANCHES ternary
- MISSING_AUTHZ none
- NOSQL_QUERY_INJECTION none
- OPEN_REDIRECT none
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- REVERSE_INULL none
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- UNREACHABLE none
- UNSAFE_DESERIALIZATION none
- XML_EXTERNAL_ENTITY external_entities
- XSS none
|
- BAD_CERT_VERIFICATION ssl_verification_bypass_hi
- BLACKLIST_FOR_AUTHN auth_blacklist_med
- BLACKLIST_FOR_AUTHN csrf_blacklist_med
- CONSTANT_EXPRESSION_RESULT bit_and_with_zero
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT missing_parentheses
- CONSTANT_EXPRESSION_RESULT none
- CONSTANT_EXPRESSION_RESULT number_as_truth_value
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT result_independent_of_operands
- CONSTANT_EXPRESSION_RESULT same_on_both_sides
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- COOKIE_SERIALIZER_CONFIG unsafe_cookie_serialization_med
- COPY_PASTE_ERROR none
- CSRF csrf_not_protected_by_raising_exception_med
- CSRF csrf_protection_disabled_hi
- CSRF csrf_protection_missing_hi
- CSRF cve_2011_0447_hi
- DEADCODE none
- DEADCODE redundant_test
- DIVIDE_BY_ZERO divide_by_zero_low
- DIVIDE_BY_ZERO divide_by_zero_med
- DYNAMIC_OBJECT_ATTRIBUTES attr_protected_used_med
- DYNAMIC_OBJECT_ATTRIBUTES cve_2013_0276_hi
- DYNAMIC_OBJECT_ATTRIBUTES dangerous_attr_accessible_hi
- DYNAMIC_OBJECT_ATTRIBUTES dangerous_attr_accessible_low
- DYNAMIC_OBJECT_ATTRIBUTES dangerous_attr_accessible_med
- DYNAMIC_OBJECT_ATTRIBUTES dangerous_permit_key_hi
- DYNAMIC_OBJECT_ATTRIBUTES dangerous_permit_key_med
- DYNAMIC_OBJECT_ATTRIBUTES mass_assign_call_hi
- DYNAMIC_OBJECT_ATTRIBUTES mass_assign_call_low
- DYNAMIC_OBJECT_ATTRIBUTES mass_assign_call_med
- DYNAMIC_OBJECT_ATTRIBUTES mass_assign_permit_all_hi
- DYNAMIC_OBJECT_ATTRIBUTES mass_assign_permit_all_med
- DYNAMIC_OBJECT_ATTRIBUTES mass_assign_without_protection_hi
- DYNAMIC_OBJECT_ATTRIBUTES mass_assign_without_protection_med
- DYNAMIC_OBJECT_ATTRIBUTES no_attr_accessible_hi
- FORWARD_NULL bad_null_value_use
- HARDCODED_CREDENTIALS secret_in_source_med
- IDENTICAL_BRANCHES chain
- IDENTICAL_BRANCHES if
- IDENTICAL_BRANCHES ternary
- INSECURE_COOKIE cookie_missing_secure_flag_low
- INSECURE_COOKIE missing_httponly_low
- INSECURE_DIRECT_OBJECT_REFERENCE unscoped_find_low
- NO_EFFECT none
- NO_EFFECT self_assign
- OPEN_REDIRECT open_redirect_hi
- OPEN_REDIRECT open_redirect_low
- OS_CMD_INJECTION command_injection_hi
- OS_CMD_INJECTION command_injection_med
- PARSE_ERROR none
- PATH_MANIPULATION dynamic_render_path_hi
- PATH_MANIPULATION dynamic_render_path_low
- PATH_MANIPULATION dynamic_render_path_med
- PATH_MANIPULATION dynamic_render_path_rce_hi
- PATH_MANIPULATION file_access_hi
- PATH_MANIPULATION file_access_low
- PATH_MANIPULATION file_access_med
- RAILS_DEFAULT_ROUTES all_default_routes_hi
- RAILS_DEFAULT_ROUTES controller_default_routes_med
- RAILS_DEFAULT_ROUTES cve_2014_0130_hi
- RAILS_DEFAULT_ROUTES cve_2014_0130_med
- RAILS_DEVISE_CONFIG devise_encryptor_hi
- RAILS_DEVISE_CONFIG devise_lock_strategy_low
- RAILS_DEVISE_CONFIG devise_password_length_max_low
- RAILS_DEVISE_CONFIG devise_password_length_max_med
- RAILS_DEVISE_CONFIG devise_password_length_min_low
- RAILS_DEVISE_CONFIG devise_password_length_min_med
- RAILS_DEVISE_CONFIG devise_reset_timeout_hi
- RAILS_MISSING_FILTER_ACTION missing_action_filter_low
- REGEX_INJECTION regex_dos_hi
- REGEX_INJECTION regex_dos_low
- REGEX_INJECTION regex_dos_med
- REGEX_MISSING_ANCHOR validation_regex_hi
- RESOURCE_LEAK unsafe_symbol_creation_low
- REVERSE_INULL none
- REVERSE_TABNABBING reverse_tabnabbing_low
- RUBY_VULNERABLE_LIBRARY cve_2010_3933_hi
- RUBY_VULNERABLE_LIBRARY cve_2011_2929_hi
- RUBY_VULNERABLE_LIBRARY cve_2011_2930_med
- RUBY_VULNERABLE_LIBRARY cve_2011_2931_hi
- RUBY_VULNERABLE_LIBRARY cve_2011_2932_hi
- RUBY_VULNERABLE_LIBRARY cve_2011_3186_med
- RUBY_VULNERABLE_LIBRARY cve_2012_2660_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_2661_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_2695_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_3424_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_3424_low
- RUBY_VULNERABLE_LIBRARY cve_2012_3463_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_3465_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_5664_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_0155_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_0156_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_0269_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_0269_low
- RUBY_VULNERABLE_LIBRARY cve_2013_0269_med
- RUBY_VULNERABLE_LIBRARY cve_2013_0277_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_0277_med
- RUBY_VULNERABLE_LIBRARY cve_2013_0333_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_1854_med
- RUBY_VULNERABLE_LIBRARY cve_2013_1855_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_1857_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_4491_med
- RUBY_VULNERABLE_LIBRARY cve_2013_6414_med
- RUBY_VULNERABLE_LIBRARY cve_2013_6416_call_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_6416_med
- RUBY_VULNERABLE_LIBRARY cve_2013_6417_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_0080_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_0081_call_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_0081_med
- RUBY_VULNERABLE_LIBRARY cve_2014_0082_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_3482_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_3483_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_low
- RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_med
- RUBY_VULNERABLE_LIBRARY cve_2014_3514_med
- RUBY_VULNERABLE_LIBRARY cve_2014_7829_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_3226_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_3226_med
- RUBY_VULNERABLE_LIBRARY cve_2015_3227_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7576_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_7577_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7578_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_7578_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7579_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_7579_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7580_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_7580_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7581_med
- RUBY_VULNERABLE_LIBRARY cve_2016_0751_med
- RUBY_VULNERABLE_LIBRARY cve_2016_6317_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_3741_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_3741_med
- RUBY_VULNERABLE_LIBRARY cve_2018_3760_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_3760_low
- RUBY_VULNERABLE_LIBRARY cve_2018_8048_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_8048_med
- RUBY_VULNERABLE_LIBRARY safe_buffer_vuln_med
- RUBY_VULNERABLE_LIBRARY select_options_vuln_low
- RUBY_VULNERABLE_LIBRARY select_options_vuln_med
- RUBY_VULNERABLE_LIBRARY translate_vuln_hi
- RUBY_VULNERABLE_LIBRARY translate_vuln_med
- SCRIPT_CODE_INJECTION code_eval_hi
- SCRIPT_CODE_INJECTION code_eval_low
- SENSITIVE_DATA_LEAK detailed_exceptions_hi
- SENSITIVE_DATA_LEAK detailed_exceptions_med
- SENSITIVE_DATA_LEAK local_request_config_hi
- SESSION_MANIPULATION session_key_manipulation_hi
- SESSION_MANIPULATION session_key_manipulation_med
- SQLI sql_injection_calculate_hi
- SQLI sql_injection_calculate_low
- SQLI sql_injection_calculate_med
- SQLI sql_injection_connection_hi
- SQLI sql_injection_connection_low
- SQLI sql_injection_connection_med
- SQLI sql_injection_delete_hi
- SQLI sql_injection_delete_low
- SQLI sql_injection_delete_med
- SQLI sql_injection_dynamic_finder_med
- SQLI sql_injection_exists_hi
- SQLI sql_injection_find_by_hi
- SQLI sql_injection_find_hi
- SQLI sql_injection_find_low
- SQLI sql_injection_find_med
- SQLI sql_injection_from_hi
- SQLI sql_injection_from_low
- SQLI sql_injection_from_med
- SQLI sql_injection_group_low
- SQLI sql_injection_group_med
- SQLI sql_injection_having_low
- SQLI sql_injection_having_med
- SQLI sql_injection_hi
- SQLI sql_injection_interp_hi
- SQLI sql_injection_interp_low
- SQLI sql_injection_interp_med
- SQLI sql_injection_joins_hi
- SQLI sql_injection_joins_low
- SQLI sql_injection_joins_med
- SQLI sql_injection_limit_offset_hi
- SQLI sql_injection_limit_offset_low
- SQLI sql_injection_low
- SQLI sql_injection_med
- SQLI sql_injection_not_low
- SQLI sql_injection_order_hi
- SQLI sql_injection_order_low
- SQLI sql_injection_order_med
- SQLI sql_injection_pluck_hi
- SQLI sql_injection_pluck_low
- SQLI sql_injection_pluck_med
- SQLI sql_injection_reorder_hi
- SQLI sql_injection_reorder_low
- SQLI sql_injection_reorder_med
- SQLI sql_injection_select_hi
- SQLI sql_injection_select_med
- SQLI sql_injection_where_hi
- SQLI sql_injection_where_low
- SQLI sql_injection_where_med
- STRICT_TRANSPORT_SECURITY force_ssl_disabled_med
- UNESCAPED_HTML unescaped_output_low
- UNEXPECTED_CONTROL_FLOW continue_in_do_while_false
- UNREACHABLE none
- UNSAFE_BASIC_AUTH basic_auth_password_hi
- UNSAFE_BASIC_AUTH basic_auth_timing_attack_low
- UNSAFE_BASIC_AUTH basic_auth_usage_low
- UNSAFE_DESERIALIZATION unsafe_deserialize_hi
- UNSAFE_DESERIALIZATION unsafe_deserialize_med
- UNSAFE_REFLECTION dangerous_send_hi
- UNSAFE_REFLECTION unsafe_constantize_hi
- UNSAFE_REFLECTION unsafe_constantize_med
- UNSAFE_SESSION_SETTING http_cookies_hi
- UNSAFE_SESSION_SETTING secure_cookies_hi
- UNSAFE_SESSION_SETTING session_secret_hi
- WEAK_PASSWORD_HASH weak_hash_digest_hi
- WEAK_PASSWORD_HASH weak_hash_digest_med
- WEAK_PASSWORD_HASH weak_hash_hmac_med
- XSS cross_site_scripting_hi
- XSS cross_site_scripting_inline_hi
- XSS cross_site_scripting_inline_med
- XSS cross_site_scripting_low
- XSS cross_site_scripting_med
- XSS cve_2011_0446_hi
- XSS cve_2012_3464_med
- XSS cve_2016_6316_hi
- XSS cve_2016_6316_med
- XSS unquoted_attribute_hi
- XSS unquoted_attribute_low
- XSS unquoted_attribute_med
- XSS xss_content_tag_hi
- XSS xss_content_tag_med
- XSS xss_link_to_hi
- XSS xss_link_to_href_hi
- XSS xss_link_to_href_low
- XSS xss_link_to_med
- XSS xss_to_json_hi
- XSS xss_to_json_med
|
- CONSTANT_EXPRESSION_RESULT bit_and_with_zero
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT missing_parentheses
- CONSTANT_EXPRESSION_RESULT none
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT result_independent_of_operands
- CONSTANT_EXPRESSION_RESULT same_on_both_sides
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- COPY_PASTE_ERROR none
- DEADCODE dead_case_in_switch
- DEADCODE dead_default_in_switch
- DEADCODE effectively_constant
- DEADCODE none
- DEADCODE redundant_test
- FORWARD_NULL deref_constant_null
- FORWARD_NULL none
- IDENTICAL_BRANCHES case
- IDENTICAL_BRANCHES chain
- IDENTICAL_BRANCHES if
- IDENTICAL_BRANCHES ternary
- NESTING_INDENT_MISMATCH bad_indentation
- NESTING_INDENT_MISMATCH none
- NO_EFFECT none
- NO_EFFECT self_assign
- OVERFLOW_BEFORE_WIDEN none
- REVERSE_INULL none
- UNREACHABLE none
|
- BAD_CERT_VERIFICATION bad_trust_manager
- BAD_CERT_VERIFICATION none
- CONFIG.ATS_INSECURE none
- CONSTANT_EXPRESSION_RESULT bit_and_with_zero
- CONSTANT_EXPRESSION_RESULT none
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT result_independent_of_operands
- CONSTANT_EXPRESSION_RESULT same_on_both_sides
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- COPY_PASTE_ERROR none
- CUSTOM_KEYBOARD_DATA_LEAK none
- DEADCODE dead_case_in_switch
- DEADCODE dead_default_in_switch
- DEADCODE effectively_constant
- DEADCODE none
- DEADCODE redundant_test
- FORWARD_NULL deref_constant_null
- FORWARD_NULL none
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- IDENTICAL_BRANCHES case
- IDENTICAL_BRANCHES chain
- IDENTICAL_BRANCHES if
- IDENTICAL_BRANCHES ternary
- INSECURE_COMMUNICATION none
- INSECURE_MULTIPEER_CONNECTION none
- PATH_MANIPULATION none
- PROPERTY_MIXUP none
- PW.* none
- REGEX_INJECTION none
- REVERSE_INULL none
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- UNEXPECTED_CONTROL_FLOW continue_in_do_while_false
- UNEXPECTED_CONTROL_FLOW ignored_exception_to_optional
- UNEXPECTED_CONTROL_FLOW useless_defer
- WEAK_BIOMETRIC_AUTH none
- XML_EXTERNAL_ENTITY external_entities
- XPATH_INJECTION none
|
- ANGULAR_BYPASS_SECURITY none
- ANGULAR_ELEMENT_REFERENCE none
- ANGULAR_EXPRESSION_INJECTION none
- ANGULAR_SCE_DISABLED angular_sce_disabled
- AWS_SSL_DISABLED aws_ssl_disabled
- AWS_VALIDATION_DISABLED aws_credentials_validation
- AWS_VALIDATION_DISABLED aws_parameters_validation
- BAD_CERT_VERIFICATION bad_cert_verification
- BAD_CERT_VERIFICATION certificate_validation_disabled
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_fields
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_filesize
- CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
- CONFIG.CORDOVA_EXCESSIVE_LOGGING cordova
- CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_intent_whitelist
- CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_navigation_whitelist
- CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_network_request_whitelist
- CONFIG.CSURF_IGNORE_METHODS csurf_ignore_methods
- CONFIG.ENABLED_DEBUG_MODE debug_mode_enabled
- CONFIG.HANA_XS_PREVENT_XSRF_DISABLED none
- CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
- CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
- CONFIG.JSONWEBTOKEN_NON_EXPIRING_TOKEN jwt_non_expiring_token
- CONFIG.MISSING_GLOBAL_EXCEPTION_HANDLER winston_exception_handling
- CONFIG.MYSQL_SSL_VERIFY_DISABLED mysql_ssl_verify_disabled
- CONFIG.REQUEST_STRICTSSL_DISABLED request_strictssl_disabled
- CONFIG.SEQUELIZE_ENABLED_LOGGING sequelize_logging_enabled
- CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
- CONFIG.SOCKETIO_MAXHTTPBUFFERSIZE_SET_TOO_LARGE socketio_max_buffer_size
- CONFIG.SOCKETIO_ORIGINS_ACCEPT_ALL socketio_all_origins
- CONFIG.UNSAFE_SESSION_TIMEOUT client_sessions_unsafe_session_timeout
- CONFIG.UNSAFE_SESSION_TIMEOUT connect_mongo_session_timeout_too_long
- CONFIG.UNSAFE_SESSION_TIMEOUT connect_redis_session_timeout_too_long
- CONFIG.UNSAFE_SESSION_TIMEOUT google_cloud_connect_datastore_unsafe_session_timeout
- CONFIG.VUE_ROUTER_PARAMS_EXPOSED_TO_PROPS vuerouter_exposed_params
- CONSTANT_EXPRESSION_RESULT bit_and_with_zero
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT missing_parentheses
- CONSTANT_EXPRESSION_RESULT none
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT result_independent_of_operands
- CONSTANT_EXPRESSION_RESULT same_on_both_sides
- CONSTANT_EXPRESSION_RESULT typeof_misuse
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- COOKIE_INJECTION none
- COPY_PASTE_ERROR none
- CORS_MISCONFIGURATION cors_configured_globally
- CORS_MISCONFIGURATION cors_origin_string
- CORS_MISCONFIGURATION cors_with_credentials_all_origin
- CORS_MISCONFIGURATION cors_with_credentials_http_origin
- CORS_MISCONFIGURATION cors_with_credentials_null_origin
- CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
- CORS_MISCONFIGURATION_AUDIT cors_expose_sensitive_header
- CORS_MISCONFIGURATION_AUDIT cors_headers_allowed
- CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
- CORS_MISCONFIGURATION_AUDIT cors_origin_string
- CORS_MISCONFIGURATION_AUDIT cors_preflight_age_too_long
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_all_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_http_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_null_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
- CSRF database_update
- CSRF filesystem_modification
- CSRF none
- CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_cookie_name
- CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_no_validation
- CSRF_MISCONFIGURATION_HAPI_CRUMB insecure_cookie
- CSRF_MISCONFIGURATION_HAPI_CRUMB insufficient_token_entropy
- CSS_INJECTION none
- DEADCODE none
- DEADCODE redundant_test
- DNS_PREFETCHING helmet_dns_prefetching
- DOM_XSS none
- EXPRESS_SESSION_UNSAFE_MEMORYSTORE express_session_unsafe_memorystore
- EXPRESS_WINSTON_SENSITIVE_LOGGING error_logger
- EXPRESS_WINSTON_SENSITIVE_LOGGING meta_data
- EXPRESS_WINSTON_SENSITIVE_LOGGING request_logger
- EXPRESS_X_POWERED_BY_ENABLED x_powered_by_http_header
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_fields
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_filesize
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_use_temp_files
- FORWARD_NULL bad_null_value_use
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HEADER_INJECTION none
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_max_age
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_report_uri
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_set_if
- IDENTICAL_BRANCHES case
- IDENTICAL_BRANCHES chain
- IDENTICAL_BRANCHES if
- IDENTICAL_BRANCHES ternary
- INSECURE_ACL insecure_acl
- INSECURE_COMMUNICATION insecure_connection
- INSECURE_COOKIE client_sessions_express_session
- INSECURE_COOKIE hapi_server_session
- INSECURE_RANDOM insecure_random_used
- INSECURE_RANDOM insecure_random_value
- INSECURE_REFERRER_POLICY insecure_referrer_policy
- INSECURE_SALT hardcoded
- INSUFFICIENT_LOGGING logging_obligation
- INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_aws
- INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_google
- JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_exipration
- JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_not_before
- JSONWEBTOKEN_UNTRUSTED_DECODE jwt_untrusted_decode
- LOCALSTORAGE_MANIPULATION none
- LOCALSTORAGE_WRITE none
- MISSING_AUTHZ none
- MISSING_BREAK none
- MISSING_IFRAME_SANDBOX none
- MULTER_MISCONFIGURATION multer_applied_globally
- MULTER_MISCONFIGURATION multer_custom_file_filter
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_count
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
- MULTER_MISCONFIGURATION multer_misconfiguration_of_limits
- MULTER_MISCONFIGURATION multer_misconfiguration_of_storage
- NESTING_INDENT_MISMATCH bad_indentation
- NESTING_INDENT_MISMATCH none
- NOSQL_QUERY_INJECTION none
- NO_EFFECT none
- NO_EFFECT self_assign
- NULL_RETURNS none
- OPEN_REDIRECT none
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- REACT_DANGEROUS_INNERHTML react_set_unsafe_html
- REGEX_INJECTION none
- REVERSE_INULL none
- REVERSE_TABNABBING react_target_blank
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO insecure_cipher
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SA.RISKY_CRYPTO ssl_protocol
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SESSIONSTORAGE_MANIPULATION none
- SQLI none
- SQLI nosink
- SQLI sink
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
- TEMPLATE_INJECTION none
- TEMPORARY_CREDENTIALS_DURATION temporary_credentials_duration
- UNCHECKED_ORIGIN none
- UNEXPECTED_CONTROL_FLOW continue_in_do_while_false
- UNLESS_CASE_SENSITIVE_ROUTE_MATCHING express_unless_case_sensitive_route_matching
- UNREACHABLE none
- UNRESTRICTED_MESSAGE_TARGET none
- UNSAFE_BUFFER_METHOD unsafe_buffer_method
- UNSAFE_DESERIALIZATION none
- URL_MANIPULATION none
- VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
- WEAK_URL_SANITIZATION hostname_regular_expression
- WEAK_URL_SANITIZATION regular_expression_anchor
- WEAK_URL_SANITIZATION url_substring
- XML_EXTERNAL_ENTITY entity_expansion
- XML_EXTERNAL_ENTITY external_entities
- XSS none
|
- ASPNET_MVC_VERSION_HEADER none
- CONFIG.DYNAMIC_DATA_HTML_COMMENT none
- CONFIG.MISSING_CUSTOM_ERROR_PAGE none
- COPY_PASTE_ERROR none
- CSRF database_update
- CSRF filesystem_modification
- CSRF none
- DEADCODE dead_case_in_switch
- DEADCODE dead_default_in_switch
- DEADCODE effectively_constant
- DEADCODE none
- DEADCODE redundant_test
- DIVIDE_BY_ZERO float_divisor
- DIVIDE_BY_ZERO none
- FORWARD_NULL deref_constant_null
- FORWARD_NULL deref_constant_zero
- FORWARD_NULL dynamic_cast
- FORWARD_NULL none
- FORWARD_NULL null_from_as
- FORWARD_NULL throws_on_null
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HEADER_INJECTION none
- IDENTICAL_BRANCHES case
- IDENTICAL_BRANCHES chain
- IDENTICAL_BRANCHES if
- IDENTICAL_BRANCHES ternary
- INSECURE_RANDOM insecure_random_used
- INSECURE_RANDOM insecure_random_value
- LDAP_INJECTION none
- LDAP_NOT_CONSTANT none
- LOCK_EVASION none
- LOG_INJECTION none
- MISSING_AUTHZ none
- NULL_RETURNS none
- OPEN_REDIRECT none
- OS_CMD_INJECTION command_argument
- OS_CMD_INJECTION executable_file
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- PROPERTY_MIXUP none
- REGEX_INJECTION none
- RESOURCE_LEAK channel
- RESOURCE_LEAK database
- RESOURCE_LEAK exceptional_path
- RESOURCE_LEAK none
- RESOURCE_LEAK socket
- RESOURCE_LEAK stream
- REVERSE_INULL none
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
- UNEXPECTED_CONTROL_FLOW continue_in_do_while_false
- UNLOGGED_SECURITY_EXCEPTION unlogged_security_exception
- UNREACHABLE none
- UNRESTRICTED_DISPATCH none
- UNSAFE_DESERIALIZATION none
- UNSAFE_NAMED_QUERY none
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
- XML_EXTERNAL_ENTITY entity_expansion
- XML_EXTERNAL_ENTITY external_entities
- XML_EXTERNAL_ENTITY unrestricted_dtds
- XML_INJECTION none
- XPATH_INJECTION none
- XSS none
- XSS stored_xss
|
| 19 Data Processing Errors |
- ASPNET_MVC_VERSION_HEADER none
- BAD_EQ referential
- CONFIG.ASPNET_VERSION_HEADER none
- CONFIG.COOKIES_MISSING_HTTPONLY none
- CONFIG.DYNAMIC_DATA_HTML_COMMENT none
- CONFIG.ENABLED_DEBUG_MODE none
- CONFIG.ENABLED_TRACE_MODE none
- DIVIDE_BY_ZERO float_divisor
- DIVIDE_BY_ZERO none
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HEADER_INJECTION none
- LDAP_INJECTION none
- LDAP_NOT_CONSTANT none
- LOG_INJECTION none
- NOSQL_QUERY_INJECTION none
- OPEN_REDIRECT none
- OS_CMD_INJECTION command_argument
- OS_CMD_INJECTION executable_file
- OS_CMD_INJECTION none
- OVERFLOW_BEFORE_WIDEN none
- PATH_MANIPULATION none
- REGEX_INJECTION none
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- UNKNOWN_LANGUAGE_INJECTION none
- UNLOGGED_SECURITY_EXCEPTION unlogged_security_exception
- UNRESTRICTED_DISPATCH none
- UNSAFE_NAMED_QUERY none
- XML_EXTERNAL_ENTITY entity_expansion
- XML_EXTERNAL_ENTITY external_entities
- XML_EXTERNAL_ENTITY unrestricted_dtds
- XML_INJECTION none
- XPATH_INJECTION none
- XSS none
- XSS stored_xss
|
- ARRAY_VS_SINGLETON none
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK nested_memory_access
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK sensitive_data_comparison
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_execution_data_leak
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_uninitialized_use
- AUTOSAR C++14 A15-3-3 none
- BAD_ALLOC_ARITHMETIC none
- BAD_ALLOC_STRLEN none
- BAD_COMPARE string_lit_comparison
- BAD_SIZEOF none
- BAD_SIZEOF sizeof_ptr_expr
- BUFFER_SIZE fixed_size_dest
- BUFFER_SIZE likely_overflow
- BUFFER_SIZE no_null_terminator
- BUFFER_SIZE no_null_terminator_warn
- BUFFER_SIZE none
- BUFFER_SIZE overflow
- BUFFER_SIZE overlapping_buffer
- CHAR_IO none
- COM.BAD_FREE none
- COM.BSTR.ALLOC double_free
- COM.BSTR.ALLOC free_uninit
- COM.BSTR.ALLOC none
- COM.BSTR.ALLOC use_after_free
- COM.BSTR.ALLOC use_uninit
- COM.BSTR.CONV none
- DIVIDE_BY_ZERO float_divisor
- DIVIDE_BY_ZERO none
- FLOATING_POINT_EQUALITY none
- FORMAT_STRING_INJECTION none
- FORMAT_STRING_INJECTION paranoid
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HEADER_INJECTION none
- INCOMPATIBLE_CAST endianness
- INCOMPATIBLE_CAST float_vs_integral
- INCOMPATIBLE_CAST none
- INCOMPATIBLE_CAST overrun
- INTEGER_OVERFLOW array_index_read
- INTEGER_OVERFLOW array_index_write
- INTEGER_OVERFLOW const_overflow
- INTEGER_OVERFLOW critical_argument
- INTEGER_OVERFLOW none
- INTEGER_OVERFLOW pointer_deref_read
- INTEGER_OVERFLOW pointer_deref_write
- INTEGER_OVERFLOW return_value_error
- INVALIDATE_ITERATOR none
- MISMATCHED_ITERATOR none
- MISMATCHED_ITERATOR splice_iterator_mismatch
- MISRA C++-2008 Rule 15-3-2 none
- MISRA_CAST bitwise_op_bad_cast
- MISRA_CAST bitwise_op_no_cast
- MISRA_CAST float_complex_conversion
- MISRA_CAST float_narrowing_conversion
- MISRA_CAST float_non_constant_arg_conversion
- MISRA_CAST float_non_constant_conversion
- MISRA_CAST float_non_constant_rtn_conversion
- MISRA_CAST float_to_integer_cast
- MISRA_CAST float_to_integer_conversion
- MISRA_CAST float_widening_cast
- MISRA_CAST integer_complex_conversion
- MISRA_CAST integer_narrowing_conversion
- MISRA_CAST integer_non_constant_arg_conversion
- MISRA_CAST integer_non_constant_conversion
- MISRA_CAST integer_non_constant_rtn_conversion
- MISRA_CAST integer_signedness_changing_cast
- MISRA_CAST integer_signedness_changing_conversion
- MISRA_CAST integer_to_float_cast
- MISRA_CAST integer_to_float_conversion
- MISRA_CAST integer_widening_cast
- MISRA_CAST none
- MISSING_ASSIGN none
- MISSING_ASSIGN uncalled
- MISSING_COPY none
- MISSING_COPY uncalled
- NEGATIVE_RETURNS array_index_read
- NEGATIVE_RETURNS array_index_write
- NEGATIVE_RETURNS loop_bound
- NO_EFFECT bad_memset_truncated_fill
- OS_CMD_INJECTION none
- OVERFLOW_BEFORE_WIDEN none
- OVERRUN illegal_address
- OVERRUN none
- OVERRUN read
- OVERRUN strlen
- OVERRUN write
- PATH_MANIPULATION none
- PW.BAD_CAST none
- PW.CONVERSION_TO_POINTER_LOSES_BITS none
- PW.DIVIDE_BY_ZERO none
- PW.INTEGER_OVERFLOW none
- PW.INTEGER_TOO_LARGE none
- PW.NON_CONST_PRINTF_FORMAT_STRING none
- PW.SHIFT_COUNT_TOO_LARGE none
- READLINK none
- REVERSE_NEGATIVE array_index_read
- REVERSE_NEGATIVE array_index_write
- REVERSE_NEGATIVE critical_argument
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SIGN_EXTENSION none
- SIZECHECK ampersand_in_size
- SIZECHECK improper_new
- SIZECHECK incorrect_multiplication
- SIZECHECK likely_overflow
- SIZECHECK no_null_terminator
- SIZECHECK none
- SIZEOF_MISMATCH sizeof_punning
- SQLI none
- STRING_NULL none
- STRING_OVERFLOW fixed_size_dest
- STRING_OVERFLOW likely_overflow
- STRING_OVERFLOW none
- STRING_SIZE none
- TAINTED_SCALAR allocation
- TAINTED_SCALAR array_index_read
- TAINTED_SCALAR array_index_write
- TAINTED_SCALAR critical_argument
- TAINTED_SCALAR divisor
- TAINTED_SCALAR loop_bound
- TAINTED_SCALAR none
- TAINTED_SCALAR pointer_deref_read
- TAINTED_SCALAR pointer_deref_write
- TAINTED_STRING none
- UNCAUGHT_EXCEPT none
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- URL_MANIPULATION none
- USER_POINTER none
- USE_AFTER_FREE deref_read_after_free
- USE_AFTER_FREE deref_write_after_free
- USE_AFTER_FREE double_free
- USE_AFTER_FREE none
- WEAK_GUARD ip_address
- WEAK_GUARD ip_address_sensitive_op
- WRAPPER_ESCAPE COM_deref_read_after_free
- WRAPPER_ESCAPE COM_deref_write_after_free
- WRAPPER_ESCAPE COM_use_after_free
- WRAPPER_ESCAPE deref_read_after_free
- WRAPPER_ESCAPE deref_write_after_free
- WRAPPER_ESCAPE none
- XPATH_INJECTION none
- Y2K38_SAFETY declaration_with_small_time_t
- Y2K38_SAFETY truncation_of_time_t
|
- ARRAY_VS_SINGLETON none
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK nested_memory_access
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK sensitive_data_comparison
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_execution_data_leak
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_uninitialized_use
- AUTOSAR C++14 A15-3-3 none
- BAD_ALLOC_ARITHMETIC none
- BAD_ALLOC_STRLEN none
- BAD_COMPARE string_lit_comparison
- BAD_SIZEOF none
- BAD_SIZEOF sizeof_ptr_expr
- BUFFER_SIZE fixed_size_dest
- BUFFER_SIZE likely_overflow
- BUFFER_SIZE no_null_terminator
- BUFFER_SIZE no_null_terminator_warn
- BUFFER_SIZE none
- BUFFER_SIZE overflow
- BUFFER_SIZE overlapping_buffer
- CHAR_IO none
- DIVIDE_BY_ZERO float_divisor
- DIVIDE_BY_ZERO none
- FORMAT_STRING_INJECTION none
- FORMAT_STRING_INJECTION paranoid
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HEADER_INJECTION none
- INCOMPATIBLE_CAST endianness
- INCOMPATIBLE_CAST float_vs_integral
- INCOMPATIBLE_CAST none
- INCOMPATIBLE_CAST overrun
- INTEGER_OVERFLOW array_index_read
- INTEGER_OVERFLOW array_index_write
- INTEGER_OVERFLOW const_overflow
- INTEGER_OVERFLOW critical_argument
- INTEGER_OVERFLOW none
- INTEGER_OVERFLOW pointer_deref_read
- INTEGER_OVERFLOW pointer_deref_write
- INTEGER_OVERFLOW return_value_error
- INVALIDATE_ITERATOR none
- MISMATCHED_ITERATOR none
- MISMATCHED_ITERATOR splice_iterator_mismatch
- MISRA C++-2008 Rule 15-3-2 none
- MISRA_CAST bitwise_op_bad_cast
- MISRA_CAST bitwise_op_no_cast
- MISRA_CAST float_complex_conversion
- MISRA_CAST float_narrowing_conversion
- MISRA_CAST float_non_constant_arg_conversion
- MISRA_CAST float_non_constant_conversion
- MISRA_CAST float_non_constant_rtn_conversion
- MISRA_CAST float_to_integer_cast
- MISRA_CAST float_to_integer_conversion
- MISRA_CAST float_widening_cast
- MISRA_CAST integer_complex_conversion
- MISRA_CAST integer_narrowing_conversion
- MISRA_CAST integer_non_constant_arg_conversion
- MISRA_CAST integer_non_constant_conversion
- MISRA_CAST integer_non_constant_rtn_conversion
- MISRA_CAST integer_signedness_changing_cast
- MISRA_CAST integer_signedness_changing_conversion
- MISRA_CAST integer_to_float_cast
- MISRA_CAST integer_to_float_conversion
- MISRA_CAST integer_widening_cast
- MISRA_CAST none
- MISSING_ASSIGN none
- MISSING_ASSIGN uncalled
- MISSING_COPY none
- MISSING_COPY uncalled
- NEGATIVE_RETURNS array_index_read
- NEGATIVE_RETURNS array_index_write
- NEGATIVE_RETURNS loop_bound
- NO_EFFECT bad_memset_truncated_fill
- OS_CMD_INJECTION none
- OVERFLOW_BEFORE_WIDEN none
- OVERRUN illegal_address
- OVERRUN none
- OVERRUN read
- OVERRUN strlen
- OVERRUN write
- PATH_MANIPULATION none
- PW.BAD_CAST none
- PW.CONVERSION_TO_POINTER_LOSES_BITS none
- PW.DIVIDE_BY_ZERO none
- PW.INTEGER_OVERFLOW none
- PW.INTEGER_TOO_LARGE none
- PW.NON_CONST_PRINTF_FORMAT_STRING none
- PW.SHIFT_COUNT_TOO_LARGE none
- READLINK none
- REVERSE_NEGATIVE array_index_read
- REVERSE_NEGATIVE array_index_write
- REVERSE_NEGATIVE critical_argument
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SIGN_EXTENSION none
- SIZECHECK ampersand_in_size
- SIZECHECK improper_new
- SIZECHECK incorrect_multiplication
- SIZECHECK likely_overflow
- SIZECHECK no_null_terminator
- SIZECHECK none
- SIZEOF_MISMATCH sizeof_punning
- SQLI none
- STRING_NULL none
- STRING_OVERFLOW fixed_size_dest
- STRING_OVERFLOW likely_overflow
- STRING_OVERFLOW none
- STRING_SIZE none
- TAINTED_SCALAR allocation
- TAINTED_SCALAR array_index_read
- TAINTED_SCALAR array_index_write
- TAINTED_SCALAR critical_argument
- TAINTED_SCALAR divisor
- TAINTED_SCALAR loop_bound
- TAINTED_SCALAR none
- TAINTED_SCALAR pointer_deref_read
- TAINTED_SCALAR pointer_deref_write
- TAINTED_STRING none
- UNCAUGHT_EXCEPT none
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- URL_MANIPULATION none
- USER_POINTER none
- USE_AFTER_FREE deref_read_after_free
- USE_AFTER_FREE deref_write_after_free
- USE_AFTER_FREE double_free
- USE_AFTER_FREE none
- WEAK_GUARD ip_address
- WEAK_GUARD ip_address_sensitive_op
- WRAPPER_ESCAPE COM_deref_read_after_free
- WRAPPER_ESCAPE COM_deref_write_after_free
- WRAPPER_ESCAPE COM_use_after_free
- WRAPPER_ESCAPE deref_read_after_free
- WRAPPER_ESCAPE deref_write_after_free
- WRAPPER_ESCAPE none
- XPATH_INJECTION none
|
- DIVIDE_BY_ZERO float_divisor
- DIVIDE_BY_ZERO none
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HEADER_INJECTION none
- INSUFFICIENT_LOGGING logging_obligation
- NOSQL_QUERY_INJECTION none
- OPEN_REDIRECT none
- OS_CMD_INJECTION command_as_one_string
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
- TEMPLATE_INJECTION none
- URL_MANIPULATION none
- XML_EXTERNAL_ENTITY entity_expansion
- XML_EXTERNAL_ENTITY external_entities
- XSS none
|
- ANDROID_DEBUG_MODE none
- CONFIG.ANDROID_BACKUPS_ALLOWED android
- CONFIG.DWR_DEBUG_MODE none
- CONFIG.DYNAMIC_DATA_HTML_COMMENT none
- CONFIG.JAVAEE_MISSING_HTTPONLY none
- CONFIG.MYBATIS_MAPPER_SQLI none
- CONFIG.SPRING_BOOT_SENSITIVE_LOGGING spring_boot_logging
- CONFIG.SPRING_BOOT_SSL_DISABLED spring_boot_ssl_disabled
- CONFIG.SPRING_SECURITY_DEBUG_MODE spring_debug_mode_enabled
- CONFIG.SPRING_SECURITY_DEPRECATED_XSS_HEADER deprecated_xss_header
- CONFIG.SPRING_SECURITY_EXPOSED_SESSIONID session_id_in_url
- CONFIG.SPRING_SECURITY_LOGIN_OVER_HTTP spring_security_login_over_http
- CONFIG.SPRING_SECURITY_UNSAFE_AUTHENTICATION_FILTER authentication_filter
- CONFIG.STRUTS2_CONFIG_BROWSER_PLUGIN none
- CONFIG.STRUTS2_DYNAMIC_METHOD_INVOCATION none
- CONFIG.STRUTS2_ENABLED_DEV_MODE none
- CORS_MISCONFIGURATION_AUDIT cors_expose_sensitive_header
- CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
- DISABLED_ENCRYPTION text_encryptor
- DIVIDE_BY_ZERO float_divisor
- DIVIDE_BY_ZERO none
- EL_INJECTION none
- EXPOSED_PREFERENCES none
- FB.BX_BOXING_IMMEDIATELY_UNBOXED_TO_PERFORM_COERCION none
- FB.EQ_ABSTRACT_SELF none
- FB.EQ_ALWAYS_FALSE none
- FB.EQ_ALWAYS_TRUE none
- FB.EQ_CHECK_FOR_OPERAND_NOT_COMPATIBLE_WITH_THIS none
- FB.EQ_COMPARETO_USE_OBJECT_EQUALS none
- FB.EQ_COMPARING_CLASS_NAMES none
- FB.EQ_DOESNT_OVERRIDE_EQUALS none
- FB.EQ_DONT_DEFINE_EQUALS_FOR_ENUM none
- FB.EQ_GETCLASS_AND_CLASS_CONSTANT none
- FB.EQ_OTHER_NO_OBJECT none
- FB.EQ_OTHER_USE_OBJECT none
- FB.EQ_OVERRIDING_EQUALS_NOT_SYMMETRIC none
- FB.EQ_SELF_NO_OBJECT none
- FB.EQ_SELF_USE_OBJECT none
- FB.EQ_UNUSUAL none
- FB.ES_COMPARING_PARAMETER_STRING_WITH_EQ none
- FB.ES_COMPARING_STRINGS_WITH_EQ none
- FB.HRS_REQUEST_PARAMETER_TO_COOKIE none
- FB.HRS_REQUEST_PARAMETER_TO_HTTP_HEADER none
- FB.ICAST_BAD_SHIFT_AMOUNT none
- FB.ICAST_IDIV_CAST_TO_DOUBLE none
- FB.ICAST_INTEGER_MULTIPLY_CAST_TO_LONG none
- FB.ICAST_INT_2_LONG_AS_INSTANT none
- FB.ICAST_INT_CAST_TO_DOUBLE_PASSED_TO_CEIL none
- FB.ICAST_INT_CAST_TO_FLOAT_PASSED_TO_ROUND none
- FB.ICAST_QUESTIONABLE_UNSIGNED_RIGHT_SHIFT none
- FB.MS_CANNOT_BE_FINAL none
- FB.PT_ABSOLUTE_PATH_TRAVERSAL none
- FB.PT_RELATIVE_PATH_TRAVERSAL none
- FB.REC_CATCH_EXCEPTION none
- FB.RE_BAD_SYNTAX_FOR_REGULAR_EXPRESSION none
- FB.RE_CANT_USE_FILE_SEPARATOR_AS_REGULAR_EXPRESSION none
- FB.RE_POSSIBLE_UNINTENDED_PATTERN none
- FB.SQL_NONCONSTANT_STRING_PASSED_TO_EXECUTE none
- FB.SQL_PREPARED_STATEMENT_GENERATED_FROM_NONCONSTANT_STRING none
- FB.XSS_REQUEST_PARAMETER_TO_JSP_WRITER none
- FB.XSS_REQUEST_PARAMETER_TO_SEND_ERROR none
- FB.XSS_REQUEST_PARAMETER_TO_SERVLET_WRITER none
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HEADER_INJECTION none
- HIBERNATE_BAD_HASHCODE bad_equals
- INSECURE_COMMUNICATION insecure_communication
- INSECURE_COMMUNICATION none
- INSECURE_COMMUNICATION unencrypted_connection
- INSECURE_HTTP_FIREWALL spring_security
- INSECURE_REMEMBER_ME_COOKIE remember_me_cookie
- INVALIDATE_ITERATOR map_put
- INVALIDATE_ITERATOR none
- JAVA_CODE_INJECTION none
- JCR_INJECTION none
- JSP_DYNAMIC_INCLUDE none
- JSP_SQL_INJECTION none
- LDAP_INJECTION none
- LDAP_NOT_CONSTANT none
- LOG_INJECTION none
- MISSING_HEADER_VALIDATION missing_header_validation
- NOSQL_QUERY_INJECTION none
- OGNL_INJECTION none
- OPEN_REDIRECT none
- OS_CMD_INJECTION command_as_array_of_args
- OS_CMD_INJECTION command_as_one_string
- OS_CMD_INJECTION none
- OVERFLOW_BEFORE_WIDEN none
- PATH_MANIPULATION none
- REGEX_CONFUSION none
- REGEX_INJECTION none
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_clipboard
- SENSITIVE_DATA_LEAK cleartext_storage_in_content_provider
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_intent
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- UNKNOWN_LANGUAGE_INJECTION none
- UNLOGGED_SECURITY_EXCEPTION unlogged_security_exception
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_access
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_read
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_write
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_access
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_read
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_write
- UNRESTRICTED_DISPATCH none
- UNSAFE_JNI none
- UNSAFE_NAMED_QUERY none
- UNSAFE_REFLECTION none
- URL_MANIPULATION bad_content_uri
- URL_MANIPULATION bad_intent_uri
- URL_MANIPULATION bad_web_uri
- VERBOSE_ERROR_REPORTING exception_information
- VERBOSE_ERROR_REPORTING stack_trace
- WEAK_GUARD ip_address
- WEAK_GUARD ip_address_sensitive_op
- XML_EXTERNAL_ENTITY entity_expansion
- XML_EXTERNAL_ENTITY external_entities
- XML_EXTERNAL_ENTITY unrestricted_dtds
- XML_INJECTION none
- XPATH_INJECTION none
- XSS none
- XSS stored_xss
|
- ANGULAR_BYPASS_SECURITY none
- ANGULAR_ELEMENT_REFERENCE none
- ANGULAR_EXPRESSION_INJECTION none
- ANGULAR_SCE_DISABLED angular_sce_disabled
- AWS_SSL_DISABLED aws_ssl_disabled
- AWS_VALIDATION_DISABLED aws_parameters_validation
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
- CONFIG.CORDOVA_EXCESSIVE_LOGGING cordova
- CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_intent_whitelist
- CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_navigation_whitelist
- CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_network_request_whitelist
- CONFIG.ENABLED_DEBUG_MODE debug_mode_enabled
- CONFIG.MYSQL_SSL_VERIFY_DISABLED mysql_ssl_verify_disabled
- CONFIG.SEQUELIZE_ENABLED_LOGGING sequelize_logging_enabled
- CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
- CONFIG.VUE_ROUTER_PARAMS_EXPOSED_TO_PROPS vuerouter_exposed_params
- COOKIE_INJECTION none
- CORS_MISCONFIGURATION cors_configured_globally
- CORS_MISCONFIGURATION cors_origin_string
- CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
- CORS_MISCONFIGURATION_AUDIT cors_expose_sensitive_header
- CORS_MISCONFIGURATION_AUDIT cors_origin_string
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
- CSS_INJECTION none
- DNS_PREFETCHING helmet_dns_prefetching
- DOM_XSS none
- EXPRESS_WINSTON_SENSITIVE_LOGGING error_logger
- EXPRESS_WINSTON_SENSITIVE_LOGGING meta_data
- EXPRESS_WINSTON_SENSITIVE_LOGGING request_logger
- EXPRESS_X_POWERED_BY_ENABLED x_powered_by_http_header
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
- HEADER_INJECTION none
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_report_uri
- INSECURE_ACL insecure_acl
- INSECURE_COMMUNICATION insecure_connection
- INSECURE_COOKIE client_sessions_express_session
- INSECURE_COOKIE hapi_server_session
- INSECURE_REFERRER_POLICY insecure_referrer_policy
- INSUFFICIENT_LOGGING logging_obligation
- LOCALSTORAGE_MANIPULATION none
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
- NOSQL_QUERY_INJECTION none
- OPEN_REDIRECT none
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- REACT_DANGEROUS_INNERHTML react_set_unsafe_html
- REGEX_INJECTION none
- REVERSE_TABNABBING react_target_blank
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SESSIONSTORAGE_MANIPULATION none
- SQLI none
- SQLI nosink
- SQLI sink
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
- TEMPLATE_INJECTION none
- UNSAFE_BUFFER_METHOD unsafe_buffer_method
- URL_MANIPULATION none
- VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
- WEAK_URL_SANITIZATION hostname_regular_expression
- WEAK_URL_SANITIZATION regular_expression_anchor
- WEAK_URL_SANITIZATION url_substring
- XML_EXTERNAL_ENTITY entity_expansion
- XML_EXTERNAL_ENTITY external_entities
- XSS none
|
- ANDROID_DEBUG_MODE none
- CONFIG.ANDROID_BACKUPS_ALLOWED android
- EXPOSED_PREFERENCES none
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HEADER_INJECTION none
- INSECURE_COMMUNICATION none
- OS_CMD_INJECTION command_as_array_of_args
- OS_CMD_INJECTION command_as_one_string
- PATH_MANIPULATION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_clipboard
- SENSITIVE_DATA_LEAK cleartext_storage_in_content_provider
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_intent
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_access
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_read
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_write
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_access
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_read
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_write
- URL_MANIPULATION bad_content_uri
- URL_MANIPULATION bad_intent_uri
- URL_MANIPULATION bad_web_uri
- XML_EXTERNAL_ENTITY entity_expansion
- XML_EXTERNAL_ENTITY external_entities
- XML_EXTERNAL_ENTITY unrestricted_dtds
|
- ARRAY_VS_SINGLETON none
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK nested_memory_access
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK sensitive_data_comparison
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_execution_data_leak
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_uninitialized_use
- BAD_ALLOC_ARITHMETIC none
- BAD_ALLOC_STRLEN none
- BAD_COMPARE string_lit_comparison
- BAD_SIZEOF none
- BAD_SIZEOF sizeof_ptr_expr
- BUFFER_SIZE fixed_size_dest
- BUFFER_SIZE likely_overflow
- BUFFER_SIZE no_null_terminator
- BUFFER_SIZE no_null_terminator_warn
- BUFFER_SIZE none
- BUFFER_SIZE overflow
- BUFFER_SIZE overlapping_buffer
- CHAR_IO none
- DIVIDE_BY_ZERO float_divisor
- DIVIDE_BY_ZERO none
- FORMAT_STRING_INJECTION none
- FORMAT_STRING_INJECTION paranoid
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HEADER_INJECTION none
- INCOMPATIBLE_CAST endianness
- INCOMPATIBLE_CAST float_vs_integral
- INCOMPATIBLE_CAST none
- INCOMPATIBLE_CAST overrun
- INTEGER_OVERFLOW array_index_read
- INTEGER_OVERFLOW array_index_write
- INTEGER_OVERFLOW const_overflow
- INTEGER_OVERFLOW critical_argument
- INTEGER_OVERFLOW none
- INTEGER_OVERFLOW pointer_deref_read
- INTEGER_OVERFLOW pointer_deref_write
- INTEGER_OVERFLOW return_value_error
- INVALIDATE_ITERATOR none
- MISMATCHED_ITERATOR none
- MISMATCHED_ITERATOR splice_iterator_mismatch
- MISRA_CAST bitwise_op_bad_cast
- MISRA_CAST bitwise_op_no_cast
- MISRA_CAST float_complex_conversion
- MISRA_CAST float_narrowing_conversion
- MISRA_CAST float_non_constant_arg_conversion
- MISRA_CAST float_non_constant_conversion
- MISRA_CAST float_non_constant_rtn_conversion
- MISRA_CAST float_to_integer_cast
- MISRA_CAST float_to_integer_conversion
- MISRA_CAST float_widening_cast
- MISRA_CAST integer_complex_conversion
- MISRA_CAST integer_narrowing_conversion
- MISRA_CAST integer_non_constant_arg_conversion
- MISRA_CAST integer_non_constant_conversion
- MISRA_CAST integer_non_constant_rtn_conversion
- MISRA_CAST integer_signedness_changing_cast
- MISRA_CAST integer_signedness_changing_conversion
- MISRA_CAST integer_to_float_cast
- MISRA_CAST integer_to_float_conversion
- MISRA_CAST integer_widening_cast
- MISRA_CAST none
- MISSING_ASSIGN none
- MISSING_ASSIGN uncalled
- MISSING_COPY none
- MISSING_COPY uncalled
- NEGATIVE_RETURNS array_index_read
- NEGATIVE_RETURNS array_index_write
- NEGATIVE_RETURNS loop_bound
- NO_EFFECT bad_memset_truncated_fill
- OS_CMD_INJECTION none
- OVERFLOW_BEFORE_WIDEN none
- OVERRUN illegal_address
- OVERRUN none
- OVERRUN read
- OVERRUN strlen
- OVERRUN write
- PATH_MANIPULATION none
- READLINK none
- REVERSE_NEGATIVE array_index_read
- REVERSE_NEGATIVE array_index_write
- REVERSE_NEGATIVE critical_argument
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SIGN_EXTENSION none
- SIZECHECK ampersand_in_size
- SIZECHECK improper_new
- SIZECHECK incorrect_multiplication
- SIZECHECK likely_overflow
- SIZECHECK no_null_terminator
- SIZECHECK none
- SIZEOF_MISMATCH sizeof_punning
- SQLI none
- STRING_NULL none
- STRING_OVERFLOW fixed_size_dest
- STRING_OVERFLOW likely_overflow
- STRING_OVERFLOW none
- STRING_SIZE none
- TAINTED_SCALAR allocation
- TAINTED_SCALAR array_index_read
- TAINTED_SCALAR array_index_write
- TAINTED_SCALAR critical_argument
- TAINTED_SCALAR divisor
- TAINTED_SCALAR loop_bound
- TAINTED_SCALAR none
- TAINTED_SCALAR pointer_deref_read
- TAINTED_SCALAR pointer_deref_write
- TAINTED_STRING none
- UNCAUGHT_EXCEPT none
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- URL_MANIPULATION none
- USER_POINTER none
- USE_AFTER_FREE deref_read_after_free
- USE_AFTER_FREE deref_write_after_free
- USE_AFTER_FREE double_free
- USE_AFTER_FREE none
- WEAK_GUARD ip_address
- WEAK_GUARD ip_address_sensitive_op
- WRAPPER_ESCAPE COM_deref_read_after_free
- WRAPPER_ESCAPE COM_deref_write_after_free
- WRAPPER_ESCAPE COM_use_after_free
- WRAPPER_ESCAPE deref_read_after_free
- WRAPPER_ESCAPE deref_write_after_free
- WRAPPER_ESCAPE none
- XPATH_INJECTION none
|
- HEADER_INJECTION none
- NOSQL_QUERY_INJECTION none
- OPEN_REDIRECT none
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- SYMFONY_EL_INJECTION none
- UNSAFE_REFLECTION none
- XML_EXTERNAL_ENTITY external_entities
- XSS none
|
- NOSQL_QUERY_INJECTION none
- OPEN_REDIRECT none
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- XML_EXTERNAL_ENTITY external_entities
- XSS none
|
- BLACKLIST_FOR_AUTHN auth_blacklist_med
- BLACKLIST_FOR_AUTHN csrf_blacklist_med
- DIVIDE_BY_ZERO divide_by_zero_low
- DIVIDE_BY_ZERO divide_by_zero_med
- DYNAMIC_OBJECT_ATTRIBUTES cve_2013_0276_hi
- DYNAMIC_OBJECT_ATTRIBUTES dangerous_attr_accessible_hi
- DYNAMIC_OBJECT_ATTRIBUTES dangerous_attr_accessible_low
- DYNAMIC_OBJECT_ATTRIBUTES dangerous_attr_accessible_med
- DYNAMIC_OBJECT_ATTRIBUTES dangerous_permit_key_hi
- DYNAMIC_OBJECT_ATTRIBUTES dangerous_permit_key_med
- HARDCODED_CREDENTIALS secret_in_source_med
- OPEN_REDIRECT open_redirect_hi
- OPEN_REDIRECT open_redirect_low
- OS_CMD_INJECTION command_injection_hi
- OS_CMD_INJECTION command_injection_med
- PATH_MANIPULATION dynamic_render_path_hi
- PATH_MANIPULATION dynamic_render_path_low
- PATH_MANIPULATION dynamic_render_path_med
- PATH_MANIPULATION dynamic_render_path_rce_hi
- PATH_MANIPULATION file_access_hi
- PATH_MANIPULATION file_access_low
- PATH_MANIPULATION file_access_med
- REGEX_INJECTION regex_dos_hi
- REGEX_INJECTION regex_dos_low
- REGEX_INJECTION regex_dos_med
- REGEX_MISSING_ANCHOR validation_regex_hi
- REVERSE_TABNABBING reverse_tabnabbing_low
- RUBY_VULNERABLE_LIBRARY cve_2010_3933_hi
- RUBY_VULNERABLE_LIBRARY cve_2011_2929_hi
- RUBY_VULNERABLE_LIBRARY cve_2011_2930_med
- RUBY_VULNERABLE_LIBRARY cve_2011_2931_hi
- RUBY_VULNERABLE_LIBRARY cve_2011_2932_hi
- RUBY_VULNERABLE_LIBRARY cve_2011_3186_med
- RUBY_VULNERABLE_LIBRARY cve_2012_2660_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_2661_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_2695_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_3463_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_3465_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_5664_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_0155_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_1855_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_1857_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_4491_med
- RUBY_VULNERABLE_LIBRARY cve_2013_6416_call_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_6416_med
- RUBY_VULNERABLE_LIBRARY cve_2013_6417_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_0080_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_0081_call_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_0081_med
- RUBY_VULNERABLE_LIBRARY cve_2014_3482_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_3483_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_low
- RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_med
- RUBY_VULNERABLE_LIBRARY cve_2014_3514_med
- RUBY_VULNERABLE_LIBRARY cve_2014_7829_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_3226_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_3226_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7577_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7578_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_7578_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7579_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_7579_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7580_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_7580_med
- RUBY_VULNERABLE_LIBRARY cve_2016_6317_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_3741_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_3741_med
- RUBY_VULNERABLE_LIBRARY cve_2018_3760_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_3760_low
- RUBY_VULNERABLE_LIBRARY cve_2018_8048_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_8048_med
- RUBY_VULNERABLE_LIBRARY safe_buffer_vuln_med
- RUBY_VULNERABLE_LIBRARY select_options_vuln_low
- RUBY_VULNERABLE_LIBRARY select_options_vuln_med
- RUBY_VULNERABLE_LIBRARY translate_vuln_hi
- RUBY_VULNERABLE_LIBRARY translate_vuln_med
- SCRIPT_CODE_INJECTION code_eval_hi
- SCRIPT_CODE_INJECTION code_eval_low
- SENSITIVE_DATA_LEAK detailed_exceptions_hi
- SENSITIVE_DATA_LEAK detailed_exceptions_med
- SENSITIVE_DATA_LEAK local_request_config_hi
- SQLI sql_injection_calculate_hi
- SQLI sql_injection_calculate_low
- SQLI sql_injection_calculate_med
- SQLI sql_injection_connection_hi
- SQLI sql_injection_connection_low
- SQLI sql_injection_connection_med
- SQLI sql_injection_delete_hi
- SQLI sql_injection_delete_low
- SQLI sql_injection_delete_med
- SQLI sql_injection_dynamic_finder_med
- SQLI sql_injection_exists_hi
- SQLI sql_injection_find_by_hi
- SQLI sql_injection_find_hi
- SQLI sql_injection_find_low
- SQLI sql_injection_find_med
- SQLI sql_injection_from_hi
- SQLI sql_injection_from_low
- SQLI sql_injection_from_med
- SQLI sql_injection_group_low
- SQLI sql_injection_group_med
- SQLI sql_injection_having_low
- SQLI sql_injection_having_med
- SQLI sql_injection_hi
- SQLI sql_injection_interp_hi
- SQLI sql_injection_interp_low
- SQLI sql_injection_interp_med
- SQLI sql_injection_joins_hi
- SQLI sql_injection_joins_low
- SQLI sql_injection_joins_med
- SQLI sql_injection_limit_offset_hi
- SQLI sql_injection_limit_offset_low
- SQLI sql_injection_low
- SQLI sql_injection_med
- SQLI sql_injection_not_low
- SQLI sql_injection_order_hi
- SQLI sql_injection_order_low
- SQLI sql_injection_order_med
- SQLI sql_injection_pluck_hi
- SQLI sql_injection_pluck_low
- SQLI sql_injection_pluck_med
- SQLI sql_injection_reorder_hi
- SQLI sql_injection_reorder_low
- SQLI sql_injection_reorder_med
- SQLI sql_injection_select_hi
- SQLI sql_injection_select_med
- SQLI sql_injection_where_hi
- SQLI sql_injection_where_low
- SQLI sql_injection_where_med
- STRICT_TRANSPORT_SECURITY force_ssl_disabled_med
- UNESCAPED_HTML unescaped_output_low
- UNSAFE_REFLECTION dangerous_send_hi
- UNSAFE_REFLECTION unsafe_constantize_hi
- UNSAFE_REFLECTION unsafe_constantize_med
- XSS cross_site_scripting_hi
- XSS cross_site_scripting_inline_hi
- XSS cross_site_scripting_inline_med
- XSS cross_site_scripting_low
- XSS cross_site_scripting_med
- XSS cve_2011_0446_hi
- XSS cve_2012_3464_med
- XSS cve_2016_6316_hi
- XSS cve_2016_6316_med
- XSS unquoted_attribute_hi
- XSS unquoted_attribute_low
- XSS unquoted_attribute_med
- XSS xss_content_tag_hi
- XSS xss_content_tag_med
- XSS xss_link_to_hi
- XSS xss_link_to_href_hi
- XSS xss_link_to_href_low
- XSS xss_link_to_med
- XSS xss_to_json_hi
- XSS xss_to_json_med
|
- OVERFLOW_BEFORE_WIDEN none
|
- CONFIG.ATS_INSECURE none
- INSECURE_COMMUNICATION none
- INSECURE_MULTIPEER_CONNECTION none
- PATH_MANIPULATION none
- REGEX_INJECTION none
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- XML_EXTERNAL_ENTITY external_entities
- XPATH_INJECTION none
|
- ANGULAR_BYPASS_SECURITY none
- ANGULAR_ELEMENT_REFERENCE none
- ANGULAR_EXPRESSION_INJECTION none
- ANGULAR_SCE_DISABLED angular_sce_disabled
- AWS_SSL_DISABLED aws_ssl_disabled
- AWS_VALIDATION_DISABLED aws_parameters_validation
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
- CONFIG.CORDOVA_EXCESSIVE_LOGGING cordova
- CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_intent_whitelist
- CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_navigation_whitelist
- CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_network_request_whitelist
- CONFIG.ENABLED_DEBUG_MODE debug_mode_enabled
- CONFIG.MYSQL_SSL_VERIFY_DISABLED mysql_ssl_verify_disabled
- CONFIG.SEQUELIZE_ENABLED_LOGGING sequelize_logging_enabled
- CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
- CONFIG.VUE_ROUTER_PARAMS_EXPOSED_TO_PROPS vuerouter_exposed_params
- COOKIE_INJECTION none
- CORS_MISCONFIGURATION cors_configured_globally
- CORS_MISCONFIGURATION cors_origin_string
- CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
- CORS_MISCONFIGURATION_AUDIT cors_expose_sensitive_header
- CORS_MISCONFIGURATION_AUDIT cors_origin_string
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
- CSS_INJECTION none
- DNS_PREFETCHING helmet_dns_prefetching
- DOM_XSS none
- EXPRESS_WINSTON_SENSITIVE_LOGGING error_logger
- EXPRESS_WINSTON_SENSITIVE_LOGGING meta_data
- EXPRESS_WINSTON_SENSITIVE_LOGGING request_logger
- EXPRESS_X_POWERED_BY_ENABLED x_powered_by_http_header
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
- HEADER_INJECTION none
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_report_uri
- INSECURE_ACL insecure_acl
- INSECURE_COMMUNICATION insecure_connection
- INSECURE_COOKIE client_sessions_express_session
- INSECURE_COOKIE hapi_server_session
- INSECURE_REFERRER_POLICY insecure_referrer_policy
- INSUFFICIENT_LOGGING logging_obligation
- LOCALSTORAGE_MANIPULATION none
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
- NOSQL_QUERY_INJECTION none
- OPEN_REDIRECT none
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- REACT_DANGEROUS_INNERHTML react_set_unsafe_html
- REGEX_INJECTION none
- REVERSE_TABNABBING react_target_blank
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SESSIONSTORAGE_MANIPULATION none
- SQLI none
- SQLI nosink
- SQLI sink
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
- TEMPLATE_INJECTION none
- UNSAFE_BUFFER_METHOD unsafe_buffer_method
- URL_MANIPULATION none
- VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
- WEAK_URL_SANITIZATION hostname_regular_expression
- WEAK_URL_SANITIZATION regular_expression_anchor
- WEAK_URL_SANITIZATION url_substring
- XML_EXTERNAL_ENTITY entity_expansion
- XML_EXTERNAL_ENTITY external_entities
- XSS none
|
- ASPNET_MVC_VERSION_HEADER none
- CONFIG.DYNAMIC_DATA_HTML_COMMENT none
- DIVIDE_BY_ZERO float_divisor
- DIVIDE_BY_ZERO none
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HEADER_INJECTION none
- LDAP_INJECTION none
- LDAP_NOT_CONSTANT none
- LOG_INJECTION none
- OPEN_REDIRECT none
- OS_CMD_INJECTION command_argument
- OS_CMD_INJECTION executable_file
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- REGEX_INJECTION none
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
- UNLOGGED_SECURITY_EXCEPTION unlogged_security_exception
- UNRESTRICTED_DISPATCH none
- UNSAFE_NAMED_QUERY none
- XML_EXTERNAL_ENTITY entity_expansion
- XML_EXTERNAL_ENTITY external_entities
- XML_EXTERNAL_ENTITY unrestricted_dtds
- XML_INJECTION none
- XPATH_INJECTION none
- XSS none
- XSS stored_xss
|
| 20 Improper Input Validation |
- HEADER_INJECTION none
- LDAP_INJECTION none
- LDAP_NOT_CONSTANT none
- LOG_INJECTION none
- NOSQL_QUERY_INJECTION none
- OPEN_REDIRECT none
- OS_CMD_INJECTION command_argument
- OS_CMD_INJECTION executable_file
- OS_CMD_INJECTION none
- OVERFLOW_BEFORE_WIDEN none
- PATH_MANIPULATION none
- REGEX_INJECTION none
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
- UNKNOWN_LANGUAGE_INJECTION none
- UNRESTRICTED_DISPATCH none
- UNSAFE_NAMED_QUERY none
- XML_INJECTION none
- XPATH_INJECTION none
- XSS none
- XSS stored_xss
|
- ARRAY_VS_SINGLETON none
- BAD_ALLOC_ARITHMETIC none
- BUFFER_SIZE fixed_size_dest
- BUFFER_SIZE likely_overflow
- BUFFER_SIZE no_null_terminator
- BUFFER_SIZE no_null_terminator_warn
- BUFFER_SIZE none
- BUFFER_SIZE overflow
- BUFFER_SIZE overlapping_buffer
- COM.BAD_FREE none
- COM.BSTR.ALLOC double_free
- COM.BSTR.ALLOC free_uninit
- COM.BSTR.ALLOC none
- COM.BSTR.ALLOC use_after_free
- COM.BSTR.ALLOC use_uninit
- COM.BSTR.CONV none
- FORMAT_STRING_INJECTION none
- FORMAT_STRING_INJECTION paranoid
- HEADER_INJECTION none
- INCOMPATIBLE_CAST overrun
- INTEGER_OVERFLOW array_index_read
- INTEGER_OVERFLOW array_index_write
- INTEGER_OVERFLOW const_overflow
- INTEGER_OVERFLOW critical_argument
- INTEGER_OVERFLOW none
- INTEGER_OVERFLOW pointer_deref_read
- INTEGER_OVERFLOW pointer_deref_write
- INTEGER_OVERFLOW return_value_error
- INVALIDATE_ITERATOR none
- MISMATCHED_ITERATOR none
- MISMATCHED_ITERATOR splice_iterator_mismatch
- MISSING_ASSIGN none
- MISSING_ASSIGN uncalled
- MISSING_COPY none
- MISSING_COPY uncalled
- NEGATIVE_RETURNS array_index_read
- NEGATIVE_RETURNS array_index_write
- NEGATIVE_RETURNS loop_bound
- OS_CMD_INJECTION none
- OVERFLOW_BEFORE_WIDEN none
- OVERRUN illegal_address
- OVERRUN none
- OVERRUN read
- OVERRUN strlen
- OVERRUN write
- PATH_MANIPULATION none
- PW.INTEGER_OVERFLOW none
- PW.INTEGER_TOO_LARGE none
- PW.NON_CONST_PRINTF_FORMAT_STRING none
- PW.SHIFT_COUNT_TOO_LARGE none
- READLINK none
- REVERSE_NEGATIVE array_index_read
- REVERSE_NEGATIVE array_index_write
- REVERSE_NEGATIVE critical_argument
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SIZECHECK likely_overflow
- SIZECHECK no_null_terminator
- SQLI none
- STRING_NULL none
- STRING_OVERFLOW fixed_size_dest
- STRING_OVERFLOW likely_overflow
- STRING_OVERFLOW none
- STRING_SIZE none
- TAINTED_SCALAR allocation
- TAINTED_SCALAR array_index_read
- TAINTED_SCALAR array_index_write
- TAINTED_SCALAR critical_argument
- TAINTED_SCALAR divisor
- TAINTED_SCALAR loop_bound
- TAINTED_SCALAR none
- TAINTED_SCALAR pointer_deref_read
- TAINTED_SCALAR pointer_deref_write
- TAINTED_STRING none
- URL_MANIPULATION none
- USER_POINTER none
- USE_AFTER_FREE deref_read_after_free
- USE_AFTER_FREE deref_write_after_free
- USE_AFTER_FREE double_free
- USE_AFTER_FREE none
- WRAPPER_ESCAPE COM_deref_read_after_free
- WRAPPER_ESCAPE COM_deref_write_after_free
- WRAPPER_ESCAPE COM_use_after_free
- WRAPPER_ESCAPE deref_read_after_free
- WRAPPER_ESCAPE deref_write_after_free
- WRAPPER_ESCAPE none
- XPATH_INJECTION none
|
- ARRAY_VS_SINGLETON none
- BAD_ALLOC_ARITHMETIC none
- BUFFER_SIZE fixed_size_dest
- BUFFER_SIZE likely_overflow
- BUFFER_SIZE no_null_terminator
- BUFFER_SIZE no_null_terminator_warn
- BUFFER_SIZE none
- BUFFER_SIZE overflow
- BUFFER_SIZE overlapping_buffer
- FORMAT_STRING_INJECTION none
- FORMAT_STRING_INJECTION paranoid
- HEADER_INJECTION none
- INCOMPATIBLE_CAST overrun
- INTEGER_OVERFLOW array_index_read
- INTEGER_OVERFLOW array_index_write
- INTEGER_OVERFLOW const_overflow
- INTEGER_OVERFLOW critical_argument
- INTEGER_OVERFLOW none
- INTEGER_OVERFLOW pointer_deref_read
- INTEGER_OVERFLOW pointer_deref_write
- INTEGER_OVERFLOW return_value_error
- INVALIDATE_ITERATOR none
- MISMATCHED_ITERATOR none
- MISMATCHED_ITERATOR splice_iterator_mismatch
- MISSING_ASSIGN none
- MISSING_ASSIGN uncalled
- MISSING_COPY none
- MISSING_COPY uncalled
- NEGATIVE_RETURNS array_index_read
- NEGATIVE_RETURNS array_index_write
- NEGATIVE_RETURNS loop_bound
- OS_CMD_INJECTION none
- OVERFLOW_BEFORE_WIDEN none
- OVERRUN illegal_address
- OVERRUN none
- OVERRUN read
- OVERRUN strlen
- OVERRUN write
- PATH_MANIPULATION none
- PW.INTEGER_OVERFLOW none
- PW.INTEGER_TOO_LARGE none
- PW.NON_CONST_PRINTF_FORMAT_STRING none
- PW.SHIFT_COUNT_TOO_LARGE none
- READLINK none
- REVERSE_NEGATIVE array_index_read
- REVERSE_NEGATIVE array_index_write
- REVERSE_NEGATIVE critical_argument
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SIZECHECK likely_overflow
- SIZECHECK no_null_terminator
- SQLI none
- STRING_NULL none
- STRING_OVERFLOW fixed_size_dest
- STRING_OVERFLOW likely_overflow
- STRING_OVERFLOW none
- STRING_SIZE none
- TAINTED_SCALAR allocation
- TAINTED_SCALAR array_index_read
- TAINTED_SCALAR array_index_write
- TAINTED_SCALAR critical_argument
- TAINTED_SCALAR divisor
- TAINTED_SCALAR loop_bound
- TAINTED_SCALAR none
- TAINTED_SCALAR pointer_deref_read
- TAINTED_SCALAR pointer_deref_write
- TAINTED_STRING none
- URL_MANIPULATION none
- USER_POINTER none
- USE_AFTER_FREE deref_read_after_free
- USE_AFTER_FREE deref_write_after_free
- USE_AFTER_FREE double_free
- USE_AFTER_FREE none
- WRAPPER_ESCAPE COM_deref_read_after_free
- WRAPPER_ESCAPE COM_deref_write_after_free
- WRAPPER_ESCAPE COM_use_after_free
- WRAPPER_ESCAPE deref_read_after_free
- WRAPPER_ESCAPE deref_write_after_free
- WRAPPER_ESCAPE none
- XPATH_INJECTION none
|
- HEADER_INJECTION none
- NOSQL_QUERY_INJECTION none
- OPEN_REDIRECT none
- OS_CMD_INJECTION command_as_one_string
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SQLI none
- SQLI nosink
- SQLI sink
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
- TEMPLATE_INJECTION none
- URL_MANIPULATION none
- XSS none
|
- CONFIG.MYBATIS_MAPPER_SQLI none
- CONFIG.SPRING_SECURITY_DEPRECATED_XSS_HEADER deprecated_xss_header
- CONFIG.STRUTS2_CONFIG_BROWSER_PLUGIN none
- CONFIG.STRUTS2_DYNAMIC_METHOD_INVOCATION none
- CONFIG.STRUTS2_ENABLED_DEV_MODE none
- EL_INJECTION none
- FB.HRS_REQUEST_PARAMETER_TO_COOKIE none
- FB.HRS_REQUEST_PARAMETER_TO_HTTP_HEADER none
- FB.PT_ABSOLUTE_PATH_TRAVERSAL none
- FB.PT_RELATIVE_PATH_TRAVERSAL none
- FB.SQL_NONCONSTANT_STRING_PASSED_TO_EXECUTE none
- FB.SQL_PREPARED_STATEMENT_GENERATED_FROM_NONCONSTANT_STRING none
- FB.XSS_REQUEST_PARAMETER_TO_JSP_WRITER none
- FB.XSS_REQUEST_PARAMETER_TO_SEND_ERROR none
- FB.XSS_REQUEST_PARAMETER_TO_SERVLET_WRITER none
- HEADER_INJECTION none
- INVALIDATE_ITERATOR map_put
- INVALIDATE_ITERATOR none
- JAVA_CODE_INJECTION none
- JCR_INJECTION none
- JSP_DYNAMIC_INCLUDE none
- JSP_SQL_INJECTION none
- LDAP_INJECTION none
- LDAP_NOT_CONSTANT none
- LOG_INJECTION none
- MISSING_HEADER_VALIDATION missing_header_validation
- NOSQL_QUERY_INJECTION none
- OGNL_INJECTION none
- OPEN_REDIRECT none
- OS_CMD_INJECTION command_as_array_of_args
- OS_CMD_INJECTION command_as_one_string
- OS_CMD_INJECTION none
- OVERFLOW_BEFORE_WIDEN none
- PATH_MANIPULATION none
- REGEX_INJECTION none
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
- UNKNOWN_LANGUAGE_INJECTION none
- UNRESTRICTED_DISPATCH none
- UNSAFE_JNI none
- UNSAFE_NAMED_QUERY none
- UNSAFE_REFLECTION none
- URL_MANIPULATION bad_content_uri
- URL_MANIPULATION bad_intent_uri
- URL_MANIPULATION bad_web_uri
- XML_INJECTION none
- XPATH_INJECTION none
- XSS none
- XSS stored_xss
|
- ANGULAR_BYPASS_SECURITY none
- ANGULAR_ELEMENT_REFERENCE none
- ANGULAR_EXPRESSION_INJECTION none
- ANGULAR_SCE_DISABLED angular_sce_disabled
- AWS_VALIDATION_DISABLED aws_parameters_validation
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
- COOKIE_INJECTION none
- CSS_INJECTION none
- DOM_XSS none
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
- HEADER_INJECTION none
- LOCALSTORAGE_MANIPULATION none
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
- NOSQL_QUERY_INJECTION none
- OPEN_REDIRECT none
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- REACT_DANGEROUS_INNERHTML react_set_unsafe_html
- REGEX_INJECTION none
- REVERSE_TABNABBING react_target_blank
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SESSIONSTORAGE_MANIPULATION none
- SQLI none
- SQLI nosink
- SQLI sink
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
- TEMPLATE_INJECTION none
- URL_MANIPULATION none
- VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
- WEAK_URL_SANITIZATION url_substring
- XSS none
|
- HEADER_INJECTION none
- OS_CMD_INJECTION command_as_array_of_args
- OS_CMD_INJECTION command_as_one_string
- PATH_MANIPULATION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SQLI none
- SQLI nosink
- SQLI sink
- URL_MANIPULATION bad_content_uri
- URL_MANIPULATION bad_intent_uri
- URL_MANIPULATION bad_web_uri
|
- ARRAY_VS_SINGLETON none
- BAD_ALLOC_ARITHMETIC none
- BUFFER_SIZE fixed_size_dest
- BUFFER_SIZE likely_overflow
- BUFFER_SIZE no_null_terminator
- BUFFER_SIZE no_null_terminator_warn
- BUFFER_SIZE none
- BUFFER_SIZE overflow
- BUFFER_SIZE overlapping_buffer
- FORMAT_STRING_INJECTION none
- FORMAT_STRING_INJECTION paranoid
- HEADER_INJECTION none
- INCOMPATIBLE_CAST overrun
- INTEGER_OVERFLOW array_index_read
- INTEGER_OVERFLOW array_index_write
- INTEGER_OVERFLOW const_overflow
- INTEGER_OVERFLOW critical_argument
- INTEGER_OVERFLOW none
- INTEGER_OVERFLOW pointer_deref_read
- INTEGER_OVERFLOW pointer_deref_write
- INTEGER_OVERFLOW return_value_error
- INVALIDATE_ITERATOR none
- MISMATCHED_ITERATOR none
- MISMATCHED_ITERATOR splice_iterator_mismatch
- MISSING_ASSIGN none
- MISSING_ASSIGN uncalled
- MISSING_COPY none
- MISSING_COPY uncalled
- NEGATIVE_RETURNS array_index_read
- NEGATIVE_RETURNS array_index_write
- NEGATIVE_RETURNS loop_bound
- OS_CMD_INJECTION none
- OVERFLOW_BEFORE_WIDEN none
- OVERRUN illegal_address
- OVERRUN none
- OVERRUN read
- OVERRUN strlen
- OVERRUN write
- PATH_MANIPULATION none
- READLINK none
- REVERSE_NEGATIVE array_index_read
- REVERSE_NEGATIVE array_index_write
- REVERSE_NEGATIVE critical_argument
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SIZECHECK likely_overflow
- SIZECHECK no_null_terminator
- SQLI none
- STRING_NULL none
- STRING_OVERFLOW fixed_size_dest
- STRING_OVERFLOW likely_overflow
- STRING_OVERFLOW none
- STRING_SIZE none
- TAINTED_SCALAR allocation
- TAINTED_SCALAR array_index_read
- TAINTED_SCALAR array_index_write
- TAINTED_SCALAR critical_argument
- TAINTED_SCALAR divisor
- TAINTED_SCALAR loop_bound
- TAINTED_SCALAR none
- TAINTED_SCALAR pointer_deref_read
- TAINTED_SCALAR pointer_deref_write
- TAINTED_STRING none
- URL_MANIPULATION none
- USER_POINTER none
- USE_AFTER_FREE deref_read_after_free
- USE_AFTER_FREE deref_write_after_free
- USE_AFTER_FREE double_free
- USE_AFTER_FREE none
- WRAPPER_ESCAPE COM_deref_read_after_free
- WRAPPER_ESCAPE COM_deref_write_after_free
- WRAPPER_ESCAPE COM_use_after_free
- WRAPPER_ESCAPE deref_read_after_free
- WRAPPER_ESCAPE deref_write_after_free
- WRAPPER_ESCAPE none
- XPATH_INJECTION none
|
- HEADER_INJECTION none
- NOSQL_QUERY_INJECTION none
- OPEN_REDIRECT none
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SQLI none
- SQLI nosink
- SQLI sink
- SYMFONY_EL_INJECTION none
- UNSAFE_REFLECTION none
- XSS none
|
- NOSQL_QUERY_INJECTION none
- OPEN_REDIRECT none
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SQLI none
- SQLI nosink
- SQLI sink
- XSS none
|
- DYNAMIC_OBJECT_ATTRIBUTES cve_2013_0276_hi
- OPEN_REDIRECT open_redirect_hi
- OPEN_REDIRECT open_redirect_low
- OS_CMD_INJECTION command_injection_hi
- OS_CMD_INJECTION command_injection_med
- PATH_MANIPULATION dynamic_render_path_hi
- PATH_MANIPULATION dynamic_render_path_low
- PATH_MANIPULATION dynamic_render_path_med
- PATH_MANIPULATION dynamic_render_path_rce_hi
- PATH_MANIPULATION file_access_hi
- PATH_MANIPULATION file_access_low
- PATH_MANIPULATION file_access_med
- REGEX_INJECTION regex_dos_hi
- REGEX_INJECTION regex_dos_low
- REGEX_INJECTION regex_dos_med
- REVERSE_TABNABBING reverse_tabnabbing_low
- RUBY_VULNERABLE_LIBRARY cve_2010_3933_hi
- RUBY_VULNERABLE_LIBRARY cve_2011_2929_hi
- RUBY_VULNERABLE_LIBRARY cve_2011_2930_med
- RUBY_VULNERABLE_LIBRARY cve_2011_2931_hi
- RUBY_VULNERABLE_LIBRARY cve_2011_2932_hi
- RUBY_VULNERABLE_LIBRARY cve_2011_3186_med
- RUBY_VULNERABLE_LIBRARY cve_2012_2660_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_2661_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_2695_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_3463_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_3465_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_5664_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_0155_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_1855_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_1857_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_4491_med
- RUBY_VULNERABLE_LIBRARY cve_2013_6416_call_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_6416_med
- RUBY_VULNERABLE_LIBRARY cve_2013_6417_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_0080_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_0081_call_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_0081_med
- RUBY_VULNERABLE_LIBRARY cve_2014_3482_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_3483_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_low
- RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_med
- RUBY_VULNERABLE_LIBRARY cve_2014_3514_med
- RUBY_VULNERABLE_LIBRARY cve_2014_7829_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_3226_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_3226_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7577_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7578_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_7578_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7579_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_7579_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7580_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_7580_med
- RUBY_VULNERABLE_LIBRARY cve_2016_6317_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_3741_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_3741_med
- RUBY_VULNERABLE_LIBRARY cve_2018_3760_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_3760_low
- RUBY_VULNERABLE_LIBRARY cve_2018_8048_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_8048_med
- RUBY_VULNERABLE_LIBRARY safe_buffer_vuln_med
- RUBY_VULNERABLE_LIBRARY select_options_vuln_low
- RUBY_VULNERABLE_LIBRARY select_options_vuln_med
- RUBY_VULNERABLE_LIBRARY translate_vuln_hi
- RUBY_VULNERABLE_LIBRARY translate_vuln_med
- SCRIPT_CODE_INJECTION code_eval_hi
- SCRIPT_CODE_INJECTION code_eval_low
- SQLI sql_injection_calculate_hi
- SQLI sql_injection_calculate_low
- SQLI sql_injection_calculate_med
- SQLI sql_injection_connection_hi
- SQLI sql_injection_connection_low
- SQLI sql_injection_connection_med
- SQLI sql_injection_delete_hi
- SQLI sql_injection_delete_low
- SQLI sql_injection_delete_med
- SQLI sql_injection_dynamic_finder_med
- SQLI sql_injection_exists_hi
- SQLI sql_injection_find_by_hi
- SQLI sql_injection_find_hi
- SQLI sql_injection_find_low
- SQLI sql_injection_find_med
- SQLI sql_injection_from_hi
- SQLI sql_injection_from_low
- SQLI sql_injection_from_med
- SQLI sql_injection_group_low
- SQLI sql_injection_group_med
- SQLI sql_injection_having_low
- SQLI sql_injection_having_med
- SQLI sql_injection_hi
- SQLI sql_injection_interp_hi
- SQLI sql_injection_interp_low
- SQLI sql_injection_interp_med
- SQLI sql_injection_joins_hi
- SQLI sql_injection_joins_low
- SQLI sql_injection_joins_med
- SQLI sql_injection_limit_offset_hi
- SQLI sql_injection_limit_offset_low
- SQLI sql_injection_low
- SQLI sql_injection_med
- SQLI sql_injection_not_low
- SQLI sql_injection_order_hi
- SQLI sql_injection_order_low
- SQLI sql_injection_order_med
- SQLI sql_injection_pluck_hi
- SQLI sql_injection_pluck_low
- SQLI sql_injection_pluck_med
- SQLI sql_injection_reorder_hi
- SQLI sql_injection_reorder_low
- SQLI sql_injection_reorder_med
- SQLI sql_injection_select_hi
- SQLI sql_injection_select_med
- SQLI sql_injection_where_hi
- SQLI sql_injection_where_low
- SQLI sql_injection_where_med
- UNESCAPED_HTML unescaped_output_low
- UNSAFE_REFLECTION dangerous_send_hi
- UNSAFE_REFLECTION unsafe_constantize_hi
- UNSAFE_REFLECTION unsafe_constantize_med
- XSS cross_site_scripting_hi
- XSS cross_site_scripting_inline_hi
- XSS cross_site_scripting_inline_med
- XSS cross_site_scripting_low
- XSS cross_site_scripting_med
- XSS cve_2011_0446_hi
- XSS cve_2012_3464_med
- XSS cve_2016_6316_hi
- XSS cve_2016_6316_med
- XSS unquoted_attribute_hi
- XSS unquoted_attribute_low
- XSS unquoted_attribute_med
- XSS xss_content_tag_hi
- XSS xss_content_tag_med
- XSS xss_link_to_hi
- XSS xss_link_to_href_hi
- XSS xss_link_to_href_low
- XSS xss_link_to_med
- XSS xss_to_json_hi
- XSS xss_to_json_med
|
- OVERFLOW_BEFORE_WIDEN none
|
- PATH_MANIPULATION none
- REGEX_INJECTION none
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SQLI none
- SQLI nosink
- SQLI sink
- XPATH_INJECTION none
|
- ANGULAR_BYPASS_SECURITY none
- ANGULAR_ELEMENT_REFERENCE none
- ANGULAR_EXPRESSION_INJECTION none
- ANGULAR_SCE_DISABLED angular_sce_disabled
- AWS_VALIDATION_DISABLED aws_parameters_validation
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
- COOKIE_INJECTION none
- CSS_INJECTION none
- DOM_XSS none
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
- HEADER_INJECTION none
- LOCALSTORAGE_MANIPULATION none
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
- NOSQL_QUERY_INJECTION none
- OPEN_REDIRECT none
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- REACT_DANGEROUS_INNERHTML react_set_unsafe_html
- REGEX_INJECTION none
- REVERSE_TABNABBING react_target_blank
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SESSIONSTORAGE_MANIPULATION none
- SQLI none
- SQLI nosink
- SQLI sink
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
- TEMPLATE_INJECTION none
- URL_MANIPULATION none
- VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
- WEAK_URL_SANITIZATION url_substring
- XSS none
|
- HEADER_INJECTION none
- LDAP_INJECTION none
- LDAP_NOT_CONSTANT none
- LOG_INJECTION none
- OPEN_REDIRECT none
- OS_CMD_INJECTION command_argument
- OS_CMD_INJECTION executable_file
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- REGEX_INJECTION none
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
- UNRESTRICTED_DISPATCH none
- UNSAFE_NAMED_QUERY none
- XML_INJECTION none
- XPATH_INJECTION none
- XSS none
- XSS stored_xss
|
| 21 DEPRECATED: Pathname Traversal and Equivalence Errors |
|
|
|
|
- FB.PT_ABSOLUTE_PATH_TRAVERSAL none
- FB.PT_RELATIVE_PATH_TRAVERSAL none
- JSP_DYNAMIC_INCLUDE none
- PATH_MANIPULATION none
|
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
- PATH_MANIPULATION none
|
|
|
|
|
- PATH_MANIPULATION dynamic_render_path_hi
- PATH_MANIPULATION dynamic_render_path_low
- PATH_MANIPULATION dynamic_render_path_med
- PATH_MANIPULATION dynamic_render_path_rce_hi
- PATH_MANIPULATION file_access_hi
- PATH_MANIPULATION file_access_low
- PATH_MANIPULATION file_access_med
- RUBY_VULNERABLE_LIBRARY cve_2011_2929_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_3760_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_3760_low
|
|
|
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
- PATH_MANIPULATION none
|
|
| 22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') |
|
|
|
|
- FB.PT_ABSOLUTE_PATH_TRAVERSAL none
- FB.PT_RELATIVE_PATH_TRAVERSAL none
- JSP_DYNAMIC_INCLUDE none
- PATH_MANIPULATION none
|
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
- PATH_MANIPULATION none
|
|
|
|
|
- PATH_MANIPULATION dynamic_render_path_hi
- PATH_MANIPULATION dynamic_render_path_low
- PATH_MANIPULATION dynamic_render_path_med
- PATH_MANIPULATION dynamic_render_path_rce_hi
- PATH_MANIPULATION file_access_hi
- PATH_MANIPULATION file_access_low
- PATH_MANIPULATION file_access_med
- RUBY_VULNERABLE_LIBRARY cve_2011_2929_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_3760_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_3760_low
|
|
|
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
- PATH_MANIPULATION none
|
|
| 23 Relative Path Traversal |
|
|
|
|
- FB.PT_RELATIVE_PATH_TRAVERSAL none
- PATH_MANIPULATION none
|
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
- PATH_MANIPULATION none
|
|
|
|
|
- PATH_MANIPULATION dynamic_render_path_hi
- PATH_MANIPULATION dynamic_render_path_low
- PATH_MANIPULATION dynamic_render_path_med
- PATH_MANIPULATION dynamic_render_path_rce_hi
- PATH_MANIPULATION file_access_hi
- PATH_MANIPULATION file_access_low
- PATH_MANIPULATION file_access_med
|
|
|
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
- PATH_MANIPULATION none
|
|
| 24 Path Traversal: '../filedir' |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 25 Path Traversal: '/../filedir' |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 26 Path Traversal: '/dir/../filename' |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 27 Path Traversal: 'dir/../../filename' |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 28 Path Traversal: '..\filedir' |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 29 Path Traversal: '\..\filename' |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 30 Path Traversal: '\dir\..\filename' |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 31 Path Traversal: 'dir\..\..\filename' |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 32 Path Traversal: '...' (Triple Dot) |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 33 Path Traversal: '....' (Multiple Dot) |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 34 Path Traversal: '....//' |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 35 Path Traversal: '.../...//' |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 36 Absolute Path Traversal |
|
|
|
|
- FB.PT_ABSOLUTE_PATH_TRAVERSAL none
- PATH_MANIPULATION none
|
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
- PATH_MANIPULATION none
|
|
|
|
|
- PATH_MANIPULATION dynamic_render_path_hi
- PATH_MANIPULATION dynamic_render_path_low
- PATH_MANIPULATION dynamic_render_path_med
- PATH_MANIPULATION dynamic_render_path_rce_hi
- PATH_MANIPULATION file_access_hi
- PATH_MANIPULATION file_access_low
- PATH_MANIPULATION file_access_med
|
|
|
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
- PATH_MANIPULATION none
|
|
| 37 Path Traversal: '/absolute/pathname/here' |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 38 Path Traversal: '\absolute\pathname\here' |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 39 Path Traversal: 'C:dirname' |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 40 Path Traversal: '\\UNC\share\name\' (Windows UNC Share) |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 41 Improper Resolution of Path Equivalence |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 42 Path Equivalence: 'filename.' (Trailing Dot) |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 43 Path Equivalence: 'filename....' (Multiple Trailing Dot) |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 44 Path Equivalence: 'file.name' (Internal Dot) |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 45 Path Equivalence: 'file...name' (Multiple Internal Dot) |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 46 Path Equivalence: 'filename ' (Trailing Space) |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 47 Path Equivalence: ' filename' (Leading Space) |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 48 Path Equivalence: 'file name' (Internal Whitespace) |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 49 Path Equivalence: 'filename/' (Trailing Slash) |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 50 Path Equivalence: '//multiple/leading/slash' |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 51 Path Equivalence: '/multiple//internal/slash' |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 52 Path Equivalence: '/multiple/trailing/slash//' |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 53 Path Equivalence: '\multiple\\internal\backslash' |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 54 Path Equivalence: 'filedir\' (Trailing Backslash) |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 55 Path Equivalence: '/./' (Single Dot Directory) |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 56 Path Equivalence: 'filedir*' (Wildcard) |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 57 Path Equivalence: 'fakedir/../realdir/filename' |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 58 Path Equivalence: Windows 8.3 Filename |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 59 Improper Link Resolution Before File Access ('Link Following') |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 60 DEPRECATED: UNIX Path Link Problems |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 61 UNIX Symbolic Link (Symlink) Following |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 62 UNIX Hard Link |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 63 DEPRECATED: Windows Path Link Problems |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 64 Windows Shortcut Following (.LNK) |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 65 Windows Hard Link |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 66 Improper Handling of File Names that Identify Virtual Resources |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 67 Improper Handling of Windows Device Names |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 68 DEPRECATED: Windows Virtual File Problems |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 69 Improper Handling of Windows ::DATA Alternate Data Stream |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 70 DEPRECATED: Mac Virtual File Problems |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 71 DEPRECATED: Apple '.DS_Store' |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 72 Improper Handling of Apple HFS+ Alternate Data Stream Path |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 73 External Control of File Name or Path |
- UNRESTRICTED_DISPATCH none
|
|
|
|
- UNRESTRICTED_DISPATCH none
|
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
|
|
|
|
|
- RUBY_VULNERABLE_LIBRARY cve_2014_7829_hi
|
|
|
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
|
- UNRESTRICTED_DISPATCH none
|
| 74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') |
- HEADER_INJECTION none
- LDAP_INJECTION none
- LDAP_NOT_CONSTANT none
- NOSQL_QUERY_INJECTION none
- OS_CMD_INJECTION command_argument
- OS_CMD_INJECTION executable_file
- OS_CMD_INJECTION none
- REGEX_INJECTION none
- SCRIPT_CODE_INJECTION none
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
- UNKNOWN_LANGUAGE_INJECTION none
- XML_INJECTION none
- XPATH_INJECTION none
- XSS none
- XSS stored_xss
|
- BUFFER_SIZE no_null_terminator
- BUFFER_SIZE no_null_terminator_warn
- FORMAT_STRING_INJECTION none
- FORMAT_STRING_INJECTION paranoid
- HEADER_INJECTION none
- OS_CMD_INJECTION none
- PW.NON_CONST_PRINTF_FORMAT_STRING none
- READLINK none
- SIZECHECK no_null_terminator
- SQLI none
- STRING_NULL none
- URL_MANIPULATION none
- XPATH_INJECTION none
|
- BUFFER_SIZE no_null_terminator
- BUFFER_SIZE no_null_terminator_warn
- FORMAT_STRING_INJECTION none
- FORMAT_STRING_INJECTION paranoid
- HEADER_INJECTION none
- OS_CMD_INJECTION none
- PW.NON_CONST_PRINTF_FORMAT_STRING none
- READLINK none
- SIZECHECK no_null_terminator
- SQLI none
- STRING_NULL none
- URL_MANIPULATION none
- XPATH_INJECTION none
|
- HEADER_INJECTION none
- NOSQL_QUERY_INJECTION none
- OS_CMD_INJECTION command_as_one_string
- OS_CMD_INJECTION none
- SQLI none
- SQLI nosink
- SQLI sink
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
- TEMPLATE_INJECTION none
- URL_MANIPULATION none
- XSS none
|
- CONFIG.MYBATIS_MAPPER_SQLI none
- CONFIG.SPRING_SECURITY_DEPRECATED_XSS_HEADER deprecated_xss_header
- EL_INJECTION none
- FB.HRS_REQUEST_PARAMETER_TO_COOKIE none
- FB.HRS_REQUEST_PARAMETER_TO_HTTP_HEADER none
- FB.SQL_NONCONSTANT_STRING_PASSED_TO_EXECUTE none
- FB.SQL_PREPARED_STATEMENT_GENERATED_FROM_NONCONSTANT_STRING none
- FB.XSS_REQUEST_PARAMETER_TO_JSP_WRITER none
- FB.XSS_REQUEST_PARAMETER_TO_SEND_ERROR none
- FB.XSS_REQUEST_PARAMETER_TO_SERVLET_WRITER none
- HEADER_INJECTION none
- JAVA_CODE_INJECTION none
- JCR_INJECTION none
- JSP_DYNAMIC_INCLUDE none
- JSP_SQL_INJECTION none
- LDAP_INJECTION none
- LDAP_NOT_CONSTANT none
- MISSING_HEADER_VALIDATION missing_header_validation
- NOSQL_QUERY_INJECTION none
- OGNL_INJECTION none
- OS_CMD_INJECTION command_as_array_of_args
- OS_CMD_INJECTION command_as_one_string
- OS_CMD_INJECTION none
- REGEX_INJECTION none
- SCRIPT_CODE_INJECTION none
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
- UNKNOWN_LANGUAGE_INJECTION none
- URL_MANIPULATION bad_content_uri
- URL_MANIPULATION bad_intent_uri
- URL_MANIPULATION bad_web_uri
- XML_INJECTION none
- XPATH_INJECTION none
- XSS none
- XSS stored_xss
|
- ANGULAR_BYPASS_SECURITY none
- ANGULAR_ELEMENT_REFERENCE none
- ANGULAR_EXPRESSION_INJECTION none
- ANGULAR_SCE_DISABLED angular_sce_disabled
- CSS_INJECTION none
- DOM_XSS none
- HEADER_INJECTION none
- LOCALSTORAGE_MANIPULATION none
- NOSQL_QUERY_INJECTION none
- OS_CMD_INJECTION none
- REACT_DANGEROUS_INNERHTML react_set_unsafe_html
- REGEX_INJECTION none
- SCRIPT_CODE_INJECTION none
- SESSIONSTORAGE_MANIPULATION none
- SQLI none
- SQLI nosink
- SQLI sink
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
- TEMPLATE_INJECTION none
- URL_MANIPULATION none
- VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
- XSS none
|
- HEADER_INJECTION none
- OS_CMD_INJECTION command_as_array_of_args
- OS_CMD_INJECTION command_as_one_string
- SQLI none
- SQLI nosink
- SQLI sink
- URL_MANIPULATION bad_content_uri
- URL_MANIPULATION bad_intent_uri
- URL_MANIPULATION bad_web_uri
|
- BUFFER_SIZE no_null_terminator
- BUFFER_SIZE no_null_terminator_warn
- FORMAT_STRING_INJECTION none
- FORMAT_STRING_INJECTION paranoid
- HEADER_INJECTION none
- OS_CMD_INJECTION none
- READLINK none
- SIZECHECK no_null_terminator
- SQLI none
- STRING_NULL none
- URL_MANIPULATION none
- XPATH_INJECTION none
|
- HEADER_INJECTION none
- NOSQL_QUERY_INJECTION none
- OS_CMD_INJECTION none
- SCRIPT_CODE_INJECTION none
- SQLI none
- SQLI nosink
- SQLI sink
- SYMFONY_EL_INJECTION none
- XSS none
|
- NOSQL_QUERY_INJECTION none
- OS_CMD_INJECTION none
- SCRIPT_CODE_INJECTION none
- SQLI none
- SQLI nosink
- SQLI sink
- XSS none
|
- DYNAMIC_OBJECT_ATTRIBUTES cve_2013_0276_hi
- OS_CMD_INJECTION command_injection_hi
- OS_CMD_INJECTION command_injection_med
- PATH_MANIPULATION dynamic_render_path_rce_hi
- REGEX_INJECTION regex_dos_hi
- REGEX_INJECTION regex_dos_low
- REGEX_INJECTION regex_dos_med
- RUBY_VULNERABLE_LIBRARY cve_2010_3933_hi
- RUBY_VULNERABLE_LIBRARY cve_2011_2930_med
- RUBY_VULNERABLE_LIBRARY cve_2011_2931_hi
- RUBY_VULNERABLE_LIBRARY cve_2011_2932_hi
- RUBY_VULNERABLE_LIBRARY cve_2011_3186_med
- RUBY_VULNERABLE_LIBRARY cve_2012_2660_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_2661_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_2695_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_3463_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_3465_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_5664_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_0155_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_1855_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_1857_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_4491_med
- RUBY_VULNERABLE_LIBRARY cve_2013_6416_call_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_6416_med
- RUBY_VULNERABLE_LIBRARY cve_2013_6417_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_0080_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_0081_call_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_0081_med
- RUBY_VULNERABLE_LIBRARY cve_2014_3482_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_3483_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_low
- RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_med
- RUBY_VULNERABLE_LIBRARY cve_2014_3514_med
- RUBY_VULNERABLE_LIBRARY cve_2015_3226_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_3226_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7577_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7578_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_7578_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7579_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_7579_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7580_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_7580_med
- RUBY_VULNERABLE_LIBRARY cve_2016_6317_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_3741_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_3741_med
- RUBY_VULNERABLE_LIBRARY cve_2018_8048_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_8048_med
- RUBY_VULNERABLE_LIBRARY safe_buffer_vuln_med
- RUBY_VULNERABLE_LIBRARY select_options_vuln_low
- RUBY_VULNERABLE_LIBRARY select_options_vuln_med
- RUBY_VULNERABLE_LIBRARY translate_vuln_hi
- RUBY_VULNERABLE_LIBRARY translate_vuln_med
- SCRIPT_CODE_INJECTION code_eval_hi
- SCRIPT_CODE_INJECTION code_eval_low
- SQLI sql_injection_calculate_hi
- SQLI sql_injection_calculate_low
- SQLI sql_injection_calculate_med
- SQLI sql_injection_connection_hi
- SQLI sql_injection_connection_low
- SQLI sql_injection_connection_med
- SQLI sql_injection_delete_hi
- SQLI sql_injection_delete_low
- SQLI sql_injection_delete_med
- SQLI sql_injection_dynamic_finder_med
- SQLI sql_injection_exists_hi
- SQLI sql_injection_find_by_hi
- SQLI sql_injection_find_hi
- SQLI sql_injection_find_low
- SQLI sql_injection_find_med
- SQLI sql_injection_from_hi
- SQLI sql_injection_from_low
- SQLI sql_injection_from_med
- SQLI sql_injection_group_low
- SQLI sql_injection_group_med
- SQLI sql_injection_having_low
- SQLI sql_injection_having_med
- SQLI sql_injection_hi
- SQLI sql_injection_interp_hi
- SQLI sql_injection_interp_low
- SQLI sql_injection_interp_med
- SQLI sql_injection_joins_hi
- SQLI sql_injection_joins_low
- SQLI sql_injection_joins_med
- SQLI sql_injection_limit_offset_hi
- SQLI sql_injection_limit_offset_low
- SQLI sql_injection_low
- SQLI sql_injection_med
- SQLI sql_injection_not_low
- SQLI sql_injection_order_hi
- SQLI sql_injection_order_low
- SQLI sql_injection_order_med
- SQLI sql_injection_pluck_hi
- SQLI sql_injection_pluck_low
- SQLI sql_injection_pluck_med
- SQLI sql_injection_reorder_hi
- SQLI sql_injection_reorder_low
- SQLI sql_injection_reorder_med
- SQLI sql_injection_select_hi
- SQLI sql_injection_select_med
- SQLI sql_injection_where_hi
- SQLI sql_injection_where_low
- SQLI sql_injection_where_med
- UNESCAPED_HTML unescaped_output_low
- XSS cross_site_scripting_hi
- XSS cross_site_scripting_inline_hi
- XSS cross_site_scripting_inline_med
- XSS cross_site_scripting_low
- XSS cross_site_scripting_med
- XSS cve_2011_0446_hi
- XSS cve_2012_3464_med
- XSS cve_2016_6316_hi
- XSS cve_2016_6316_med
- XSS unquoted_attribute_hi
- XSS unquoted_attribute_low
- XSS unquoted_attribute_med
- XSS xss_content_tag_hi
- XSS xss_content_tag_med
- XSS xss_link_to_hi
- XSS xss_link_to_href_hi
- XSS xss_link_to_href_low
- XSS xss_link_to_med
- XSS xss_to_json_hi
- XSS xss_to_json_med
|
|
- REGEX_INJECTION none
- SCRIPT_CODE_INJECTION none
- SQLI none
- SQLI nosink
- SQLI sink
- XPATH_INJECTION none
|
- ANGULAR_BYPASS_SECURITY none
- ANGULAR_ELEMENT_REFERENCE none
- ANGULAR_EXPRESSION_INJECTION none
- ANGULAR_SCE_DISABLED angular_sce_disabled
- CSS_INJECTION none
- DOM_XSS none
- HEADER_INJECTION none
- LOCALSTORAGE_MANIPULATION none
- NOSQL_QUERY_INJECTION none
- OS_CMD_INJECTION none
- REACT_DANGEROUS_INNERHTML react_set_unsafe_html
- REGEX_INJECTION none
- SCRIPT_CODE_INJECTION none
- SESSIONSTORAGE_MANIPULATION none
- SQLI none
- SQLI nosink
- SQLI sink
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
- TEMPLATE_INJECTION none
- URL_MANIPULATION none
- VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
- XSS none
|
- HEADER_INJECTION none
- LDAP_INJECTION none
- LDAP_NOT_CONSTANT none
- OS_CMD_INJECTION command_argument
- OS_CMD_INJECTION executable_file
- OS_CMD_INJECTION none
- REGEX_INJECTION none
- SCRIPT_CODE_INJECTION none
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
- XML_INJECTION none
- XPATH_INJECTION none
- XSS none
- XSS stored_xss
|
| 75 Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 76 Improper Neutralization of Equivalent Special Elements |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 77 Improper Neutralization of Special Elements used in a Command ('Command Injection') |
- HEADER_INJECTION none
- OS_CMD_INJECTION command_argument
- OS_CMD_INJECTION executable_file
- OS_CMD_INJECTION none
|
- HEADER_INJECTION none
- OS_CMD_INJECTION none
|
- HEADER_INJECTION none
- OS_CMD_INJECTION none
|
- HEADER_INJECTION none
- OS_CMD_INJECTION command_as_one_string
- OS_CMD_INJECTION none
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
|
- EL_INJECTION none
- HEADER_INJECTION none
- MISSING_HEADER_VALIDATION missing_header_validation
- OS_CMD_INJECTION command_as_array_of_args
- OS_CMD_INJECTION command_as_one_string
- OS_CMD_INJECTION none
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
|
- HEADER_INJECTION none
- OS_CMD_INJECTION none
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
|
- HEADER_INJECTION none
- OS_CMD_INJECTION command_as_array_of_args
- OS_CMD_INJECTION command_as_one_string
|
- HEADER_INJECTION none
- OS_CMD_INJECTION none
|
- HEADER_INJECTION none
- OS_CMD_INJECTION none
|
|
- OS_CMD_INJECTION command_injection_hi
- OS_CMD_INJECTION command_injection_med
|
|
|
- HEADER_INJECTION none
- OS_CMD_INJECTION none
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
|
- HEADER_INJECTION none
- OS_CMD_INJECTION command_argument
- OS_CMD_INJECTION executable_file
- OS_CMD_INJECTION none
|
| 78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') |
- OS_CMD_INJECTION command_argument
- OS_CMD_INJECTION executable_file
- OS_CMD_INJECTION none
|
|
|
- OS_CMD_INJECTION command_as_one_string
- OS_CMD_INJECTION none
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
|
- OS_CMD_INJECTION command_as_array_of_args
- OS_CMD_INJECTION command_as_one_string
- OS_CMD_INJECTION none
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
|
- OS_CMD_INJECTION none
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
|
- OS_CMD_INJECTION command_as_array_of_args
- OS_CMD_INJECTION command_as_one_string
|
|
|
|
- OS_CMD_INJECTION command_injection_hi
- OS_CMD_INJECTION command_injection_med
|
|
|
- OS_CMD_INJECTION none
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
|
- OS_CMD_INJECTION command_argument
- OS_CMD_INJECTION executable_file
- OS_CMD_INJECTION none
|
| 79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') |
|
|
|
|
- CONFIG.SPRING_SECURITY_DEPRECATED_XSS_HEADER deprecated_xss_header
- FB.XSS_REQUEST_PARAMETER_TO_JSP_WRITER none
- FB.XSS_REQUEST_PARAMETER_TO_SEND_ERROR none
- FB.XSS_REQUEST_PARAMETER_TO_SERVLET_WRITER none
- XSS none
- XSS stored_xss
|
- ANGULAR_BYPASS_SECURITY none
- ANGULAR_ELEMENT_REFERENCE none
- ANGULAR_SCE_DISABLED angular_sce_disabled
- DOM_XSS none
- REACT_DANGEROUS_INNERHTML react_set_unsafe_html
- VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
- XSS none
|
|
|
|
|
- RUBY_VULNERABLE_LIBRARY cve_2011_2931_hi
- RUBY_VULNERABLE_LIBRARY cve_2011_2932_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_3463_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_3465_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_1855_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_1857_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_4491_med
- RUBY_VULNERABLE_LIBRARY cve_2013_6416_call_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_6416_med
- RUBY_VULNERABLE_LIBRARY cve_2014_0081_call_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_0081_med
- RUBY_VULNERABLE_LIBRARY cve_2015_3226_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_3226_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7578_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_7578_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7579_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_7579_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7580_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_7580_med
- RUBY_VULNERABLE_LIBRARY cve_2018_3741_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_3741_med
- RUBY_VULNERABLE_LIBRARY cve_2018_8048_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_8048_med
- RUBY_VULNERABLE_LIBRARY safe_buffer_vuln_med
- RUBY_VULNERABLE_LIBRARY select_options_vuln_low
- RUBY_VULNERABLE_LIBRARY select_options_vuln_med
- RUBY_VULNERABLE_LIBRARY translate_vuln_hi
- RUBY_VULNERABLE_LIBRARY translate_vuln_med
- UNESCAPED_HTML unescaped_output_low
- XSS cross_site_scripting_hi
- XSS cross_site_scripting_inline_hi
- XSS cross_site_scripting_inline_med
- XSS cross_site_scripting_low
- XSS cross_site_scripting_med
- XSS cve_2011_0446_hi
- XSS cve_2012_3464_med
- XSS cve_2016_6316_hi
- XSS cve_2016_6316_med
- XSS unquoted_attribute_hi
- XSS unquoted_attribute_low
- XSS unquoted_attribute_med
- XSS xss_content_tag_hi
- XSS xss_content_tag_med
- XSS xss_link_to_hi
- XSS xss_link_to_href_hi
- XSS xss_link_to_href_low
- XSS xss_link_to_med
- XSS xss_to_json_hi
- XSS xss_to_json_med
|
|
|
- ANGULAR_BYPASS_SECURITY none
- ANGULAR_ELEMENT_REFERENCE none
- ANGULAR_SCE_DISABLED angular_sce_disabled
- DOM_XSS none
- REACT_DANGEROUS_INNERHTML react_set_unsafe_html
- VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
- XSS none
|
|
| 80 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) |
|
|
|
|
- CONFIG.SPRING_SECURITY_DEPRECATED_XSS_HEADER deprecated_xss_header
- XSS none
- XSS stored_xss
|
- ANGULAR_SCE_DISABLED angular_sce_disabled
- DOM_XSS none
- REACT_DANGEROUS_INNERHTML react_set_unsafe_html
- VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
- XSS none
|
|
|
|
|
- XSS cross_site_scripting_hi
- XSS cross_site_scripting_inline_hi
- XSS cross_site_scripting_inline_med
- XSS cross_site_scripting_low
- XSS cross_site_scripting_med
- XSS cve_2011_0446_hi
- XSS cve_2012_3464_med
- XSS cve_2016_6316_hi
- XSS cve_2016_6316_med
- XSS unquoted_attribute_hi
- XSS unquoted_attribute_low
- XSS unquoted_attribute_med
- XSS xss_content_tag_hi
- XSS xss_content_tag_med
- XSS xss_link_to_hi
- XSS xss_link_to_href_hi
- XSS xss_link_to_href_low
- XSS xss_link_to_med
- XSS xss_to_json_hi
- XSS xss_to_json_med
|
|
|
- ANGULAR_SCE_DISABLED angular_sce_disabled
- DOM_XSS none
- REACT_DANGEROUS_INNERHTML react_set_unsafe_html
- VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
- XSS none
|
|
| 81 Improper Neutralization of Script in an Error Message Web Page |
|
|
|
|
- FB.XSS_REQUEST_PARAMETER_TO_SEND_ERROR none
|
|
|
|
|
|
|
|
|
|
|
| 82 Improper Neutralization of Script in Attributes of IMG Tags in a Web Page |
|
|
|
|
- CONFIG.SPRING_SECURITY_DEPRECATED_XSS_HEADER deprecated_xss_header
- XSS none
- XSS stored_xss
|
- ANGULAR_SCE_DISABLED angular_sce_disabled
- DOM_XSS none
- REACT_DANGEROUS_INNERHTML react_set_unsafe_html
- VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
- XSS none
|
|
|
|
|
- XSS cross_site_scripting_hi
- XSS cross_site_scripting_inline_hi
- XSS cross_site_scripting_inline_med
- XSS cross_site_scripting_low
- XSS cross_site_scripting_med
- XSS cve_2011_0446_hi
- XSS cve_2012_3464_med
- XSS cve_2016_6316_hi
- XSS cve_2016_6316_med
- XSS unquoted_attribute_hi
- XSS unquoted_attribute_low
- XSS unquoted_attribute_med
- XSS xss_content_tag_hi
- XSS xss_content_tag_med
- XSS xss_link_to_hi
- XSS xss_link_to_href_hi
- XSS xss_link_to_href_low
- XSS xss_link_to_med
- XSS xss_to_json_hi
- XSS xss_to_json_med
|
|
|
- ANGULAR_SCE_DISABLED angular_sce_disabled
- DOM_XSS none
- REACT_DANGEROUS_INNERHTML react_set_unsafe_html
- VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
- XSS none
|
|
| 83 Improper Neutralization of Script in Attributes in a Web Page |
|
|
|
|
- CONFIG.SPRING_SECURITY_DEPRECATED_XSS_HEADER deprecated_xss_header
- XSS none
- XSS stored_xss
|
- ANGULAR_SCE_DISABLED angular_sce_disabled
- DOM_XSS none
- REACT_DANGEROUS_INNERHTML react_set_unsafe_html
- VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
- XSS none
|
|
|
|
|
- XSS cross_site_scripting_hi
- XSS cross_site_scripting_inline_hi
- XSS cross_site_scripting_inline_med
- XSS cross_site_scripting_low
- XSS cross_site_scripting_med
- XSS cve_2011_0446_hi
- XSS cve_2012_3464_med
- XSS cve_2016_6316_hi
- XSS cve_2016_6316_med
- XSS unquoted_attribute_hi
- XSS unquoted_attribute_low
- XSS unquoted_attribute_med
- XSS xss_content_tag_hi
- XSS xss_content_tag_med
- XSS xss_link_to_hi
- XSS xss_link_to_href_hi
- XSS xss_link_to_href_low
- XSS xss_link_to_med
- XSS xss_to_json_hi
- XSS xss_to_json_med
|
|
|
- ANGULAR_SCE_DISABLED angular_sce_disabled
- DOM_XSS none
- REACT_DANGEROUS_INNERHTML react_set_unsafe_html
- VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
- XSS none
|
|
| 84 Improper Neutralization of Encoded URI Schemes in a Web Page |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 85 Doubled Character XSS Manipulations |
|
|
|
|
- CONFIG.SPRING_SECURITY_DEPRECATED_XSS_HEADER deprecated_xss_header
- XSS none
- XSS stored_xss
|
- ANGULAR_SCE_DISABLED angular_sce_disabled
- DOM_XSS none
- REACT_DANGEROUS_INNERHTML react_set_unsafe_html
- VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
- XSS none
|
|
|
|
|
- XSS cross_site_scripting_hi
- XSS cross_site_scripting_inline_hi
- XSS cross_site_scripting_inline_med
- XSS cross_site_scripting_low
- XSS cross_site_scripting_med
- XSS cve_2011_0446_hi
- XSS cve_2012_3464_med
- XSS cve_2016_6316_hi
- XSS cve_2016_6316_med
- XSS unquoted_attribute_hi
- XSS unquoted_attribute_low
- XSS unquoted_attribute_med
- XSS xss_content_tag_hi
- XSS xss_content_tag_med
- XSS xss_link_to_hi
- XSS xss_link_to_href_hi
- XSS xss_link_to_href_low
- XSS xss_link_to_med
- XSS xss_to_json_hi
- XSS xss_to_json_med
|
|
|
- ANGULAR_SCE_DISABLED angular_sce_disabled
- DOM_XSS none
- REACT_DANGEROUS_INNERHTML react_set_unsafe_html
- VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
- XSS none
|
|
| 86 Improper Neutralization of Invalid Characters in Identifiers in Web Pages |
|
|
|
|
- CONFIG.SPRING_SECURITY_DEPRECATED_XSS_HEADER deprecated_xss_header
- XSS none
- XSS stored_xss
|
- ANGULAR_SCE_DISABLED angular_sce_disabled
- DOM_XSS none
- REACT_DANGEROUS_INNERHTML react_set_unsafe_html
- VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
- XSS none
|
|
|
|
|
- XSS cross_site_scripting_hi
- XSS cross_site_scripting_inline_hi
- XSS cross_site_scripting_inline_med
- XSS cross_site_scripting_low
- XSS cross_site_scripting_med
- XSS cve_2011_0446_hi
- XSS cve_2012_3464_med
- XSS cve_2016_6316_hi
- XSS cve_2016_6316_med
- XSS unquoted_attribute_hi
- XSS unquoted_attribute_low
- XSS unquoted_attribute_med
- XSS xss_content_tag_hi
- XSS xss_content_tag_med
- XSS xss_link_to_hi
- XSS xss_link_to_href_hi
- XSS xss_link_to_href_low
- XSS xss_link_to_med
- XSS xss_to_json_hi
- XSS xss_to_json_med
|
|
|
- ANGULAR_SCE_DISABLED angular_sce_disabled
- DOM_XSS none
- REACT_DANGEROUS_INNERHTML react_set_unsafe_html
- VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
- XSS none
|
|
| 87 Improper Neutralization of Alternate XSS Syntax |
|
|
|
|
- CONFIG.SPRING_SECURITY_DEPRECATED_XSS_HEADER deprecated_xss_header
- XSS none
- XSS stored_xss
|
- ANGULAR_SCE_DISABLED angular_sce_disabled
- DOM_XSS none
- REACT_DANGEROUS_INNERHTML react_set_unsafe_html
- VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
- XSS none
|
|
|
|
|
- XSS cross_site_scripting_hi
- XSS cross_site_scripting_inline_hi
- XSS cross_site_scripting_inline_med
- XSS cross_site_scripting_low
- XSS cross_site_scripting_med
- XSS cve_2011_0446_hi
- XSS cve_2012_3464_med
- XSS cve_2016_6316_hi
- XSS cve_2016_6316_med
- XSS unquoted_attribute_hi
- XSS unquoted_attribute_low
- XSS unquoted_attribute_med
- XSS xss_content_tag_hi
- XSS xss_content_tag_med
- XSS xss_link_to_hi
- XSS xss_link_to_href_hi
- XSS xss_link_to_href_low
- XSS xss_link_to_med
- XSS xss_to_json_hi
- XSS xss_to_json_med
|
|
|
- ANGULAR_SCE_DISABLED angular_sce_disabled
- DOM_XSS none
- REACT_DANGEROUS_INNERHTML react_set_unsafe_html
- VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
- XSS none
|
|
| 88 Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') |
- HEADER_INJECTION none
- OS_CMD_INJECTION command_argument
- OS_CMD_INJECTION executable_file
- OS_CMD_INJECTION none
|
- HEADER_INJECTION none
- OS_CMD_INJECTION none
|
- HEADER_INJECTION none
- OS_CMD_INJECTION none
|
- HEADER_INJECTION none
- OS_CMD_INJECTION command_as_one_string
- OS_CMD_INJECTION none
|
- HEADER_INJECTION none
- MISSING_HEADER_VALIDATION missing_header_validation
- OS_CMD_INJECTION command_as_array_of_args
- OS_CMD_INJECTION command_as_one_string
- OS_CMD_INJECTION none
|
- HEADER_INJECTION none
- OS_CMD_INJECTION none
|
- HEADER_INJECTION none
- OS_CMD_INJECTION command_as_array_of_args
- OS_CMD_INJECTION command_as_one_string
|
- HEADER_INJECTION none
- OS_CMD_INJECTION none
|
- HEADER_INJECTION none
- OS_CMD_INJECTION none
|
|
- OS_CMD_INJECTION command_injection_hi
- OS_CMD_INJECTION command_injection_med
|
|
|
- HEADER_INJECTION none
- OS_CMD_INJECTION none
|
- HEADER_INJECTION none
- OS_CMD_INJECTION command_argument
- OS_CMD_INJECTION executable_file
- OS_CMD_INJECTION none
|
| 89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') |
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
|
|
|
- SQLI none
- SQLI nosink
- SQLI sink
|
- CONFIG.MYBATIS_MAPPER_SQLI none
- FB.SQL_NONCONSTANT_STRING_PASSED_TO_EXECUTE none
- FB.SQL_PREPARED_STATEMENT_GENERATED_FROM_NONCONSTANT_STRING none
- JSP_SQL_INJECTION none
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
|
- SQLI none
- SQLI nosink
- SQLI sink
|
- SQLI none
- SQLI nosink
- SQLI sink
|
|
- SQLI none
- SQLI nosink
- SQLI sink
|
- SQLI none
- SQLI nosink
- SQLI sink
|
- DYNAMIC_OBJECT_ATTRIBUTES cve_2013_0276_hi
- RUBY_VULNERABLE_LIBRARY cve_2010_3933_hi
- RUBY_VULNERABLE_LIBRARY cve_2011_2930_med
- RUBY_VULNERABLE_LIBRARY cve_2012_2660_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_2661_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_2695_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_5664_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_0155_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_6417_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_0080_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_3482_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_3483_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_low
- RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_med
- RUBY_VULNERABLE_LIBRARY cve_2014_3514_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7577_med
- RUBY_VULNERABLE_LIBRARY cve_2016_6317_hi
- SQLI sql_injection_calculate_hi
- SQLI sql_injection_calculate_low
- SQLI sql_injection_calculate_med
- SQLI sql_injection_connection_hi
- SQLI sql_injection_connection_low
- SQLI sql_injection_connection_med
- SQLI sql_injection_delete_hi
- SQLI sql_injection_delete_low
- SQLI sql_injection_delete_med
- SQLI sql_injection_dynamic_finder_med
- SQLI sql_injection_exists_hi
- SQLI sql_injection_find_by_hi
- SQLI sql_injection_find_hi
- SQLI sql_injection_find_low
- SQLI sql_injection_find_med
- SQLI sql_injection_from_hi
- SQLI sql_injection_from_low
- SQLI sql_injection_from_med
- SQLI sql_injection_group_low
- SQLI sql_injection_group_med
- SQLI sql_injection_having_low
- SQLI sql_injection_having_med
- SQLI sql_injection_hi
- SQLI sql_injection_interp_hi
- SQLI sql_injection_interp_low
- SQLI sql_injection_interp_med
- SQLI sql_injection_joins_hi
- SQLI sql_injection_joins_low
- SQLI sql_injection_joins_med
- SQLI sql_injection_limit_offset_hi
- SQLI sql_injection_limit_offset_low
- SQLI sql_injection_low
- SQLI sql_injection_med
- SQLI sql_injection_not_low
- SQLI sql_injection_order_hi
- SQLI sql_injection_order_low
- SQLI sql_injection_order_med
- SQLI sql_injection_pluck_hi
- SQLI sql_injection_pluck_low
- SQLI sql_injection_pluck_med
- SQLI sql_injection_reorder_hi
- SQLI sql_injection_reorder_low
- SQLI sql_injection_reorder_med
- SQLI sql_injection_select_hi
- SQLI sql_injection_select_med
- SQLI sql_injection_where_hi
- SQLI sql_injection_where_low
- SQLI sql_injection_where_med
|
|
- SQLI none
- SQLI nosink
- SQLI sink
|
- SQLI none
- SQLI nosink
- SQLI sink
|
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
|
| 90 Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection') |
- LDAP_INJECTION none
- LDAP_NOT_CONSTANT none
|
|
|
|
- LDAP_INJECTION none
- LDAP_NOT_CONSTANT none
|
|
|
|
|
|
|
|
|
|
- LDAP_INJECTION none
- LDAP_NOT_CONSTANT none
|
| 91 XML Injection (aka Blind XPath Injection) |
- XML_INJECTION none
- XPATH_INJECTION none
|
|
|
|
- XML_INJECTION none
- XPATH_INJECTION none
|
|
|
|
|
|
|
|
|
|
- XML_INJECTION none
- XPATH_INJECTION none
|
| 92 DEPRECATED: Improper Sanitization of Custom Special Characters |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 93 Improper Neutralization of CRLF Sequences ('CRLF Injection') |
|
|
|
|
- FB.HRS_REQUEST_PARAMETER_TO_COOKIE none
- FB.HRS_REQUEST_PARAMETER_TO_HTTP_HEADER none
- MISSING_HEADER_VALIDATION missing_header_validation
|
|
|
|
|
|
- RUBY_VULNERABLE_LIBRARY cve_2011_3186_med
|
|
|
|
|
| 94 Improper Control of Generation of Code ('Code Injection') |
- NOSQL_QUERY_INJECTION none
- REGEX_INJECTION none
- SCRIPT_CODE_INJECTION none
- UNKNOWN_LANGUAGE_INJECTION none
- XPATH_INJECTION none
|
|
|
- NOSQL_QUERY_INJECTION none
- TEMPLATE_INJECTION none
|
- JAVA_CODE_INJECTION none
- JCR_INJECTION none
- JSP_DYNAMIC_INCLUDE none
- NOSQL_QUERY_INJECTION none
- OGNL_INJECTION none
- REGEX_INJECTION none
- SCRIPT_CODE_INJECTION none
- UNKNOWN_LANGUAGE_INJECTION none
- XPATH_INJECTION none
|
- ANGULAR_EXPRESSION_INJECTION none
- NOSQL_QUERY_INJECTION none
- REGEX_INJECTION none
- SCRIPT_CODE_INJECTION none
- TEMPLATE_INJECTION none
|
|
|
- NOSQL_QUERY_INJECTION none
- SCRIPT_CODE_INJECTION none
|
- NOSQL_QUERY_INJECTION none
- SCRIPT_CODE_INJECTION none
|
- PATH_MANIPULATION dynamic_render_path_rce_hi
- REGEX_INJECTION regex_dos_hi
- REGEX_INJECTION regex_dos_low
- REGEX_INJECTION regex_dos_med
- SCRIPT_CODE_INJECTION code_eval_hi
- SCRIPT_CODE_INJECTION code_eval_low
|
|
- REGEX_INJECTION none
- SCRIPT_CODE_INJECTION none
- XPATH_INJECTION none
|
- ANGULAR_EXPRESSION_INJECTION none
- NOSQL_QUERY_INJECTION none
- REGEX_INJECTION none
- SCRIPT_CODE_INJECTION none
- TEMPLATE_INJECTION none
|
- REGEX_INJECTION none
- SCRIPT_CODE_INJECTION none
- XPATH_INJECTION none
|
| 95 Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') |
- SCRIPT_CODE_INJECTION none
|
|
|
|
- SCRIPT_CODE_INJECTION none
|
- SCRIPT_CODE_INJECTION none
|
|
|
- SCRIPT_CODE_INJECTION none
|
- SCRIPT_CODE_INJECTION none
|
- PATH_MANIPULATION dynamic_render_path_rce_hi
- SCRIPT_CODE_INJECTION code_eval_hi
- SCRIPT_CODE_INJECTION code_eval_low
|
|
- SCRIPT_CODE_INJECTION none
|
- SCRIPT_CODE_INJECTION none
|
- SCRIPT_CODE_INJECTION none
|
| 96 Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection') |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 97 Improper Neutralization of Server-Side Includes (SSI) Within a Web Page |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 98 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 99 Improper Control of Resource Identifiers ('Resource Injection') |
|
|
|
|
- URL_MANIPULATION bad_content_uri
- URL_MANIPULATION bad_intent_uri
- URL_MANIPULATION bad_web_uri
|
- LOCALSTORAGE_MANIPULATION none
- SESSIONSTORAGE_MANIPULATION none
- URL_MANIPULATION none
|
- URL_MANIPULATION bad_content_uri
- URL_MANIPULATION bad_intent_uri
- URL_MANIPULATION bad_web_uri
|
|
|
|
|
|
|
- LOCALSTORAGE_MANIPULATION none
- SESSIONSTORAGE_MANIPULATION none
- URL_MANIPULATION none
|
|
| 100 DEPRECATED: Technology-Specific Input Validation Problems |
|
|
|
|
- CONFIG.STRUTS2_CONFIG_BROWSER_PLUGIN none
- CONFIG.STRUTS2_DYNAMIC_METHOD_INVOCATION none
- CONFIG.STRUTS2_ENABLED_DEV_MODE none
|
|
|
|
|
|
|
|
|
|
|
| 101 DEPRECATED: Struts Validation Problems |
|
|
|
|
- CONFIG.STRUTS2_CONFIG_BROWSER_PLUGIN none
- CONFIG.STRUTS2_DYNAMIC_METHOD_INVOCATION none
- CONFIG.STRUTS2_ENABLED_DEV_MODE none
|
|
|
|
|
|
|
|
|
|
|
| 102 Struts: Duplicate Validation Forms |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 103 Struts: Incomplete validate() Method Definition |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 104 Struts: Form Bean Does Not Extend Validation Class |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 105 Struts: Form Field Without Validator |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 106 Struts: Plug-in Framework not in Use |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 107 Struts: Unused Validation Form |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 108 Struts: Unvalidated Action Form |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 109 Struts: Validator Turned Off |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 110 Struts: Validator Without Form Field |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 111 Direct Use of Unsafe JNI |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 112 Missing XML Validation |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 113 Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting') |
|
|
|
|
- FB.HRS_REQUEST_PARAMETER_TO_COOKIE none
- FB.HRS_REQUEST_PARAMETER_TO_HTTP_HEADER none
- MISSING_HEADER_VALIDATION missing_header_validation
|
|
|
|
|
|
- RUBY_VULNERABLE_LIBRARY cve_2011_3186_med
|
|
|
|
|
| 114 Process Control |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 115 Misinterpretation of Input |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 116 Improper Encoding or Escaping of Output |
- HEADER_INJECTION none
- LDAP_INJECTION none
- LDAP_NOT_CONSTANT none
- LOG_INJECTION none
- NOSQL_QUERY_INJECTION none
- OS_CMD_INJECTION command_argument
- OS_CMD_INJECTION executable_file
- OS_CMD_INJECTION none
- REGEX_INJECTION none
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
- UNKNOWN_LANGUAGE_INJECTION none
- XML_INJECTION none
- XPATH_INJECTION none
- XSS none
- XSS stored_xss
|
- BUFFER_SIZE no_null_terminator
- BUFFER_SIZE no_null_terminator_warn
- FORMAT_STRING_INJECTION none
- FORMAT_STRING_INJECTION paranoid
- HEADER_INJECTION none
- OS_CMD_INJECTION none
- PW.NON_CONST_PRINTF_FORMAT_STRING none
- READLINK none
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SIZECHECK no_null_terminator
- SQLI none
- STRING_NULL none
- URL_MANIPULATION none
- XPATH_INJECTION none
|
- BUFFER_SIZE no_null_terminator
- BUFFER_SIZE no_null_terminator_warn
- FORMAT_STRING_INJECTION none
- FORMAT_STRING_INJECTION paranoid
- HEADER_INJECTION none
- OS_CMD_INJECTION none
- PW.NON_CONST_PRINTF_FORMAT_STRING none
- READLINK none
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SIZECHECK no_null_terminator
- SQLI none
- STRING_NULL none
- URL_MANIPULATION none
- XPATH_INJECTION none
|
- HEADER_INJECTION none
- NOSQL_QUERY_INJECTION none
- OS_CMD_INJECTION command_as_one_string
- OS_CMD_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SQLI none
- SQLI nosink
- SQLI sink
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
- TEMPLATE_INJECTION none
- URL_MANIPULATION none
- XSS none
|
- CONFIG.MYBATIS_MAPPER_SQLI none
- CONFIG.SPRING_SECURITY_DEPRECATED_XSS_HEADER deprecated_xss_header
- EL_INJECTION none
- FB.HRS_REQUEST_PARAMETER_TO_COOKIE none
- FB.HRS_REQUEST_PARAMETER_TO_HTTP_HEADER none
- FB.SQL_NONCONSTANT_STRING_PASSED_TO_EXECUTE none
- FB.SQL_PREPARED_STATEMENT_GENERATED_FROM_NONCONSTANT_STRING none
- FB.XSS_REQUEST_PARAMETER_TO_JSP_WRITER none
- FB.XSS_REQUEST_PARAMETER_TO_SEND_ERROR none
- FB.XSS_REQUEST_PARAMETER_TO_SERVLET_WRITER none
- HEADER_INJECTION none
- JAVA_CODE_INJECTION none
- JCR_INJECTION none
- JSP_DYNAMIC_INCLUDE none
- JSP_SQL_INJECTION none
- LDAP_INJECTION none
- LDAP_NOT_CONSTANT none
- LOG_INJECTION none
- MISSING_HEADER_VALIDATION missing_header_validation
- NOSQL_QUERY_INJECTION none
- OGNL_INJECTION none
- OS_CMD_INJECTION command_as_array_of_args
- OS_CMD_INJECTION command_as_one_string
- OS_CMD_INJECTION none
- REGEX_INJECTION none
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
- UNKNOWN_LANGUAGE_INJECTION none
- URL_MANIPULATION bad_content_uri
- URL_MANIPULATION bad_intent_uri
- URL_MANIPULATION bad_web_uri
- XML_INJECTION none
- XPATH_INJECTION none
- XSS none
- XSS stored_xss
|
- ANGULAR_BYPASS_SECURITY none
- ANGULAR_ELEMENT_REFERENCE none
- ANGULAR_EXPRESSION_INJECTION none
- ANGULAR_SCE_DISABLED angular_sce_disabled
- CSS_INJECTION none
- DOM_XSS none
- HEADER_INJECTION none
- LOCALSTORAGE_MANIPULATION none
- NOSQL_QUERY_INJECTION none
- OS_CMD_INJECTION none
- REACT_DANGEROUS_INNERHTML react_set_unsafe_html
- REGEX_INJECTION none
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SESSIONSTORAGE_MANIPULATION none
- SQLI none
- SQLI nosink
- SQLI sink
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
- TEMPLATE_INJECTION none
- URL_MANIPULATION none
- VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
- XSS none
|
- HEADER_INJECTION none
- OS_CMD_INJECTION command_as_array_of_args
- OS_CMD_INJECTION command_as_one_string
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SQLI none
- SQLI nosink
- SQLI sink
- URL_MANIPULATION bad_content_uri
- URL_MANIPULATION bad_intent_uri
- URL_MANIPULATION bad_web_uri
|
- BUFFER_SIZE no_null_terminator
- BUFFER_SIZE no_null_terminator_warn
- FORMAT_STRING_INJECTION none
- FORMAT_STRING_INJECTION paranoid
- HEADER_INJECTION none
- OS_CMD_INJECTION none
- READLINK none
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SIZECHECK no_null_terminator
- SQLI none
- STRING_NULL none
- URL_MANIPULATION none
- XPATH_INJECTION none
|
- HEADER_INJECTION none
- NOSQL_QUERY_INJECTION none
- OS_CMD_INJECTION none
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SQLI none
- SQLI nosink
- SQLI sink
- SYMFONY_EL_INJECTION none
- XSS none
|
- NOSQL_QUERY_INJECTION none
- OS_CMD_INJECTION none
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SQLI none
- SQLI nosink
- SQLI sink
- XSS none
|
- DYNAMIC_OBJECT_ATTRIBUTES cve_2013_0276_hi
- OS_CMD_INJECTION command_injection_hi
- OS_CMD_INJECTION command_injection_med
- PATH_MANIPULATION dynamic_render_path_rce_hi
- REGEX_INJECTION regex_dos_hi
- REGEX_INJECTION regex_dos_low
- REGEX_INJECTION regex_dos_med
- RUBY_VULNERABLE_LIBRARY cve_2010_3933_hi
- RUBY_VULNERABLE_LIBRARY cve_2011_2930_med
- RUBY_VULNERABLE_LIBRARY cve_2011_2931_hi
- RUBY_VULNERABLE_LIBRARY cve_2011_2932_hi
- RUBY_VULNERABLE_LIBRARY cve_2011_3186_med
- RUBY_VULNERABLE_LIBRARY cve_2012_2660_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_2661_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_2695_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_3463_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_3465_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_5664_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_0155_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_1855_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_1857_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_4491_med
- RUBY_VULNERABLE_LIBRARY cve_2013_6416_call_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_6416_med
- RUBY_VULNERABLE_LIBRARY cve_2013_6417_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_0080_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_0081_call_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_0081_med
- RUBY_VULNERABLE_LIBRARY cve_2014_3482_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_3483_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_low
- RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_med
- RUBY_VULNERABLE_LIBRARY cve_2014_3514_med
- RUBY_VULNERABLE_LIBRARY cve_2015_3226_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_3226_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7577_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7578_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_7578_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7579_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_7579_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7580_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_7580_med
- RUBY_VULNERABLE_LIBRARY cve_2016_6317_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_3741_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_3741_med
- RUBY_VULNERABLE_LIBRARY cve_2018_8048_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_8048_med
- RUBY_VULNERABLE_LIBRARY safe_buffer_vuln_med
- RUBY_VULNERABLE_LIBRARY select_options_vuln_low
- RUBY_VULNERABLE_LIBRARY select_options_vuln_med
- RUBY_VULNERABLE_LIBRARY translate_vuln_hi
- RUBY_VULNERABLE_LIBRARY translate_vuln_med
- SCRIPT_CODE_INJECTION code_eval_hi
- SCRIPT_CODE_INJECTION code_eval_low
- SQLI sql_injection_calculate_hi
- SQLI sql_injection_calculate_low
- SQLI sql_injection_calculate_med
- SQLI sql_injection_connection_hi
- SQLI sql_injection_connection_low
- SQLI sql_injection_connection_med
- SQLI sql_injection_delete_hi
- SQLI sql_injection_delete_low
- SQLI sql_injection_delete_med
- SQLI sql_injection_dynamic_finder_med
- SQLI sql_injection_exists_hi
- SQLI sql_injection_find_by_hi
- SQLI sql_injection_find_hi
- SQLI sql_injection_find_low
- SQLI sql_injection_find_med
- SQLI sql_injection_from_hi
- SQLI sql_injection_from_low
- SQLI sql_injection_from_med
- SQLI sql_injection_group_low
- SQLI sql_injection_group_med
- SQLI sql_injection_having_low
- SQLI sql_injection_having_med
- SQLI sql_injection_hi
- SQLI sql_injection_interp_hi
- SQLI sql_injection_interp_low
- SQLI sql_injection_interp_med
- SQLI sql_injection_joins_hi
- SQLI sql_injection_joins_low
- SQLI sql_injection_joins_med
- SQLI sql_injection_limit_offset_hi
- SQLI sql_injection_limit_offset_low
- SQLI sql_injection_low
- SQLI sql_injection_med
- SQLI sql_injection_not_low
- SQLI sql_injection_order_hi
- SQLI sql_injection_order_low
- SQLI sql_injection_order_med
- SQLI sql_injection_pluck_hi
- SQLI sql_injection_pluck_low
- SQLI sql_injection_pluck_med
- SQLI sql_injection_reorder_hi
- SQLI sql_injection_reorder_low
- SQLI sql_injection_reorder_med
- SQLI sql_injection_select_hi
- SQLI sql_injection_select_med
- SQLI sql_injection_where_hi
- SQLI sql_injection_where_low
- SQLI sql_injection_where_med
- UNESCAPED_HTML unescaped_output_low
- XSS cross_site_scripting_hi
- XSS cross_site_scripting_inline_hi
- XSS cross_site_scripting_inline_med
- XSS cross_site_scripting_low
- XSS cross_site_scripting_med
- XSS cve_2011_0446_hi
- XSS cve_2012_3464_med
- XSS cve_2016_6316_hi
- XSS cve_2016_6316_med
- XSS unquoted_attribute_hi
- XSS unquoted_attribute_low
- XSS unquoted_attribute_med
- XSS xss_content_tag_hi
- XSS xss_content_tag_med
- XSS xss_link_to_hi
- XSS xss_link_to_href_hi
- XSS xss_link_to_href_low
- XSS xss_link_to_med
- XSS xss_to_json_hi
- XSS xss_to_json_med
|
|
- REGEX_INJECTION none
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SQLI none
- SQLI nosink
- SQLI sink
- XPATH_INJECTION none
|
- ANGULAR_BYPASS_SECURITY none
- ANGULAR_ELEMENT_REFERENCE none
- ANGULAR_EXPRESSION_INJECTION none
- ANGULAR_SCE_DISABLED angular_sce_disabled
- CSS_INJECTION none
- DOM_XSS none
- HEADER_INJECTION none
- LOCALSTORAGE_MANIPULATION none
- NOSQL_QUERY_INJECTION none
- OS_CMD_INJECTION none
- REACT_DANGEROUS_INNERHTML react_set_unsafe_html
- REGEX_INJECTION none
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SESSIONSTORAGE_MANIPULATION none
- SQLI none
- SQLI nosink
- SQLI sink
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
- TEMPLATE_INJECTION none
- URL_MANIPULATION none
- VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
- XSS none
|
- HEADER_INJECTION none
- LDAP_INJECTION none
- LDAP_NOT_CONSTANT none
- LOG_INJECTION none
- OS_CMD_INJECTION command_argument
- OS_CMD_INJECTION executable_file
- OS_CMD_INJECTION none
- REGEX_INJECTION none
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
- XML_INJECTION none
- XPATH_INJECTION none
- XSS none
- XSS stored_xss
|
| 117 Improper Output Neutralization for Logs |
- LOG_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
|
- LOG_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
|
|
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
|
- LOG_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
|
| 118 Incorrect Access of Indexable Resource ('Range Error') |
|
- ARRAY_VS_SINGLETON none
- BAD_ALLOC_ARITHMETIC none
- BUFFER_SIZE fixed_size_dest
- BUFFER_SIZE likely_overflow
- BUFFER_SIZE none
- BUFFER_SIZE overflow
- BUFFER_SIZE overlapping_buffer
- COM.BAD_FREE none
- COM.BSTR.ALLOC double_free
- COM.BSTR.ALLOC free_uninit
- COM.BSTR.ALLOC none
- COM.BSTR.ALLOC use_after_free
- COM.BSTR.ALLOC use_uninit
- COM.BSTR.CONV none
- INCOMPATIBLE_CAST overrun
- INTEGER_OVERFLOW array_index_read
- INTEGER_OVERFLOW array_index_write
- INTEGER_OVERFLOW pointer_deref_read
- INTEGER_OVERFLOW pointer_deref_write
- INVALIDATE_ITERATOR none
- MISMATCHED_ITERATOR none
- MISMATCHED_ITERATOR splice_iterator_mismatch
- MISSING_ASSIGN none
- MISSING_ASSIGN uncalled
- MISSING_COPY none
- MISSING_COPY uncalled
- OVERRUN illegal_address
- OVERRUN none
- OVERRUN read
- OVERRUN strlen
- OVERRUN write
- REVERSE_NEGATIVE critical_argument
- SIZECHECK likely_overflow
- STRING_OVERFLOW fixed_size_dest
- STRING_OVERFLOW likely_overflow
- STRING_OVERFLOW none
- STRING_SIZE none
- TAINTED_SCALAR allocation
- TAINTED_SCALAR array_index_read
- TAINTED_SCALAR array_index_write
- TAINTED_SCALAR critical_argument
- TAINTED_SCALAR divisor
- TAINTED_SCALAR loop_bound
- TAINTED_SCALAR none
- TAINTED_SCALAR pointer_deref_read
- TAINTED_SCALAR pointer_deref_write
- USE_AFTER_FREE deref_read_after_free
- USE_AFTER_FREE deref_write_after_free
- USE_AFTER_FREE double_free
- USE_AFTER_FREE none
- WRAPPER_ESCAPE COM_deref_read_after_free
- WRAPPER_ESCAPE COM_deref_write_after_free
- WRAPPER_ESCAPE COM_use_after_free
- WRAPPER_ESCAPE deref_read_after_free
- WRAPPER_ESCAPE deref_write_after_free
- WRAPPER_ESCAPE none
|
- ARRAY_VS_SINGLETON none
- BAD_ALLOC_ARITHMETIC none
- BUFFER_SIZE fixed_size_dest
- BUFFER_SIZE likely_overflow
- BUFFER_SIZE none
- BUFFER_SIZE overflow
- BUFFER_SIZE overlapping_buffer
- INCOMPATIBLE_CAST overrun
- INTEGER_OVERFLOW array_index_read
- INTEGER_OVERFLOW array_index_write
- INTEGER_OVERFLOW pointer_deref_read
- INTEGER_OVERFLOW pointer_deref_write
- INVALIDATE_ITERATOR none
- MISMATCHED_ITERATOR none
- MISMATCHED_ITERATOR splice_iterator_mismatch
- MISSING_ASSIGN none
- MISSING_ASSIGN uncalled
- MISSING_COPY none
- MISSING_COPY uncalled
- OVERRUN illegal_address
- OVERRUN none
- OVERRUN read
- OVERRUN strlen
- OVERRUN write
- REVERSE_NEGATIVE critical_argument
- SIZECHECK likely_overflow
- STRING_OVERFLOW fixed_size_dest
- STRING_OVERFLOW likely_overflow
- STRING_OVERFLOW none
- STRING_SIZE none
- TAINTED_SCALAR allocation
- TAINTED_SCALAR array_index_read
- TAINTED_SCALAR array_index_write
- TAINTED_SCALAR critical_argument
- TAINTED_SCALAR divisor
- TAINTED_SCALAR loop_bound
- TAINTED_SCALAR none
- TAINTED_SCALAR pointer_deref_read
- TAINTED_SCALAR pointer_deref_write
- USE_AFTER_FREE deref_read_after_free
- USE_AFTER_FREE deref_write_after_free
- USE_AFTER_FREE double_free
- USE_AFTER_FREE none
- WRAPPER_ESCAPE COM_deref_read_after_free
- WRAPPER_ESCAPE COM_deref_write_after_free
- WRAPPER_ESCAPE COM_use_after_free
- WRAPPER_ESCAPE deref_read_after_free
- WRAPPER_ESCAPE deref_write_after_free
- WRAPPER_ESCAPE none
|
|
- INVALIDATE_ITERATOR map_put
- INVALIDATE_ITERATOR none
|
|
|
- ARRAY_VS_SINGLETON none
- BAD_ALLOC_ARITHMETIC none
- BUFFER_SIZE fixed_size_dest
- BUFFER_SIZE likely_overflow
- BUFFER_SIZE none
- BUFFER_SIZE overflow
- BUFFER_SIZE overlapping_buffer
- INCOMPATIBLE_CAST overrun
- INTEGER_OVERFLOW array_index_read
- INTEGER_OVERFLOW array_index_write
- INTEGER_OVERFLOW pointer_deref_read
- INTEGER_OVERFLOW pointer_deref_write
- INVALIDATE_ITERATOR none
- MISMATCHED_ITERATOR none
- MISMATCHED_ITERATOR splice_iterator_mismatch
- MISSING_ASSIGN none
- MISSING_ASSIGN uncalled
- MISSING_COPY none
- MISSING_COPY uncalled
- OVERRUN illegal_address
- OVERRUN none
- OVERRUN read
- OVERRUN strlen
- OVERRUN write
- REVERSE_NEGATIVE critical_argument
- SIZECHECK likely_overflow
- STRING_OVERFLOW fixed_size_dest
- STRING_OVERFLOW likely_overflow
- STRING_OVERFLOW none
- STRING_SIZE none
- TAINTED_SCALAR allocation
- TAINTED_SCALAR array_index_read
- TAINTED_SCALAR array_index_write
- TAINTED_SCALAR critical_argument
- TAINTED_SCALAR divisor
- TAINTED_SCALAR loop_bound
- TAINTED_SCALAR none
- TAINTED_SCALAR pointer_deref_read
- TAINTED_SCALAR pointer_deref_write
- USE_AFTER_FREE deref_read_after_free
- USE_AFTER_FREE deref_write_after_free
- USE_AFTER_FREE double_free
- USE_AFTER_FREE none
- WRAPPER_ESCAPE COM_deref_read_after_free
- WRAPPER_ESCAPE COM_deref_write_after_free
- WRAPPER_ESCAPE COM_use_after_free
- WRAPPER_ESCAPE deref_read_after_free
- WRAPPER_ESCAPE deref_write_after_free
- WRAPPER_ESCAPE none
|
|
|
|
|
|
|
|
| 119 Improper Restriction of Operations within the Bounds of a Memory Buffer |
|
- ARRAY_VS_SINGLETON none
- BAD_ALLOC_ARITHMETIC none
- BUFFER_SIZE fixed_size_dest
- BUFFER_SIZE likely_overflow
- BUFFER_SIZE none
- BUFFER_SIZE overflow
- BUFFER_SIZE overlapping_buffer
- COM.BAD_FREE none
- COM.BSTR.ALLOC double_free
- COM.BSTR.ALLOC free_uninit
- COM.BSTR.ALLOC none
- COM.BSTR.ALLOC use_after_free
- COM.BSTR.ALLOC use_uninit
- COM.BSTR.CONV none
- INCOMPATIBLE_CAST overrun
- INTEGER_OVERFLOW array_index_read
- INTEGER_OVERFLOW array_index_write
- INTEGER_OVERFLOW pointer_deref_read
- INTEGER_OVERFLOW pointer_deref_write
- INVALIDATE_ITERATOR none
- MISMATCHED_ITERATOR none
- MISMATCHED_ITERATOR splice_iterator_mismatch
- MISSING_ASSIGN none
- MISSING_ASSIGN uncalled
- MISSING_COPY none
- MISSING_COPY uncalled
- OVERRUN illegal_address
- OVERRUN none
- OVERRUN read
- OVERRUN strlen
- OVERRUN write
- REVERSE_NEGATIVE critical_argument
- SIZECHECK likely_overflow
- STRING_OVERFLOW fixed_size_dest
- STRING_OVERFLOW likely_overflow
- STRING_OVERFLOW none
- STRING_SIZE none
- TAINTED_SCALAR allocation
- TAINTED_SCALAR array_index_read
- TAINTED_SCALAR array_index_write
- TAINTED_SCALAR critical_argument
- TAINTED_SCALAR divisor
- TAINTED_SCALAR loop_bound
- TAINTED_SCALAR none
- TAINTED_SCALAR pointer_deref_read
- TAINTED_SCALAR pointer_deref_write
- USE_AFTER_FREE deref_read_after_free
- USE_AFTER_FREE deref_write_after_free
- USE_AFTER_FREE double_free
- USE_AFTER_FREE none
- WRAPPER_ESCAPE COM_deref_read_after_free
- WRAPPER_ESCAPE COM_deref_write_after_free
- WRAPPER_ESCAPE COM_use_after_free
- WRAPPER_ESCAPE deref_read_after_free
- WRAPPER_ESCAPE deref_write_after_free
- WRAPPER_ESCAPE none
|
- ARRAY_VS_SINGLETON none
- BAD_ALLOC_ARITHMETIC none
- BUFFER_SIZE fixed_size_dest
- BUFFER_SIZE likely_overflow
- BUFFER_SIZE none
- BUFFER_SIZE overflow
- BUFFER_SIZE overlapping_buffer
- INCOMPATIBLE_CAST overrun
- INTEGER_OVERFLOW array_index_read
- INTEGER_OVERFLOW array_index_write
- INTEGER_OVERFLOW pointer_deref_read
- INTEGER_OVERFLOW pointer_deref_write
- INVALIDATE_ITERATOR none
- MISMATCHED_ITERATOR none
- MISMATCHED_ITERATOR splice_iterator_mismatch
- MISSING_ASSIGN none
- MISSING_ASSIGN uncalled
- MISSING_COPY none
- MISSING_COPY uncalled
- OVERRUN illegal_address
- OVERRUN none
- OVERRUN read
- OVERRUN strlen
- OVERRUN write
- REVERSE_NEGATIVE critical_argument
- SIZECHECK likely_overflow
- STRING_OVERFLOW fixed_size_dest
- STRING_OVERFLOW likely_overflow
- STRING_OVERFLOW none
- STRING_SIZE none
- TAINTED_SCALAR allocation
- TAINTED_SCALAR array_index_read
- TAINTED_SCALAR array_index_write
- TAINTED_SCALAR critical_argument
- TAINTED_SCALAR divisor
- TAINTED_SCALAR loop_bound
- TAINTED_SCALAR none
- TAINTED_SCALAR pointer_deref_read
- TAINTED_SCALAR pointer_deref_write
- USE_AFTER_FREE deref_read_after_free
- USE_AFTER_FREE deref_write_after_free
- USE_AFTER_FREE double_free
- USE_AFTER_FREE none
- WRAPPER_ESCAPE COM_deref_read_after_free
- WRAPPER_ESCAPE COM_deref_write_after_free
- WRAPPER_ESCAPE COM_use_after_free
- WRAPPER_ESCAPE deref_read_after_free
- WRAPPER_ESCAPE deref_write_after_free
- WRAPPER_ESCAPE none
|
|
- INVALIDATE_ITERATOR map_put
- INVALIDATE_ITERATOR none
|
|
|
- ARRAY_VS_SINGLETON none
- BAD_ALLOC_ARITHMETIC none
- BUFFER_SIZE fixed_size_dest
- BUFFER_SIZE likely_overflow
- BUFFER_SIZE none
- BUFFER_SIZE overflow
- BUFFER_SIZE overlapping_buffer
- INCOMPATIBLE_CAST overrun
- INTEGER_OVERFLOW array_index_read
- INTEGER_OVERFLOW array_index_write
- INTEGER_OVERFLOW pointer_deref_read
- INTEGER_OVERFLOW pointer_deref_write
- INVALIDATE_ITERATOR none
- MISMATCHED_ITERATOR none
- MISMATCHED_ITERATOR splice_iterator_mismatch
- MISSING_ASSIGN none
- MISSING_ASSIGN uncalled
- MISSING_COPY none
- MISSING_COPY uncalled
- OVERRUN illegal_address
- OVERRUN none
- OVERRUN read
- OVERRUN strlen
- OVERRUN write
- REVERSE_NEGATIVE critical_argument
- SIZECHECK likely_overflow
- STRING_OVERFLOW fixed_size_dest
- STRING_OVERFLOW likely_overflow
- STRING_OVERFLOW none
- STRING_SIZE none
- TAINTED_SCALAR allocation
- TAINTED_SCALAR array_index_read
- TAINTED_SCALAR array_index_write
- TAINTED_SCALAR critical_argument
- TAINTED_SCALAR divisor
- TAINTED_SCALAR loop_bound
- TAINTED_SCALAR none
- TAINTED_SCALAR pointer_deref_read
- TAINTED_SCALAR pointer_deref_write
- USE_AFTER_FREE deref_read_after_free
- USE_AFTER_FREE deref_write_after_free
- USE_AFTER_FREE double_free
- USE_AFTER_FREE none
- WRAPPER_ESCAPE COM_deref_read_after_free
- WRAPPER_ESCAPE COM_deref_write_after_free
- WRAPPER_ESCAPE COM_use_after_free
- WRAPPER_ESCAPE deref_read_after_free
- WRAPPER_ESCAPE deref_write_after_free
- WRAPPER_ESCAPE none
|
|
|
|
|
|
|
|
| 120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') |
|
- BUFFER_SIZE fixed_size_dest
- BUFFER_SIZE likely_overflow
- BUFFER_SIZE none
- BUFFER_SIZE overflow
- BUFFER_SIZE overlapping_buffer
- SIZECHECK likely_overflow
- STRING_OVERFLOW fixed_size_dest
- STRING_OVERFLOW likely_overflow
- STRING_OVERFLOW none
- STRING_SIZE none
|
- BUFFER_SIZE fixed_size_dest
- BUFFER_SIZE likely_overflow
- BUFFER_SIZE none
- BUFFER_SIZE overflow
- BUFFER_SIZE overlapping_buffer
- SIZECHECK likely_overflow
- STRING_OVERFLOW fixed_size_dest
- STRING_OVERFLOW likely_overflow
- STRING_OVERFLOW none
- STRING_SIZE none
|
|
|
|
|
- BUFFER_SIZE fixed_size_dest
- BUFFER_SIZE likely_overflow
- BUFFER_SIZE none
- BUFFER_SIZE overflow
- BUFFER_SIZE overlapping_buffer
- SIZECHECK likely_overflow
- STRING_OVERFLOW fixed_size_dest
- STRING_OVERFLOW likely_overflow
- STRING_OVERFLOW none
- STRING_SIZE none
|
|
|
|
|
|
|
|
| 121 Stack-based Buffer Overflow |
|
- ARRAY_VS_SINGLETON none
- BAD_ALLOC_ARITHMETIC none
- BUFFER_SIZE none
- OVERRUN illegal_address
- OVERRUN none
- OVERRUN read
- OVERRUN strlen
- OVERRUN write
|
- ARRAY_VS_SINGLETON none
- BAD_ALLOC_ARITHMETIC none
- BUFFER_SIZE none
- OVERRUN illegal_address
- OVERRUN none
- OVERRUN read
- OVERRUN strlen
- OVERRUN write
|
|
|
|
|
- ARRAY_VS_SINGLETON none
- BAD_ALLOC_ARITHMETIC none
- BUFFER_SIZE none
- OVERRUN illegal_address
- OVERRUN none
- OVERRUN read
- OVERRUN strlen
- OVERRUN write
|
|
|
|
|
|
|
|
| 122 Heap-based Buffer Overflow |
|
- ARRAY_VS_SINGLETON none
- BAD_ALLOC_ARITHMETIC none
- BUFFER_SIZE none
- OVERRUN illegal_address
- OVERRUN none
- OVERRUN read
- OVERRUN strlen
- OVERRUN write
|
- ARRAY_VS_SINGLETON none
- BAD_ALLOC_ARITHMETIC none
- BUFFER_SIZE none
- OVERRUN illegal_address
- OVERRUN none
- OVERRUN read
- OVERRUN strlen
- OVERRUN write
|
|
|
|
|
- ARRAY_VS_SINGLETON none
- BAD_ALLOC_ARITHMETIC none
- BUFFER_SIZE none
- OVERRUN illegal_address
- OVERRUN none
- OVERRUN read
- OVERRUN strlen
- OVERRUN write
|
|
|
|
|
|
|
|
| 123 Write-what-where Condition |
|
- ARRAY_VS_SINGLETON none
- BAD_ALLOC_ARITHMETIC none
- BUFFER_SIZE none
- OVERRUN illegal_address
- OVERRUN none
- OVERRUN read
- OVERRUN strlen
- OVERRUN write
|
- ARRAY_VS_SINGLETON none
- BAD_ALLOC_ARITHMETIC none
- BUFFER_SIZE none
- OVERRUN illegal_address
- OVERRUN none
- OVERRUN read
- OVERRUN strlen
- OVERRUN write
|
|
|
|
|
- ARRAY_VS_SINGLETON none
- BAD_ALLOC_ARITHMETIC none
- BUFFER_SIZE none
- OVERRUN illegal_address
- OVERRUN none
- OVERRUN read
- OVERRUN strlen
- OVERRUN write
|
|
|
|
|
|
|
|
| 124 Buffer Underwrite ('Buffer Underflow') |
|
- ARRAY_VS_SINGLETON none
- BAD_ALLOC_ARITHMETIC none
- BUFFER_SIZE none
- OVERRUN illegal_address
- OVERRUN none
- OVERRUN read
- OVERRUN strlen
- OVERRUN write
|
- ARRAY_VS_SINGLETON none
- BAD_ALLOC_ARITHMETIC none
- BUFFER_SIZE none
- OVERRUN illegal_address
- OVERRUN none
- OVERRUN read
- OVERRUN strlen
- OVERRUN write
|
|
|
|
|
- ARRAY_VS_SINGLETON none
- BAD_ALLOC_ARITHMETIC none
- BUFFER_SIZE none
- OVERRUN illegal_address
- OVERRUN none
- OVERRUN read
- OVERRUN strlen
- OVERRUN write
|
|
|
|
|
|
|
|
| 125 Out-of-bounds Read |
|
- INTEGER_OVERFLOW array_index_read
- INTEGER_OVERFLOW pointer_deref_read
- OVERRUN read
|
- INTEGER_OVERFLOW array_index_read
- INTEGER_OVERFLOW pointer_deref_read
- OVERRUN read
|
|
|
|
|
- INTEGER_OVERFLOW array_index_read
- INTEGER_OVERFLOW pointer_deref_read
- OVERRUN read
|
|
|
|
|
|
|
|
| 126 Buffer Over-read |
|
- INTEGER_OVERFLOW array_index_read
- INTEGER_OVERFLOW pointer_deref_read
- OVERRUN read
|
- INTEGER_OVERFLOW array_index_read
- INTEGER_OVERFLOW pointer_deref_read
- OVERRUN read
|
|
|
|
|
- INTEGER_OVERFLOW array_index_read
- INTEGER_OVERFLOW pointer_deref_read
- OVERRUN read
|
|
|
|
|
|
|
|
| 127 Buffer Under-read |
|
- INTEGER_OVERFLOW array_index_read
- INTEGER_OVERFLOW pointer_deref_read
- OVERRUN read
|
- INTEGER_OVERFLOW array_index_read
- INTEGER_OVERFLOW pointer_deref_read
- OVERRUN read
|
|
|
|
|
- INTEGER_OVERFLOW array_index_read
- INTEGER_OVERFLOW pointer_deref_read
- OVERRUN read
|
|
|
|
|
|
|
|
| 128 Wrap-around Error |
|
- INTEGER_OVERFLOW array_index_read
- INTEGER_OVERFLOW array_index_write
- INTEGER_OVERFLOW const_overflow
- INTEGER_OVERFLOW critical_argument
- INTEGER_OVERFLOW none
- INTEGER_OVERFLOW pointer_deref_read
- INTEGER_OVERFLOW pointer_deref_write
- INTEGER_OVERFLOW return_value_error
|
- INTEGER_OVERFLOW array_index_read
- INTEGER_OVERFLOW array_index_write
- INTEGER_OVERFLOW const_overflow
- INTEGER_OVERFLOW critical_argument
- INTEGER_OVERFLOW none
- INTEGER_OVERFLOW pointer_deref_read
- INTEGER_OVERFLOW pointer_deref_write
- INTEGER_OVERFLOW return_value_error
|
|
|
|
|
- INTEGER_OVERFLOW array_index_read
- INTEGER_OVERFLOW array_index_write
- INTEGER_OVERFLOW const_overflow
- INTEGER_OVERFLOW critical_argument
- INTEGER_OVERFLOW none
- INTEGER_OVERFLOW pointer_deref_read
- INTEGER_OVERFLOW pointer_deref_write
- INTEGER_OVERFLOW return_value_error
|
|
|
|
|
|
|
|
| 129 Improper Validation of Array Index |
|
- NEGATIVE_RETURNS array_index_read
- NEGATIVE_RETURNS array_index_write
- REVERSE_NEGATIVE array_index_read
- REVERSE_NEGATIVE array_index_write
- TAINTED_SCALAR array_index_read
- TAINTED_SCALAR array_index_write
- TAINTED_SCALAR pointer_deref_read
- TAINTED_SCALAR pointer_deref_write
|
- NEGATIVE_RETURNS array_index_read
- NEGATIVE_RETURNS array_index_write
- REVERSE_NEGATIVE array_index_read
- REVERSE_NEGATIVE array_index_write
- TAINTED_SCALAR array_index_read
- TAINTED_SCALAR array_index_write
- TAINTED_SCALAR pointer_deref_read
- TAINTED_SCALAR pointer_deref_write
|
|
|
|
|
- NEGATIVE_RETURNS array_index_read
- NEGATIVE_RETURNS array_index_write
- REVERSE_NEGATIVE array_index_read
- REVERSE_NEGATIVE array_index_write
- TAINTED_SCALAR array_index_read
- TAINTED_SCALAR array_index_write
- TAINTED_SCALAR pointer_deref_read
- TAINTED_SCALAR pointer_deref_write
|
|
|
|
|
|
|
|
| 130 Improper Handling of Length Parameter Inconsistency |
|
- TAINTED_SCALAR allocation
- TAINTED_SCALAR array_index_read
- TAINTED_SCALAR array_index_write
- TAINTED_SCALAR critical_argument
- TAINTED_SCALAR divisor
- TAINTED_SCALAR loop_bound
- TAINTED_SCALAR none
- TAINTED_SCALAR pointer_deref_read
- TAINTED_SCALAR pointer_deref_write
|
- TAINTED_SCALAR allocation
- TAINTED_SCALAR array_index_read
- TAINTED_SCALAR array_index_write
- TAINTED_SCALAR critical_argument
- TAINTED_SCALAR divisor
- TAINTED_SCALAR loop_bound
- TAINTED_SCALAR none
- TAINTED_SCALAR pointer_deref_read
- TAINTED_SCALAR pointer_deref_write
|
|
|
|
|
- TAINTED_SCALAR allocation
- TAINTED_SCALAR array_index_read
- TAINTED_SCALAR array_index_write
- TAINTED_SCALAR critical_argument
- TAINTED_SCALAR divisor
- TAINTED_SCALAR loop_bound
- TAINTED_SCALAR none
- TAINTED_SCALAR pointer_deref_read
- TAINTED_SCALAR pointer_deref_write
|
|
|
|
|
|
|
|
| 131 Incorrect Calculation of Buffer Size |
|
- BAD_ALLOC_STRLEN none
- SIZECHECK ampersand_in_size
- SIZECHECK improper_new
- SIZECHECK incorrect_multiplication
- SIZECHECK likely_overflow
- SIZECHECK none
|
- BAD_ALLOC_STRLEN none
- SIZECHECK ampersand_in_size
- SIZECHECK improper_new
- SIZECHECK incorrect_multiplication
- SIZECHECK likely_overflow
- SIZECHECK none
|
|
|
|
|
- BAD_ALLOC_STRLEN none
- SIZECHECK ampersand_in_size
- SIZECHECK improper_new
- SIZECHECK incorrect_multiplication
- SIZECHECK likely_overflow
- SIZECHECK none
|
|
|
|
|
|
|
|
| 132 DEPRECATED (Duplicate): Miscalculated Null Termination |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 133 String Errors |
|
- BAD_COMPARE string_lit_comparison
- COM.BSTR.CONV none
- FORMAT_STRING_INJECTION none
- FORMAT_STRING_INJECTION paranoid
- PW.NON_CONST_PRINTF_FORMAT_STRING none
|
- BAD_COMPARE string_lit_comparison
- FORMAT_STRING_INJECTION none
- FORMAT_STRING_INJECTION paranoid
- PW.NON_CONST_PRINTF_FORMAT_STRING none
|
|
- FB.ES_COMPARING_PARAMETER_STRING_WITH_EQ none
- FB.ES_COMPARING_STRINGS_WITH_EQ none
|
|
|
- BAD_COMPARE string_lit_comparison
- FORMAT_STRING_INJECTION none
- FORMAT_STRING_INJECTION paranoid
|
|
|
|
|
|
|
|
| 134 Use of Externally-Controlled Format String |
|
- FORMAT_STRING_INJECTION none
- FORMAT_STRING_INJECTION paranoid
- PW.NON_CONST_PRINTF_FORMAT_STRING none
|
- FORMAT_STRING_INJECTION none
- FORMAT_STRING_INJECTION paranoid
- PW.NON_CONST_PRINTF_FORMAT_STRING none
|
|
|
|
|
- FORMAT_STRING_INJECTION none
- FORMAT_STRING_INJECTION paranoid
|
|
|
|
|
|
|
|
| 135 Incorrect Calculation of Multi-Byte String Length |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 136 Type Errors |
|
- CHAR_IO none
- INCOMPATIBLE_CAST float_vs_integral
- INCOMPATIBLE_CAST none
- MISRA_CAST bitwise_op_bad_cast
- MISRA_CAST bitwise_op_no_cast
- MISRA_CAST float_complex_conversion
- MISRA_CAST float_narrowing_conversion
- MISRA_CAST float_non_constant_arg_conversion
- MISRA_CAST float_non_constant_conversion
- MISRA_CAST float_non_constant_rtn_conversion
- MISRA_CAST float_to_integer_cast
- MISRA_CAST float_to_integer_conversion
- MISRA_CAST float_widening_cast
- MISRA_CAST integer_complex_conversion
- MISRA_CAST integer_narrowing_conversion
- MISRA_CAST integer_non_constant_arg_conversion
- MISRA_CAST integer_non_constant_conversion
- MISRA_CAST integer_non_constant_rtn_conversion
- MISRA_CAST integer_signedness_changing_cast
- MISRA_CAST integer_signedness_changing_conversion
- MISRA_CAST integer_to_float_cast
- MISRA_CAST integer_to_float_conversion
- MISRA_CAST integer_widening_cast
- MISRA_CAST none
- NO_EFFECT bad_memset_truncated_fill
- PW.BAD_CAST none
- PW.CONVERSION_TO_POINTER_LOSES_BITS none
- SIGN_EXTENSION none
- Y2K38_SAFETY declaration_with_small_time_t
- Y2K38_SAFETY truncation_of_time_t
|
- CHAR_IO none
- INCOMPATIBLE_CAST float_vs_integral
- INCOMPATIBLE_CAST none
- MISRA_CAST bitwise_op_bad_cast
- MISRA_CAST bitwise_op_no_cast
- MISRA_CAST float_complex_conversion
- MISRA_CAST float_narrowing_conversion
- MISRA_CAST float_non_constant_arg_conversion
- MISRA_CAST float_non_constant_conversion
- MISRA_CAST float_non_constant_rtn_conversion
- MISRA_CAST float_to_integer_cast
- MISRA_CAST float_to_integer_conversion
- MISRA_CAST float_widening_cast
- MISRA_CAST integer_complex_conversion
- MISRA_CAST integer_narrowing_conversion
- MISRA_CAST integer_non_constant_arg_conversion
- MISRA_CAST integer_non_constant_conversion
- MISRA_CAST integer_non_constant_rtn_conversion
- MISRA_CAST integer_signedness_changing_cast
- MISRA_CAST integer_signedness_changing_conversion
- MISRA_CAST integer_to_float_cast
- MISRA_CAST integer_to_float_conversion
- MISRA_CAST integer_widening_cast
- MISRA_CAST none
- NO_EFFECT bad_memset_truncated_fill
- PW.BAD_CAST none
- PW.CONVERSION_TO_POINTER_LOSES_BITS none
- SIGN_EXTENSION none
|
|
- FB.BX_BOXING_IMMEDIATELY_UNBOXED_TO_PERFORM_COERCION none
- FB.ICAST_BAD_SHIFT_AMOUNT none
- FB.ICAST_IDIV_CAST_TO_DOUBLE none
- FB.ICAST_INTEGER_MULTIPLY_CAST_TO_LONG none
- FB.ICAST_INT_2_LONG_AS_INSTANT none
- FB.ICAST_INT_CAST_TO_DOUBLE_PASSED_TO_CEIL none
- FB.ICAST_INT_CAST_TO_FLOAT_PASSED_TO_ROUND none
- FB.ICAST_QUESTIONABLE_UNSIGNED_RIGHT_SHIFT none
|
|
|
- CHAR_IO none
- INCOMPATIBLE_CAST float_vs_integral
- INCOMPATIBLE_CAST none
- MISRA_CAST bitwise_op_bad_cast
- MISRA_CAST bitwise_op_no_cast
- MISRA_CAST float_complex_conversion
- MISRA_CAST float_narrowing_conversion
- MISRA_CAST float_non_constant_arg_conversion
- MISRA_CAST float_non_constant_conversion
- MISRA_CAST float_non_constant_rtn_conversion
- MISRA_CAST float_to_integer_cast
- MISRA_CAST float_to_integer_conversion
- MISRA_CAST float_widening_cast
- MISRA_CAST integer_complex_conversion
- MISRA_CAST integer_narrowing_conversion
- MISRA_CAST integer_non_constant_arg_conversion
- MISRA_CAST integer_non_constant_conversion
- MISRA_CAST integer_non_constant_rtn_conversion
- MISRA_CAST integer_signedness_changing_cast
- MISRA_CAST integer_signedness_changing_conversion
- MISRA_CAST integer_to_float_cast
- MISRA_CAST integer_to_float_conversion
- MISRA_CAST integer_widening_cast
- MISRA_CAST none
- NO_EFFECT bad_memset_truncated_fill
- SIGN_EXTENSION none
|
|
|
- SQLI sql_injection_dynamic_finder_med
|
|
|
|
|
| 137 Data Neutralization Issues |
- BAD_EQ referential
- HEADER_INJECTION none
- LDAP_INJECTION none
- LDAP_NOT_CONSTANT none
- LOG_INJECTION none
- NOSQL_QUERY_INJECTION none
- OS_CMD_INJECTION command_argument
- OS_CMD_INJECTION executable_file
- OS_CMD_INJECTION none
- REGEX_INJECTION none
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
- UNKNOWN_LANGUAGE_INJECTION none
- XML_INJECTION none
- XPATH_INJECTION none
- XSS none
- XSS stored_xss
|
- BAD_COMPARE string_lit_comparison
- BUFFER_SIZE no_null_terminator
- BUFFER_SIZE no_null_terminator_warn
- FORMAT_STRING_INJECTION none
- FORMAT_STRING_INJECTION paranoid
- HEADER_INJECTION none
- INCOMPATIBLE_CAST endianness
- OS_CMD_INJECTION none
- PW.NON_CONST_PRINTF_FORMAT_STRING none
- READLINK none
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SIZECHECK no_null_terminator
- SQLI none
- STRING_NULL none
- TAINTED_SCALAR allocation
- TAINTED_SCALAR array_index_read
- TAINTED_SCALAR array_index_write
- TAINTED_SCALAR critical_argument
- TAINTED_SCALAR divisor
- TAINTED_SCALAR loop_bound
- TAINTED_SCALAR none
- TAINTED_SCALAR pointer_deref_read
- TAINTED_SCALAR pointer_deref_write
- URL_MANIPULATION none
- XPATH_INJECTION none
|
- BAD_COMPARE string_lit_comparison
- BUFFER_SIZE no_null_terminator
- BUFFER_SIZE no_null_terminator_warn
- FORMAT_STRING_INJECTION none
- FORMAT_STRING_INJECTION paranoid
- HEADER_INJECTION none
- INCOMPATIBLE_CAST endianness
- OS_CMD_INJECTION none
- PW.NON_CONST_PRINTF_FORMAT_STRING none
- READLINK none
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SIZECHECK no_null_terminator
- SQLI none
- STRING_NULL none
- TAINTED_SCALAR allocation
- TAINTED_SCALAR array_index_read
- TAINTED_SCALAR array_index_write
- TAINTED_SCALAR critical_argument
- TAINTED_SCALAR divisor
- TAINTED_SCALAR loop_bound
- TAINTED_SCALAR none
- TAINTED_SCALAR pointer_deref_read
- TAINTED_SCALAR pointer_deref_write
- URL_MANIPULATION none
- XPATH_INJECTION none
|
- HEADER_INJECTION none
- NOSQL_QUERY_INJECTION none
- OS_CMD_INJECTION command_as_one_string
- OS_CMD_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SQLI none
- SQLI nosink
- SQLI sink
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
- TEMPLATE_INJECTION none
- URL_MANIPULATION none
- XSS none
|
- CONFIG.MYBATIS_MAPPER_SQLI none
- CONFIG.SPRING_SECURITY_DEPRECATED_XSS_HEADER deprecated_xss_header
- CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
- EL_INJECTION none
- FB.EQ_ABSTRACT_SELF none
- FB.EQ_ALWAYS_FALSE none
- FB.EQ_ALWAYS_TRUE none
- FB.EQ_CHECK_FOR_OPERAND_NOT_COMPATIBLE_WITH_THIS none
- FB.EQ_COMPARETO_USE_OBJECT_EQUALS none
- FB.EQ_COMPARING_CLASS_NAMES none
- FB.EQ_DOESNT_OVERRIDE_EQUALS none
- FB.EQ_DONT_DEFINE_EQUALS_FOR_ENUM none
- FB.EQ_GETCLASS_AND_CLASS_CONSTANT none
- FB.EQ_OTHER_NO_OBJECT none
- FB.EQ_OTHER_USE_OBJECT none
- FB.EQ_OVERRIDING_EQUALS_NOT_SYMMETRIC none
- FB.EQ_SELF_NO_OBJECT none
- FB.EQ_SELF_USE_OBJECT none
- FB.EQ_UNUSUAL none
- FB.ES_COMPARING_PARAMETER_STRING_WITH_EQ none
- FB.ES_COMPARING_STRINGS_WITH_EQ none
- FB.HRS_REQUEST_PARAMETER_TO_COOKIE none
- FB.HRS_REQUEST_PARAMETER_TO_HTTP_HEADER none
- FB.RE_BAD_SYNTAX_FOR_REGULAR_EXPRESSION none
- FB.RE_CANT_USE_FILE_SEPARATOR_AS_REGULAR_EXPRESSION none
- FB.RE_POSSIBLE_UNINTENDED_PATTERN none
- FB.SQL_NONCONSTANT_STRING_PASSED_TO_EXECUTE none
- FB.SQL_PREPARED_STATEMENT_GENERATED_FROM_NONCONSTANT_STRING none
- FB.XSS_REQUEST_PARAMETER_TO_JSP_WRITER none
- FB.XSS_REQUEST_PARAMETER_TO_SEND_ERROR none
- FB.XSS_REQUEST_PARAMETER_TO_SERVLET_WRITER none
- HEADER_INJECTION none
- HIBERNATE_BAD_HASHCODE bad_equals
- INSECURE_HTTP_FIREWALL spring_security
- INSECURE_REMEMBER_ME_COOKIE remember_me_cookie
- JAVA_CODE_INJECTION none
- JCR_INJECTION none
- JSP_DYNAMIC_INCLUDE none
- JSP_SQL_INJECTION none
- LDAP_INJECTION none
- LDAP_NOT_CONSTANT none
- LOG_INJECTION none
- MISSING_HEADER_VALIDATION missing_header_validation
- NOSQL_QUERY_INJECTION none
- OGNL_INJECTION none
- OS_CMD_INJECTION command_as_array_of_args
- OS_CMD_INJECTION command_as_one_string
- OS_CMD_INJECTION none
- REGEX_CONFUSION none
- REGEX_INJECTION none
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
- UNKNOWN_LANGUAGE_INJECTION none
- URL_MANIPULATION bad_content_uri
- URL_MANIPULATION bad_intent_uri
- URL_MANIPULATION bad_web_uri
- XML_INJECTION none
- XPATH_INJECTION none
- XSS none
- XSS stored_xss
|
- ANGULAR_BYPASS_SECURITY none
- ANGULAR_ELEMENT_REFERENCE none
- ANGULAR_EXPRESSION_INJECTION none
- ANGULAR_SCE_DISABLED angular_sce_disabled
- CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_intent_whitelist
- CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_navigation_whitelist
- CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_network_request_whitelist
- CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
- CSS_INJECTION none
- DOM_XSS none
- HEADER_INJECTION none
- INSECURE_COOKIE client_sessions_express_session
- INSECURE_COOKIE hapi_server_session
- LOCALSTORAGE_MANIPULATION none
- NOSQL_QUERY_INJECTION none
- OS_CMD_INJECTION none
- REACT_DANGEROUS_INNERHTML react_set_unsafe_html
- REGEX_INJECTION none
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SESSIONSTORAGE_MANIPULATION none
- SQLI none
- SQLI nosink
- SQLI sink
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
- TEMPLATE_INJECTION none
- URL_MANIPULATION none
- VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
- WEAK_URL_SANITIZATION hostname_regular_expression
- WEAK_URL_SANITIZATION regular_expression_anchor
- XSS none
|
- HEADER_INJECTION none
- OS_CMD_INJECTION command_as_array_of_args
- OS_CMD_INJECTION command_as_one_string
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SQLI none
- SQLI nosink
- SQLI sink
- URL_MANIPULATION bad_content_uri
- URL_MANIPULATION bad_intent_uri
- URL_MANIPULATION bad_web_uri
|
- BAD_COMPARE string_lit_comparison
- BUFFER_SIZE no_null_terminator
- BUFFER_SIZE no_null_terminator_warn
- FORMAT_STRING_INJECTION none
- FORMAT_STRING_INJECTION paranoid
- HEADER_INJECTION none
- INCOMPATIBLE_CAST endianness
- OS_CMD_INJECTION none
- READLINK none
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SIZECHECK no_null_terminator
- SQLI none
- STRING_NULL none
- TAINTED_SCALAR allocation
- TAINTED_SCALAR array_index_read
- TAINTED_SCALAR array_index_write
- TAINTED_SCALAR critical_argument
- TAINTED_SCALAR divisor
- TAINTED_SCALAR loop_bound
- TAINTED_SCALAR none
- TAINTED_SCALAR pointer_deref_read
- TAINTED_SCALAR pointer_deref_write
- URL_MANIPULATION none
- XPATH_INJECTION none
|
- HEADER_INJECTION none
- NOSQL_QUERY_INJECTION none
- OS_CMD_INJECTION none
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SQLI none
- SQLI nosink
- SQLI sink
- SYMFONY_EL_INJECTION none
- XSS none
|
- NOSQL_QUERY_INJECTION none
- OS_CMD_INJECTION none
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SQLI none
- SQLI nosink
- SQLI sink
- XSS none
|
- BLACKLIST_FOR_AUTHN auth_blacklist_med
- BLACKLIST_FOR_AUTHN csrf_blacklist_med
- DYNAMIC_OBJECT_ATTRIBUTES cve_2013_0276_hi
- DYNAMIC_OBJECT_ATTRIBUTES dangerous_attr_accessible_hi
- DYNAMIC_OBJECT_ATTRIBUTES dangerous_attr_accessible_low
- DYNAMIC_OBJECT_ATTRIBUTES dangerous_attr_accessible_med
- DYNAMIC_OBJECT_ATTRIBUTES dangerous_permit_key_hi
- DYNAMIC_OBJECT_ATTRIBUTES dangerous_permit_key_med
- OS_CMD_INJECTION command_injection_hi
- OS_CMD_INJECTION command_injection_med
- PATH_MANIPULATION dynamic_render_path_rce_hi
- REGEX_INJECTION regex_dos_hi
- REGEX_INJECTION regex_dos_low
- REGEX_INJECTION regex_dos_med
- REGEX_MISSING_ANCHOR validation_regex_hi
- RUBY_VULNERABLE_LIBRARY cve_2010_3933_hi
- RUBY_VULNERABLE_LIBRARY cve_2011_2930_med
- RUBY_VULNERABLE_LIBRARY cve_2011_2931_hi
- RUBY_VULNERABLE_LIBRARY cve_2011_2932_hi
- RUBY_VULNERABLE_LIBRARY cve_2011_3186_med
- RUBY_VULNERABLE_LIBRARY cve_2012_2660_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_2661_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_2695_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_3463_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_3465_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_5664_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_0155_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_1855_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_1857_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_4491_med
- RUBY_VULNERABLE_LIBRARY cve_2013_6416_call_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_6416_med
- RUBY_VULNERABLE_LIBRARY cve_2013_6417_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_0080_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_0081_call_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_0081_med
- RUBY_VULNERABLE_LIBRARY cve_2014_3482_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_3483_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_low
- RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_med
- RUBY_VULNERABLE_LIBRARY cve_2014_3514_med
- RUBY_VULNERABLE_LIBRARY cve_2015_3226_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_3226_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7577_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7578_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_7578_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7579_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_7579_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7580_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_7580_med
- RUBY_VULNERABLE_LIBRARY cve_2016_6317_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_3741_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_3741_med
- RUBY_VULNERABLE_LIBRARY cve_2018_8048_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_8048_med
- RUBY_VULNERABLE_LIBRARY safe_buffer_vuln_med
- RUBY_VULNERABLE_LIBRARY select_options_vuln_low
- RUBY_VULNERABLE_LIBRARY select_options_vuln_med
- RUBY_VULNERABLE_LIBRARY translate_vuln_hi
- RUBY_VULNERABLE_LIBRARY translate_vuln_med
- SCRIPT_CODE_INJECTION code_eval_hi
- SCRIPT_CODE_INJECTION code_eval_low
- SQLI sql_injection_calculate_hi
- SQLI sql_injection_calculate_low
- SQLI sql_injection_calculate_med
- SQLI sql_injection_connection_hi
- SQLI sql_injection_connection_low
- SQLI sql_injection_connection_med
- SQLI sql_injection_delete_hi
- SQLI sql_injection_delete_low
- SQLI sql_injection_delete_med
- SQLI sql_injection_dynamic_finder_med
- SQLI sql_injection_exists_hi
- SQLI sql_injection_find_by_hi
- SQLI sql_injection_find_hi
- SQLI sql_injection_find_low
- SQLI sql_injection_find_med
- SQLI sql_injection_from_hi
- SQLI sql_injection_from_low
- SQLI sql_injection_from_med
- SQLI sql_injection_group_low
- SQLI sql_injection_group_med
- SQLI sql_injection_having_low
- SQLI sql_injection_having_med
- SQLI sql_injection_hi
- SQLI sql_injection_interp_hi
- SQLI sql_injection_interp_low
- SQLI sql_injection_interp_med
- SQLI sql_injection_joins_hi
- SQLI sql_injection_joins_low
- SQLI sql_injection_joins_med
- SQLI sql_injection_limit_offset_hi
- SQLI sql_injection_limit_offset_low
- SQLI sql_injection_low
- SQLI sql_injection_med
- SQLI sql_injection_not_low
- SQLI sql_injection_order_hi
- SQLI sql_injection_order_low
- SQLI sql_injection_order_med
- SQLI sql_injection_pluck_hi
- SQLI sql_injection_pluck_low
- SQLI sql_injection_pluck_med
- SQLI sql_injection_reorder_hi
- SQLI sql_injection_reorder_low
- SQLI sql_injection_reorder_med
- SQLI sql_injection_select_hi
- SQLI sql_injection_select_med
- SQLI sql_injection_where_hi
- SQLI sql_injection_where_low
- SQLI sql_injection_where_med
- UNESCAPED_HTML unescaped_output_low
- XSS cross_site_scripting_hi
- XSS cross_site_scripting_inline_hi
- XSS cross_site_scripting_inline_med
- XSS cross_site_scripting_low
- XSS cross_site_scripting_med
- XSS cve_2011_0446_hi
- XSS cve_2012_3464_med
- XSS cve_2016_6316_hi
- XSS cve_2016_6316_med
- XSS unquoted_attribute_hi
- XSS unquoted_attribute_low
- XSS unquoted_attribute_med
- XSS xss_content_tag_hi
- XSS xss_content_tag_med
- XSS xss_link_to_hi
- XSS xss_link_to_href_hi
- XSS xss_link_to_href_low
- XSS xss_link_to_med
- XSS xss_to_json_hi
- XSS xss_to_json_med
|
|
- REGEX_INJECTION none
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SQLI none
- SQLI nosink
- SQLI sink
- XPATH_INJECTION none
|
- ANGULAR_BYPASS_SECURITY none
- ANGULAR_ELEMENT_REFERENCE none
- ANGULAR_EXPRESSION_INJECTION none
- ANGULAR_SCE_DISABLED angular_sce_disabled
- CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_intent_whitelist
- CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_navigation_whitelist
- CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_network_request_whitelist
- CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
- CSS_INJECTION none
- DOM_XSS none
- HEADER_INJECTION none
- INSECURE_COOKIE client_sessions_express_session
- INSECURE_COOKIE hapi_server_session
- LOCALSTORAGE_MANIPULATION none
- NOSQL_QUERY_INJECTION none
- OS_CMD_INJECTION none
- REACT_DANGEROUS_INNERHTML react_set_unsafe_html
- REGEX_INJECTION none
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SESSIONSTORAGE_MANIPULATION none
- SQLI none
- SQLI nosink
- SQLI sink
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
- TEMPLATE_INJECTION none
- URL_MANIPULATION none
- VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
- WEAK_URL_SANITIZATION hostname_regular_expression
- WEAK_URL_SANITIZATION regular_expression_anchor
- XSS none
|
- HEADER_INJECTION none
- LDAP_INJECTION none
- LDAP_NOT_CONSTANT none
- LOG_INJECTION none
- OS_CMD_INJECTION command_argument
- OS_CMD_INJECTION executable_file
- OS_CMD_INJECTION none
- REGEX_INJECTION none
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
- XML_INJECTION none
- XPATH_INJECTION none
- XSS none
- XSS stored_xss
|
| 138 Improper Neutralization of Special Elements |
- OS_CMD_INJECTION command_argument
- OS_CMD_INJECTION executable_file
- OS_CMD_INJECTION none
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
- XSS none
- XSS stored_xss
|
- BUFFER_SIZE no_null_terminator
- BUFFER_SIZE no_null_terminator_warn
- OS_CMD_INJECTION none
- READLINK none
- SIZECHECK no_null_terminator
- SQLI none
- STRING_NULL none
|
- BUFFER_SIZE no_null_terminator
- BUFFER_SIZE no_null_terminator_warn
- OS_CMD_INJECTION none
- READLINK none
- SIZECHECK no_null_terminator
- SQLI none
- STRING_NULL none
|
- OS_CMD_INJECTION command_as_one_string
- OS_CMD_INJECTION none
- SQLI none
- SQLI nosink
- SQLI sink
- XSS none
|
- CONFIG.MYBATIS_MAPPER_SQLI none
- CONFIG.SPRING_SECURITY_DEPRECATED_XSS_HEADER deprecated_xss_header
- JSP_SQL_INJECTION none
- OS_CMD_INJECTION command_as_array_of_args
- OS_CMD_INJECTION command_as_one_string
- OS_CMD_INJECTION none
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
- XSS none
- XSS stored_xss
|
- ANGULAR_SCE_DISABLED angular_sce_disabled
- DOM_XSS none
- OS_CMD_INJECTION none
- REACT_DANGEROUS_INNERHTML react_set_unsafe_html
- SQLI none
- SQLI nosink
- SQLI sink
- VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
- XSS none
|
- OS_CMD_INJECTION command_as_array_of_args
- OS_CMD_INJECTION command_as_one_string
- SQLI none
- SQLI nosink
- SQLI sink
|
- BUFFER_SIZE no_null_terminator
- BUFFER_SIZE no_null_terminator_warn
- OS_CMD_INJECTION none
- READLINK none
- SIZECHECK no_null_terminator
- SQLI none
- STRING_NULL none
|
- OS_CMD_INJECTION none
- SQLI none
- SQLI nosink
- SQLI sink
- XSS none
|
- OS_CMD_INJECTION none
- SQLI none
- SQLI nosink
- SQLI sink
- XSS none
|
- OS_CMD_INJECTION command_injection_hi
- OS_CMD_INJECTION command_injection_med
- XSS cross_site_scripting_hi
- XSS cross_site_scripting_inline_hi
- XSS cross_site_scripting_inline_med
- XSS cross_site_scripting_low
- XSS cross_site_scripting_med
- XSS cve_2011_0446_hi
- XSS cve_2012_3464_med
- XSS cve_2016_6316_hi
- XSS cve_2016_6316_med
- XSS unquoted_attribute_hi
- XSS unquoted_attribute_low
- XSS unquoted_attribute_med
- XSS xss_content_tag_hi
- XSS xss_content_tag_med
- XSS xss_link_to_hi
- XSS xss_link_to_href_hi
- XSS xss_link_to_href_low
- XSS xss_link_to_med
- XSS xss_to_json_hi
- XSS xss_to_json_med
|
|
- SQLI none
- SQLI nosink
- SQLI sink
|
- ANGULAR_SCE_DISABLED angular_sce_disabled
- DOM_XSS none
- OS_CMD_INJECTION none
- REACT_DANGEROUS_INNERHTML react_set_unsafe_html
- SQLI none
- SQLI nosink
- SQLI sink
- VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
- XSS none
|
- OS_CMD_INJECTION command_argument
- OS_CMD_INJECTION executable_file
- OS_CMD_INJECTION none
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
- XSS none
- XSS stored_xss
|
| 139 DEPRECATED: General Special Element Problems |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 140 Improper Neutralization of Delimiters |
- OS_CMD_INJECTION command_argument
- OS_CMD_INJECTION executable_file
- OS_CMD_INJECTION none
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
- XSS none
- XSS stored_xss
|
- OS_CMD_INJECTION none
- SQLI none
|
- OS_CMD_INJECTION none
- SQLI none
|
- OS_CMD_INJECTION command_as_one_string
- OS_CMD_INJECTION none
- SQLI none
- SQLI nosink
- SQLI sink
- XSS none
|
- CONFIG.MYBATIS_MAPPER_SQLI none
- CONFIG.SPRING_SECURITY_DEPRECATED_XSS_HEADER deprecated_xss_header
- JSP_SQL_INJECTION none
- OS_CMD_INJECTION command_as_array_of_args
- OS_CMD_INJECTION command_as_one_string
- OS_CMD_INJECTION none
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
- XSS none
- XSS stored_xss
|
- ANGULAR_SCE_DISABLED angular_sce_disabled
- DOM_XSS none
- OS_CMD_INJECTION none
- REACT_DANGEROUS_INNERHTML react_set_unsafe_html
- SQLI none
- SQLI nosink
- SQLI sink
- VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
- XSS none
|
- OS_CMD_INJECTION command_as_array_of_args
- OS_CMD_INJECTION command_as_one_string
- SQLI none
- SQLI nosink
- SQLI sink
|
- OS_CMD_INJECTION none
- SQLI none
|
- OS_CMD_INJECTION none
- SQLI none
- SQLI nosink
- SQLI sink
- XSS none
|
- OS_CMD_INJECTION none
- SQLI none
- SQLI nosink
- SQLI sink
- XSS none
|
- OS_CMD_INJECTION command_injection_hi
- OS_CMD_INJECTION command_injection_med
- XSS cross_site_scripting_hi
- XSS cross_site_scripting_inline_hi
- XSS cross_site_scripting_inline_med
- XSS cross_site_scripting_low
- XSS cross_site_scripting_med
- XSS cve_2011_0446_hi
- XSS cve_2012_3464_med
- XSS cve_2016_6316_hi
- XSS cve_2016_6316_med
- XSS unquoted_attribute_hi
- XSS unquoted_attribute_low
- XSS unquoted_attribute_med
- XSS xss_content_tag_hi
- XSS xss_content_tag_med
- XSS xss_link_to_hi
- XSS xss_link_to_href_hi
- XSS xss_link_to_href_low
- XSS xss_link_to_med
- XSS xss_to_json_hi
- XSS xss_to_json_med
|
|
- SQLI none
- SQLI nosink
- SQLI sink
|
- ANGULAR_SCE_DISABLED angular_sce_disabled
- DOM_XSS none
- OS_CMD_INJECTION none
- REACT_DANGEROUS_INNERHTML react_set_unsafe_html
- SQLI none
- SQLI nosink
- SQLI sink
- VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
- XSS none
|
- OS_CMD_INJECTION command_argument
- OS_CMD_INJECTION executable_file
- OS_CMD_INJECTION none
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
- XSS none
- XSS stored_xss
|
| 141 Improper Neutralization of Parameter/Argument Delimiters |
- OS_CMD_INJECTION command_argument
- OS_CMD_INJECTION executable_file
- OS_CMD_INJECTION none
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
- XSS none
- XSS stored_xss
|
- OS_CMD_INJECTION none
- SQLI none
|
- OS_CMD_INJECTION none
- SQLI none
|
- OS_CMD_INJECTION command_as_one_string
- OS_CMD_INJECTION none
- SQLI none
- SQLI nosink
- SQLI sink
- XSS none
|
- CONFIG.MYBATIS_MAPPER_SQLI none
- CONFIG.SPRING_SECURITY_DEPRECATED_XSS_HEADER deprecated_xss_header
- JSP_SQL_INJECTION none
- OS_CMD_INJECTION command_as_array_of_args
- OS_CMD_INJECTION command_as_one_string
- OS_CMD_INJECTION none
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
- XSS none
- XSS stored_xss
|
- ANGULAR_SCE_DISABLED angular_sce_disabled
- DOM_XSS none
- OS_CMD_INJECTION none
- REACT_DANGEROUS_INNERHTML react_set_unsafe_html
- SQLI none
- SQLI nosink
- SQLI sink
- VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
- XSS none
|
- OS_CMD_INJECTION command_as_array_of_args
- OS_CMD_INJECTION command_as_one_string
- SQLI none
- SQLI nosink
- SQLI sink
|
- OS_CMD_INJECTION none
- SQLI none
|
- OS_CMD_INJECTION none
- SQLI none
- SQLI nosink
- SQLI sink
- XSS none
|
- OS_CMD_INJECTION none
- SQLI none
- SQLI nosink
- SQLI sink
- XSS none
|
- OS_CMD_INJECTION command_injection_hi
- OS_CMD_INJECTION command_injection_med
- XSS cross_site_scripting_hi
- XSS cross_site_scripting_inline_hi
- XSS cross_site_scripting_inline_med
- XSS cross_site_scripting_low
- XSS cross_site_scripting_med
- XSS cve_2011_0446_hi
- XSS cve_2012_3464_med
- XSS cve_2016_6316_hi
- XSS cve_2016_6316_med
- XSS unquoted_attribute_hi
- XSS unquoted_attribute_low
- XSS unquoted_attribute_med
- XSS xss_content_tag_hi
- XSS xss_content_tag_med
- XSS xss_link_to_hi
- XSS xss_link_to_href_hi
- XSS xss_link_to_href_low
- XSS xss_link_to_med
- XSS xss_to_json_hi
- XSS xss_to_json_med
|
|
- SQLI none
- SQLI nosink
- SQLI sink
|
- ANGULAR_SCE_DISABLED angular_sce_disabled
- DOM_XSS none
- OS_CMD_INJECTION none
- REACT_DANGEROUS_INNERHTML react_set_unsafe_html
- SQLI none
- SQLI nosink
- SQLI sink
- VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
- XSS none
|
- OS_CMD_INJECTION command_argument
- OS_CMD_INJECTION executable_file
- OS_CMD_INJECTION none
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
- XSS none
- XSS stored_xss
|
| 142 Improper Neutralization of Value Delimiters |
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
- XSS none
- XSS stored_xss
|
|
|
- SQLI none
- SQLI nosink
- SQLI sink
- XSS none
|
- CONFIG.MYBATIS_MAPPER_SQLI none
- CONFIG.SPRING_SECURITY_DEPRECATED_XSS_HEADER deprecated_xss_header
- JSP_SQL_INJECTION none
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
- XSS none
- XSS stored_xss
|
- ANGULAR_SCE_DISABLED angular_sce_disabled
- DOM_XSS none
- REACT_DANGEROUS_INNERHTML react_set_unsafe_html
- SQLI none
- SQLI nosink
- SQLI sink
- VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
- XSS none
|
- SQLI none
- SQLI nosink
- SQLI sink
|
|
- SQLI none
- SQLI nosink
- SQLI sink
- XSS none
|
- SQLI none
- SQLI nosink
- SQLI sink
- XSS none
|
- XSS cross_site_scripting_hi
- XSS cross_site_scripting_inline_hi
- XSS cross_site_scripting_inline_med
- XSS cross_site_scripting_low
- XSS cross_site_scripting_med
- XSS cve_2011_0446_hi
- XSS cve_2012_3464_med
- XSS cve_2016_6316_hi
- XSS cve_2016_6316_med
- XSS unquoted_attribute_hi
- XSS unquoted_attribute_low
- XSS unquoted_attribute_med
- XSS xss_content_tag_hi
- XSS xss_content_tag_med
- XSS xss_link_to_hi
- XSS xss_link_to_href_hi
- XSS xss_link_to_href_low
- XSS xss_link_to_med
- XSS xss_to_json_hi
- XSS xss_to_json_med
|
|
- SQLI none
- SQLI nosink
- SQLI sink
|
- ANGULAR_SCE_DISABLED angular_sce_disabled
- DOM_XSS none
- REACT_DANGEROUS_INNERHTML react_set_unsafe_html
- SQLI none
- SQLI nosink
- SQLI sink
- VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
- XSS none
|
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
- XSS none
- XSS stored_xss
|
| 143 Improper Neutralization of Record Delimiters |
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
|
|
|
- SQLI none
- SQLI nosink
- SQLI sink
|
- CONFIG.MYBATIS_MAPPER_SQLI none
- JSP_SQL_INJECTION none
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
|
- SQLI none
- SQLI nosink
- SQLI sink
|
- SQLI none
- SQLI nosink
- SQLI sink
|
|
- SQLI none
- SQLI nosink
- SQLI sink
|
- SQLI none
- SQLI nosink
- SQLI sink
|
|
|
- SQLI none
- SQLI nosink
- SQLI sink
|
- SQLI none
- SQLI nosink
- SQLI sink
|
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
|
| 144 Improper Neutralization of Line Delimiters |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 145 Improper Neutralization of Section Delimiters |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 146 Improper Neutralization of Expression/Command Delimiters |
- OS_CMD_INJECTION command_argument
- OS_CMD_INJECTION executable_file
- OS_CMD_INJECTION none
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
- XSS none
- XSS stored_xss
|
- OS_CMD_INJECTION none
- SQLI none
|
- OS_CMD_INJECTION none
- SQLI none
|
- OS_CMD_INJECTION command_as_one_string
- OS_CMD_INJECTION none
- SQLI none
- SQLI nosink
- SQLI sink
- XSS none
|
- CONFIG.MYBATIS_MAPPER_SQLI none
- CONFIG.SPRING_SECURITY_DEPRECATED_XSS_HEADER deprecated_xss_header
- JSP_SQL_INJECTION none
- OS_CMD_INJECTION command_as_array_of_args
- OS_CMD_INJECTION command_as_one_string
- OS_CMD_INJECTION none
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
- XSS none
- XSS stored_xss
|
- ANGULAR_SCE_DISABLED angular_sce_disabled
- DOM_XSS none
- OS_CMD_INJECTION none
- REACT_DANGEROUS_INNERHTML react_set_unsafe_html
- SQLI none
- SQLI nosink
- SQLI sink
- VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
- XSS none
|
- OS_CMD_INJECTION command_as_array_of_args
- OS_CMD_INJECTION command_as_one_string
- SQLI none
- SQLI nosink
- SQLI sink
|
- OS_CMD_INJECTION none
- SQLI none
|
- OS_CMD_INJECTION none
- SQLI none
- SQLI nosink
- SQLI sink
- XSS none
|
- OS_CMD_INJECTION none
- SQLI none
- SQLI nosink
- SQLI sink
- XSS none
|
- OS_CMD_INJECTION command_injection_hi
- OS_CMD_INJECTION command_injection_med
- XSS cross_site_scripting_hi
- XSS cross_site_scripting_inline_hi
- XSS cross_site_scripting_inline_med
- XSS cross_site_scripting_low
- XSS cross_site_scripting_med
- XSS cve_2011_0446_hi
- XSS cve_2012_3464_med
- XSS cve_2016_6316_hi
- XSS cve_2016_6316_med
- XSS unquoted_attribute_hi
- XSS unquoted_attribute_low
- XSS unquoted_attribute_med
- XSS xss_content_tag_hi
- XSS xss_content_tag_med
- XSS xss_link_to_hi
- XSS xss_link_to_href_hi
- XSS xss_link_to_href_low
- XSS xss_link_to_med
- XSS xss_to_json_hi
- XSS xss_to_json_med
|
|
- SQLI none
- SQLI nosink
- SQLI sink
|
- ANGULAR_SCE_DISABLED angular_sce_disabled
- DOM_XSS none
- OS_CMD_INJECTION none
- REACT_DANGEROUS_INNERHTML react_set_unsafe_html
- SQLI none
- SQLI nosink
- SQLI sink
- VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
- XSS none
|
- OS_CMD_INJECTION command_argument
- OS_CMD_INJECTION executable_file
- OS_CMD_INJECTION none
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
- XSS none
- XSS stored_xss
|
| 147 Improper Neutralization of Input Terminators |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 148 Improper Neutralization of Input Leaders |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 149 Improper Neutralization of Quoting Syntax |
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
- XSS none
- XSS stored_xss
|
|
|
- SQLI none
- SQLI nosink
- SQLI sink
- XSS none
|
- CONFIG.MYBATIS_MAPPER_SQLI none
- CONFIG.SPRING_SECURITY_DEPRECATED_XSS_HEADER deprecated_xss_header
- JSP_SQL_INJECTION none
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
- XSS none
- XSS stored_xss
|
- ANGULAR_SCE_DISABLED angular_sce_disabled
- DOM_XSS none
- REACT_DANGEROUS_INNERHTML react_set_unsafe_html
- SQLI none
- SQLI nosink
- SQLI sink
- VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
- XSS none
|
- SQLI none
- SQLI nosink
- SQLI sink
|
|
- SQLI none
- SQLI nosink
- SQLI sink
- XSS none
|
- SQLI none
- SQLI nosink
- SQLI sink
- XSS none
|
- XSS cross_site_scripting_hi
- XSS cross_site_scripting_inline_hi
- XSS cross_site_scripting_inline_med
- XSS cross_site_scripting_low
- XSS cross_site_scripting_med
- XSS cve_2011_0446_hi
- XSS cve_2012_3464_med
- XSS cve_2016_6316_hi
- XSS cve_2016_6316_med
- XSS unquoted_attribute_hi
- XSS unquoted_attribute_low
- XSS unquoted_attribute_med
- XSS xss_content_tag_hi
- XSS xss_content_tag_med
- XSS xss_link_to_hi
- XSS xss_link_to_href_hi
- XSS xss_link_to_href_low
- XSS xss_link_to_med
- XSS xss_to_json_hi
- XSS xss_to_json_med
|
|
- SQLI none
- SQLI nosink
- SQLI sink
|
- ANGULAR_SCE_DISABLED angular_sce_disabled
- DOM_XSS none
- REACT_DANGEROUS_INNERHTML react_set_unsafe_html
- SQLI none
- SQLI nosink
- SQLI sink
- VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
- XSS none
|
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
- XSS none
- XSS stored_xss
|
| 150 Improper Neutralization of Escape, Meta, or Control Sequences |
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
- XSS none
- XSS stored_xss
|
|
|
- SQLI none
- SQLI nosink
- SQLI sink
- XSS none
|
- CONFIG.MYBATIS_MAPPER_SQLI none
- CONFIG.SPRING_SECURITY_DEPRECATED_XSS_HEADER deprecated_xss_header
- JSP_SQL_INJECTION none
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
- XSS none
- XSS stored_xss
|
- ANGULAR_SCE_DISABLED angular_sce_disabled
- DOM_XSS none
- REACT_DANGEROUS_INNERHTML react_set_unsafe_html
- SQLI none
- SQLI nosink
- SQLI sink
- VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
- XSS none
|
- SQLI none
- SQLI nosink
- SQLI sink
|
|
- SQLI none
- SQLI nosink
- SQLI sink
- XSS none
|
- SQLI none
- SQLI nosink
- SQLI sink
- XSS none
|
- XSS cross_site_scripting_hi
- XSS cross_site_scripting_inline_hi
- XSS cross_site_scripting_inline_med
- XSS cross_site_scripting_low
- XSS cross_site_scripting_med
- XSS cve_2011_0446_hi
- XSS cve_2012_3464_med
- XSS cve_2016_6316_hi
- XSS cve_2016_6316_med
- XSS unquoted_attribute_hi
- XSS unquoted_attribute_low
- XSS unquoted_attribute_med
- XSS xss_content_tag_hi
- XSS xss_content_tag_med
- XSS xss_link_to_hi
- XSS xss_link_to_href_hi
- XSS xss_link_to_href_low
- XSS xss_link_to_med
- XSS xss_to_json_hi
- XSS xss_to_json_med
|
|
- SQLI none
- SQLI nosink
- SQLI sink
|
- ANGULAR_SCE_DISABLED angular_sce_disabled
- DOM_XSS none
- REACT_DANGEROUS_INNERHTML react_set_unsafe_html
- SQLI none
- SQLI nosink
- SQLI sink
- VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
- XSS none
|
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
- XSS none
- XSS stored_xss
|
| 151 Improper Neutralization of Comment Delimiters |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 152 Improper Neutralization of Macro Symbols |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 153 Improper Neutralization of Substitution Characters |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 154 Improper Neutralization of Variable Name Delimiters |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 155 Improper Neutralization of Wildcards or Matching Symbols |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 156 Improper Neutralization of Whitespace |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 157 Failure to Sanitize Paired Delimiters |
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
- XSS none
- XSS stored_xss
|
|
|
- SQLI none
- SQLI nosink
- SQLI sink
- XSS none
|
- CONFIG.MYBATIS_MAPPER_SQLI none
- CONFIG.SPRING_SECURITY_DEPRECATED_XSS_HEADER deprecated_xss_header
- JSP_SQL_INJECTION none
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
- XSS none
- XSS stored_xss
|
- ANGULAR_SCE_DISABLED angular_sce_disabled
- DOM_XSS none
- REACT_DANGEROUS_INNERHTML react_set_unsafe_html
- SQLI none
- SQLI nosink
- SQLI sink
- VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
- XSS none
|
- SQLI none
- SQLI nosink
- SQLI sink
|
|
- SQLI none
- SQLI nosink
- SQLI sink
- XSS none
|
- SQLI none
- SQLI nosink
- SQLI sink
- XSS none
|
- XSS cross_site_scripting_hi
- XSS cross_site_scripting_inline_hi
- XSS cross_site_scripting_inline_med
- XSS cross_site_scripting_low
- XSS cross_site_scripting_med
- XSS cve_2011_0446_hi
- XSS cve_2012_3464_med
- XSS cve_2016_6316_hi
- XSS cve_2016_6316_med
- XSS unquoted_attribute_hi
- XSS unquoted_attribute_low
- XSS unquoted_attribute_med
- XSS xss_content_tag_hi
- XSS xss_content_tag_med
- XSS xss_link_to_hi
- XSS xss_link_to_href_hi
- XSS xss_link_to_href_low
- XSS xss_link_to_med
- XSS xss_to_json_hi
- XSS xss_to_json_med
|
|
- SQLI none
- SQLI nosink
- SQLI sink
|
- ANGULAR_SCE_DISABLED angular_sce_disabled
- DOM_XSS none
- REACT_DANGEROUS_INNERHTML react_set_unsafe_html
- SQLI none
- SQLI nosink
- SQLI sink
- VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
- XSS none
|
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
- XSS none
- XSS stored_xss
|
| 158 Improper Neutralization of Null Byte or NUL Character |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 159 Improper Handling of Invalid Use of Special Elements |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 160 Improper Neutralization of Leading Special Elements |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 161 Improper Neutralization of Multiple Leading Special Elements |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 162 Improper Neutralization of Trailing Special Elements |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 163 Improper Neutralization of Multiple Trailing Special Elements |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 164 Improper Neutralization of Internal Special Elements |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 165 Improper Neutralization of Multiple Internal Special Elements |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 166 Improper Handling of Missing Special Element |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 167 Improper Handling of Additional Special Element |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 168 Improper Handling of Inconsistent Special Elements |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 169 DEPRECATED: Technology-Specific Special Elements |
|
- BUFFER_SIZE no_null_terminator
- BUFFER_SIZE no_null_terminator_warn
- READLINK none
- SIZECHECK no_null_terminator
- STRING_NULL none
|
- BUFFER_SIZE no_null_terminator
- BUFFER_SIZE no_null_terminator_warn
- READLINK none
- SIZECHECK no_null_terminator
- STRING_NULL none
|
|
|
|
|
- BUFFER_SIZE no_null_terminator
- BUFFER_SIZE no_null_terminator_warn
- READLINK none
- SIZECHECK no_null_terminator
- STRING_NULL none
|
|
|
|
|
|
|
|
| 170 Improper Null Termination |
|
- BUFFER_SIZE no_null_terminator
- BUFFER_SIZE no_null_terminator_warn
- READLINK none
- SIZECHECK no_null_terminator
- STRING_NULL none
|
- BUFFER_SIZE no_null_terminator
- BUFFER_SIZE no_null_terminator_warn
- READLINK none
- SIZECHECK no_null_terminator
- STRING_NULL none
|
|
|
|
|
- BUFFER_SIZE no_null_terminator
- BUFFER_SIZE no_null_terminator_warn
- READLINK none
- SIZECHECK no_null_terminator
- STRING_NULL none
|
|
|
|
|
|
|
|
| 171 DEPRECATED: Cleansing, Canonicalization, and Comparison Errors |
- BAD_EQ referential
- HEADER_INJECTION none
- LDAP_INJECTION none
- LDAP_NOT_CONSTANT none
- LOG_INJECTION none
- NOSQL_QUERY_INJECTION none
- OS_CMD_INJECTION command_argument
- OS_CMD_INJECTION executable_file
- OS_CMD_INJECTION none
- REGEX_INJECTION none
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
- UNKNOWN_LANGUAGE_INJECTION none
- XML_INJECTION none
- XPATH_INJECTION none
- XSS none
- XSS stored_xss
|
- BAD_COMPARE string_lit_comparison
- BUFFER_SIZE no_null_terminator
- BUFFER_SIZE no_null_terminator_warn
- FORMAT_STRING_INJECTION none
- FORMAT_STRING_INJECTION paranoid
- HEADER_INJECTION none
- OS_CMD_INJECTION none
- PW.NON_CONST_PRINTF_FORMAT_STRING none
- READLINK none
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SIZECHECK no_null_terminator
- SQLI none
- STRING_NULL none
- TAINTED_SCALAR allocation
- TAINTED_SCALAR array_index_read
- TAINTED_SCALAR array_index_write
- TAINTED_SCALAR critical_argument
- TAINTED_SCALAR divisor
- TAINTED_SCALAR loop_bound
- TAINTED_SCALAR none
- TAINTED_SCALAR pointer_deref_read
- TAINTED_SCALAR pointer_deref_write
- URL_MANIPULATION none
- XPATH_INJECTION none
|
- BAD_COMPARE string_lit_comparison
- BUFFER_SIZE no_null_terminator
- BUFFER_SIZE no_null_terminator_warn
- FORMAT_STRING_INJECTION none
- FORMAT_STRING_INJECTION paranoid
- HEADER_INJECTION none
- OS_CMD_INJECTION none
- PW.NON_CONST_PRINTF_FORMAT_STRING none
- READLINK none
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SIZECHECK no_null_terminator
- SQLI none
- STRING_NULL none
- TAINTED_SCALAR allocation
- TAINTED_SCALAR array_index_read
- TAINTED_SCALAR array_index_write
- TAINTED_SCALAR critical_argument
- TAINTED_SCALAR divisor
- TAINTED_SCALAR loop_bound
- TAINTED_SCALAR none
- TAINTED_SCALAR pointer_deref_read
- TAINTED_SCALAR pointer_deref_write
- URL_MANIPULATION none
- XPATH_INJECTION none
|
- HEADER_INJECTION none
- NOSQL_QUERY_INJECTION none
- OS_CMD_INJECTION command_as_one_string
- OS_CMD_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SQLI none
- SQLI nosink
- SQLI sink
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
- TEMPLATE_INJECTION none
- URL_MANIPULATION none
- XSS none
|
- CONFIG.MYBATIS_MAPPER_SQLI none
- CONFIG.SPRING_SECURITY_DEPRECATED_XSS_HEADER deprecated_xss_header
- CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
- EL_INJECTION none
- FB.EQ_ABSTRACT_SELF none
- FB.EQ_ALWAYS_FALSE none
- FB.EQ_ALWAYS_TRUE none
- FB.EQ_CHECK_FOR_OPERAND_NOT_COMPATIBLE_WITH_THIS none
- FB.EQ_COMPARETO_USE_OBJECT_EQUALS none
- FB.EQ_COMPARING_CLASS_NAMES none
- FB.EQ_DOESNT_OVERRIDE_EQUALS none
- FB.EQ_DONT_DEFINE_EQUALS_FOR_ENUM none
- FB.EQ_GETCLASS_AND_CLASS_CONSTANT none
- FB.EQ_OTHER_NO_OBJECT none
- FB.EQ_OTHER_USE_OBJECT none
- FB.EQ_OVERRIDING_EQUALS_NOT_SYMMETRIC none
- FB.EQ_SELF_NO_OBJECT none
- FB.EQ_SELF_USE_OBJECT none
- FB.EQ_UNUSUAL none
- FB.ES_COMPARING_PARAMETER_STRING_WITH_EQ none
- FB.ES_COMPARING_STRINGS_WITH_EQ none
- FB.HRS_REQUEST_PARAMETER_TO_COOKIE none
- FB.HRS_REQUEST_PARAMETER_TO_HTTP_HEADER none
- FB.RE_BAD_SYNTAX_FOR_REGULAR_EXPRESSION none
- FB.RE_CANT_USE_FILE_SEPARATOR_AS_REGULAR_EXPRESSION none
- FB.RE_POSSIBLE_UNINTENDED_PATTERN none
- FB.SQL_NONCONSTANT_STRING_PASSED_TO_EXECUTE none
- FB.SQL_PREPARED_STATEMENT_GENERATED_FROM_NONCONSTANT_STRING none
- FB.XSS_REQUEST_PARAMETER_TO_JSP_WRITER none
- FB.XSS_REQUEST_PARAMETER_TO_SEND_ERROR none
- FB.XSS_REQUEST_PARAMETER_TO_SERVLET_WRITER none
- HEADER_INJECTION none
- HIBERNATE_BAD_HASHCODE bad_equals
- INSECURE_HTTP_FIREWALL spring_security
- INSECURE_REMEMBER_ME_COOKIE remember_me_cookie
- JAVA_CODE_INJECTION none
- JCR_INJECTION none
- JSP_DYNAMIC_INCLUDE none
- JSP_SQL_INJECTION none
- LDAP_INJECTION none
- LDAP_NOT_CONSTANT none
- LOG_INJECTION none
- MISSING_HEADER_VALIDATION missing_header_validation
- NOSQL_QUERY_INJECTION none
- OGNL_INJECTION none
- OS_CMD_INJECTION command_as_array_of_args
- OS_CMD_INJECTION command_as_one_string
- OS_CMD_INJECTION none
- REGEX_CONFUSION none
- REGEX_INJECTION none
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
- UNKNOWN_LANGUAGE_INJECTION none
- URL_MANIPULATION bad_content_uri
- URL_MANIPULATION bad_intent_uri
- URL_MANIPULATION bad_web_uri
- XML_INJECTION none
- XPATH_INJECTION none
- XSS none
- XSS stored_xss
|
- ANGULAR_BYPASS_SECURITY none
- ANGULAR_ELEMENT_REFERENCE none
- ANGULAR_EXPRESSION_INJECTION none
- ANGULAR_SCE_DISABLED angular_sce_disabled
- CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_intent_whitelist
- CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_navigation_whitelist
- CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_network_request_whitelist
- CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
- CSS_INJECTION none
- DOM_XSS none
- HEADER_INJECTION none
- INSECURE_COOKIE client_sessions_express_session
- INSECURE_COOKIE hapi_server_session
- LOCALSTORAGE_MANIPULATION none
- NOSQL_QUERY_INJECTION none
- OS_CMD_INJECTION none
- REACT_DANGEROUS_INNERHTML react_set_unsafe_html
- REGEX_INJECTION none
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SESSIONSTORAGE_MANIPULATION none
- SQLI none
- SQLI nosink
- SQLI sink
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
- TEMPLATE_INJECTION none
- URL_MANIPULATION none
- VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
- WEAK_URL_SANITIZATION hostname_regular_expression
- WEAK_URL_SANITIZATION regular_expression_anchor
- XSS none
|
- HEADER_INJECTION none
- OS_CMD_INJECTION command_as_array_of_args
- OS_CMD_INJECTION command_as_one_string
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SQLI none
- SQLI nosink
- SQLI sink
- URL_MANIPULATION bad_content_uri
- URL_MANIPULATION bad_intent_uri
- URL_MANIPULATION bad_web_uri
|
- BAD_COMPARE string_lit_comparison
- BUFFER_SIZE no_null_terminator
- BUFFER_SIZE no_null_terminator_warn
- FORMAT_STRING_INJECTION none
- FORMAT_STRING_INJECTION paranoid
- HEADER_INJECTION none
- OS_CMD_INJECTION none
- READLINK none
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SIZECHECK no_null_terminator
- SQLI none
- STRING_NULL none
- TAINTED_SCALAR allocation
- TAINTED_SCALAR array_index_read
- TAINTED_SCALAR array_index_write
- TAINTED_SCALAR critical_argument
- TAINTED_SCALAR divisor
- TAINTED_SCALAR loop_bound
- TAINTED_SCALAR none
- TAINTED_SCALAR pointer_deref_read
- TAINTED_SCALAR pointer_deref_write
- URL_MANIPULATION none
- XPATH_INJECTION none
|
- HEADER_INJECTION none
- NOSQL_QUERY_INJECTION none
- OS_CMD_INJECTION none
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SQLI none
- SQLI nosink
- SQLI sink
- SYMFONY_EL_INJECTION none
- XSS none
|
- NOSQL_QUERY_INJECTION none
- OS_CMD_INJECTION none
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SQLI none
- SQLI nosink
- SQLI sink
- XSS none
|
- BLACKLIST_FOR_AUTHN auth_blacklist_med
- BLACKLIST_FOR_AUTHN csrf_blacklist_med
- DYNAMIC_OBJECT_ATTRIBUTES cve_2013_0276_hi
- DYNAMIC_OBJECT_ATTRIBUTES dangerous_attr_accessible_hi
- DYNAMIC_OBJECT_ATTRIBUTES dangerous_attr_accessible_low
- DYNAMIC_OBJECT_ATTRIBUTES dangerous_attr_accessible_med
- DYNAMIC_OBJECT_ATTRIBUTES dangerous_permit_key_hi
- DYNAMIC_OBJECT_ATTRIBUTES dangerous_permit_key_med
- OS_CMD_INJECTION command_injection_hi
- OS_CMD_INJECTION command_injection_med
- PATH_MANIPULATION dynamic_render_path_rce_hi
- REGEX_INJECTION regex_dos_hi
- REGEX_INJECTION regex_dos_low
- REGEX_INJECTION regex_dos_med
- REGEX_MISSING_ANCHOR validation_regex_hi
- RUBY_VULNERABLE_LIBRARY cve_2010_3933_hi
- RUBY_VULNERABLE_LIBRARY cve_2011_2930_med
- RUBY_VULNERABLE_LIBRARY cve_2011_2931_hi
- RUBY_VULNERABLE_LIBRARY cve_2011_2932_hi
- RUBY_VULNERABLE_LIBRARY cve_2011_3186_med
- RUBY_VULNERABLE_LIBRARY cve_2012_2660_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_2661_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_2695_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_3463_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_3465_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_5664_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_0155_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_1855_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_1857_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_4491_med
- RUBY_VULNERABLE_LIBRARY cve_2013_6416_call_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_6416_med
- RUBY_VULNERABLE_LIBRARY cve_2013_6417_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_0080_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_0081_call_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_0081_med
- RUBY_VULNERABLE_LIBRARY cve_2014_3482_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_3483_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_low
- RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_med
- RUBY_VULNERABLE_LIBRARY cve_2014_3514_med
- RUBY_VULNERABLE_LIBRARY cve_2015_3226_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_3226_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7577_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7578_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_7578_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7579_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_7579_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7580_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_7580_med
- RUBY_VULNERABLE_LIBRARY cve_2016_6317_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_3741_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_3741_med
- RUBY_VULNERABLE_LIBRARY cve_2018_8048_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_8048_med
- RUBY_VULNERABLE_LIBRARY safe_buffer_vuln_med
- RUBY_VULNERABLE_LIBRARY select_options_vuln_low
- RUBY_VULNERABLE_LIBRARY select_options_vuln_med
- RUBY_VULNERABLE_LIBRARY translate_vuln_hi
- RUBY_VULNERABLE_LIBRARY translate_vuln_med
- SCRIPT_CODE_INJECTION code_eval_hi
- SCRIPT_CODE_INJECTION code_eval_low
- SQLI sql_injection_calculate_hi
- SQLI sql_injection_calculate_low
- SQLI sql_injection_calculate_med
- SQLI sql_injection_connection_hi
- SQLI sql_injection_connection_low
- SQLI sql_injection_connection_med
- SQLI sql_injection_delete_hi
- SQLI sql_injection_delete_low
- SQLI sql_injection_delete_med
- SQLI sql_injection_dynamic_finder_med
- SQLI sql_injection_exists_hi
- SQLI sql_injection_find_by_hi
- SQLI sql_injection_find_hi
- SQLI sql_injection_find_low
- SQLI sql_injection_find_med
- SQLI sql_injection_from_hi
- SQLI sql_injection_from_low
- SQLI sql_injection_from_med
- SQLI sql_injection_group_low
- SQLI sql_injection_group_med
- SQLI sql_injection_having_low
- SQLI sql_injection_having_med
- SQLI sql_injection_hi
- SQLI sql_injection_interp_hi
- SQLI sql_injection_interp_low
- SQLI sql_injection_interp_med
- SQLI sql_injection_joins_hi
- SQLI sql_injection_joins_low
- SQLI sql_injection_joins_med
- SQLI sql_injection_limit_offset_hi
- SQLI sql_injection_limit_offset_low
- SQLI sql_injection_low
- SQLI sql_injection_med
- SQLI sql_injection_not_low
- SQLI sql_injection_order_hi
- SQLI sql_injection_order_low
- SQLI sql_injection_order_med
- SQLI sql_injection_pluck_hi
- SQLI sql_injection_pluck_low
- SQLI sql_injection_pluck_med
- SQLI sql_injection_reorder_hi
- SQLI sql_injection_reorder_low
- SQLI sql_injection_reorder_med
- SQLI sql_injection_select_hi
- SQLI sql_injection_select_med
- SQLI sql_injection_where_hi
- SQLI sql_injection_where_low
- SQLI sql_injection_where_med
- UNESCAPED_HTML unescaped_output_low
- XSS cross_site_scripting_hi
- XSS cross_site_scripting_inline_hi
- XSS cross_site_scripting_inline_med
- XSS cross_site_scripting_low
- XSS cross_site_scripting_med
- XSS cve_2011_0446_hi
- XSS cve_2012_3464_med
- XSS cve_2016_6316_hi
- XSS cve_2016_6316_med
- XSS unquoted_attribute_hi
- XSS unquoted_attribute_low
- XSS unquoted_attribute_med
- XSS xss_content_tag_hi
- XSS xss_content_tag_med
- XSS xss_link_to_hi
- XSS xss_link_to_href_hi
- XSS xss_link_to_href_low
- XSS xss_link_to_med
- XSS xss_to_json_hi
- XSS xss_to_json_med
|
|
- REGEX_INJECTION none
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SQLI none
- SQLI nosink
- SQLI sink
- XPATH_INJECTION none
|
- ANGULAR_BYPASS_SECURITY none
- ANGULAR_ELEMENT_REFERENCE none
- ANGULAR_EXPRESSION_INJECTION none
- ANGULAR_SCE_DISABLED angular_sce_disabled
- CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_intent_whitelist
- CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_navigation_whitelist
- CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_network_request_whitelist
- CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
- CSS_INJECTION none
- DOM_XSS none
- HEADER_INJECTION none
- INSECURE_COOKIE client_sessions_express_session
- INSECURE_COOKIE hapi_server_session
- LOCALSTORAGE_MANIPULATION none
- NOSQL_QUERY_INJECTION none
- OS_CMD_INJECTION none
- REACT_DANGEROUS_INNERHTML react_set_unsafe_html
- REGEX_INJECTION none
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SESSIONSTORAGE_MANIPULATION none
- SQLI none
- SQLI nosink
- SQLI sink
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
- TEMPLATE_INJECTION none
- URL_MANIPULATION none
- VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
- WEAK_URL_SANITIZATION hostname_regular_expression
- WEAK_URL_SANITIZATION regular_expression_anchor
- XSS none
|
- HEADER_INJECTION none
- LDAP_INJECTION none
- LDAP_NOT_CONSTANT none
- LOG_INJECTION none
- OS_CMD_INJECTION command_argument
- OS_CMD_INJECTION executable_file
- OS_CMD_INJECTION none
- REGEX_INJECTION none
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
- XML_INJECTION none
- XPATH_INJECTION none
- XSS none
- XSS stored_xss
|
| 172 Encoding Error |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 173 Improper Handling of Alternate Encoding |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 174 Double Decoding of the Same Data |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 175 Improper Handling of Mixed Encoding |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 176 Improper Handling of Unicode Encoding |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 177 Improper Handling of URL Encoding (Hex Encoding) |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 178 Improper Handling of Case Sensitivity |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 179 Incorrect Behavior Order: Early Validation |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 180 Incorrect Behavior Order: Validate Before Canonicalize |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 181 Incorrect Behavior Order: Validate Before Filter |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 182 Collapse of Data into Unsafe Value |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 183 Permissive List of Allowed Inputs |
|
|
|
|
- CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
- INSECURE_HTTP_FIREWALL spring_security
- INSECURE_REMEMBER_ME_COOKIE remember_me_cookie
|
- CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_intent_whitelist
- CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_navigation_whitelist
- CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_network_request_whitelist
- CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
- INSECURE_COOKIE client_sessions_express_session
- INSECURE_COOKIE hapi_server_session
|
|
|
|
|
- DYNAMIC_OBJECT_ATTRIBUTES dangerous_attr_accessible_hi
- DYNAMIC_OBJECT_ATTRIBUTES dangerous_attr_accessible_low
- DYNAMIC_OBJECT_ATTRIBUTES dangerous_attr_accessible_med
- DYNAMIC_OBJECT_ATTRIBUTES dangerous_permit_key_hi
- DYNAMIC_OBJECT_ATTRIBUTES dangerous_permit_key_med
|
|
|
- CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_intent_whitelist
- CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_navigation_whitelist
- CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_network_request_whitelist
- CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
- INSECURE_COOKIE client_sessions_express_session
- INSECURE_COOKIE hapi_server_session
|
|
| 184 Incomplete List of Disallowed Inputs |
|
|
|
|
|
|
|
|
|
|
- BLACKLIST_FOR_AUTHN auth_blacklist_med
- BLACKLIST_FOR_AUTHN csrf_blacklist_med
|
|
|
|
|
| 185 Incorrect Regular Expression |
|
|
|
|
- FB.RE_BAD_SYNTAX_FOR_REGULAR_EXPRESSION none
- FB.RE_CANT_USE_FILE_SEPARATOR_AS_REGULAR_EXPRESSION none
- FB.RE_POSSIBLE_UNINTENDED_PATTERN none
- REGEX_CONFUSION none
|
- WEAK_URL_SANITIZATION hostname_regular_expression
- WEAK_URL_SANITIZATION regular_expression_anchor
|
|
|
|
|
- REGEX_MISSING_ANCHOR validation_regex_hi
|
|
|
- WEAK_URL_SANITIZATION hostname_regular_expression
- WEAK_URL_SANITIZATION regular_expression_anchor
|
|
| 186 Overly Restrictive Regular Expression |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 187 Partial String Comparison |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 188 Reliance on Data/Memory Layout |
|
- INCOMPATIBLE_CAST endianness
|
- INCOMPATIBLE_CAST endianness
|
|
|
|
|
- INCOMPATIBLE_CAST endianness
|
|
|
|
|
|
|
|
| 189 Numeric Errors |
- DIVIDE_BY_ZERO float_divisor
- DIVIDE_BY_ZERO none
- OVERFLOW_BEFORE_WIDEN none
|
- BAD_ALLOC_STRLEN none
- BAD_SIZEOF none
- BAD_SIZEOF sizeof_ptr_expr
- CHAR_IO none
- COM.BSTR.CONV none
- DIVIDE_BY_ZERO float_divisor
- DIVIDE_BY_ZERO none
- FLOATING_POINT_EQUALITY none
- INTEGER_OVERFLOW array_index_read
- INTEGER_OVERFLOW array_index_write
- INTEGER_OVERFLOW const_overflow
- INTEGER_OVERFLOW critical_argument
- INTEGER_OVERFLOW none
- INTEGER_OVERFLOW pointer_deref_read
- INTEGER_OVERFLOW pointer_deref_write
- INTEGER_OVERFLOW return_value_error
- MISRA_CAST bitwise_op_bad_cast
- MISRA_CAST bitwise_op_no_cast
- MISRA_CAST float_complex_conversion
- MISRA_CAST float_narrowing_conversion
- MISRA_CAST float_non_constant_arg_conversion
- MISRA_CAST float_non_constant_conversion
- MISRA_CAST float_non_constant_rtn_conversion
- MISRA_CAST float_to_integer_cast
- MISRA_CAST float_to_integer_conversion
- MISRA_CAST float_widening_cast
- MISRA_CAST integer_complex_conversion
- MISRA_CAST integer_narrowing_conversion
- MISRA_CAST integer_non_constant_arg_conversion
- MISRA_CAST integer_non_constant_conversion
- MISRA_CAST integer_non_constant_rtn_conversion
- MISRA_CAST integer_signedness_changing_cast
- MISRA_CAST integer_signedness_changing_conversion
- MISRA_CAST integer_to_float_cast
- MISRA_CAST integer_to_float_conversion
- MISRA_CAST integer_widening_cast
- MISRA_CAST none
- NEGATIVE_RETURNS array_index_read
- NEGATIVE_RETURNS array_index_write
- NO_EFFECT bad_memset_truncated_fill
- OVERFLOW_BEFORE_WIDEN none
- PW.DIVIDE_BY_ZERO none
- PW.INTEGER_OVERFLOW none
- PW.INTEGER_TOO_LARGE none
- PW.SHIFT_COUNT_TOO_LARGE none
- REVERSE_NEGATIVE array_index_read
- REVERSE_NEGATIVE array_index_write
- SIGN_EXTENSION none
- SIZECHECK ampersand_in_size
- SIZECHECK improper_new
- SIZECHECK incorrect_multiplication
- SIZECHECK likely_overflow
- SIZECHECK none
- SIZEOF_MISMATCH sizeof_punning
- TAINTED_SCALAR array_index_read
- TAINTED_SCALAR array_index_write
- TAINTED_SCALAR divisor
- TAINTED_SCALAR pointer_deref_read
- TAINTED_SCALAR pointer_deref_write
- Y2K38_SAFETY declaration_with_small_time_t
- Y2K38_SAFETY truncation_of_time_t
|
- BAD_ALLOC_STRLEN none
- BAD_SIZEOF none
- BAD_SIZEOF sizeof_ptr_expr
- CHAR_IO none
- DIVIDE_BY_ZERO float_divisor
- DIVIDE_BY_ZERO none
- INTEGER_OVERFLOW array_index_read
- INTEGER_OVERFLOW array_index_write
- INTEGER_OVERFLOW const_overflow
- INTEGER_OVERFLOW critical_argument
- INTEGER_OVERFLOW none
- INTEGER_OVERFLOW pointer_deref_read
- INTEGER_OVERFLOW pointer_deref_write
- INTEGER_OVERFLOW return_value_error
- MISRA_CAST bitwise_op_bad_cast
- MISRA_CAST bitwise_op_no_cast
- MISRA_CAST float_complex_conversion
- MISRA_CAST float_narrowing_conversion
- MISRA_CAST float_non_constant_arg_conversion
- MISRA_CAST float_non_constant_conversion
- MISRA_CAST float_non_constant_rtn_conversion
- MISRA_CAST float_to_integer_cast
- MISRA_CAST float_to_integer_conversion
- MISRA_CAST float_widening_cast
- MISRA_CAST integer_complex_conversion
- MISRA_CAST integer_narrowing_conversion
- MISRA_CAST integer_non_constant_arg_conversion
- MISRA_CAST integer_non_constant_conversion
- MISRA_CAST integer_non_constant_rtn_conversion
- MISRA_CAST integer_signedness_changing_cast
- MISRA_CAST integer_signedness_changing_conversion
- MISRA_CAST integer_to_float_cast
- MISRA_CAST integer_to_float_conversion
- MISRA_CAST integer_widening_cast
- MISRA_CAST none
- NEGATIVE_RETURNS array_index_read
- NEGATIVE_RETURNS array_index_write
- NO_EFFECT bad_memset_truncated_fill
- OVERFLOW_BEFORE_WIDEN none
- PW.DIVIDE_BY_ZERO none
- PW.INTEGER_OVERFLOW none
- PW.INTEGER_TOO_LARGE none
- PW.SHIFT_COUNT_TOO_LARGE none
- REVERSE_NEGATIVE array_index_read
- REVERSE_NEGATIVE array_index_write
- SIGN_EXTENSION none
- SIZECHECK ampersand_in_size
- SIZECHECK improper_new
- SIZECHECK incorrect_multiplication
- SIZECHECK likely_overflow
- SIZECHECK none
- SIZEOF_MISMATCH sizeof_punning
- TAINTED_SCALAR array_index_read
- TAINTED_SCALAR array_index_write
- TAINTED_SCALAR divisor
- TAINTED_SCALAR pointer_deref_read
- TAINTED_SCALAR pointer_deref_write
|
- DIVIDE_BY_ZERO float_divisor
- DIVIDE_BY_ZERO none
|
- DIVIDE_BY_ZERO float_divisor
- DIVIDE_BY_ZERO none
- FB.BX_BOXING_IMMEDIATELY_UNBOXED_TO_PERFORM_COERCION none
- FB.ICAST_BAD_SHIFT_AMOUNT none
- FB.ICAST_IDIV_CAST_TO_DOUBLE none
- FB.ICAST_INTEGER_MULTIPLY_CAST_TO_LONG none
- FB.ICAST_INT_2_LONG_AS_INSTANT none
- FB.ICAST_INT_CAST_TO_DOUBLE_PASSED_TO_CEIL none
- FB.ICAST_INT_CAST_TO_FLOAT_PASSED_TO_ROUND none
- FB.ICAST_QUESTIONABLE_UNSIGNED_RIGHT_SHIFT none
- OVERFLOW_BEFORE_WIDEN none
|
|
|
- BAD_ALLOC_STRLEN none
- BAD_SIZEOF none
- BAD_SIZEOF sizeof_ptr_expr
- CHAR_IO none
- DIVIDE_BY_ZERO float_divisor
- DIVIDE_BY_ZERO none
- INTEGER_OVERFLOW array_index_read
- INTEGER_OVERFLOW array_index_write
- INTEGER_OVERFLOW const_overflow
- INTEGER_OVERFLOW critical_argument
- INTEGER_OVERFLOW none
- INTEGER_OVERFLOW pointer_deref_read
- INTEGER_OVERFLOW pointer_deref_write
- INTEGER_OVERFLOW return_value_error
- MISRA_CAST bitwise_op_bad_cast
- MISRA_CAST bitwise_op_no_cast
- MISRA_CAST float_complex_conversion
- MISRA_CAST float_narrowing_conversion
- MISRA_CAST float_non_constant_arg_conversion
- MISRA_CAST float_non_constant_conversion
- MISRA_CAST float_non_constant_rtn_conversion
- MISRA_CAST float_to_integer_cast
- MISRA_CAST float_to_integer_conversion
- MISRA_CAST float_widening_cast
- MISRA_CAST integer_complex_conversion
- MISRA_CAST integer_narrowing_conversion
- MISRA_CAST integer_non_constant_arg_conversion
- MISRA_CAST integer_non_constant_conversion
- MISRA_CAST integer_non_constant_rtn_conversion
- MISRA_CAST integer_signedness_changing_cast
- MISRA_CAST integer_signedness_changing_conversion
- MISRA_CAST integer_to_float_cast
- MISRA_CAST integer_to_float_conversion
- MISRA_CAST integer_widening_cast
- MISRA_CAST none
- NEGATIVE_RETURNS array_index_read
- NEGATIVE_RETURNS array_index_write
- NO_EFFECT bad_memset_truncated_fill
- OVERFLOW_BEFORE_WIDEN none
- REVERSE_NEGATIVE array_index_read
- REVERSE_NEGATIVE array_index_write
- SIGN_EXTENSION none
- SIZECHECK ampersand_in_size
- SIZECHECK improper_new
- SIZECHECK incorrect_multiplication
- SIZECHECK likely_overflow
- SIZECHECK none
- SIZEOF_MISMATCH sizeof_punning
- TAINTED_SCALAR array_index_read
- TAINTED_SCALAR array_index_write
- TAINTED_SCALAR divisor
- TAINTED_SCALAR pointer_deref_read
- TAINTED_SCALAR pointer_deref_write
|
|
|
- DIVIDE_BY_ZERO divide_by_zero_low
- DIVIDE_BY_ZERO divide_by_zero_med
|
- OVERFLOW_BEFORE_WIDEN none
|
|
|
- DIVIDE_BY_ZERO float_divisor
- DIVIDE_BY_ZERO none
|
| 190 Integer Overflow or Wraparound |
- OVERFLOW_BEFORE_WIDEN none
|
- INTEGER_OVERFLOW array_index_read
- INTEGER_OVERFLOW array_index_write
- INTEGER_OVERFLOW const_overflow
- INTEGER_OVERFLOW critical_argument
- INTEGER_OVERFLOW none
- INTEGER_OVERFLOW pointer_deref_read
- INTEGER_OVERFLOW pointer_deref_write
- INTEGER_OVERFLOW return_value_error
- OVERFLOW_BEFORE_WIDEN none
- PW.INTEGER_OVERFLOW none
- PW.INTEGER_TOO_LARGE none
- PW.SHIFT_COUNT_TOO_LARGE none
|
- INTEGER_OVERFLOW array_index_read
- INTEGER_OVERFLOW array_index_write
- INTEGER_OVERFLOW const_overflow
- INTEGER_OVERFLOW critical_argument
- INTEGER_OVERFLOW none
- INTEGER_OVERFLOW pointer_deref_read
- INTEGER_OVERFLOW pointer_deref_write
- INTEGER_OVERFLOW return_value_error
- OVERFLOW_BEFORE_WIDEN none
- PW.INTEGER_OVERFLOW none
- PW.INTEGER_TOO_LARGE none
- PW.SHIFT_COUNT_TOO_LARGE none
|
|
- OVERFLOW_BEFORE_WIDEN none
|
|
|
- INTEGER_OVERFLOW array_index_read
- INTEGER_OVERFLOW array_index_write
- INTEGER_OVERFLOW const_overflow
- INTEGER_OVERFLOW critical_argument
- INTEGER_OVERFLOW none
- INTEGER_OVERFLOW pointer_deref_read
- INTEGER_OVERFLOW pointer_deref_write
- INTEGER_OVERFLOW return_value_error
- OVERFLOW_BEFORE_WIDEN none
|
|
|
|
- OVERFLOW_BEFORE_WIDEN none
|
|
|
|
| 191 Integer Underflow (Wrap or Wraparound) |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 192 Integer Coercion Error |
|
|
|
|
- FB.BX_BOXING_IMMEDIATELY_UNBOXED_TO_PERFORM_COERCION none
- FB.ICAST_BAD_SHIFT_AMOUNT none
- FB.ICAST_IDIV_CAST_TO_DOUBLE none
- FB.ICAST_INTEGER_MULTIPLY_CAST_TO_LONG none
- FB.ICAST_INT_2_LONG_AS_INSTANT none
- FB.ICAST_INT_CAST_TO_DOUBLE_PASSED_TO_CEIL none
- FB.ICAST_INT_CAST_TO_FLOAT_PASSED_TO_ROUND none
- FB.ICAST_QUESTIONABLE_UNSIGNED_RIGHT_SHIFT none
|
|
|
|
|
|
|
|
|
|
|
| 193 Off-by-one Error |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 194 Unexpected Sign Extension |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 195 Signed to Unsigned Conversion Error |
|
- MISRA_CAST integer_signedness_changing_cast
|
- MISRA_CAST integer_signedness_changing_cast
|
|
|
|
|
- MISRA_CAST integer_signedness_changing_cast
|
|
|
|
|
|
|
|
| 196 Unsigned to Signed Conversion Error |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 197 Numeric Truncation Error |
|
- CHAR_IO none
- MISRA_CAST integer_narrowing_conversion
- NO_EFFECT bad_memset_truncated_fill
- Y2K38_SAFETY declaration_with_small_time_t
- Y2K38_SAFETY truncation_of_time_t
|
- CHAR_IO none
- MISRA_CAST integer_narrowing_conversion
- NO_EFFECT bad_memset_truncated_fill
|
|
|
|
|
- CHAR_IO none
- MISRA_CAST integer_narrowing_conversion
- NO_EFFECT bad_memset_truncated_fill
|
|
|
|
|
|
|
|
| 198 Use of Incorrect Byte Ordering |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 199 Information Management Errors |
- ASPNET_MVC_VERSION_HEADER none
- CONFIG.ASPNET_VERSION_HEADER none
- CONFIG.COOKIES_MISSING_HTTPONLY none
- CONFIG.DYNAMIC_DATA_HTML_COMMENT none
- CONFIG.ENABLED_DEBUG_MODE none
- CONFIG.ENABLED_TRACE_MODE none
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- UNLOGGED_SECURITY_EXCEPTION unlogged_security_exception
|
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK nested_memory_access
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK sensitive_data_comparison
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_execution_data_leak
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_uninitialized_use
- AUTOSAR C++14 A15-3-3 none
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- MISRA C++-2008 Rule 15-3-2 none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNCAUGHT_EXCEPT none
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
|
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK nested_memory_access
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK sensitive_data_comparison
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_execution_data_leak
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_uninitialized_use
- AUTOSAR C++14 A15-3-3 none
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- MISRA C++-2008 Rule 15-3-2 none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNCAUGHT_EXCEPT none
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
|
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- INSUFFICIENT_LOGGING logging_obligation
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
|
- ANDROID_DEBUG_MODE none
- CONFIG.ANDROID_BACKUPS_ALLOWED android
- CONFIG.DWR_DEBUG_MODE none
- CONFIG.DYNAMIC_DATA_HTML_COMMENT none
- CONFIG.JAVAEE_MISSING_HTTPONLY none
- CONFIG.SPRING_BOOT_SENSITIVE_LOGGING spring_boot_logging
- CONFIG.SPRING_BOOT_SSL_DISABLED spring_boot_ssl_disabled
- CONFIG.SPRING_SECURITY_DEBUG_MODE spring_debug_mode_enabled
- CONFIG.SPRING_SECURITY_EXPOSED_SESSIONID session_id_in_url
- CONFIG.SPRING_SECURITY_LOGIN_OVER_HTTP spring_security_login_over_http
- CONFIG.SPRING_SECURITY_UNSAFE_AUTHENTICATION_FILTER authentication_filter
- CONFIG.STRUTS2_CONFIG_BROWSER_PLUGIN none
- CORS_MISCONFIGURATION_AUDIT cors_expose_sensitive_header
- DISABLED_ENCRYPTION text_encryptor
- EXPOSED_PREFERENCES none
- FB.MS_CANNOT_BE_FINAL none
- FB.REC_CATCH_EXCEPTION none
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- INSECURE_COMMUNICATION insecure_communication
- INSECURE_COMMUNICATION none
- INSECURE_COMMUNICATION unencrypted_connection
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_clipboard
- SENSITIVE_DATA_LEAK cleartext_storage_in_content_provider
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_intent
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- UNLOGGED_SECURITY_EXCEPTION unlogged_security_exception
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_access
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_read
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_write
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_access
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_read
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_write
- VERBOSE_ERROR_REPORTING exception_information
- VERBOSE_ERROR_REPORTING stack_trace
|
- AWS_SSL_DISABLED aws_ssl_disabled
- CONFIG.CORDOVA_EXCESSIVE_LOGGING cordova
- CONFIG.ENABLED_DEBUG_MODE debug_mode_enabled
- CONFIG.MYSQL_SSL_VERIFY_DISABLED mysql_ssl_verify_disabled
- CONFIG.SEQUELIZE_ENABLED_LOGGING sequelize_logging_enabled
- CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
- CONFIG.VUE_ROUTER_PARAMS_EXPOSED_TO_PROPS vuerouter_exposed_params
- CORS_MISCONFIGURATION cors_configured_globally
- CORS_MISCONFIGURATION cors_origin_string
- CORS_MISCONFIGURATION_AUDIT cors_expose_sensitive_header
- CORS_MISCONFIGURATION_AUDIT cors_origin_string
- DNS_PREFETCHING helmet_dns_prefetching
- EXPRESS_WINSTON_SENSITIVE_LOGGING error_logger
- EXPRESS_WINSTON_SENSITIVE_LOGGING meta_data
- EXPRESS_WINSTON_SENSITIVE_LOGGING request_logger
- EXPRESS_X_POWERED_BY_ENABLED x_powered_by_http_header
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_report_uri
- INSECURE_ACL insecure_acl
- INSECURE_COMMUNICATION insecure_connection
- INSECURE_COOKIE client_sessions_express_session
- INSECURE_COOKIE hapi_server_session
- INSECURE_REFERRER_POLICY insecure_referrer_policy
- INSUFFICIENT_LOGGING logging_obligation
- REVERSE_TABNABBING react_target_blank
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNSAFE_BUFFER_METHOD unsafe_buffer_method
|
- ANDROID_DEBUG_MODE none
- CONFIG.ANDROID_BACKUPS_ALLOWED android
- EXPOSED_PREFERENCES none
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- INSECURE_COMMUNICATION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_clipboard
- SENSITIVE_DATA_LEAK cleartext_storage_in_content_provider
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_intent
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_access
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_read
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_write
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_access
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_read
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_write
|
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK nested_memory_access
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK sensitive_data_comparison
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_execution_data_leak
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_uninitialized_use
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNCAUGHT_EXCEPT none
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
|
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
|
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
|
- HARDCODED_CREDENTIALS secret_in_source_med
- SENSITIVE_DATA_LEAK detailed_exceptions_hi
- SENSITIVE_DATA_LEAK detailed_exceptions_med
- SENSITIVE_DATA_LEAK local_request_config_hi
- STRICT_TRANSPORT_SECURITY force_ssl_disabled_med
|
|
- CONFIG.ATS_INSECURE none
- INSECURE_COMMUNICATION none
- INSECURE_MULTIPEER_CONNECTION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
|
- AWS_SSL_DISABLED aws_ssl_disabled
- CONFIG.CORDOVA_EXCESSIVE_LOGGING cordova
- CONFIG.ENABLED_DEBUG_MODE debug_mode_enabled
- CONFIG.MYSQL_SSL_VERIFY_DISABLED mysql_ssl_verify_disabled
- CONFIG.SEQUELIZE_ENABLED_LOGGING sequelize_logging_enabled
- CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
- CONFIG.VUE_ROUTER_PARAMS_EXPOSED_TO_PROPS vuerouter_exposed_params
- CORS_MISCONFIGURATION cors_configured_globally
- CORS_MISCONFIGURATION cors_origin_string
- CORS_MISCONFIGURATION_AUDIT cors_expose_sensitive_header
- CORS_MISCONFIGURATION_AUDIT cors_origin_string
- DNS_PREFETCHING helmet_dns_prefetching
- EXPRESS_WINSTON_SENSITIVE_LOGGING error_logger
- EXPRESS_WINSTON_SENSITIVE_LOGGING meta_data
- EXPRESS_WINSTON_SENSITIVE_LOGGING request_logger
- EXPRESS_X_POWERED_BY_ENABLED x_powered_by_http_header
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_report_uri
- INSECURE_ACL insecure_acl
- INSECURE_COMMUNICATION insecure_connection
- INSECURE_COOKIE client_sessions_express_session
- INSECURE_COOKIE hapi_server_session
- INSECURE_REFERRER_POLICY insecure_referrer_policy
- INSUFFICIENT_LOGGING logging_obligation
- REVERSE_TABNABBING react_target_blank
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNSAFE_BUFFER_METHOD unsafe_buffer_method
|
- ASPNET_MVC_VERSION_HEADER none
- CONFIG.DYNAMIC_DATA_HTML_COMMENT none
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNLOGGED_SECURITY_EXCEPTION unlogged_security_exception
|
| 200 Exposure of Sensitive Information to an Unauthorized Actor |
- ASPNET_MVC_VERSION_HEADER none
- CONFIG.ASPNET_VERSION_HEADER none
- CONFIG.COOKIES_MISSING_HTTPONLY none
- CONFIG.DYNAMIC_DATA_HTML_COMMENT none
- CONFIG.ENABLED_DEBUG_MODE none
- CONFIG.ENABLED_TRACE_MODE none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
|
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK nested_memory_access
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK sensitive_data_comparison
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_execution_data_leak
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_uninitialized_use
- AUTOSAR C++14 A15-3-3 none
- MISRA C++-2008 Rule 15-3-2 none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNCAUGHT_EXCEPT none
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
|
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK nested_memory_access
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK sensitive_data_comparison
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_execution_data_leak
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_uninitialized_use
- AUTOSAR C++14 A15-3-3 none
- MISRA C++-2008 Rule 15-3-2 none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNCAUGHT_EXCEPT none
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
|
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
|
- ANDROID_DEBUG_MODE none
- CONFIG.ANDROID_BACKUPS_ALLOWED android
- CONFIG.DWR_DEBUG_MODE none
- CONFIG.DYNAMIC_DATA_HTML_COMMENT none
- CONFIG.JAVAEE_MISSING_HTTPONLY none
- CONFIG.SPRING_BOOT_SENSITIVE_LOGGING spring_boot_logging
- CONFIG.SPRING_BOOT_SSL_DISABLED spring_boot_ssl_disabled
- CONFIG.SPRING_SECURITY_DEBUG_MODE spring_debug_mode_enabled
- CONFIG.SPRING_SECURITY_EXPOSED_SESSIONID session_id_in_url
- CONFIG.SPRING_SECURITY_LOGIN_OVER_HTTP spring_security_login_over_http
- CONFIG.SPRING_SECURITY_UNSAFE_AUTHENTICATION_FILTER authentication_filter
- CONFIG.STRUTS2_CONFIG_BROWSER_PLUGIN none
- CORS_MISCONFIGURATION_AUDIT cors_expose_sensitive_header
- DISABLED_ENCRYPTION text_encryptor
- EXPOSED_PREFERENCES none
- INSECURE_COMMUNICATION insecure_communication
- INSECURE_COMMUNICATION unencrypted_connection
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_clipboard
- SENSITIVE_DATA_LEAK cleartext_storage_in_content_provider
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_intent
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_access
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_read
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_write
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_access
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_read
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_write
- VERBOSE_ERROR_REPORTING exception_information
- VERBOSE_ERROR_REPORTING stack_trace
|
- AWS_SSL_DISABLED aws_ssl_disabled
- CONFIG.ENABLED_DEBUG_MODE debug_mode_enabled
- CONFIG.MYSQL_SSL_VERIFY_DISABLED mysql_ssl_verify_disabled
- CONFIG.SEQUELIZE_ENABLED_LOGGING sequelize_logging_enabled
- CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
- CONFIG.VUE_ROUTER_PARAMS_EXPOSED_TO_PROPS vuerouter_exposed_params
- CORS_MISCONFIGURATION cors_configured_globally
- CORS_MISCONFIGURATION cors_origin_string
- CORS_MISCONFIGURATION_AUDIT cors_expose_sensitive_header
- CORS_MISCONFIGURATION_AUDIT cors_origin_string
- DNS_PREFETCHING helmet_dns_prefetching
- EXPRESS_WINSTON_SENSITIVE_LOGGING error_logger
- EXPRESS_WINSTON_SENSITIVE_LOGGING meta_data
- EXPRESS_WINSTON_SENSITIVE_LOGGING request_logger
- EXPRESS_X_POWERED_BY_ENABLED x_powered_by_http_header
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_report_uri
- INSECURE_ACL insecure_acl
- INSECURE_COMMUNICATION insecure_connection
- INSECURE_REFERRER_POLICY insecure_referrer_policy
- REVERSE_TABNABBING react_target_blank
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNSAFE_BUFFER_METHOD unsafe_buffer_method
|
- ANDROID_DEBUG_MODE none
- CONFIG.ANDROID_BACKUPS_ALLOWED android
- EXPOSED_PREFERENCES none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_clipboard
- SENSITIVE_DATA_LEAK cleartext_storage_in_content_provider
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_intent
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_access
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_read
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_write
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_access
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_read
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_write
|
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK nested_memory_access
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK sensitive_data_comparison
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_execution_data_leak
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_uninitialized_use
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNCAUGHT_EXCEPT none
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
|
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
|
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
|
- SENSITIVE_DATA_LEAK detailed_exceptions_hi
- SENSITIVE_DATA_LEAK detailed_exceptions_med
- SENSITIVE_DATA_LEAK local_request_config_hi
|
|
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
|
- AWS_SSL_DISABLED aws_ssl_disabled
- CONFIG.ENABLED_DEBUG_MODE debug_mode_enabled
- CONFIG.MYSQL_SSL_VERIFY_DISABLED mysql_ssl_verify_disabled
- CONFIG.SEQUELIZE_ENABLED_LOGGING sequelize_logging_enabled
- CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
- CONFIG.VUE_ROUTER_PARAMS_EXPOSED_TO_PROPS vuerouter_exposed_params
- CORS_MISCONFIGURATION cors_configured_globally
- CORS_MISCONFIGURATION cors_origin_string
- CORS_MISCONFIGURATION_AUDIT cors_expose_sensitive_header
- CORS_MISCONFIGURATION_AUDIT cors_origin_string
- DNS_PREFETCHING helmet_dns_prefetching
- EXPRESS_WINSTON_SENSITIVE_LOGGING error_logger
- EXPRESS_WINSTON_SENSITIVE_LOGGING meta_data
- EXPRESS_WINSTON_SENSITIVE_LOGGING request_logger
- EXPRESS_X_POWERED_BY_ENABLED x_powered_by_http_header
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_report_uri
- INSECURE_ACL insecure_acl
- INSECURE_COMMUNICATION insecure_connection
- INSECURE_REFERRER_POLICY insecure_referrer_policy
- REVERSE_TABNABBING react_target_blank
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNSAFE_BUFFER_METHOD unsafe_buffer_method
|
- ASPNET_MVC_VERSION_HEADER none
- CONFIG.DYNAMIC_DATA_HTML_COMMENT none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
|
| 201 Insertion of Sensitive Information Into Sent Data |
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_transmission
|
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_transmission
|
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_transmission
|
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_transmission
|
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_intent
- SENSITIVE_DATA_LEAK cleartext_transmission
|
- EXPRESS_X_POWERED_BY_ENABLED x_powered_by_http_header
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_transmission
|
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_intent
- SENSITIVE_DATA_LEAK cleartext_transmission
|
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_transmission
|
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_transmission
|
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_transmission
|
|
|
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_transmission
|
- EXPRESS_X_POWERED_BY_ENABLED x_powered_by_http_header
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_transmission
|
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_transmission
|
| 202 Exposure of Sensitive Information Through Data Queries |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 203 Observable Differences in Behavior to Error Inputs |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 204 Observable Response Discrepancy |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 205 Observable Behavioral Discrepancy |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 206 Observable Internal Behavioral Discrepancy |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 207 Observable Behavioral Discrepancy With Equivalent Products |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 208 Observable Timing Discrepancy |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 209 Generation of Error Message Containing Sensitive Information |
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
|
- AUTOSAR C++14 A15-3-3 none
- MISRA C++-2008 Rule 15-3-2 none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- UNCAUGHT_EXCEPT none
|
- AUTOSAR C++14 A15-3-3 none
- MISRA C++-2008 Rule 15-3-2 none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- UNCAUGHT_EXCEPT none
|
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
|
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- VERBOSE_ERROR_REPORTING exception_information
- VERBOSE_ERROR_REPORTING stack_trace
|
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
|
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
|
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- UNCAUGHT_EXCEPT none
|
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
|
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
|
- SENSITIVE_DATA_LEAK detailed_exceptions_hi
- SENSITIVE_DATA_LEAK detailed_exceptions_med
|
|
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
|
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
|
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
|
| 210 Self-generated Error Message Containing Sensitive Information |
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
|
- AUTOSAR C++14 A15-3-3 none
- MISRA C++-2008 Rule 15-3-2 none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
|
- AUTOSAR C++14 A15-3-3 none
- MISRA C++-2008 Rule 15-3-2 none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
|
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
|
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- VERBOSE_ERROR_REPORTING exception_information
- VERBOSE_ERROR_REPORTING stack_trace
|
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
|
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
|
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
|
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
|
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
|
|
|
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
|
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
|
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
|
| 211 Externally-Generated Error Message Containing Sensitive Information |
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
|
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- UNCAUGHT_EXCEPT none
|
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- UNCAUGHT_EXCEPT none
|
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
|
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- VERBOSE_ERROR_REPORTING exception_information
|
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
|
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
|
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- UNCAUGHT_EXCEPT none
|
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
|
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
|
|
|
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
|
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
|
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
|
| 212 Improper Removal of Sensitive Information Before Storage or Transfer |
|
|
|
|
|
|
|
|
|
|
- SENSITIVE_DATA_LEAK detailed_exceptions_hi
- SENSITIVE_DATA_LEAK detailed_exceptions_med
|
|
|
|
|
| 213 Exposure of Sensitive Information Due to Incompatible Policies |
|
|
|
|
- CONFIG.STRUTS2_CONFIG_BROWSER_PLUGIN none
|
- AWS_SSL_DISABLED aws_ssl_disabled
- CORS_MISCONFIGURATION cors_configured_globally
- CORS_MISCONFIGURATION cors_origin_string
- CORS_MISCONFIGURATION_AUDIT cors_expose_sensitive_header
- CORS_MISCONFIGURATION_AUDIT cors_origin_string
|
|
|
|
|
|
|
|
- AWS_SSL_DISABLED aws_ssl_disabled
- CORS_MISCONFIGURATION cors_configured_globally
- CORS_MISCONFIGURATION cors_origin_string
- CORS_MISCONFIGURATION_AUDIT cors_expose_sensitive_header
- CORS_MISCONFIGURATION_AUDIT cors_origin_string
|
|
| 214 Invocation of Process Using Visible Sensitive Information |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 215 Insertion of Sensitive Information Into Debugging Code |
- CONFIG.ENABLED_DEBUG_MODE none
- CONFIG.ENABLED_TRACE_MODE none
|
|
|
|
- ANDROID_DEBUG_MODE none
- CONFIG.DWR_DEBUG_MODE none
- CONFIG.SPRING_SECURITY_DEBUG_MODE spring_debug_mode_enabled
|
- CONFIG.ENABLED_DEBUG_MODE debug_mode_enabled
|
|
|
|
|
- SENSITIVE_DATA_LEAK local_request_config_hi
|
|
|
- CONFIG.ENABLED_DEBUG_MODE debug_mode_enabled
|
|
| 216 DEPRECATED: Containment Errors (Container Errors) |
|
|
|
|
- FB.MS_CANNOT_BE_FINAL none
|
- INSECURE_COOKIE client_sessions_express_session
- INSECURE_COOKIE hapi_server_session
|
|
|
|
|
|
|
|
- INSECURE_COOKIE client_sessions_express_session
- INSECURE_COOKIE hapi_server_session
|
|
| 217 DEPRECATED: Failure to Protect Stored Data from Modification |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 218 DEPRECATED (Duplicate): Failure to provide confidentiality for stored data |
|
|
|
|
- FB.EI_EXPOSE_STATIC_REP2 none
- FB.MS_CANNOT_BE_FINAL none
- FB.MS_EXPOSE_REP none
- FB.MS_FINAL_PKGPROTECT none
- FB.MS_MUTABLE_ARRAY none
- FB.MS_MUTABLE_COLLECTION none
- FB.MS_MUTABLE_COLLECTION_PKGPROTECT none
- FB.MS_MUTABLE_HASHTABLE none
- FB.MS_OOI_PKGPROTECT none
- FB.MS_PKGPROTECT none
- FB.MS_SHOULD_BE_FINAL none
- FB.MS_SHOULD_BE_REFACTORED_TO_BE_FINAL none
|
|
|
|
|
|
|
|
|
|
|
| 219 Storage of File with Sensitive Data Under Web Root |
|
|
|
|
|
- INSECURE_COOKIE client_sessions_express_session
- INSECURE_COOKIE hapi_server_session
|
|
|
|
|
|
|
|
- INSECURE_COOKIE client_sessions_express_session
- INSECURE_COOKIE hapi_server_session
|
|
| 220 Storage of File With Sensitive Data Under FTP Root |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 221 Information Loss or Omission |
- UNLOGGED_SECURITY_EXCEPTION unlogged_security_exception
|
|
|
- INSUFFICIENT_LOGGING logging_obligation
|
- FB.REC_CATCH_EXCEPTION none
- UNLOGGED_SECURITY_EXCEPTION unlogged_security_exception
|
- INSUFFICIENT_LOGGING logging_obligation
|
|
|
|
|
|
|
|
- INSUFFICIENT_LOGGING logging_obligation
|
- UNLOGGED_SECURITY_EXCEPTION unlogged_security_exception
|
| 222 Truncation of Security-relevant Information |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 223 Omission of Security-relevant Information |
- UNLOGGED_SECURITY_EXCEPTION unlogged_security_exception
|
|
|
- INSUFFICIENT_LOGGING logging_obligation
|
- UNLOGGED_SECURITY_EXCEPTION unlogged_security_exception
|
- INSUFFICIENT_LOGGING logging_obligation
|
|
|
|
|
|
|
|
- INSUFFICIENT_LOGGING logging_obligation
|
- UNLOGGED_SECURITY_EXCEPTION unlogged_security_exception
|
| 224 Obscured Security-relevant Information by Alternate Name |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 225 DEPRECATED (Duplicate): General Information Management Problems |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 226 Sensitive Information in Resource Not Removed Before Reuse |
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
|
|
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
|
| 227 7PK - API Abuse |
- CALL_SUPER none
- MISSING_RESTORE likely
- MISSING_RESTORE none
- MISSING_RESTORE possible
- SWAPPED_ARGUMENTS none
|
- BAD_COMPARE comparator_misuse
- BAD_COMPARE none
- CHECKED_RETURN library_function
- CHECKED_RETURN none
- CHECKED_RETURN returns_error_info
- CHECKED_RETURN short_read
- CHECKED_RETURN unchecked_arg
- CHECKED_RETURN user_required
- CHROOT none
- COM.BSTR.ALLOC double_free
- INVALIDATE_ITERATOR none
- LOCK double_lock
- MISSING_RESTORE likely
- MISSING_RESTORE none
- MISSING_RESTORE possible
- NEGATIVE_RETURNS critical_argument
- OPEN_ARGS none
- PRINTF_ARGS extra_printf_arg
- PRINTF_ARGS invalid_printf_format_string
- PRINTF_ARGS invalid_type_printf_arg
- PRINTF_ARGS missing_printf_arg
- PW.BAD_PRINTF_FORMAT_STRING none
- PW.TOO_FEW_PRINTF_ARGS none
- PW.TOO_MANY_PRINTF_ARGS none
- SWAPPED_ARGUMENTS none
- UNCAUGHT_EXCEPT none
- USE_AFTER_FREE double_free
- VARARGS none
- WEAK_GUARD dns
- WEAK_GUARD dns_sensitive_op
|
- BAD_COMPARE comparator_misuse
- BAD_COMPARE none
- CHECKED_RETURN library_function
- CHECKED_RETURN none
- CHECKED_RETURN returns_error_info
- CHECKED_RETURN short_read
- CHECKED_RETURN unchecked_arg
- CHECKED_RETURN user_required
- CHROOT none
- INVALIDATE_ITERATOR none
- LOCK double_lock
- MISSING_RESTORE likely
- MISSING_RESTORE none
- MISSING_RESTORE possible
- NEGATIVE_RETURNS critical_argument
- OPEN_ARGS none
- PRINTF_ARGS extra_printf_arg
- PRINTF_ARGS invalid_printf_format_string
- PRINTF_ARGS invalid_type_printf_arg
- PRINTF_ARGS missing_printf_arg
- PW.BAD_PRINTF_FORMAT_STRING none
- PW.TOO_FEW_PRINTF_ARGS none
- PW.TOO_MANY_PRINTF_ARGS none
- SWAPPED_ARGUMENTS none
- UNCAUGHT_EXCEPT none
- USE_AFTER_FREE double_free
- VARARGS none
- WEAK_GUARD dns
- WEAK_GUARD dns_sensitive_op
|
- CHECKED_RETURN none
- CHECKED_RETURN unchecked_arg
- LOCK double_lock
|
- ATTRIBUTE_NAME_CONFLICT jsp_tag
- BAD_CERT_VERIFICATION bad_trust_manager
- CALL_SUPER clone
- CALL_SUPER finalize
- CALL_SUPER none
- CHECKED_RETURN library_function
- CHECKED_RETURN none
- CHECKED_RETURN short_read
- CHECKED_RETURN user_required
- CONFIG.HTTP_VERB_TAMPERING none
- DC.DANGEROUS none
- FB.AM_CREATES_EMPTY_JAR_FILE_ENTRY none
- FB.AM_CREATES_EMPTY_ZIP_FILE_ENTRY none
- FB.CN_IDIOM none
- FB.CN_IDIOM_NO_SUPER_CALL none
- FB.CN_IMPLEMENTS_CLONE_BUT_NOT_CLONEABLE none
- FB.DMI_ANNOTATION_IS_NOT_VISIBLE_TO_REFLECTION none
- FB.DMI_ARGUMENTS_WRONG_ORDER none
- FB.DMI_BAD_MONTH none
- FB.DMI_BIGDECIMAL_CONSTRUCTED_FROM_DOUBLE none
- FB.DMI_BLOCKING_METHODS_ON_URL none
- FB.DMI_CALLING_NEXT_FROM_HASNEXT none
- FB.DMI_COLLECTIONS_SHOULD_NOT_CONTAIN_THEMSELVES none
- FB.DMI_COLLECTION_OF_URLS none
- FB.DMI_DOH none
- FB.DMI_ENTRY_SETS_MAY_REUSE_ENTRY_OBJECTS none
- FB.DMI_FUTILE_ATTEMPT_TO_CHANGE_MAXPOOL_SIZE_OF_SCHEDULED_THREAD none
- FB.DMI_HARDCODED_ABSOLUTE_FILENAME none
- FB.DMI_INVOKING_HASHCODE_ON_ARRAY none
- FB.DMI_INVOKING_TOSTRING_ON_ANONYMOUS_ARRAY none
- FB.DMI_INVOKING_TOSTRING_ON_ARRAY none
- FB.DMI_LONG_BITS_TO_DOUBLE_INVOKED_ON_INT none
- FB.DMI_NONSERIALIZABLE_OBJECT_WRITTEN none
- FB.DMI_RANDOM_USED_ONLY_ONCE none
- FB.DMI_SCHEDULED_THREAD_POOL_EXECUTOR_WITH_ZERO_CORE_THREADS none
- FB.DMI_THREAD_PASSED_WHERE_RUNNABLE_EXPECTED none
- FB.DMI_UNSUPPORTED_METHOD none
- FB.DMI_USELESS_SUBSTRING none
- FB.DMI_USING_REMOVEALL_TO_CLEAR_COLLECTION none
- FB.DMI_VACUOUS_CALL_TO_EASYMOCK_METHOD none
- FB.DMI_VACUOUS_SELF_COLLECTION_CALL none
- FB.DM_EXIT none
- FB.FI_EMPTY none
- FB.FI_EXPLICIT_INVOCATION none
- FB.FI_FINALIZER_NULLS_FIELDS none
- FB.FI_FINALIZER_ONLY_NULLS_FIELDS none
- FB.FI_MISSING_SUPER_CALL none
- FB.FI_NULLIFY_SUPER none
- FB.FI_USELESS none
- FB.J2EE_STORE_OF_NON_SERIALIZABLE_OBJECT_INTO_SESSION none
- FB.RV_01_TO_INT none
- FB.RV_ABSOLUTE_VALUE_OF_HASHCODE none
- FB.RV_ABSOLUTE_VALUE_OF_RANDOM_INT none
- FB.RV_CHECK_COMPARETO_FOR_SPECIFIC_RETURN_VALUE none
- FB.RV_CHECK_FOR_POSITIVE_INDEXOF none
- FB.RV_DONT_JUST_NULL_CHECK_READLINE none
- FB.RV_EXCEPTION_NOT_THROWN none
- FB.RV_NEGATING_RESULT_OF_COMPARETO none
- FB.RV_REM_OF_HASHCODE none
- FB.RV_REM_OF_RANDOM_INT none
- FB.RV_RETURN_VALUE_IGNORED none
- FB.RV_RETURN_VALUE_IGNORED2 none
- FB.RV_RETURN_VALUE_IGNORED_BAD_PRACTICE none
- FB.RV_RETURN_VALUE_IGNORED_INFERRED none
- FB.RV_RETURN_VALUE_IGNORED_NO_SIDE_EFFECT none
- FB.RV_RETURN_VALUE_OF_PUTIFABSENT_IGNORED none
- INSECURE_HTTP_FIREWALL spring_security
- INVALIDATE_ITERATOR map_put
- INVALIDATE_ITERATOR none
- MISSING_RESTORE likely
- MISSING_RESTORE none
- MISSING_RESTORE possible
- ORM_LOAD_NULL_CHECK none
- SWAPPED_ARGUMENTS none
- WEAK_GUARD dns
- WEAK_GUARD dns_sensitive_op
|
- EXPLICIT_THIS_EXPECTED none
- IDENTIFIER_TYPO none
|
- BAD_CERT_VERIFICATION bad_trust_manager
|
- BAD_COMPARE comparator_misuse
- BAD_COMPARE none
- CHECKED_RETURN library_function
- CHECKED_RETURN none
- CHECKED_RETURN short_read
- CHECKED_RETURN unchecked_arg
- CHECKED_RETURN user_required
- CHROOT none
- INVALIDATE_ITERATOR none
- LOCK double_lock
- MISSING_RESTORE likely
- MISSING_RESTORE none
- MISSING_RESTORE possible
- NEGATIVE_RETURNS critical_argument
- OPEN_ARGS none
- PRINTF_ARGS extra_printf_arg
- PRINTF_ARGS invalid_printf_format_string
- PRINTF_ARGS invalid_type_printf_arg
- PRINTF_ARGS missing_printf_arg
- SWAPPED_ARGUMENTS none
- UNCAUGHT_EXCEPT none
- USE_AFTER_FREE double_free
- VARARGS none
- WEAK_GUARD dns
- WEAK_GUARD dns_sensitive_op
|
|
|
|
|
- BAD_CERT_VERIFICATION bad_trust_manager
|
- EXPLICIT_THIS_EXPECTED none
- IDENTIFIER_TYPO none
|
- CALL_SUPER none
- SWAPPED_ARGUMENTS none
|
| 228 Improper Handling of Syntactically Invalid Structure |
|
- TAINTED_SCALAR allocation
- TAINTED_SCALAR array_index_read
- TAINTED_SCALAR array_index_write
- TAINTED_SCALAR critical_argument
- TAINTED_SCALAR divisor
- TAINTED_SCALAR loop_bound
- TAINTED_SCALAR none
- TAINTED_SCALAR pointer_deref_read
- TAINTED_SCALAR pointer_deref_write
|
- TAINTED_SCALAR allocation
- TAINTED_SCALAR array_index_read
- TAINTED_SCALAR array_index_write
- TAINTED_SCALAR critical_argument
- TAINTED_SCALAR divisor
- TAINTED_SCALAR loop_bound
- TAINTED_SCALAR none
- TAINTED_SCALAR pointer_deref_read
- TAINTED_SCALAR pointer_deref_write
|
|
|
|
|
- TAINTED_SCALAR allocation
- TAINTED_SCALAR array_index_read
- TAINTED_SCALAR array_index_write
- TAINTED_SCALAR critical_argument
- TAINTED_SCALAR divisor
- TAINTED_SCALAR loop_bound
- TAINTED_SCALAR none
- TAINTED_SCALAR pointer_deref_read
- TAINTED_SCALAR pointer_deref_write
|
|
|
|
|
|
|
|
| 229 Improper Handling of Values |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 230 Improper Handling of Missing Values |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 231 Improper Handling of Extra Values |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 232 Improper Handling of Undefined Values |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 233 Improper Handling of Parameters |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 234 Failure to Handle Missing Parameter |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 235 Improper Handling of Extra Parameters |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 236 Improper Handling of Undefined Parameters |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 237 Improper Handling of Structural Elements |
|
- TAINTED_SCALAR allocation
- TAINTED_SCALAR array_index_read
- TAINTED_SCALAR array_index_write
- TAINTED_SCALAR critical_argument
- TAINTED_SCALAR divisor
- TAINTED_SCALAR loop_bound
- TAINTED_SCALAR none
- TAINTED_SCALAR pointer_deref_read
- TAINTED_SCALAR pointer_deref_write
|
- TAINTED_SCALAR allocation
- TAINTED_SCALAR array_index_read
- TAINTED_SCALAR array_index_write
- TAINTED_SCALAR critical_argument
- TAINTED_SCALAR divisor
- TAINTED_SCALAR loop_bound
- TAINTED_SCALAR none
- TAINTED_SCALAR pointer_deref_read
- TAINTED_SCALAR pointer_deref_write
|
|
|
|
|
- TAINTED_SCALAR allocation
- TAINTED_SCALAR array_index_read
- TAINTED_SCALAR array_index_write
- TAINTED_SCALAR critical_argument
- TAINTED_SCALAR divisor
- TAINTED_SCALAR loop_bound
- TAINTED_SCALAR none
- TAINTED_SCALAR pointer_deref_read
- TAINTED_SCALAR pointer_deref_write
|
|
|
|
|
|
|
|
| 238 Improper Handling of Incomplete Structural Elements |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 239 Failure to Handle Incomplete Element |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 240 Improper Handling of Inconsistent Structural Elements |
|
- TAINTED_SCALAR allocation
- TAINTED_SCALAR array_index_read
- TAINTED_SCALAR array_index_write
- TAINTED_SCALAR critical_argument
- TAINTED_SCALAR divisor
- TAINTED_SCALAR loop_bound
- TAINTED_SCALAR none
- TAINTED_SCALAR pointer_deref_read
- TAINTED_SCALAR pointer_deref_write
|
- TAINTED_SCALAR allocation
- TAINTED_SCALAR array_index_read
- TAINTED_SCALAR array_index_write
- TAINTED_SCALAR critical_argument
- TAINTED_SCALAR divisor
- TAINTED_SCALAR loop_bound
- TAINTED_SCALAR none
- TAINTED_SCALAR pointer_deref_read
- TAINTED_SCALAR pointer_deref_write
|
|
|
|
|
- TAINTED_SCALAR allocation
- TAINTED_SCALAR array_index_read
- TAINTED_SCALAR array_index_write
- TAINTED_SCALAR critical_argument
- TAINTED_SCALAR divisor
- TAINTED_SCALAR loop_bound
- TAINTED_SCALAR none
- TAINTED_SCALAR pointer_deref_read
- TAINTED_SCALAR pointer_deref_write
|
|
|
|
|
|
|
|
| 241 Improper Handling of Unexpected Data Type |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 242 Use of Inherently Dangerous Function |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 243 Creation of chroot Jail Without Changing Working Directory |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 244 Improper Clearing of Heap Memory Before Release ('Heap Inspection') |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 245 J2EE Bad Practices: Direct Management of Connections |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 246 J2EE Bad Practices: Direct Use of Sockets |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 247 DEPRECATED (Duplicate): Reliance on DNS Lookups in a Security Decision |
|
- WEAK_GUARD dns
- WEAK_GUARD dns_sensitive_op
|
- WEAK_GUARD dns
- WEAK_GUARD dns_sensitive_op
|
|
- WEAK_GUARD dns
- WEAK_GUARD dns_sensitive_op
|
|
|
- WEAK_GUARD dns
- WEAK_GUARD dns_sensitive_op
|
|
|
|
|
|
|
|
| 248 Uncaught Exception |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 249 DEPRECATED: Often Misused: Path Manipulation |
|
|
|
|
|
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
- PATH_MANIPULATION none
|
|
|
|
|
- PATH_MANIPULATION dynamic_render_path_hi
- PATH_MANIPULATION dynamic_render_path_low
- PATH_MANIPULATION dynamic_render_path_med
- PATH_MANIPULATION dynamic_render_path_rce_hi
- PATH_MANIPULATION file_access_hi
- PATH_MANIPULATION file_access_low
- PATH_MANIPULATION file_access_med
|
|
|
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
- PATH_MANIPULATION none
|
|
| 250 Execution with Unnecessary Privileges |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 251 Often Misused: String Management |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 252 Unchecked Return Value |
|
- CHECKED_RETURN library_function
- CHECKED_RETURN none
- CHECKED_RETURN returns_error_info
- CHECKED_RETURN short_read
- CHECKED_RETURN unchecked_arg
- CHECKED_RETURN user_required
|
- CHECKED_RETURN library_function
- CHECKED_RETURN none
- CHECKED_RETURN returns_error_info
- CHECKED_RETURN short_read
- CHECKED_RETURN unchecked_arg
- CHECKED_RETURN user_required
|
- CHECKED_RETURN none
- CHECKED_RETURN unchecked_arg
|
- CHECKED_RETURN library_function
- CHECKED_RETURN none
- CHECKED_RETURN short_read
- CHECKED_RETURN user_required
|
|
|
- CHECKED_RETURN library_function
- CHECKED_RETURN none
- CHECKED_RETURN short_read
- CHECKED_RETURN unchecked_arg
- CHECKED_RETURN user_required
|
|
|
|
|
|
|
|
| 253 Incorrect Check of Function Return Value |
|
- BAD_COMPARE comparator_misuse
- CHECKED_RETURN library_function
- CHECKED_RETURN none
- CHECKED_RETURN returns_error_info
- CHECKED_RETURN short_read
- CHECKED_RETURN unchecked_arg
- CHECKED_RETURN user_required
|
- BAD_COMPARE comparator_misuse
- CHECKED_RETURN library_function
- CHECKED_RETURN none
- CHECKED_RETURN returns_error_info
- CHECKED_RETURN short_read
- CHECKED_RETURN unchecked_arg
- CHECKED_RETURN user_required
|
- CHECKED_RETURN none
- CHECKED_RETURN unchecked_arg
|
- CHECKED_RETURN library_function
- CHECKED_RETURN none
- CHECKED_RETURN short_read
- CHECKED_RETURN user_required
- FB.RV_RETURN_VALUE_IGNORED_BAD_PRACTICE none
- ORM_LOAD_NULL_CHECK none
|
|
|
- BAD_COMPARE comparator_misuse
- CHECKED_RETURN library_function
- CHECKED_RETURN none
- CHECKED_RETURN short_read
- CHECKED_RETURN unchecked_arg
- CHECKED_RETURN user_required
|
|
|
|
|
|
|
|
| 254 7PK - Security Features |
- CONFIG.CONNECTION_STRING_PASSWORD none
- CONFIG.DEAD_AUTHORIZATION_RULE dead_allow_rule
- CONFIG.DEAD_AUTHORIZATION_RULE dead_deny_rule
- CSRF database_update
- CSRF filesystem_modification
- CSRF none
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HEADER_INJECTION none
- INSECURE_COOKIE dotnet
- INSECURE_RANDOM insecure_random_used
- INSECURE_RANDOM insecure_random_value
- LDAP_INJECTION none
- LDAP_NOT_CONSTANT none
- LOG_INJECTION none
- MISSING_AUTHZ none
- NOSQL_QUERY_INJECTION none
- OPEN_REDIRECT none
- OS_CMD_INJECTION command_argument
- OS_CMD_INJECTION executable_file
- OS_CMD_INJECTION none
- OVERFLOW_BEFORE_WIDEN none
- PATH_MANIPULATION none
- REGEX_INJECTION none
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- UNKNOWN_LANGUAGE_INJECTION none
- UNLOGGED_SECURITY_EXCEPTION unlogged_security_exception
- UNRESTRICTED_DISPATCH none
- UNSAFE_NAMED_QUERY none
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
- XML_EXTERNAL_ENTITY external_entities
- XML_EXTERNAL_ENTITY unrestricted_dtds
- XML_INJECTION none
- XPATH_INJECTION none
- XSS none
- XSS stored_xss
|
- ARRAY_VS_SINGLETON none
- BAD_ALLOC_ARITHMETIC none
- BUFFER_SIZE fixed_size_dest
- BUFFER_SIZE likely_overflow
- BUFFER_SIZE no_null_terminator
- BUFFER_SIZE no_null_terminator_warn
- BUFFER_SIZE none
- BUFFER_SIZE overflow
- BUFFER_SIZE overlapping_buffer
- CHROOT none
- COM.BAD_FREE none
- COM.BSTR.ALLOC double_free
- COM.BSTR.ALLOC free_uninit
- COM.BSTR.ALLOC none
- COM.BSTR.ALLOC use_after_free
- COM.BSTR.ALLOC use_uninit
- COM.BSTR.CONV none
- FORMAT_STRING_INJECTION none
- FORMAT_STRING_INJECTION paranoid
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HEADER_INJECTION none
- INCOMPATIBLE_CAST overrun
- INTEGER_OVERFLOW array_index_read
- INTEGER_OVERFLOW array_index_write
- INTEGER_OVERFLOW const_overflow
- INTEGER_OVERFLOW critical_argument
- INTEGER_OVERFLOW none
- INTEGER_OVERFLOW pointer_deref_read
- INTEGER_OVERFLOW pointer_deref_write
- INTEGER_OVERFLOW return_value_error
- INVALIDATE_ITERATOR none
- MISMATCHED_ITERATOR none
- MISMATCHED_ITERATOR splice_iterator_mismatch
- MISSING_ASSIGN none
- MISSING_ASSIGN uncalled
- MISSING_COPY none
- MISSING_COPY uncalled
- NEGATIVE_RETURNS array_index_read
- NEGATIVE_RETURNS array_index_write
- NEGATIVE_RETURNS loop_bound
- OS_CMD_INJECTION none
- OVERFLOW_BEFORE_WIDEN none
- OVERRUN illegal_address
- OVERRUN none
- OVERRUN read
- OVERRUN strlen
- OVERRUN write
- PATH_MANIPULATION none
- PW.INTEGER_OVERFLOW none
- PW.INTEGER_TOO_LARGE none
- PW.NON_CONST_PRINTF_FORMAT_STRING none
- PW.SHIFT_COUNT_TOO_LARGE none
- READLINK none
- REVERSE_NEGATIVE array_index_read
- REVERSE_NEGATIVE array_index_write
- REVERSE_NEGATIVE critical_argument
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SIZECHECK likely_overflow
- SIZECHECK no_null_terminator
- SQLI none
- STRING_NULL none
- STRING_OVERFLOW fixed_size_dest
- STRING_OVERFLOW likely_overflow
- STRING_OVERFLOW none
- STRING_SIZE none
- TAINTED_SCALAR allocation
- TAINTED_SCALAR array_index_read
- TAINTED_SCALAR array_index_write
- TAINTED_SCALAR critical_argument
- TAINTED_SCALAR divisor
- TAINTED_SCALAR loop_bound
- TAINTED_SCALAR none
- TAINTED_SCALAR pointer_deref_read
- TAINTED_SCALAR pointer_deref_write
- TAINTED_STRING none
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- URL_MANIPULATION none
- USER_POINTER none
- USE_AFTER_FREE deref_read_after_free
- USE_AFTER_FREE deref_write_after_free
- USE_AFTER_FREE double_free
- USE_AFTER_FREE none
- WEAK_GUARD dns
- WEAK_GUARD dns_sensitive_op
- WEAK_GUARD http_referer
- WEAK_GUARD http_referer_sensitive_op
- WEAK_GUARD ip_address
- WEAK_GUARD ip_address_sensitive_op
- WEAK_GUARD none
- WEAK_GUARD os_login
- WEAK_GUARD os_login_sensitive_op
- WEAK_GUARD principal_name
- WEAK_GUARD principal_name_sensitive_op
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
- WRAPPER_ESCAPE COM_deref_read_after_free
- WRAPPER_ESCAPE COM_deref_write_after_free
- WRAPPER_ESCAPE COM_use_after_free
- WRAPPER_ESCAPE deref_read_after_free
- WRAPPER_ESCAPE deref_write_after_free
- WRAPPER_ESCAPE none
- XPATH_INJECTION none
|
- ARRAY_VS_SINGLETON none
- BAD_ALLOC_ARITHMETIC none
- BUFFER_SIZE fixed_size_dest
- BUFFER_SIZE likely_overflow
- BUFFER_SIZE no_null_terminator
- BUFFER_SIZE no_null_terminator_warn
- BUFFER_SIZE none
- BUFFER_SIZE overflow
- BUFFER_SIZE overlapping_buffer
- CHROOT none
- FORMAT_STRING_INJECTION none
- FORMAT_STRING_INJECTION paranoid
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HEADER_INJECTION none
- INCOMPATIBLE_CAST overrun
- INTEGER_OVERFLOW array_index_read
- INTEGER_OVERFLOW array_index_write
- INTEGER_OVERFLOW const_overflow
- INTEGER_OVERFLOW critical_argument
- INTEGER_OVERFLOW none
- INTEGER_OVERFLOW pointer_deref_read
- INTEGER_OVERFLOW pointer_deref_write
- INTEGER_OVERFLOW return_value_error
- INVALIDATE_ITERATOR none
- MISMATCHED_ITERATOR none
- MISMATCHED_ITERATOR splice_iterator_mismatch
- MISSING_ASSIGN none
- MISSING_ASSIGN uncalled
- MISSING_COPY none
- MISSING_COPY uncalled
- NEGATIVE_RETURNS array_index_read
- NEGATIVE_RETURNS array_index_write
- NEGATIVE_RETURNS loop_bound
- OS_CMD_INJECTION none
- OVERFLOW_BEFORE_WIDEN none
- OVERRUN illegal_address
- OVERRUN none
- OVERRUN read
- OVERRUN strlen
- OVERRUN write
- PATH_MANIPULATION none
- PW.INTEGER_OVERFLOW none
- PW.INTEGER_TOO_LARGE none
- PW.NON_CONST_PRINTF_FORMAT_STRING none
- PW.SHIFT_COUNT_TOO_LARGE none
- READLINK none
- REVERSE_NEGATIVE array_index_read
- REVERSE_NEGATIVE array_index_write
- REVERSE_NEGATIVE critical_argument
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SIZECHECK likely_overflow
- SIZECHECK no_null_terminator
- SQLI none
- STRING_NULL none
- STRING_OVERFLOW fixed_size_dest
- STRING_OVERFLOW likely_overflow
- STRING_OVERFLOW none
- STRING_SIZE none
- TAINTED_SCALAR allocation
- TAINTED_SCALAR array_index_read
- TAINTED_SCALAR array_index_write
- TAINTED_SCALAR critical_argument
- TAINTED_SCALAR divisor
- TAINTED_SCALAR loop_bound
- TAINTED_SCALAR none
- TAINTED_SCALAR pointer_deref_read
- TAINTED_SCALAR pointer_deref_write
- TAINTED_STRING none
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- URL_MANIPULATION none
- USER_POINTER none
- USE_AFTER_FREE deref_read_after_free
- USE_AFTER_FREE deref_write_after_free
- USE_AFTER_FREE double_free
- USE_AFTER_FREE none
- WEAK_GUARD dns
- WEAK_GUARD dns_sensitive_op
- WEAK_GUARD http_referer
- WEAK_GUARD http_referer_sensitive_op
- WEAK_GUARD ip_address
- WEAK_GUARD ip_address_sensitive_op
- WEAK_GUARD none
- WEAK_GUARD os_login
- WEAK_GUARD os_login_sensitive_op
- WEAK_GUARD principal_name
- WEAK_GUARD principal_name_sensitive_op
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
- WRAPPER_ESCAPE COM_deref_read_after_free
- WRAPPER_ESCAPE COM_deref_write_after_free
- WRAPPER_ESCAPE COM_use_after_free
- WRAPPER_ESCAPE deref_read_after_free
- WRAPPER_ESCAPE deref_write_after_free
- WRAPPER_ESCAPE none
- XPATH_INJECTION none
|
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HEADER_INJECTION none
- INSUFFICIENT_LOGGING logging_obligation
- NOSQL_QUERY_INJECTION none
- OPEN_REDIRECT none
- OS_CMD_INJECTION command_as_one_string
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
- TEMPLATE_INJECTION none
- URL_MANIPULATION none
- XML_EXTERNAL_ENTITY external_entities
- XSS none
|
- ANDROID_CAPABILITY_LEAK none
- ANDROID_WEBVIEW_FILEACCESS android_webview_file_access
- BAD_CERT_VERIFICATION bad_hostname_verifier
- BAD_CERT_VERIFICATION bad_revocation_check
- BAD_CERT_VERIFICATION bad_ssl_session
- BAD_CERT_VERIFICATION bad_trust_manager
- CALL_SUPER clone
- CONFIG.DWR_DEBUG_MODE none
- CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
- CONFIG.JAVAEE_MISSING_SERVLET_MAPPING javaee
- CONFIG.MISSING_JSF2_SECURITY_CONSTRAINT none
- CONFIG.MYBATIS_MAPPER_SQLI none
- CONFIG.SPRING_BOOT_SSL_DISABLED spring_boot_certificate_validation_skipped
- CONFIG.SPRING_BOOT_SSL_DISABLED spring_boot_ssl_disabled
- CONFIG.SPRING_SECURITY_CSRF_PROTECTION_DISABLED spring_security
- CONFIG.SPRING_SECURITY_DEPRECATED_XSS_HEADER deprecated_xss_header
- CONFIG.SPRING_SECURITY_DISABLE_AUTH_TAGS none
- CONFIG.SPRING_SECURITY_EXPOSED_SESSIONID session_id_in_url
- CONFIG.SPRING_SECURITY_HARDCODED_CREDENTIALS none
- CONFIG.SPRING_SECURITY_LOGIN_OVER_HTTP spring_security_login_over_http
- CONFIG.SPRING_SECURITY_REMEMBER_ME_HARDCODED_KEY none
- CONFIG.SPRING_SECURITY_SESSION_FIXATION none
- CONFIG.SPRING_SECURITY_SESSION_FIXATION spring_security_source_code
- CONFIG.SPRING_SECURITY_UNSAFE_AUTHENTICATION_FILTER authentication_filter
- CONFIG.SPRING_SECURITY_WEAK_PASSWORD_HASH weak_encoding_for_password
- CONFIG.STRUTS2_CONFIG_BROWSER_PLUGIN none
- CONFIG.STRUTS2_DYNAMIC_METHOD_INVOCATION none
- CONFIG.STRUTS2_ENABLED_DEV_MODE none
- CONFIG.UNSAFE_SESSION_TIMEOUT none
- CORS_MISCONFIGURATION cors_with_credentials_http_origin
- CORS_MISCONFIGURATION cors_with_credentials_null_origin
- CORS_MISCONFIGURATION_AUDIT cors_expose_sensitive_header
- CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
- CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
- CSRF database_update
- CSRF filesystem_modification
- CSRF none
- DISABLED_ENCRYPTION text_encryptor
- EL_INJECTION none
- FB.CN_IDIOM none
- FB.CN_IDIOM_NO_SUPER_CALL none
- FB.CN_IMPLEMENTS_CLONE_BUT_NOT_CLONEABLE none
- FB.DMI_CONSTANT_DB_PASSWORD none
- FB.DMI_EMPTY_DB_PASSWORD none
- FB.HRS_REQUEST_PARAMETER_TO_COOKIE none
- FB.HRS_REQUEST_PARAMETER_TO_HTTP_HEADER none
- FB.PT_ABSOLUTE_PATH_TRAVERSAL none
- FB.PT_RELATIVE_PATH_TRAVERSAL none
- FB.SQL_NONCONSTANT_STRING_PASSED_TO_EXECUTE none
- FB.SQL_PREPARED_STATEMENT_GENERATED_FROM_NONCONSTANT_STRING none
- FB.XSS_REQUEST_PARAMETER_TO_JSP_WRITER none
- FB.XSS_REQUEST_PARAMETER_TO_SEND_ERROR none
- FB.XSS_REQUEST_PARAMETER_TO_SERVLET_WRITER none
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HEADER_INJECTION none
- IMPLICIT_INTENT none
- INSECURE_COMMUNICATION insecure_communication
- INSECURE_COMMUNICATION none
- INSECURE_COMMUNICATION unencrypted_connection
- INSECURE_COOKIE java
- INSECURE_HTTP_FIREWALL spring_security
- INSECURE_RANDOM insecure_random_used
- INSECURE_RANDOM insecure_random_value
- INSECURE_REMEMBER_ME_COOKIE remember_me_cookie
- INVALIDATE_ITERATOR map_put
- INVALIDATE_ITERATOR none
- JAVA_CODE_INJECTION none
- JCR_INJECTION none
- JSP_DYNAMIC_INCLUDE none
- JSP_SQL_INJECTION none
- LDAP_INJECTION none
- LDAP_NOT_CONSTANT none
- LOG_INJECTION none
- MISSING_AUTHZ none
- MISSING_HEADER_VALIDATION missing_header_validation
- MISSING_PERMISSION_FOR_BROADCAST none
- MISSING_PERMISSION_ON_EXPORTED_COMPONENT none
- MOBILE_ID_MISUSE none
- NOSQL_QUERY_INJECTION none
- OGNL_INJECTION none
- OPEN_REDIRECT none
- OS_CMD_INJECTION command_as_array_of_args
- OS_CMD_INJECTION command_as_one_string
- OS_CMD_INJECTION none
- OVERFLOW_BEFORE_WIDEN none
- PATH_MANIPULATION none
- PREDICTABLE_RANDOM_SEED random_seed
- PREDICTABLE_RANDOM_SEED secure_random_seed_const
- PREDICTABLE_RANDOM_SEED secure_random_seed_sys_time
- REGEX_INJECTION none
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_clipboard
- SENSITIVE_DATA_LEAK cleartext_storage_in_content_provider
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_intent
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SESSION_FIXATION none
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
- TRUST_BOUNDARY_VIOLATION none
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- UNKNOWN_LANGUAGE_INJECTION none
- UNLOGGED_SECURITY_EXCEPTION unlogged_security_exception
- UNRESTRICTED_DISPATCH none
- UNSAFE_JNI none
- UNSAFE_NAMED_QUERY none
- UNSAFE_REFLECTION none
- URL_MANIPULATION bad_content_uri
- URL_MANIPULATION bad_intent_uri
- URL_MANIPULATION bad_web_uri
- VERBOSE_ERROR_REPORTING exception_information
- VERBOSE_ERROR_REPORTING stack_trace
- WEAK_GUARD dns
- WEAK_GUARD dns_sensitive_op
- WEAK_GUARD http_referer
- WEAK_GUARD http_referer_sensitive_op
- WEAK_GUARD ip_address
- WEAK_GUARD ip_address_sensitive_op
- WEAK_GUARD none
- WEAK_GUARD os_login
- WEAK_GUARD os_login_sensitive_op
- WEAK_GUARD principal_name
- WEAK_GUARD principal_name_sensitive_op
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
- XML_EXTERNAL_ENTITY external_entities
- XML_EXTERNAL_ENTITY unrestricted_dtds
- XML_INJECTION none
- XPATH_INJECTION none
- XSS none
- XSS stored_xss
|
- ANGULAR_BYPASS_SECURITY none
- ANGULAR_ELEMENT_REFERENCE none
- ANGULAR_EXPRESSION_INJECTION none
- ANGULAR_SCE_DISABLED angular_sce_disabled
- AWS_SSL_DISABLED aws_ssl_disabled
- AWS_VALIDATION_DISABLED aws_credentials_validation
- AWS_VALIDATION_DISABLED aws_parameters_validation
- BAD_CERT_VERIFICATION bad_cert_verification
- BAD_CERT_VERIFICATION certificate_validation_disabled
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
- CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
- CONFIG.CORDOVA_EXCESSIVE_LOGGING cordova
- CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_intent_whitelist
- CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_navigation_whitelist
- CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_network_request_whitelist
- CONFIG.CSURF_IGNORE_METHODS csurf_ignore_methods
- CONFIG.HANA_XS_PREVENT_XSRF_DISABLED none
- CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
- CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
- CONFIG.MYSQL_SSL_VERIFY_DISABLED mysql_ssl_verify_disabled
- CONFIG.REQUEST_STRICTSSL_DISABLED request_strictssl_disabled
- CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
- CONFIG.UNSAFE_SESSION_TIMEOUT client_sessions_unsafe_session_timeout
- CONFIG.UNSAFE_SESSION_TIMEOUT connect_mongo_session_timeout_too_long
- CONFIG.UNSAFE_SESSION_TIMEOUT connect_redis_session_timeout_too_long
- CONFIG.UNSAFE_SESSION_TIMEOUT google_cloud_connect_datastore_unsafe_session_timeout
- COOKIE_INJECTION none
- CORS_MISCONFIGURATION cors_configured_globally
- CORS_MISCONFIGURATION cors_origin_string
- CORS_MISCONFIGURATION cors_with_credentials_all_origin
- CORS_MISCONFIGURATION cors_with_credentials_http_origin
- CORS_MISCONFIGURATION cors_with_credentials_null_origin
- CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
- CORS_MISCONFIGURATION_AUDIT cors_expose_sensitive_header
- CORS_MISCONFIGURATION_AUDIT cors_headers_allowed
- CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
- CORS_MISCONFIGURATION_AUDIT cors_origin_string
- CORS_MISCONFIGURATION_AUDIT cors_preflight_age_too_long
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_all_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_http_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_null_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
- CSRF database_update
- CSRF filesystem_modification
- CSRF none
- CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_cookie_name
- CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_no_validation
- CSRF_MISCONFIGURATION_HAPI_CRUMB insecure_cookie
- CSRF_MISCONFIGURATION_HAPI_CRUMB insufficient_token_entropy
- CSS_INJECTION none
- DOM_XSS none
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HEADER_INJECTION none
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_max_age
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_report_uri
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_set_if
- INSECURE_ACL insecure_acl
- INSECURE_COMMUNICATION insecure_connection
- INSECURE_COOKIE client_sessions_express_session
- INSECURE_COOKIE hapi_server_session
- INSECURE_RANDOM insecure_random_used
- INSECURE_RANDOM insecure_random_value
- INSECURE_REFERRER_POLICY insecure_referrer_policy
- INSECURE_SALT hardcoded
- INSUFFICIENT_LOGGING logging_obligation
- INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_aws
- INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_google
- JSONWEBTOKEN_UNTRUSTED_DECODE jwt_untrusted_decode
- LOCALSTORAGE_MANIPULATION none
- MISSING_AUTHZ none
- MULTER_MISCONFIGURATION multer_applied_globally
- MULTER_MISCONFIGURATION multer_custom_file_filter
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
- NOSQL_QUERY_INJECTION none
- OPEN_REDIRECT none
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- REACT_DANGEROUS_INNERHTML react_set_unsafe_html
- REGEX_INJECTION none
- REVERSE_TABNABBING react_target_blank
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO insecure_cipher
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SA.RISKY_CRYPTO ssl_protocol
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SESSIONSTORAGE_MANIPULATION none
- SQLI none
- SQLI nosink
- SQLI sink
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
- TEMPLATE_INJECTION none
- TEMPORARY_CREDENTIALS_DURATION temporary_credentials_duration
- UNCHECKED_ORIGIN none
- UNLESS_CASE_SENSITIVE_ROUTE_MATCHING express_unless_case_sensitive_route_matching
- UNSAFE_BUFFER_METHOD unsafe_buffer_method
- URL_MANIPULATION none
- VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
- WEAK_URL_SANITIZATION hostname_regular_expression
- WEAK_URL_SANITIZATION regular_expression_anchor
- WEAK_URL_SANITIZATION url_substring
- XML_EXTERNAL_ENTITY external_entities
- XSS none
|
- ANDROID_CAPABILITY_LEAK none
- BAD_CERT_VERIFICATION bad_hostname_verifier
- BAD_CERT_VERIFICATION bad_revocation_check
- BAD_CERT_VERIFICATION bad_ssl_session
- BAD_CERT_VERIFICATION bad_trust_manager
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HEADER_INJECTION none
- IMPLICIT_INTENT none
- INSECURE_COMMUNICATION none
- INSECURE_RANDOM insecure_random_used
- INSECURE_RANDOM insecure_random_value
- MISSING_PERMISSION_FOR_BROADCAST none
- MOBILE_ID_MISUSE none
- OS_CMD_INJECTION command_as_array_of_args
- OS_CMD_INJECTION command_as_one_string
- PATH_MANIPULATION none
- PREDICTABLE_RANDOM_SEED random_seed
- PREDICTABLE_RANDOM_SEED secure_random_seed_const
- PREDICTABLE_RANDOM_SEED secure_random_seed_sys_time
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_clipboard
- SENSITIVE_DATA_LEAK cleartext_storage_in_content_provider
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_intent
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- URL_MANIPULATION bad_content_uri
- URL_MANIPULATION bad_intent_uri
- URL_MANIPULATION bad_web_uri
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
- XML_EXTERNAL_ENTITY external_entities
- XML_EXTERNAL_ENTITY unrestricted_dtds
|
- ARRAY_VS_SINGLETON none
- BAD_ALLOC_ARITHMETIC none
- BUFFER_SIZE fixed_size_dest
- BUFFER_SIZE likely_overflow
- BUFFER_SIZE no_null_terminator
- BUFFER_SIZE no_null_terminator_warn
- BUFFER_SIZE none
- BUFFER_SIZE overflow
- BUFFER_SIZE overlapping_buffer
- CHROOT none
- FORMAT_STRING_INJECTION none
- FORMAT_STRING_INJECTION paranoid
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HEADER_INJECTION none
- INCOMPATIBLE_CAST overrun
- INTEGER_OVERFLOW array_index_read
- INTEGER_OVERFLOW array_index_write
- INTEGER_OVERFLOW const_overflow
- INTEGER_OVERFLOW critical_argument
- INTEGER_OVERFLOW none
- INTEGER_OVERFLOW pointer_deref_read
- INTEGER_OVERFLOW pointer_deref_write
- INTEGER_OVERFLOW return_value_error
- INVALIDATE_ITERATOR none
- MISMATCHED_ITERATOR none
- MISMATCHED_ITERATOR splice_iterator_mismatch
- MISSING_ASSIGN none
- MISSING_ASSIGN uncalled
- MISSING_COPY none
- MISSING_COPY uncalled
- NEGATIVE_RETURNS array_index_read
- NEGATIVE_RETURNS array_index_write
- NEGATIVE_RETURNS loop_bound
- OS_CMD_INJECTION none
- OVERFLOW_BEFORE_WIDEN none
- OVERRUN illegal_address
- OVERRUN none
- OVERRUN read
- OVERRUN strlen
- OVERRUN write
- PATH_MANIPULATION none
- READLINK none
- REVERSE_NEGATIVE array_index_read
- REVERSE_NEGATIVE array_index_write
- REVERSE_NEGATIVE critical_argument
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SIZECHECK likely_overflow
- SIZECHECK no_null_terminator
- SQLI none
- STRING_NULL none
- STRING_OVERFLOW fixed_size_dest
- STRING_OVERFLOW likely_overflow
- STRING_OVERFLOW none
- STRING_SIZE none
- TAINTED_SCALAR allocation
- TAINTED_SCALAR array_index_read
- TAINTED_SCALAR array_index_write
- TAINTED_SCALAR critical_argument
- TAINTED_SCALAR divisor
- TAINTED_SCALAR loop_bound
- TAINTED_SCALAR none
- TAINTED_SCALAR pointer_deref_read
- TAINTED_SCALAR pointer_deref_write
- TAINTED_STRING none
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- URL_MANIPULATION none
- USER_POINTER none
- USE_AFTER_FREE deref_read_after_free
- USE_AFTER_FREE deref_write_after_free
- USE_AFTER_FREE double_free
- USE_AFTER_FREE none
- WEAK_GUARD dns
- WEAK_GUARD dns_sensitive_op
- WEAK_GUARD http_referer
- WEAK_GUARD http_referer_sensitive_op
- WEAK_GUARD ip_address
- WEAK_GUARD ip_address_sensitive_op
- WEAK_GUARD none
- WEAK_GUARD os_login
- WEAK_GUARD os_login_sensitive_op
- WEAK_GUARD principal_name
- WEAK_GUARD principal_name_sensitive_op
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
- WRAPPER_ESCAPE COM_deref_read_after_free
- WRAPPER_ESCAPE COM_deref_write_after_free
- WRAPPER_ESCAPE COM_use_after_free
- WRAPPER_ESCAPE deref_read_after_free
- WRAPPER_ESCAPE deref_write_after_free
- WRAPPER_ESCAPE none
- XPATH_INJECTION none
|
- CONFIG.SYMFONY_CSRF_PROTECTION_DISABLED none
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HEADER_INJECTION none
- MISSING_AUTHZ none
- NOSQL_QUERY_INJECTION none
- OPEN_REDIRECT none
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- SYMFONY_EL_INJECTION none
- UNSAFE_REFLECTION none
- XML_EXTERNAL_ENTITY external_entities
- XSS none
|
- CSRF database_update
- CSRF none
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- MISSING_AUTHZ none
- NOSQL_QUERY_INJECTION none
- OPEN_REDIRECT none
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- XML_EXTERNAL_ENTITY external_entities
- XSS none
|
- BAD_CERT_VERIFICATION ssl_verification_bypass_hi
- BLACKLIST_FOR_AUTHN auth_blacklist_med
- BLACKLIST_FOR_AUTHN csrf_blacklist_med
- CSRF csrf_not_protected_by_raising_exception_med
- CSRF csrf_protection_disabled_hi
- CSRF csrf_protection_missing_hi
- CSRF cve_2011_0447_hi
- DYNAMIC_OBJECT_ATTRIBUTES cve_2013_0276_hi
- DYNAMIC_OBJECT_ATTRIBUTES dangerous_attr_accessible_hi
- DYNAMIC_OBJECT_ATTRIBUTES dangerous_attr_accessible_low
- DYNAMIC_OBJECT_ATTRIBUTES dangerous_attr_accessible_med
- DYNAMIC_OBJECT_ATTRIBUTES dangerous_permit_key_hi
- DYNAMIC_OBJECT_ATTRIBUTES dangerous_permit_key_med
- HARDCODED_CREDENTIALS secret_in_source_med
- INSECURE_COOKIE cookie_missing_secure_flag_low
- INSECURE_COOKIE missing_httponly_low
- INSECURE_DIRECT_OBJECT_REFERENCE unscoped_find_low
- OPEN_REDIRECT open_redirect_hi
- OPEN_REDIRECT open_redirect_low
- OS_CMD_INJECTION command_injection_hi
- OS_CMD_INJECTION command_injection_med
- PATH_MANIPULATION dynamic_render_path_hi
- PATH_MANIPULATION dynamic_render_path_low
- PATH_MANIPULATION dynamic_render_path_med
- PATH_MANIPULATION dynamic_render_path_rce_hi
- PATH_MANIPULATION file_access_hi
- PATH_MANIPULATION file_access_low
- PATH_MANIPULATION file_access_med
- RAILS_DEFAULT_ROUTES all_default_routes_hi
- RAILS_DEFAULT_ROUTES controller_default_routes_med
- RAILS_DEVISE_CONFIG devise_encryptor_hi
- RAILS_DEVISE_CONFIG devise_lock_strategy_low
- RAILS_DEVISE_CONFIG devise_password_length_max_low
- RAILS_DEVISE_CONFIG devise_password_length_max_med
- RAILS_DEVISE_CONFIG devise_password_length_min_low
- RAILS_DEVISE_CONFIG devise_password_length_min_med
- RAILS_DEVISE_CONFIG devise_reset_timeout_hi
- RAILS_MISSING_FILTER_ACTION missing_action_filter_low
- REGEX_INJECTION regex_dos_hi
- REGEX_INJECTION regex_dos_low
- REGEX_INJECTION regex_dos_med
- REVERSE_TABNABBING reverse_tabnabbing_low
- RUBY_VULNERABLE_LIBRARY cve_2010_3933_hi
- RUBY_VULNERABLE_LIBRARY cve_2011_2929_hi
- RUBY_VULNERABLE_LIBRARY cve_2011_2930_med
- RUBY_VULNERABLE_LIBRARY cve_2011_2931_hi
- RUBY_VULNERABLE_LIBRARY cve_2011_2932_hi
- RUBY_VULNERABLE_LIBRARY cve_2011_3186_med
- RUBY_VULNERABLE_LIBRARY cve_2012_2660_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_2661_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_2695_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_3463_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_3465_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_5664_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_0155_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_1855_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_1857_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_4491_med
- RUBY_VULNERABLE_LIBRARY cve_2013_6416_call_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_6416_med
- RUBY_VULNERABLE_LIBRARY cve_2013_6417_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_0080_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_0081_call_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_0081_med
- RUBY_VULNERABLE_LIBRARY cve_2014_3482_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_3483_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_low
- RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_med
- RUBY_VULNERABLE_LIBRARY cve_2014_3514_med
- RUBY_VULNERABLE_LIBRARY cve_2014_7829_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_3226_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_3226_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7576_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_7577_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7578_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_7578_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7579_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_7579_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7580_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_7580_med
- RUBY_VULNERABLE_LIBRARY cve_2016_6317_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_3741_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_3741_med
- RUBY_VULNERABLE_LIBRARY cve_2018_3760_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_3760_low
- RUBY_VULNERABLE_LIBRARY cve_2018_8048_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_8048_med
- RUBY_VULNERABLE_LIBRARY safe_buffer_vuln_med
- RUBY_VULNERABLE_LIBRARY select_options_vuln_low
- RUBY_VULNERABLE_LIBRARY select_options_vuln_med
- RUBY_VULNERABLE_LIBRARY translate_vuln_hi
- RUBY_VULNERABLE_LIBRARY translate_vuln_med
- SCRIPT_CODE_INJECTION code_eval_hi
- SCRIPT_CODE_INJECTION code_eval_low
- SENSITIVE_DATA_LEAK detailed_exceptions_hi
- SENSITIVE_DATA_LEAK detailed_exceptions_med
- SENSITIVE_DATA_LEAK local_request_config_hi
- SQLI sql_injection_calculate_hi
- SQLI sql_injection_calculate_low
- SQLI sql_injection_calculate_med
- SQLI sql_injection_connection_hi
- SQLI sql_injection_connection_low
- SQLI sql_injection_connection_med
- SQLI sql_injection_delete_hi
- SQLI sql_injection_delete_low
- SQLI sql_injection_delete_med
- SQLI sql_injection_dynamic_finder_med
- SQLI sql_injection_exists_hi
- SQLI sql_injection_find_by_hi
- SQLI sql_injection_find_hi
- SQLI sql_injection_find_low
- SQLI sql_injection_find_med
- SQLI sql_injection_from_hi
- SQLI sql_injection_from_low
- SQLI sql_injection_from_med
- SQLI sql_injection_group_low
- SQLI sql_injection_group_med
- SQLI sql_injection_having_low
- SQLI sql_injection_having_med
- SQLI sql_injection_hi
- SQLI sql_injection_interp_hi
- SQLI sql_injection_interp_low
- SQLI sql_injection_interp_med
- SQLI sql_injection_joins_hi
- SQLI sql_injection_joins_low
- SQLI sql_injection_joins_med
- SQLI sql_injection_limit_offset_hi
- SQLI sql_injection_limit_offset_low
- SQLI sql_injection_low
- SQLI sql_injection_med
- SQLI sql_injection_not_low
- SQLI sql_injection_order_hi
- SQLI sql_injection_order_low
- SQLI sql_injection_order_med
- SQLI sql_injection_pluck_hi
- SQLI sql_injection_pluck_low
- SQLI sql_injection_pluck_med
- SQLI sql_injection_reorder_hi
- SQLI sql_injection_reorder_low
- SQLI sql_injection_reorder_med
- SQLI sql_injection_select_hi
- SQLI sql_injection_select_med
- SQLI sql_injection_where_hi
- SQLI sql_injection_where_low
- SQLI sql_injection_where_med
- STRICT_TRANSPORT_SECURITY force_ssl_disabled_med
- UNESCAPED_HTML unescaped_output_low
- UNSAFE_BASIC_AUTH basic_auth_password_hi
- UNSAFE_BASIC_AUTH basic_auth_timing_attack_low
- UNSAFE_BASIC_AUTH basic_auth_usage_low
- UNSAFE_REFLECTION dangerous_send_hi
- UNSAFE_REFLECTION unsafe_constantize_hi
- UNSAFE_REFLECTION unsafe_constantize_med
- UNSAFE_SESSION_SETTING http_cookies_hi
- UNSAFE_SESSION_SETTING secure_cookies_hi
- UNSAFE_SESSION_SETTING session_secret_hi
- WEAK_PASSWORD_HASH weak_hash_digest_hi
- WEAK_PASSWORD_HASH weak_hash_digest_med
- WEAK_PASSWORD_HASH weak_hash_hmac_med
- XSS cross_site_scripting_hi
- XSS cross_site_scripting_inline_hi
- XSS cross_site_scripting_inline_med
- XSS cross_site_scripting_low
- XSS cross_site_scripting_med
- XSS cve_2011_0446_hi
- XSS cve_2012_3464_med
- XSS cve_2016_6316_hi
- XSS cve_2016_6316_med
- XSS unquoted_attribute_hi
- XSS unquoted_attribute_low
- XSS unquoted_attribute_med
- XSS xss_content_tag_hi
- XSS xss_content_tag_med
- XSS xss_link_to_hi
- XSS xss_link_to_href_hi
- XSS xss_link_to_href_low
- XSS xss_link_to_med
- XSS xss_to_json_hi
- XSS xss_to_json_med
|
- OVERFLOW_BEFORE_WIDEN none
|
- BAD_CERT_VERIFICATION bad_trust_manager
- BAD_CERT_VERIFICATION none
- CONFIG.ATS_INSECURE none
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- INSECURE_COMMUNICATION none
- INSECURE_MULTIPEER_CONNECTION none
- PATH_MANIPULATION none
- REGEX_INJECTION none
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- WEAK_BIOMETRIC_AUTH none
- XML_EXTERNAL_ENTITY external_entities
- XPATH_INJECTION none
|
- ANGULAR_BYPASS_SECURITY none
- ANGULAR_ELEMENT_REFERENCE none
- ANGULAR_EXPRESSION_INJECTION none
- ANGULAR_SCE_DISABLED angular_sce_disabled
- AWS_SSL_DISABLED aws_ssl_disabled
- AWS_VALIDATION_DISABLED aws_credentials_validation
- AWS_VALIDATION_DISABLED aws_parameters_validation
- BAD_CERT_VERIFICATION bad_cert_verification
- BAD_CERT_VERIFICATION certificate_validation_disabled
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
- CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
- CONFIG.CORDOVA_EXCESSIVE_LOGGING cordova
- CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_intent_whitelist
- CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_navigation_whitelist
- CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_network_request_whitelist
- CONFIG.CSURF_IGNORE_METHODS csurf_ignore_methods
- CONFIG.HANA_XS_PREVENT_XSRF_DISABLED none
- CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
- CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
- CONFIG.MYSQL_SSL_VERIFY_DISABLED mysql_ssl_verify_disabled
- CONFIG.REQUEST_STRICTSSL_DISABLED request_strictssl_disabled
- CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
- CONFIG.UNSAFE_SESSION_TIMEOUT client_sessions_unsafe_session_timeout
- CONFIG.UNSAFE_SESSION_TIMEOUT connect_mongo_session_timeout_too_long
- CONFIG.UNSAFE_SESSION_TIMEOUT connect_redis_session_timeout_too_long
- CONFIG.UNSAFE_SESSION_TIMEOUT google_cloud_connect_datastore_unsafe_session_timeout
- COOKIE_INJECTION none
- CORS_MISCONFIGURATION cors_configured_globally
- CORS_MISCONFIGURATION cors_origin_string
- CORS_MISCONFIGURATION cors_with_credentials_all_origin
- CORS_MISCONFIGURATION cors_with_credentials_http_origin
- CORS_MISCONFIGURATION cors_with_credentials_null_origin
- CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
- CORS_MISCONFIGURATION_AUDIT cors_expose_sensitive_header
- CORS_MISCONFIGURATION_AUDIT cors_headers_allowed
- CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
- CORS_MISCONFIGURATION_AUDIT cors_origin_string
- CORS_MISCONFIGURATION_AUDIT cors_preflight_age_too_long
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_all_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_http_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_null_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
- CSRF database_update
- CSRF filesystem_modification
- CSRF none
- CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_cookie_name
- CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_no_validation
- CSRF_MISCONFIGURATION_HAPI_CRUMB insecure_cookie
- CSRF_MISCONFIGURATION_HAPI_CRUMB insufficient_token_entropy
- CSS_INJECTION none
- DOM_XSS none
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HEADER_INJECTION none
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_max_age
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_report_uri
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_set_if
- INSECURE_ACL insecure_acl
- INSECURE_COMMUNICATION insecure_connection
- INSECURE_COOKIE client_sessions_express_session
- INSECURE_COOKIE hapi_server_session
- INSECURE_RANDOM insecure_random_used
- INSECURE_RANDOM insecure_random_value
- INSECURE_REFERRER_POLICY insecure_referrer_policy
- INSECURE_SALT hardcoded
- INSUFFICIENT_LOGGING logging_obligation
- INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_aws
- INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_google
- JSONWEBTOKEN_UNTRUSTED_DECODE jwt_untrusted_decode
- LOCALSTORAGE_MANIPULATION none
- MISSING_AUTHZ none
- MULTER_MISCONFIGURATION multer_applied_globally
- MULTER_MISCONFIGURATION multer_custom_file_filter
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
- NOSQL_QUERY_INJECTION none
- OPEN_REDIRECT none
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- REACT_DANGEROUS_INNERHTML react_set_unsafe_html
- REGEX_INJECTION none
- REVERSE_TABNABBING react_target_blank
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO insecure_cipher
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SA.RISKY_CRYPTO ssl_protocol
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SESSIONSTORAGE_MANIPULATION none
- SQLI none
- SQLI nosink
- SQLI sink
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
- TEMPLATE_INJECTION none
- TEMPORARY_CREDENTIALS_DURATION temporary_credentials_duration
- UNCHECKED_ORIGIN none
- UNLESS_CASE_SENSITIVE_ROUTE_MATCHING express_unless_case_sensitive_route_matching
- UNSAFE_BUFFER_METHOD unsafe_buffer_method
- URL_MANIPULATION none
- VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
- WEAK_URL_SANITIZATION hostname_regular_expression
- WEAK_URL_SANITIZATION regular_expression_anchor
- WEAK_URL_SANITIZATION url_substring
- XML_EXTERNAL_ENTITY external_entities
- XSS none
|
- CSRF database_update
- CSRF filesystem_modification
- CSRF none
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HEADER_INJECTION none
- INSECURE_RANDOM insecure_random_used
- INSECURE_RANDOM insecure_random_value
- LDAP_INJECTION none
- LDAP_NOT_CONSTANT none
- LOG_INJECTION none
- MISSING_AUTHZ none
- OPEN_REDIRECT none
- OS_CMD_INJECTION command_argument
- OS_CMD_INJECTION executable_file
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- REGEX_INJECTION none
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
- UNLOGGED_SECURITY_EXCEPTION unlogged_security_exception
- UNRESTRICTED_DISPATCH none
- UNSAFE_NAMED_QUERY none
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
- XML_EXTERNAL_ENTITY external_entities
- XML_EXTERNAL_ENTITY unrestricted_dtds
- XML_INJECTION none
- XPATH_INJECTION none
- XSS none
- XSS stored_xss
|
| 255 Credentials Management Errors |
- CONFIG.CONNECTION_STRING_PASSWORD none
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
|
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
|
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
|
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_transmission
|
- CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
- CONFIG.SPRING_SECURITY_HARDCODED_CREDENTIALS none
- CONFIG.SPRING_SECURITY_REMEMBER_ME_HARDCODED_KEY none
- CONFIG.SPRING_SECURITY_WEAK_PASSWORD_HASH weak_encoding_for_password
- FB.DMI_CONSTANT_DB_PASSWORD none
- FB.DMI_EMPTY_DB_PASSWORD none
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- INSECURE_COMMUNICATION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
|
- AWS_SSL_DISABLED aws_ssl_disabled
- CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
- CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
- CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- INSECURE_COMMUNICATION insecure_connection
- INSECURE_SALT hardcoded
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_transmission
|
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- INSECURE_COMMUNICATION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
|
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
|
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_transmission
|
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_transmission
|
- HARDCODED_CREDENTIALS secret_in_source_med
- RAILS_DEVISE_CONFIG devise_encryptor_hi
- RAILS_DEVISE_CONFIG devise_password_length_max_low
- RAILS_DEVISE_CONFIG devise_password_length_max_med
- RAILS_DEVISE_CONFIG devise_password_length_min_low
- RAILS_DEVISE_CONFIG devise_password_length_min_med
- RAILS_DEVISE_CONFIG devise_reset_timeout_hi
- STRICT_TRANSPORT_SECURITY force_ssl_disabled_med
- UNSAFE_BASIC_AUTH basic_auth_password_hi
- UNSAFE_SESSION_SETTING session_secret_hi
- WEAK_PASSWORD_HASH weak_hash_digest_hi
- WEAK_PASSWORD_HASH weak_hash_digest_med
- WEAK_PASSWORD_HASH weak_hash_hmac_med
|
|
- CONFIG.ATS_INSECURE none
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- INSECURE_COMMUNICATION none
- INSECURE_MULTIPEER_CONNECTION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
|
- AWS_SSL_DISABLED aws_ssl_disabled
- CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
- CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
- CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- INSECURE_COMMUNICATION insecure_connection
- INSECURE_SALT hardcoded
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_transmission
|
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_transmission
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
|
| 256 Unprotected Storage of Credentials |
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
|
|
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
|
| 257 Storing Passwords in a Recoverable Format |
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
|
|
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
|
| 258 Empty Password in Configuration File |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 259 Use of Hard-coded Password |
- CONFIG.CONNECTION_STRING_PASSWORD none
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
|
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
|
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
|
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
|
- FB.DMI_CONSTANT_DB_PASSWORD none
- FB.DMI_EMPTY_DB_PASSWORD none
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
|
|
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
|
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
|
|
|
- HARDCODED_CREDENTIALS secret_in_source_med
|
|
|
|
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
|
| 260 Password in Configuration File |
- CONFIG.CONNECTION_STRING_PASSWORD none
|
|
|
|
- CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
|
- CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
- CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
|
|
|
|
|
|
|
|
- CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
- CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
|
|
| 261 Weak Encoding for Password |
|
|
|
|
- CONFIG.SPRING_SECURITY_WEAK_PASSWORD_HASH weak_encoding_for_password
|
|
|
|
|
|
|
|
|
|
|
| 262 Not Using Password Aging |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 263 Password Aging with Long Expiration |
|
|
|
|
|
|
|
|
|
|
- RAILS_DEVISE_CONFIG devise_reset_timeout_hi
|
|
|
|
|
| 264 Permissions, Privileges, and Access Controls |
- CONFIG.CONNECTION_STRING_PASSWORD none
- CONFIG.DEAD_AUTHORIZATION_RULE dead_allow_rule
- CONFIG.DEAD_AUTHORIZATION_RULE dead_deny_rule
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HEADER_INJECTION none
- INSECURE_COOKIE dotnet
- MISSING_AUTHZ none
- OPEN_REDIRECT none
- RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- UNRESTRICTED_DISPATCH none
- UNSAFE_NAMED_QUERY none
- XML_EXTERNAL_ENTITY external_entities
- XML_EXTERNAL_ENTITY unrestricted_dtds
|
- CHROOT none
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- URL_MANIPULATION none
- WEAK_GUARD dns
- WEAK_GUARD dns_sensitive_op
- WEAK_GUARD http_referer
- WEAK_GUARD http_referer_sensitive_op
- WEAK_GUARD ip_address
- WEAK_GUARD ip_address_sensitive_op
- WEAK_GUARD none
- WEAK_GUARD os_login
- WEAK_GUARD os_login_sensitive_op
- WEAK_GUARD principal_name
- WEAK_GUARD principal_name_sensitive_op
|
- CHROOT none
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- URL_MANIPULATION none
- WEAK_GUARD dns
- WEAK_GUARD dns_sensitive_op
- WEAK_GUARD http_referer
- WEAK_GUARD http_referer_sensitive_op
- WEAK_GUARD ip_address
- WEAK_GUARD ip_address_sensitive_op
- WEAK_GUARD none
- WEAK_GUARD os_login
- WEAK_GUARD os_login_sensitive_op
- WEAK_GUARD principal_name
- WEAK_GUARD principal_name_sensitive_op
|
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- OPEN_REDIRECT none
- RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- URL_MANIPULATION none
- XML_EXTERNAL_ENTITY external_entities
|
- ANDROID_CAPABILITY_LEAK none
- ANDROID_WEBVIEW_FILEACCESS android_webview_file_access
- BAD_CERT_VERIFICATION bad_hostname_verifier
- BAD_CERT_VERIFICATION bad_revocation_check
- BAD_CERT_VERIFICATION bad_ssl_session
- BAD_CERT_VERIFICATION bad_trust_manager
- CALL_SUPER clone
- CONFIG.DWR_DEBUG_MODE none
- CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
- CONFIG.JAVAEE_MISSING_SERVLET_MAPPING javaee
- CONFIG.MISSING_JSF2_SECURITY_CONSTRAINT none
- CONFIG.MYBATIS_MAPPER_SQLI none
- CONFIG.SPRING_BOOT_SSL_DISABLED spring_boot_certificate_validation_skipped
- CONFIG.SPRING_SECURITY_DISABLE_AUTH_TAGS none
- CONFIG.SPRING_SECURITY_HARDCODED_CREDENTIALS none
- CONFIG.SPRING_SECURITY_REMEMBER_ME_HARDCODED_KEY none
- CONFIG.SPRING_SECURITY_SESSION_FIXATION none
- CONFIG.SPRING_SECURITY_SESSION_FIXATION spring_security_source_code
- CONFIG.SPRING_SECURITY_WEAK_PASSWORD_HASH weak_encoding_for_password
- CONFIG.STRUTS2_CONFIG_BROWSER_PLUGIN none
- CONFIG.STRUTS2_DYNAMIC_METHOD_INVOCATION none
- CONFIG.STRUTS2_ENABLED_DEV_MODE none
- CONFIG.UNSAFE_SESSION_TIMEOUT none
- CORS_MISCONFIGURATION cors_with_credentials_http_origin
- CORS_MISCONFIGURATION cors_with_credentials_null_origin
- CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
- CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
- FB.CN_IDIOM none
- FB.CN_IDIOM_NO_SUPER_CALL none
- FB.CN_IMPLEMENTS_CLONE_BUT_NOT_CLONEABLE none
- FB.DMI_CONSTANT_DB_PASSWORD none
- FB.DMI_EMPTY_DB_PASSWORD none
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HEADER_INJECTION none
- IMPLICIT_INTENT none
- INSECURE_COMMUNICATION none
- INSECURE_REMEMBER_ME_COOKIE remember_me_cookie
- JSP_DYNAMIC_INCLUDE none
- JSP_SQL_INJECTION none
- MISSING_AUTHZ none
- MISSING_PERMISSION_FOR_BROADCAST none
- MISSING_PERMISSION_ON_EXPORTED_COMPONENT none
- OPEN_REDIRECT none
- RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_intent
- SENSITIVE_DATA_LEAK cleartext_transmission
- SESSION_FIXATION none
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
- TRUST_BOUNDARY_VIOLATION none
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- UNRESTRICTED_DISPATCH none
- UNSAFE_JNI none
- UNSAFE_NAMED_QUERY none
- UNSAFE_REFLECTION none
- URL_MANIPULATION bad_content_uri
- URL_MANIPULATION bad_intent_uri
- URL_MANIPULATION bad_web_uri
- WEAK_GUARD dns
- WEAK_GUARD dns_sensitive_op
- WEAK_GUARD http_referer
- WEAK_GUARD http_referer_sensitive_op
- WEAK_GUARD ip_address
- WEAK_GUARD ip_address_sensitive_op
- WEAK_GUARD none
- WEAK_GUARD os_login
- WEAK_GUARD os_login_sensitive_op
- WEAK_GUARD principal_name
- WEAK_GUARD principal_name_sensitive_op
- XML_EXTERNAL_ENTITY external_entities
- XML_EXTERNAL_ENTITY unrestricted_dtds
|
- AWS_SSL_DISABLED aws_ssl_disabled
- AWS_VALIDATION_DISABLED aws_credentials_validation
- AWS_VALIDATION_DISABLED aws_parameters_validation
- BAD_CERT_VERIFICATION bad_cert_verification
- BAD_CERT_VERIFICATION certificate_validation_disabled
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
- CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
- CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
- CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
- CONFIG.REQUEST_STRICTSSL_DISABLED request_strictssl_disabled
- CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
- CONFIG.UNSAFE_SESSION_TIMEOUT client_sessions_unsafe_session_timeout
- CONFIG.UNSAFE_SESSION_TIMEOUT connect_mongo_session_timeout_too_long
- CONFIG.UNSAFE_SESSION_TIMEOUT connect_redis_session_timeout_too_long
- CONFIG.UNSAFE_SESSION_TIMEOUT google_cloud_connect_datastore_unsafe_session_timeout
- CORS_MISCONFIGURATION cors_with_credentials_all_origin
- CORS_MISCONFIGURATION cors_with_credentials_http_origin
- CORS_MISCONFIGURATION cors_with_credentials_null_origin
- CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
- CORS_MISCONFIGURATION_AUDIT cors_headers_allowed
- CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
- CORS_MISCONFIGURATION_AUDIT cors_preflight_age_too_long
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_all_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_http_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_null_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_max_age
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_set_if
- INSECURE_ACL insecure_acl
- INSECURE_COMMUNICATION insecure_connection
- INSECURE_COOKIE client_sessions_express_session
- INSECURE_COOKIE hapi_server_session
- INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_aws
- INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_google
- MISSING_AUTHZ none
- MULTER_MISCONFIGURATION multer_applied_globally
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
- OPEN_REDIRECT none
- REVERSE_TABNABBING react_target_blank
- RISKY_CRYPTO ssl_protocol
- SA.RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- TEMPORARY_CREDENTIALS_DURATION temporary_credentials_duration
- UNCHECKED_ORIGIN none
- UNLESS_CASE_SENSITIVE_ROUTE_MATCHING express_unless_case_sensitive_route_matching
- URL_MANIPULATION none
- WEAK_URL_SANITIZATION hostname_regular_expression
- WEAK_URL_SANITIZATION regular_expression_anchor
- WEAK_URL_SANITIZATION url_substring
- XML_EXTERNAL_ENTITY external_entities
|
- ANDROID_CAPABILITY_LEAK none
- BAD_CERT_VERIFICATION bad_hostname_verifier
- BAD_CERT_VERIFICATION bad_revocation_check
- BAD_CERT_VERIFICATION bad_ssl_session
- BAD_CERT_VERIFICATION bad_trust_manager
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HEADER_INJECTION none
- IMPLICIT_INTENT none
- INSECURE_COMMUNICATION none
- MISSING_PERMISSION_FOR_BROADCAST none
- RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_intent
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- URL_MANIPULATION bad_content_uri
- URL_MANIPULATION bad_intent_uri
- URL_MANIPULATION bad_web_uri
- XML_EXTERNAL_ENTITY external_entities
- XML_EXTERNAL_ENTITY unrestricted_dtds
|
- CHROOT none
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- URL_MANIPULATION none
- WEAK_GUARD dns
- WEAK_GUARD dns_sensitive_op
- WEAK_GUARD http_referer
- WEAK_GUARD http_referer_sensitive_op
- WEAK_GUARD ip_address
- WEAK_GUARD ip_address_sensitive_op
- WEAK_GUARD none
- WEAK_GUARD os_login
- WEAK_GUARD os_login_sensitive_op
- WEAK_GUARD principal_name
- WEAK_GUARD principal_name_sensitive_op
|
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HEADER_INJECTION none
- MISSING_AUTHZ none
- OPEN_REDIRECT none
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- UNSAFE_REFLECTION none
- XML_EXTERNAL_ENTITY external_entities
|
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- MISSING_AUTHZ none
- OPEN_REDIRECT none
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- XML_EXTERNAL_ENTITY external_entities
|
- BAD_CERT_VERIFICATION ssl_verification_bypass_hi
- HARDCODED_CREDENTIALS secret_in_source_med
- INSECURE_COOKIE missing_httponly_low
- INSECURE_DIRECT_OBJECT_REFERENCE unscoped_find_low
- OPEN_REDIRECT open_redirect_hi
- OPEN_REDIRECT open_redirect_low
- RAILS_DEFAULT_ROUTES all_default_routes_hi
- RAILS_DEFAULT_ROUTES controller_default_routes_med
- RAILS_DEVISE_CONFIG devise_lock_strategy_low
- RAILS_DEVISE_CONFIG devise_password_length_max_low
- RAILS_DEVISE_CONFIG devise_password_length_max_med
- RAILS_DEVISE_CONFIG devise_password_length_min_low
- RAILS_DEVISE_CONFIG devise_password_length_min_med
- RAILS_DEVISE_CONFIG devise_reset_timeout_hi
- RAILS_MISSING_FILTER_ACTION missing_action_filter_low
- REVERSE_TABNABBING reverse_tabnabbing_low
- RUBY_VULNERABLE_LIBRARY cve_2014_7829_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_7576_hi
- STRICT_TRANSPORT_SECURITY force_ssl_disabled_med
- UNSAFE_BASIC_AUTH basic_auth_password_hi
- UNSAFE_BASIC_AUTH basic_auth_timing_attack_low
- UNSAFE_BASIC_AUTH basic_auth_usage_low
- UNSAFE_REFLECTION dangerous_send_hi
- UNSAFE_REFLECTION unsafe_constantize_hi
- UNSAFE_REFLECTION unsafe_constantize_med
- UNSAFE_SESSION_SETTING http_cookies_hi
- UNSAFE_SESSION_SETTING session_secret_hi
|
|
- BAD_CERT_VERIFICATION bad_trust_manager
- BAD_CERT_VERIFICATION none
- CONFIG.ATS_INSECURE none
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- INSECURE_COMMUNICATION none
- INSECURE_MULTIPEER_CONNECTION none
- RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- WEAK_BIOMETRIC_AUTH none
- XML_EXTERNAL_ENTITY external_entities
|
- AWS_SSL_DISABLED aws_ssl_disabled
- AWS_VALIDATION_DISABLED aws_credentials_validation
- AWS_VALIDATION_DISABLED aws_parameters_validation
- BAD_CERT_VERIFICATION bad_cert_verification
- BAD_CERT_VERIFICATION certificate_validation_disabled
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
- CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
- CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
- CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
- CONFIG.REQUEST_STRICTSSL_DISABLED request_strictssl_disabled
- CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
- CONFIG.UNSAFE_SESSION_TIMEOUT client_sessions_unsafe_session_timeout
- CONFIG.UNSAFE_SESSION_TIMEOUT connect_mongo_session_timeout_too_long
- CONFIG.UNSAFE_SESSION_TIMEOUT connect_redis_session_timeout_too_long
- CONFIG.UNSAFE_SESSION_TIMEOUT google_cloud_connect_datastore_unsafe_session_timeout
- CORS_MISCONFIGURATION cors_with_credentials_all_origin
- CORS_MISCONFIGURATION cors_with_credentials_http_origin
- CORS_MISCONFIGURATION cors_with_credentials_null_origin
- CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
- CORS_MISCONFIGURATION_AUDIT cors_headers_allowed
- CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
- CORS_MISCONFIGURATION_AUDIT cors_preflight_age_too_long
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_all_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_http_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_null_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_max_age
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_set_if
- INSECURE_ACL insecure_acl
- INSECURE_COMMUNICATION insecure_connection
- INSECURE_COOKIE client_sessions_express_session
- INSECURE_COOKIE hapi_server_session
- INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_aws
- INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_google
- MISSING_AUTHZ none
- MULTER_MISCONFIGURATION multer_applied_globally
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
- OPEN_REDIRECT none
- REVERSE_TABNABBING react_target_blank
- RISKY_CRYPTO ssl_protocol
- SA.RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- TEMPORARY_CREDENTIALS_DURATION temporary_credentials_duration
- UNCHECKED_ORIGIN none
- UNLESS_CASE_SENSITIVE_ROUTE_MATCHING express_unless_case_sensitive_route_matching
- URL_MANIPULATION none
- WEAK_URL_SANITIZATION hostname_regular_expression
- WEAK_URL_SANITIZATION regular_expression_anchor
- WEAK_URL_SANITIZATION url_substring
- XML_EXTERNAL_ENTITY external_entities
|
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HEADER_INJECTION none
- MISSING_AUTHZ none
- OPEN_REDIRECT none
- RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
- UNRESTRICTED_DISPATCH none
- UNSAFE_NAMED_QUERY none
- XML_EXTERNAL_ENTITY external_entities
- XML_EXTERNAL_ENTITY unrestricted_dtds
|
| 265 Privilege Issues |
- HEADER_INJECTION none
- OPEN_REDIRECT none
- UNRESTRICTED_DISPATCH none
- UNSAFE_NAMED_QUERY none
- XML_EXTERNAL_ENTITY external_entities
- XML_EXTERNAL_ENTITY unrestricted_dtds
|
- CHROOT none
- URL_MANIPULATION none
|
- CHROOT none
- URL_MANIPULATION none
|
- OPEN_REDIRECT none
- URL_MANIPULATION none
- XML_EXTERNAL_ENTITY external_entities
|
- CALL_SUPER clone
- FB.CN_IDIOM none
- FB.CN_IDIOM_NO_SUPER_CALL none
- FB.CN_IMPLEMENTS_CLONE_BUT_NOT_CLONEABLE none
- HEADER_INJECTION none
- JSP_DYNAMIC_INCLUDE none
- OPEN_REDIRECT none
- TRUST_BOUNDARY_VIOLATION none
- UNRESTRICTED_DISPATCH none
- UNSAFE_JNI none
- UNSAFE_NAMED_QUERY none
- UNSAFE_REFLECTION none
- URL_MANIPULATION bad_content_uri
- URL_MANIPULATION bad_intent_uri
- URL_MANIPULATION bad_web_uri
- XML_EXTERNAL_ENTITY external_entities
- XML_EXTERNAL_ENTITY unrestricted_dtds
|
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
- OPEN_REDIRECT none
- REVERSE_TABNABBING react_target_blank
- URL_MANIPULATION none
- XML_EXTERNAL_ENTITY external_entities
|
- HEADER_INJECTION none
- URL_MANIPULATION bad_content_uri
- URL_MANIPULATION bad_intent_uri
- URL_MANIPULATION bad_web_uri
- XML_EXTERNAL_ENTITY external_entities
- XML_EXTERNAL_ENTITY unrestricted_dtds
|
- CHROOT none
- URL_MANIPULATION none
|
- HEADER_INJECTION none
- OPEN_REDIRECT none
- UNSAFE_REFLECTION none
- XML_EXTERNAL_ENTITY external_entities
|
- OPEN_REDIRECT none
- XML_EXTERNAL_ENTITY external_entities
|
- OPEN_REDIRECT open_redirect_hi
- OPEN_REDIRECT open_redirect_low
- REVERSE_TABNABBING reverse_tabnabbing_low
- RUBY_VULNERABLE_LIBRARY cve_2014_7829_hi
- UNSAFE_REFLECTION dangerous_send_hi
- UNSAFE_REFLECTION unsafe_constantize_hi
- UNSAFE_REFLECTION unsafe_constantize_med
|
|
- XML_EXTERNAL_ENTITY external_entities
|
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
- OPEN_REDIRECT none
- REVERSE_TABNABBING react_target_blank
- URL_MANIPULATION none
- XML_EXTERNAL_ENTITY external_entities
|
- HEADER_INJECTION none
- OPEN_REDIRECT none
- UNRESTRICTED_DISPATCH none
- UNSAFE_NAMED_QUERY none
- XML_EXTERNAL_ENTITY external_entities
- XML_EXTERNAL_ENTITY unrestricted_dtds
|
| 266 Incorrect Privilege Assignment |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 267 Privilege Defined With Unsafe Actions |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 268 Privilege Chaining |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 269 Improper Privilege Management |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 270 Privilege Context Switching Error |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 271 Privilege Dropping / Lowering Errors |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 272 Least Privilege Violation |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 273 Improper Check for Dropped Privileges |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 274 Improper Handling of Insufficient Privileges |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 275 Permission Issues |
|
|
|
|
|
- INSECURE_ACL insecure_acl
- INSECURE_COOKIE client_sessions_express_session
- INSECURE_COOKIE hapi_server_session
|
|
|
|
|
- INSECURE_COOKIE missing_httponly_low
- UNSAFE_SESSION_SETTING http_cookies_hi
|
|
|
- INSECURE_ACL insecure_acl
- INSECURE_COOKIE client_sessions_express_session
- INSECURE_COOKIE hapi_server_session
|
|
| 276 Incorrect Default Permissions |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 277 Insecure Inherited Permissions |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 278 Insecure Preserved Inherited Permissions |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 279 Incorrect Execution-Assigned Permissions |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 280 Improper Handling of Insufficient Permissions or Privileges |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 281 Improper Preservation of Permissions |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 282 Improper Ownership Management |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 283 Unverified Ownership |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 284 Improper Access Control |
- CONFIG.CONNECTION_STRING_PASSWORD none
- CONFIG.DEAD_AUTHORIZATION_RULE dead_allow_rule
- CONFIG.DEAD_AUTHORIZATION_RULE dead_deny_rule
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- INSECURE_COOKIE dotnet
- MISSING_AUTHZ none
- RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
|
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- WEAK_GUARD dns
- WEAK_GUARD dns_sensitive_op
- WEAK_GUARD http_referer
- WEAK_GUARD http_referer_sensitive_op
- WEAK_GUARD ip_address
- WEAK_GUARD ip_address_sensitive_op
- WEAK_GUARD none
- WEAK_GUARD os_login
- WEAK_GUARD os_login_sensitive_op
- WEAK_GUARD principal_name
- WEAK_GUARD principal_name_sensitive_op
|
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- WEAK_GUARD dns
- WEAK_GUARD dns_sensitive_op
- WEAK_GUARD http_referer
- WEAK_GUARD http_referer_sensitive_op
- WEAK_GUARD ip_address
- WEAK_GUARD ip_address_sensitive_op
- WEAK_GUARD none
- WEAK_GUARD os_login
- WEAK_GUARD os_login_sensitive_op
- WEAK_GUARD principal_name
- WEAK_GUARD principal_name_sensitive_op
|
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
|
- ANDROID_CAPABILITY_LEAK none
- ANDROID_WEBVIEW_FILEACCESS android_webview_file_access
- BAD_CERT_VERIFICATION bad_hostname_verifier
- BAD_CERT_VERIFICATION bad_revocation_check
- BAD_CERT_VERIFICATION bad_ssl_session
- BAD_CERT_VERIFICATION bad_trust_manager
- CONFIG.DWR_DEBUG_MODE none
- CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
- CONFIG.JAVAEE_MISSING_SERVLET_MAPPING javaee
- CONFIG.MISSING_JSF2_SECURITY_CONSTRAINT none
- CONFIG.MYBATIS_MAPPER_SQLI none
- CONFIG.SPRING_BOOT_SSL_DISABLED spring_boot_certificate_validation_skipped
- CONFIG.SPRING_SECURITY_DISABLE_AUTH_TAGS none
- CONFIG.SPRING_SECURITY_HARDCODED_CREDENTIALS none
- CONFIG.SPRING_SECURITY_REMEMBER_ME_HARDCODED_KEY none
- CONFIG.SPRING_SECURITY_SESSION_FIXATION none
- CONFIG.SPRING_SECURITY_SESSION_FIXATION spring_security_source_code
- CONFIG.SPRING_SECURITY_WEAK_PASSWORD_HASH weak_encoding_for_password
- CONFIG.STRUTS2_CONFIG_BROWSER_PLUGIN none
- CONFIG.STRUTS2_DYNAMIC_METHOD_INVOCATION none
- CONFIG.STRUTS2_ENABLED_DEV_MODE none
- CONFIG.UNSAFE_SESSION_TIMEOUT none
- CORS_MISCONFIGURATION cors_with_credentials_http_origin
- CORS_MISCONFIGURATION cors_with_credentials_null_origin
- CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
- CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
- FB.DMI_CONSTANT_DB_PASSWORD none
- FB.DMI_EMPTY_DB_PASSWORD none
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- IMPLICIT_INTENT none
- INSECURE_COMMUNICATION none
- INSECURE_REMEMBER_ME_COOKIE remember_me_cookie
- JSP_SQL_INJECTION none
- MISSING_AUTHZ none
- MISSING_PERMISSION_FOR_BROADCAST none
- MISSING_PERMISSION_ON_EXPORTED_COMPONENT none
- RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_intent
- SENSITIVE_DATA_LEAK cleartext_transmission
- SESSION_FIXATION none
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- WEAK_GUARD dns
- WEAK_GUARD dns_sensitive_op
- WEAK_GUARD http_referer
- WEAK_GUARD http_referer_sensitive_op
- WEAK_GUARD ip_address
- WEAK_GUARD ip_address_sensitive_op
- WEAK_GUARD none
- WEAK_GUARD os_login
- WEAK_GUARD os_login_sensitive_op
- WEAK_GUARD principal_name
- WEAK_GUARD principal_name_sensitive_op
|
- AWS_SSL_DISABLED aws_ssl_disabled
- AWS_VALIDATION_DISABLED aws_credentials_validation
- AWS_VALIDATION_DISABLED aws_parameters_validation
- BAD_CERT_VERIFICATION bad_cert_verification
- BAD_CERT_VERIFICATION certificate_validation_disabled
- CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
- CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
- CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
- CONFIG.REQUEST_STRICTSSL_DISABLED request_strictssl_disabled
- CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
- CONFIG.UNSAFE_SESSION_TIMEOUT client_sessions_unsafe_session_timeout
- CONFIG.UNSAFE_SESSION_TIMEOUT connect_mongo_session_timeout_too_long
- CONFIG.UNSAFE_SESSION_TIMEOUT connect_redis_session_timeout_too_long
- CONFIG.UNSAFE_SESSION_TIMEOUT google_cloud_connect_datastore_unsafe_session_timeout
- CORS_MISCONFIGURATION cors_with_credentials_all_origin
- CORS_MISCONFIGURATION cors_with_credentials_http_origin
- CORS_MISCONFIGURATION cors_with_credentials_null_origin
- CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
- CORS_MISCONFIGURATION_AUDIT cors_headers_allowed
- CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
- CORS_MISCONFIGURATION_AUDIT cors_preflight_age_too_long
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_all_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_http_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_null_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_max_age
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_set_if
- INSECURE_ACL insecure_acl
- INSECURE_COMMUNICATION insecure_connection
- INSECURE_COOKIE client_sessions_express_session
- INSECURE_COOKIE hapi_server_session
- INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_aws
- INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_google
- MISSING_AUTHZ none
- MULTER_MISCONFIGURATION multer_applied_globally
- RISKY_CRYPTO ssl_protocol
- SA.RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- TEMPORARY_CREDENTIALS_DURATION temporary_credentials_duration
- UNCHECKED_ORIGIN none
- UNLESS_CASE_SENSITIVE_ROUTE_MATCHING express_unless_case_sensitive_route_matching
- WEAK_URL_SANITIZATION hostname_regular_expression
- WEAK_URL_SANITIZATION regular_expression_anchor
- WEAK_URL_SANITIZATION url_substring
|
- ANDROID_CAPABILITY_LEAK none
- BAD_CERT_VERIFICATION bad_hostname_verifier
- BAD_CERT_VERIFICATION bad_revocation_check
- BAD_CERT_VERIFICATION bad_ssl_session
- BAD_CERT_VERIFICATION bad_trust_manager
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- IMPLICIT_INTENT none
- INSECURE_COMMUNICATION none
- MISSING_PERMISSION_FOR_BROADCAST none
- RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_intent
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
|
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- WEAK_GUARD dns
- WEAK_GUARD dns_sensitive_op
- WEAK_GUARD http_referer
- WEAK_GUARD http_referer_sensitive_op
- WEAK_GUARD ip_address
- WEAK_GUARD ip_address_sensitive_op
- WEAK_GUARD none
- WEAK_GUARD os_login
- WEAK_GUARD os_login_sensitive_op
- WEAK_GUARD principal_name
- WEAK_GUARD principal_name_sensitive_op
|
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- MISSING_AUTHZ none
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
|
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- MISSING_AUTHZ none
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
|
- BAD_CERT_VERIFICATION ssl_verification_bypass_hi
- HARDCODED_CREDENTIALS secret_in_source_med
- INSECURE_COOKIE missing_httponly_low
- INSECURE_DIRECT_OBJECT_REFERENCE unscoped_find_low
- RAILS_DEFAULT_ROUTES all_default_routes_hi
- RAILS_DEFAULT_ROUTES controller_default_routes_med
- RAILS_DEVISE_CONFIG devise_lock_strategy_low
- RAILS_DEVISE_CONFIG devise_password_length_max_low
- RAILS_DEVISE_CONFIG devise_password_length_max_med
- RAILS_DEVISE_CONFIG devise_password_length_min_low
- RAILS_DEVISE_CONFIG devise_password_length_min_med
- RAILS_DEVISE_CONFIG devise_reset_timeout_hi
- RAILS_MISSING_FILTER_ACTION missing_action_filter_low
- RUBY_VULNERABLE_LIBRARY cve_2015_7576_hi
- STRICT_TRANSPORT_SECURITY force_ssl_disabled_med
- UNSAFE_BASIC_AUTH basic_auth_password_hi
- UNSAFE_BASIC_AUTH basic_auth_timing_attack_low
- UNSAFE_BASIC_AUTH basic_auth_usage_low
- UNSAFE_SESSION_SETTING http_cookies_hi
- UNSAFE_SESSION_SETTING session_secret_hi
|
|
- BAD_CERT_VERIFICATION bad_trust_manager
- BAD_CERT_VERIFICATION none
- CONFIG.ATS_INSECURE none
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- INSECURE_COMMUNICATION none
- INSECURE_MULTIPEER_CONNECTION none
- RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- WEAK_BIOMETRIC_AUTH none
|
- AWS_SSL_DISABLED aws_ssl_disabled
- AWS_VALIDATION_DISABLED aws_credentials_validation
- AWS_VALIDATION_DISABLED aws_parameters_validation
- BAD_CERT_VERIFICATION bad_cert_verification
- BAD_CERT_VERIFICATION certificate_validation_disabled
- CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
- CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
- CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
- CONFIG.REQUEST_STRICTSSL_DISABLED request_strictssl_disabled
- CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
- CONFIG.UNSAFE_SESSION_TIMEOUT client_sessions_unsafe_session_timeout
- CONFIG.UNSAFE_SESSION_TIMEOUT connect_mongo_session_timeout_too_long
- CONFIG.UNSAFE_SESSION_TIMEOUT connect_redis_session_timeout_too_long
- CONFIG.UNSAFE_SESSION_TIMEOUT google_cloud_connect_datastore_unsafe_session_timeout
- CORS_MISCONFIGURATION cors_with_credentials_all_origin
- CORS_MISCONFIGURATION cors_with_credentials_http_origin
- CORS_MISCONFIGURATION cors_with_credentials_null_origin
- CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
- CORS_MISCONFIGURATION_AUDIT cors_headers_allowed
- CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
- CORS_MISCONFIGURATION_AUDIT cors_preflight_age_too_long
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_all_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_http_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_null_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_max_age
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_set_if
- INSECURE_ACL insecure_acl
- INSECURE_COMMUNICATION insecure_connection
- INSECURE_COOKIE client_sessions_express_session
- INSECURE_COOKIE hapi_server_session
- INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_aws
- INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_google
- MISSING_AUTHZ none
- MULTER_MISCONFIGURATION multer_applied_globally
- RISKY_CRYPTO ssl_protocol
- SA.RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- TEMPORARY_CREDENTIALS_DURATION temporary_credentials_duration
- UNCHECKED_ORIGIN none
- UNLESS_CASE_SENSITIVE_ROUTE_MATCHING express_unless_case_sensitive_route_matching
- WEAK_URL_SANITIZATION hostname_regular_expression
- WEAK_URL_SANITIZATION regular_expression_anchor
- WEAK_URL_SANITIZATION url_substring
|
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- MISSING_AUTHZ none
- RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
|
| 285 Improper Authorization |
- CONFIG.DEAD_AUTHORIZATION_RULE dead_allow_rule
- CONFIG.DEAD_AUTHORIZATION_RULE dead_deny_rule
- INSECURE_COOKIE dotnet
- MISSING_AUTHZ none
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
|
|
|
- SQLI none
- SQLI nosink
- SQLI sink
|
- ANDROID_CAPABILITY_LEAK none
- CONFIG.DWR_DEBUG_MODE none
- CONFIG.JAVAEE_MISSING_SERVLET_MAPPING javaee
- CONFIG.MISSING_JSF2_SECURITY_CONSTRAINT none
- CONFIG.MYBATIS_MAPPER_SQLI none
- CONFIG.SPRING_BOOT_SSL_DISABLED spring_boot_certificate_validation_skipped
- CONFIG.SPRING_SECURITY_DISABLE_AUTH_TAGS none
- CONFIG.STRUTS2_CONFIG_BROWSER_PLUGIN none
- CONFIG.STRUTS2_DYNAMIC_METHOD_INVOCATION none
- CONFIG.STRUTS2_ENABLED_DEV_MODE none
- CORS_MISCONFIGURATION cors_with_credentials_null_origin
- CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
- CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
- IMPLICIT_INTENT none
- JSP_SQL_INJECTION none
- MISSING_AUTHZ none
- MISSING_PERMISSION_FOR_BROADCAST none
- MISSING_PERMISSION_ON_EXPORTED_COMPONENT none
- SENSITIVE_DATA_LEAK cleartext_storage_in_intent
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
|
- AWS_VALIDATION_DISABLED aws_credentials_validation
- AWS_VALIDATION_DISABLED aws_parameters_validation
- BAD_CERT_VERIFICATION bad_cert_verification
- BAD_CERT_VERIFICATION certificate_validation_disabled
- CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
- CORS_MISCONFIGURATION cors_with_credentials_all_origin
- CORS_MISCONFIGURATION cors_with_credentials_null_origin
- CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
- CORS_MISCONFIGURATION_AUDIT cors_headers_allowed
- CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_all_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_null_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_set_if
- INSECURE_ACL insecure_acl
- INSECURE_COOKIE client_sessions_express_session
- INSECURE_COOKIE hapi_server_session
- MISSING_AUTHZ none
- SQLI none
- SQLI nosink
- SQLI sink
|
- ANDROID_CAPABILITY_LEAK none
- IMPLICIT_INTENT none
- MISSING_PERMISSION_FOR_BROADCAST none
- SENSITIVE_DATA_LEAK cleartext_storage_in_intent
- SQLI none
- SQLI nosink
- SQLI sink
|
|
- MISSING_AUTHZ none
- SQLI none
- SQLI nosink
- SQLI sink
|
- MISSING_AUTHZ none
- SQLI none
- SQLI nosink
- SQLI sink
|
- INSECURE_COOKIE missing_httponly_low
- INSECURE_DIRECT_OBJECT_REFERENCE unscoped_find_low
- RAILS_DEFAULT_ROUTES all_default_routes_hi
- RAILS_DEFAULT_ROUTES controller_default_routes_med
- RAILS_MISSING_FILTER_ACTION missing_action_filter_low
- UNSAFE_SESSION_SETTING http_cookies_hi
|
|
- SQLI none
- SQLI nosink
- SQLI sink
|
- AWS_VALIDATION_DISABLED aws_credentials_validation
- AWS_VALIDATION_DISABLED aws_parameters_validation
- BAD_CERT_VERIFICATION bad_cert_verification
- BAD_CERT_VERIFICATION certificate_validation_disabled
- CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
- CORS_MISCONFIGURATION cors_with_credentials_all_origin
- CORS_MISCONFIGURATION cors_with_credentials_null_origin
- CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
- CORS_MISCONFIGURATION_AUDIT cors_headers_allowed
- CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_all_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_null_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_set_if
- INSECURE_ACL insecure_acl
- INSECURE_COOKIE client_sessions_express_session
- INSECURE_COOKIE hapi_server_session
- MISSING_AUTHZ none
- SQLI none
- SQLI nosink
- SQLI sink
|
- MISSING_AUTHZ none
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
|
| 286 Incorrect User Management |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 287 Improper Authentication |
- CONFIG.CONNECTION_STRING_PASSWORD none
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- MISSING_AUTHZ none
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
|
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- WEAK_GUARD dns
- WEAK_GUARD dns_sensitive_op
- WEAK_GUARD http_referer
- WEAK_GUARD http_referer_sensitive_op
- WEAK_GUARD ip_address
- WEAK_GUARD ip_address_sensitive_op
- WEAK_GUARD none
- WEAK_GUARD os_login
- WEAK_GUARD os_login_sensitive_op
- WEAK_GUARD principal_name
- WEAK_GUARD principal_name_sensitive_op
|
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- WEAK_GUARD dns
- WEAK_GUARD dns_sensitive_op
- WEAK_GUARD http_referer
- WEAK_GUARD http_referer_sensitive_op
- WEAK_GUARD ip_address
- WEAK_GUARD ip_address_sensitive_op
- WEAK_GUARD none
- WEAK_GUARD os_login
- WEAK_GUARD os_login_sensitive_op
- WEAK_GUARD principal_name
- WEAK_GUARD principal_name_sensitive_op
|
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_transmission
|
- CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
- CONFIG.MISSING_JSF2_SECURITY_CONSTRAINT none
- CONFIG.SPRING_BOOT_SSL_DISABLED spring_boot_certificate_validation_skipped
- CONFIG.SPRING_SECURITY_HARDCODED_CREDENTIALS none
- CONFIG.SPRING_SECURITY_REMEMBER_ME_HARDCODED_KEY none
- CONFIG.SPRING_SECURITY_SESSION_FIXATION none
- CONFIG.SPRING_SECURITY_SESSION_FIXATION spring_security_source_code
- CONFIG.SPRING_SECURITY_WEAK_PASSWORD_HASH weak_encoding_for_password
- CORS_MISCONFIGURATION cors_with_credentials_null_origin
- CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
- CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
- FB.DMI_CONSTANT_DB_PASSWORD none
- FB.DMI_EMPTY_DB_PASSWORD none
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- INSECURE_COMMUNICATION none
- MISSING_AUTHZ none
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_transmission
- SESSION_FIXATION none
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- WEAK_GUARD dns
- WEAK_GUARD dns_sensitive_op
- WEAK_GUARD http_referer
- WEAK_GUARD http_referer_sensitive_op
- WEAK_GUARD ip_address
- WEAK_GUARD ip_address_sensitive_op
- WEAK_GUARD none
- WEAK_GUARD os_login
- WEAK_GUARD os_login_sensitive_op
- WEAK_GUARD principal_name
- WEAK_GUARD principal_name_sensitive_op
|
- AWS_SSL_DISABLED aws_ssl_disabled
- AWS_VALIDATION_DISABLED aws_credentials_validation
- AWS_VALIDATION_DISABLED aws_parameters_validation
- BAD_CERT_VERIFICATION bad_cert_verification
- BAD_CERT_VERIFICATION certificate_validation_disabled
- CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
- CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
- CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
- CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
- CORS_MISCONFIGURATION cors_with_credentials_all_origin
- CORS_MISCONFIGURATION cors_with_credentials_null_origin
- CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
- CORS_MISCONFIGURATION_AUDIT cors_headers_allowed
- CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_all_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_null_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_set_if
- INSECURE_COMMUNICATION insecure_connection
- MISSING_AUTHZ none
- MULTER_MISCONFIGURATION multer_applied_globally
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNLESS_CASE_SENSITIVE_ROUTE_MATCHING express_unless_case_sensitive_route_matching
- WEAK_URL_SANITIZATION hostname_regular_expression
- WEAK_URL_SANITIZATION regular_expression_anchor
- WEAK_URL_SANITIZATION url_substring
|
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- INSECURE_COMMUNICATION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
|
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- WEAK_GUARD dns
- WEAK_GUARD dns_sensitive_op
- WEAK_GUARD http_referer
- WEAK_GUARD http_referer_sensitive_op
- WEAK_GUARD ip_address
- WEAK_GUARD ip_address_sensitive_op
- WEAK_GUARD none
- WEAK_GUARD os_login
- WEAK_GUARD os_login_sensitive_op
- WEAK_GUARD principal_name
- WEAK_GUARD principal_name_sensitive_op
|
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- MISSING_AUTHZ none
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_transmission
|
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- MISSING_AUTHZ none
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_transmission
|
- HARDCODED_CREDENTIALS secret_in_source_med
- RAILS_DEVISE_CONFIG devise_lock_strategy_low
- RAILS_DEVISE_CONFIG devise_password_length_max_low
- RAILS_DEVISE_CONFIG devise_password_length_max_med
- RAILS_DEVISE_CONFIG devise_password_length_min_low
- RAILS_DEVISE_CONFIG devise_password_length_min_med
- RAILS_DEVISE_CONFIG devise_reset_timeout_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_7576_hi
- STRICT_TRANSPORT_SECURITY force_ssl_disabled_med
- UNSAFE_BASIC_AUTH basic_auth_password_hi
- UNSAFE_BASIC_AUTH basic_auth_timing_attack_low
- UNSAFE_BASIC_AUTH basic_auth_usage_low
- UNSAFE_SESSION_SETTING session_secret_hi
|
|
- CONFIG.ATS_INSECURE none
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- INSECURE_COMMUNICATION none
- INSECURE_MULTIPEER_CONNECTION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- WEAK_BIOMETRIC_AUTH none
|
- AWS_SSL_DISABLED aws_ssl_disabled
- AWS_VALIDATION_DISABLED aws_credentials_validation
- AWS_VALIDATION_DISABLED aws_parameters_validation
- BAD_CERT_VERIFICATION bad_cert_verification
- BAD_CERT_VERIFICATION certificate_validation_disabled
- CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
- CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
- CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
- CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
- CORS_MISCONFIGURATION cors_with_credentials_all_origin
- CORS_MISCONFIGURATION cors_with_credentials_null_origin
- CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
- CORS_MISCONFIGURATION_AUDIT cors_headers_allowed
- CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_all_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_null_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_set_if
- INSECURE_COMMUNICATION insecure_connection
- MISSING_AUTHZ none
- MULTER_MISCONFIGURATION multer_applied_globally
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNLESS_CASE_SENSITIVE_ROUTE_MATCHING express_unless_case_sensitive_route_matching
- WEAK_URL_SANITIZATION hostname_regular_expression
- WEAK_URL_SANITIZATION regular_expression_anchor
- WEAK_URL_SANITIZATION url_substring
|
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- MISSING_AUTHZ none
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_transmission
|
| 288 Authentication Bypass Using an Alternate Path or Channel |
|
|
|
|
- CONFIG.MISSING_JSF2_SECURITY_CONSTRAINT none
|
- MULTER_MISCONFIGURATION multer_applied_globally
|
|
|
|
|
|
|
|
- MULTER_MISCONFIGURATION multer_applied_globally
|
|
| 289 Authentication Bypass by Alternate Name |
|
|
|
|
|
- MULTER_MISCONFIGURATION multer_applied_globally
- UNLESS_CASE_SENSITIVE_ROUTE_MATCHING express_unless_case_sensitive_route_matching
|
|
|
|
|
- RUBY_VULNERABLE_LIBRARY cve_2015_7576_hi
- UNSAFE_BASIC_AUTH basic_auth_timing_attack_low
|
|
|
- MULTER_MISCONFIGURATION multer_applied_globally
- UNLESS_CASE_SENSITIVE_ROUTE_MATCHING express_unless_case_sensitive_route_matching
|
|
| 290 Authentication Bypass by Spoofing |
|
- WEAK_GUARD dns
- WEAK_GUARD dns_sensitive_op
- WEAK_GUARD http_referer
- WEAK_GUARD http_referer_sensitive_op
- WEAK_GUARD ip_address
- WEAK_GUARD ip_address_sensitive_op
- WEAK_GUARD none
- WEAK_GUARD os_login
- WEAK_GUARD os_login_sensitive_op
- WEAK_GUARD principal_name
- WEAK_GUARD principal_name_sensitive_op
|
- WEAK_GUARD dns
- WEAK_GUARD dns_sensitive_op
- WEAK_GUARD http_referer
- WEAK_GUARD http_referer_sensitive_op
- WEAK_GUARD ip_address
- WEAK_GUARD ip_address_sensitive_op
- WEAK_GUARD none
- WEAK_GUARD os_login
- WEAK_GUARD os_login_sensitive_op
- WEAK_GUARD principal_name
- WEAK_GUARD principal_name_sensitive_op
|
|
- WEAK_GUARD dns
- WEAK_GUARD dns_sensitive_op
- WEAK_GUARD http_referer
- WEAK_GUARD http_referer_sensitive_op
- WEAK_GUARD ip_address
- WEAK_GUARD ip_address_sensitive_op
- WEAK_GUARD none
- WEAK_GUARD os_login
- WEAK_GUARD os_login_sensitive_op
- WEAK_GUARD principal_name
- WEAK_GUARD principal_name_sensitive_op
|
- WEAK_URL_SANITIZATION hostname_regular_expression
- WEAK_URL_SANITIZATION regular_expression_anchor
- WEAK_URL_SANITIZATION url_substring
|
|
- WEAK_GUARD dns
- WEAK_GUARD dns_sensitive_op
- WEAK_GUARD http_referer
- WEAK_GUARD http_referer_sensitive_op
- WEAK_GUARD ip_address
- WEAK_GUARD ip_address_sensitive_op
- WEAK_GUARD none
- WEAK_GUARD os_login
- WEAK_GUARD os_login_sensitive_op
- WEAK_GUARD principal_name
- WEAK_GUARD principal_name_sensitive_op
|
|
|
|
|
|
- WEAK_URL_SANITIZATION hostname_regular_expression
- WEAK_URL_SANITIZATION regular_expression_anchor
- WEAK_URL_SANITIZATION url_substring
|
|
| 291 Reliance on IP Address for Authentication |
|
- WEAK_GUARD ip_address
- WEAK_GUARD ip_address_sensitive_op
|
- WEAK_GUARD ip_address
- WEAK_GUARD ip_address_sensitive_op
|
|
- WEAK_GUARD ip_address
- WEAK_GUARD ip_address_sensitive_op
|
|
|
- WEAK_GUARD ip_address
- WEAK_GUARD ip_address_sensitive_op
|
|
|
|
|
|
|
|
| 292 DEPRECATED (Duplicate): Trusting Self-reported DNS Name |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 293 Using Referer Field for Authentication |
|
- WEAK_GUARD http_referer
- WEAK_GUARD http_referer_sensitive_op
|
- WEAK_GUARD http_referer
- WEAK_GUARD http_referer_sensitive_op
|
|
- WEAK_GUARD http_referer
- WEAK_GUARD http_referer_sensitive_op
|
|
|
- WEAK_GUARD http_referer
- WEAK_GUARD http_referer_sensitive_op
|
|
|
|
|
|
|
|
| 294 Authentication Bypass by Capture-replay |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 295 Improper Certificate Validation |
|
|
|
|
- BAD_CERT_VERIFICATION bad_hostname_verifier
- BAD_CERT_VERIFICATION bad_revocation_check
- BAD_CERT_VERIFICATION bad_ssl_session
- BAD_CERT_VERIFICATION bad_trust_manager
- CONFIG.SPRING_BOOT_SSL_DISABLED spring_boot_certificate_validation_skipped
|
- AWS_VALIDATION_DISABLED aws_credentials_validation
- BAD_CERT_VERIFICATION bad_cert_verification
- BAD_CERT_VERIFICATION certificate_validation_disabled
- CONFIG.MYSQL_SSL_VERIFY_DISABLED mysql_ssl_verify_disabled
- CONFIG.REQUEST_STRICTSSL_DISABLED request_strictssl_disabled
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_max_age
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_report_uri
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_set_if
|
- BAD_CERT_VERIFICATION bad_hostname_verifier
- BAD_CERT_VERIFICATION bad_revocation_check
- BAD_CERT_VERIFICATION bad_ssl_session
- BAD_CERT_VERIFICATION bad_trust_manager
|
|
|
|
- BAD_CERT_VERIFICATION ssl_verification_bypass_hi
|
|
- BAD_CERT_VERIFICATION bad_trust_manager
- BAD_CERT_VERIFICATION none
|
- AWS_VALIDATION_DISABLED aws_credentials_validation
- BAD_CERT_VERIFICATION bad_cert_verification
- BAD_CERT_VERIFICATION certificate_validation_disabled
- CONFIG.MYSQL_SSL_VERIFY_DISABLED mysql_ssl_verify_disabled
- CONFIG.REQUEST_STRICTSSL_DISABLED request_strictssl_disabled
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_max_age
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_report_uri
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_set_if
|
|
| 296 Improper Following of a Certificate's Chain of Trust |
|
|
|
|
- BAD_CERT_VERIFICATION bad_trust_manager
|
|
- BAD_CERT_VERIFICATION bad_trust_manager
|
|
|
|
|
|
- BAD_CERT_VERIFICATION bad_trust_manager
|
|
|
| 297 Improper Validation of Certificate with Host Mismatch |
|
|
|
|
- BAD_CERT_VERIFICATION bad_hostname_verifier
- BAD_CERT_VERIFICATION bad_ssl_session
|
|
- BAD_CERT_VERIFICATION bad_hostname_verifier
- BAD_CERT_VERIFICATION bad_ssl_session
|
|
|
|
|
|
|
|
|
| 298 Improper Validation of Certificate Expiration |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 299 Improper Check for Certificate Revocation |
|
|
|
|
- BAD_CERT_VERIFICATION bad_revocation_check
|
|
- BAD_CERT_VERIFICATION bad_revocation_check
|
|
|
|
|
|
|
|
|
| 300 Channel Accessible by Non-Endpoint |
- RISKY_CRYPTO ssl_protocol
|
- RISKY_CRYPTO ssl_protocol
|
- RISKY_CRYPTO ssl_protocol
|
- RISKY_CRYPTO ssl_protocol
|
- BAD_CERT_VERIFICATION bad_hostname_verifier
- BAD_CERT_VERIFICATION bad_revocation_check
- BAD_CERT_VERIFICATION bad_ssl_session
- BAD_CERT_VERIFICATION bad_trust_manager
- CORS_MISCONFIGURATION cors_with_credentials_http_origin
- RISKY_CRYPTO ssl_protocol
|
- CONFIG.REQUEST_STRICTSSL_DISABLED request_strictssl_disabled
- CORS_MISCONFIGURATION cors_with_credentials_http_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_http_origin
- RISKY_CRYPTO ssl_protocol
- SA.RISKY_CRYPTO ssl_protocol
|
- BAD_CERT_VERIFICATION bad_hostname_verifier
- BAD_CERT_VERIFICATION bad_revocation_check
- BAD_CERT_VERIFICATION bad_ssl_session
- BAD_CERT_VERIFICATION bad_trust_manager
- RISKY_CRYPTO ssl_protocol
|
- RISKY_CRYPTO ssl_protocol
|
|
|
- BAD_CERT_VERIFICATION ssl_verification_bypass_hi
|
|
- BAD_CERT_VERIFICATION bad_trust_manager
- BAD_CERT_VERIFICATION none
- RISKY_CRYPTO ssl_protocol
|
- CONFIG.REQUEST_STRICTSSL_DISABLED request_strictssl_disabled
- CORS_MISCONFIGURATION cors_with_credentials_http_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_http_origin
- RISKY_CRYPTO ssl_protocol
- SA.RISKY_CRYPTO ssl_protocol
|
- RISKY_CRYPTO ssl_protocol
|
| 301 Reflection Attack in an Authentication Protocol |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 302 Authentication Bypass by Assumed-Immutable Data |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 303 Incorrect Implementation of Authentication Algorithm |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 304 Missing Critical Step in Authentication |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 305 Authentication Bypass by Primary Weakness |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 306 Missing Authentication for Critical Function |
|
|
|
|
- CONFIG.SPRING_BOOT_SSL_DISABLED spring_boot_certificate_validation_skipped
- CORS_MISCONFIGURATION cors_with_credentials_null_origin
- CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
- CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
- MISSING_AUTHZ none
|
- AWS_VALIDATION_DISABLED aws_credentials_validation
- AWS_VALIDATION_DISABLED aws_parameters_validation
- BAD_CERT_VERIFICATION bad_cert_verification
- BAD_CERT_VERIFICATION certificate_validation_disabled
- CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
- CORS_MISCONFIGURATION cors_with_credentials_all_origin
- CORS_MISCONFIGURATION cors_with_credentials_null_origin
- CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
- CORS_MISCONFIGURATION_AUDIT cors_headers_allowed
- CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_all_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_null_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_set_if
- MISSING_AUTHZ none
|
|
|
|
|
|
|
|
- AWS_VALIDATION_DISABLED aws_credentials_validation
- AWS_VALIDATION_DISABLED aws_parameters_validation
- BAD_CERT_VERIFICATION bad_cert_verification
- BAD_CERT_VERIFICATION certificate_validation_disabled
- CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
- CORS_MISCONFIGURATION cors_with_credentials_all_origin
- CORS_MISCONFIGURATION cors_with_credentials_null_origin
- CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
- CORS_MISCONFIGURATION_AUDIT cors_headers_allowed
- CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_all_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_null_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_set_if
- MISSING_AUTHZ none
|
|
| 307 Improper Restriction of Excessive Authentication Attempts |
|
|
|
|
|
|
|
|
|
|
- RAILS_DEVISE_CONFIG devise_lock_strategy_low
|
|
|
|
|
| 308 Use of Single-factor Authentication |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 309 Use of Password System for Primary Authentication |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 310 Cryptographic Issues |
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- INSECURE_COOKIE dotnet
- INSECURE_RANDOM insecure_random_used
- INSECURE_RANDOM insecure_random_value
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
|
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
|
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
|
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
|
- BAD_CERT_VERIFICATION bad_hostname_verifier
- BAD_CERT_VERIFICATION bad_revocation_check
- BAD_CERT_VERIFICATION bad_ssl_session
- BAD_CERT_VERIFICATION bad_trust_manager
- CONFIG.SPRING_BOOT_SSL_DISABLED spring_boot_certificate_validation_skipped
- CONFIG.SPRING_BOOT_SSL_DISABLED spring_boot_ssl_disabled
- CONFIG.SPRING_SECURITY_LOGIN_OVER_HTTP spring_security_login_over_http
- CONFIG.SPRING_SECURITY_WEAK_PASSWORD_HASH weak_encoding_for_password
- DISABLED_ENCRYPTION text_encryptor
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- INSECURE_COMMUNICATION insecure_communication
- INSECURE_COMMUNICATION none
- INSECURE_COMMUNICATION unencrypted_connection
- INSECURE_COOKIE java
- INSECURE_RANDOM insecure_random_used
- INSECURE_RANDOM insecure_random_value
- INSECURE_REMEMBER_ME_COOKIE remember_me_cookie
- PREDICTABLE_RANDOM_SEED random_seed
- PREDICTABLE_RANDOM_SEED secure_random_seed_const
- PREDICTABLE_RANDOM_SEED secure_random_seed_sys_time
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
|
- AWS_SSL_DISABLED aws_ssl_disabled
- AWS_VALIDATION_DISABLED aws_credentials_validation
- BAD_CERT_VERIFICATION bad_cert_verification
- BAD_CERT_VERIFICATION certificate_validation_disabled
- CONFIG.MYSQL_SSL_VERIFY_DISABLED mysql_ssl_verify_disabled
- CONFIG.REQUEST_STRICTSSL_DISABLED request_strictssl_disabled
- CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_max_age
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_report_uri
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_set_if
- INSECURE_COMMUNICATION insecure_connection
- INSECURE_COOKIE client_sessions_express_session
- INSECURE_COOKIE hapi_server_session
- INSECURE_RANDOM insecure_random_used
- INSECURE_RANDOM insecure_random_value
- INSECURE_SALT hardcoded
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO insecure_cipher
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SA.RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
|
- BAD_CERT_VERIFICATION bad_hostname_verifier
- BAD_CERT_VERIFICATION bad_revocation_check
- BAD_CERT_VERIFICATION bad_ssl_session
- BAD_CERT_VERIFICATION bad_trust_manager
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- INSECURE_COMMUNICATION none
- INSECURE_RANDOM insecure_random_used
- INSECURE_RANDOM insecure_random_value
- PREDICTABLE_RANDOM_SEED random_seed
- PREDICTABLE_RANDOM_SEED secure_random_seed_const
- PREDICTABLE_RANDOM_SEED secure_random_seed_sys_time
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
|
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
|
- BAD_CERT_VERIFICATION ssl_verification_bypass_hi
- HARDCODED_CREDENTIALS secret_in_source_med
- INSECURE_COOKIE cookie_missing_secure_flag_low
- RAILS_DEVISE_CONFIG devise_encryptor_hi
- STRICT_TRANSPORT_SECURITY force_ssl_disabled_med
- UNSAFE_SESSION_SETTING secure_cookies_hi
- UNSAFE_SESSION_SETTING session_secret_hi
- WEAK_PASSWORD_HASH weak_hash_digest_hi
- WEAK_PASSWORD_HASH weak_hash_digest_med
- WEAK_PASSWORD_HASH weak_hash_hmac_med
|
|
- BAD_CERT_VERIFICATION bad_trust_manager
- BAD_CERT_VERIFICATION none
- CONFIG.ATS_INSECURE none
- INSECURE_COMMUNICATION none
- INSECURE_MULTIPEER_CONNECTION none
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
|
- AWS_SSL_DISABLED aws_ssl_disabled
- AWS_VALIDATION_DISABLED aws_credentials_validation
- BAD_CERT_VERIFICATION bad_cert_verification
- BAD_CERT_VERIFICATION certificate_validation_disabled
- CONFIG.MYSQL_SSL_VERIFY_DISABLED mysql_ssl_verify_disabled
- CONFIG.REQUEST_STRICTSSL_DISABLED request_strictssl_disabled
- CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_max_age
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_report_uri
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_set_if
- INSECURE_COMMUNICATION insecure_connection
- INSECURE_COOKIE client_sessions_express_session
- INSECURE_COOKIE hapi_server_session
- INSECURE_RANDOM insecure_random_used
- INSECURE_RANDOM insecure_random_value
- INSECURE_SALT hardcoded
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO insecure_cipher
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SA.RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
|
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- INSECURE_RANDOM insecure_random_used
- INSECURE_RANDOM insecure_random_value
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
|
| 311 Missing Encryption of Sensitive Data |
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- INSECURE_COOKIE dotnet
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
|
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
|
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
|
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
|
- CONFIG.SPRING_BOOT_SSL_DISABLED spring_boot_ssl_disabled
- CONFIG.SPRING_SECURITY_LOGIN_OVER_HTTP spring_security_login_over_http
- DISABLED_ENCRYPTION text_encryptor
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- INSECURE_COMMUNICATION insecure_communication
- INSECURE_COMMUNICATION none
- INSECURE_COMMUNICATION unencrypted_connection
- INSECURE_COOKIE java
- INSECURE_REMEMBER_ME_COOKIE remember_me_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
|
- AWS_SSL_DISABLED aws_ssl_disabled
- CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
- INSECURE_COMMUNICATION insecure_connection
- INSECURE_COOKIE client_sessions_express_session
- INSECURE_COOKIE hapi_server_session
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
|
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- INSECURE_COMMUNICATION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
|
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
|
- HARDCODED_CREDENTIALS secret_in_source_med
- INSECURE_COOKIE cookie_missing_secure_flag_low
- STRICT_TRANSPORT_SECURITY force_ssl_disabled_med
- UNSAFE_SESSION_SETTING secure_cookies_hi
|
|
- CONFIG.ATS_INSECURE none
- INSECURE_COMMUNICATION none
- INSECURE_MULTIPEER_CONNECTION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
|
- AWS_SSL_DISABLED aws_ssl_disabled
- CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
- INSECURE_COMMUNICATION insecure_connection
- INSECURE_COOKIE client_sessions_express_session
- INSECURE_COOKIE hapi_server_session
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
|
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
|
| 312 Cleartext Storage of Sensitive Information |
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
|
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
|
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
|
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
|
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
|
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
|
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
|
- HARDCODED_CREDENTIALS secret_in_source_med
|
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
|
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
|
| 313 Cleartext Storage in a File or on Disk |
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
|
|
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
|
| 314 Cleartext Storage in the Registry |
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
|
|
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
|
| 315 Cleartext Storage of Sensitive Information in a Cookie |
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
|
|
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
|
| 316 Cleartext Storage of Sensitive Information in Memory |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 317 Cleartext Storage of Sensitive Information in GUI |
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
|
|
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
|
| 318 Cleartext Storage of Sensitive Information in Executable |
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
|
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
|
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
|
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
|
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
|
|
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
|
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
|
|
|
- HARDCODED_CREDENTIALS secret_in_source_med
|
|
|
|
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
|
| 319 Cleartext Transmission of Sensitive Information |
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
|
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
|
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
|
- SENSITIVE_DATA_LEAK cleartext_transmission
|
- CONFIG.SPRING_SECURITY_LOGIN_OVER_HTTP spring_security_login_over_http
- DISABLED_ENCRYPTION text_encryptor
- INSECURE_COMMUNICATION insecure_communication
- INSECURE_COMMUNICATION none
- INSECURE_COMMUNICATION unencrypted_connection
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
|
- AWS_SSL_DISABLED aws_ssl_disabled
- CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
- INSECURE_COMMUNICATION insecure_connection
- SENSITIVE_DATA_LEAK cleartext_transmission
|
- INSECURE_COMMUNICATION none
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
|
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
|
- SENSITIVE_DATA_LEAK cleartext_transmission
|
- SENSITIVE_DATA_LEAK cleartext_transmission
|
- STRICT_TRANSPORT_SECURITY force_ssl_disabled_med
|
|
- CONFIG.ATS_INSECURE none
- INSECURE_COMMUNICATION none
- INSECURE_MULTIPEER_CONNECTION none
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
|
- AWS_SSL_DISABLED aws_ssl_disabled
- CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
- INSECURE_COMMUNICATION insecure_connection
- SENSITIVE_DATA_LEAK cleartext_transmission
|
- SENSITIVE_DATA_LEAK cleartext_transmission
|
| 320 Key Management Errors |
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
|
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
|
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
|
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
|
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
|
|
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
|
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
|
|
|
- UNSAFE_SESSION_SETTING session_secret_hi
|
|
|
|
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
|
| 321 Use of Hard-coded Cryptographic Key |
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
|
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
|
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
|
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
|
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
|
|
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
|
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
|
|
|
- UNSAFE_SESSION_SETTING session_secret_hi
|
|
|
|
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
|
| 322 Key Exchange without Entity Authentication |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 323 Reusing a Nonce, Key Pair in Encryption |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 324 Use of a Key Past its Expiration Date |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 325 Missing Cryptographic Step |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 326 Inadequate Encryption Strength |
|
|
|
|
- CONFIG.SPRING_SECURITY_WEAK_PASSWORD_HASH weak_encoding_for_password
- RISKY_CRYPTO hashing
|
|
|
|
|
|
|
|
|
|
|
| 327 Use of a Broken or Risky Cryptographic Algorithm |
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
|
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
|
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
|
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
|
- CONFIG.SPRING_SECURITY_WEAK_PASSWORD_HASH weak_encoding_for_password
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
|
- INSECURE_SALT hardcoded
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO insecure_cipher
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SA.RISKY_CRYPTO ssl_protocol
|
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
|
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
|
|
|
- RAILS_DEVISE_CONFIG devise_encryptor_hi
- WEAK_PASSWORD_HASH weak_hash_digest_hi
- WEAK_PASSWORD_HASH weak_hash_digest_med
- WEAK_PASSWORD_HASH weak_hash_hmac_med
|
|
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
|
- INSECURE_SALT hardcoded
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO insecure_cipher
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SA.RISKY_CRYPTO ssl_protocol
|
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
|
| 328 Reversible One-Way Hash |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 329 Not Using a Random IV with CBC Mode |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 330 Use of Insufficiently Random Values |
- CONFIG.CONNECTION_STRING_PASSWORD none
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- INSECURE_RANDOM insecure_random_used
- INSECURE_RANDOM insecure_random_value
|
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
|
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
|
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
|
- CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
- CONFIG.SPRING_SECURITY_HARDCODED_CREDENTIALS none
- CONFIG.SPRING_SECURITY_REMEMBER_ME_HARDCODED_KEY none
- FB.DMI_CONSTANT_DB_PASSWORD none
- FB.DMI_EMPTY_DB_PASSWORD none
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- INSECURE_RANDOM insecure_random_used
- INSECURE_RANDOM insecure_random_value
- MOBILE_ID_MISUSE none
- PREDICTABLE_RANDOM_SEED random_seed
- PREDICTABLE_RANDOM_SEED secure_random_seed_const
- PREDICTABLE_RANDOM_SEED secure_random_seed_sys_time
|
- CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
- CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- INSECURE_RANDOM insecure_random_used
- INSECURE_RANDOM insecure_random_value
|
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- INSECURE_RANDOM insecure_random_used
- INSECURE_RANDOM insecure_random_value
- MOBILE_ID_MISUSE none
- PREDICTABLE_RANDOM_SEED random_seed
- PREDICTABLE_RANDOM_SEED secure_random_seed_const
- PREDICTABLE_RANDOM_SEED secure_random_seed_sys_time
|
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
|
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
|
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
|
- HARDCODED_CREDENTIALS secret_in_source_med
- UNSAFE_BASIC_AUTH basic_auth_password_hi
- UNSAFE_SESSION_SETTING session_secret_hi
|
|
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
|
- CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
- CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- INSECURE_RANDOM insecure_random_used
- INSECURE_RANDOM insecure_random_value
|
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- INSECURE_RANDOM insecure_random_used
- INSECURE_RANDOM insecure_random_value
|
| 331 Insufficient Entropy |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 332 Insufficient Entropy in PRNG |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 333 Improper Handling of Insufficient Entropy in TRNG |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 334 Small Space of Random Values |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 335 Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG) |
|
|
|
|
- PREDICTABLE_RANDOM_SEED random_seed
- PREDICTABLE_RANDOM_SEED secure_random_seed_const
- PREDICTABLE_RANDOM_SEED secure_random_seed_sys_time
|
|
- PREDICTABLE_RANDOM_SEED random_seed
- PREDICTABLE_RANDOM_SEED secure_random_seed_const
- PREDICTABLE_RANDOM_SEED secure_random_seed_sys_time
|
|
|
|
|
|
|
|
|
| 336 Same Seed in Pseudo-Random Number Generator (PRNG) |
|
|
|
|
- PREDICTABLE_RANDOM_SEED random_seed
- PREDICTABLE_RANDOM_SEED secure_random_seed_const
|
|
- PREDICTABLE_RANDOM_SEED random_seed
- PREDICTABLE_RANDOM_SEED secure_random_seed_const
|
|
|
|
|
|
|
|
|
| 337 Predictable Seed in Pseudo-Random Number Generator (PRNG) |
|
|
|
|
- PREDICTABLE_RANDOM_SEED random_seed
- PREDICTABLE_RANDOM_SEED secure_random_seed_const
- PREDICTABLE_RANDOM_SEED secure_random_seed_sys_time
|
|
- PREDICTABLE_RANDOM_SEED random_seed
- PREDICTABLE_RANDOM_SEED secure_random_seed_const
- PREDICTABLE_RANDOM_SEED secure_random_seed_sys_time
|
|
|
|
|
|
|
|
|
| 338 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) |
- INSECURE_RANDOM insecure_random_used
- INSECURE_RANDOM insecure_random_value
|
|
|
|
- INSECURE_RANDOM insecure_random_used
- INSECURE_RANDOM insecure_random_value
|
- INSECURE_RANDOM insecure_random_used
- INSECURE_RANDOM insecure_random_value
|
- INSECURE_RANDOM insecure_random_used
- INSECURE_RANDOM insecure_random_value
|
|
|
|
|
|
|
- INSECURE_RANDOM insecure_random_used
- INSECURE_RANDOM insecure_random_value
|
- INSECURE_RANDOM insecure_random_used
- INSECURE_RANDOM insecure_random_value
|
| 339 Small Seed Space in PRNG |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 340 Generation of Predictable Numbers or Identifiers |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 341 Predictable from Observable State |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 342 Predictable Exact Value from Previous Values |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 343 Predictable Value Range from Previous Values |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 344 Use of Invariant Value in Dynamically Changing Context |
- CONFIG.CONNECTION_STRING_PASSWORD none
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
|
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
|
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
|
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
|
- CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
- CONFIG.SPRING_SECURITY_HARDCODED_CREDENTIALS none
- CONFIG.SPRING_SECURITY_REMEMBER_ME_HARDCODED_KEY none
- FB.DMI_CONSTANT_DB_PASSWORD none
- FB.DMI_EMPTY_DB_PASSWORD none
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
|
- CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
- CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
|
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
|
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
|
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
|
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
|
- HARDCODED_CREDENTIALS secret_in_source_med
- UNSAFE_BASIC_AUTH basic_auth_password_hi
- UNSAFE_SESSION_SETTING session_secret_hi
|
|
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
|
- CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
- CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
|
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
|
| 345 Insufficient Verification of Data Authenticity |
- CSRF database_update
- CSRF filesystem_modification
- CSRF none
|
|
|
|
- CONFIG.SPRING_SECURITY_CSRF_PROTECTION_DISABLED spring_security
- CONFIG.UNSAFE_SESSION_TIMEOUT none
- CSRF database_update
- CSRF filesystem_modification
- CSRF none
|
- CONFIG.CSURF_IGNORE_METHODS csurf_ignore_methods
- CONFIG.HANA_XS_PREVENT_XSRF_DISABLED none
- CONFIG.UNSAFE_SESSION_TIMEOUT client_sessions_unsafe_session_timeout
- CONFIG.UNSAFE_SESSION_TIMEOUT connect_mongo_session_timeout_too_long
- CONFIG.UNSAFE_SESSION_TIMEOUT connect_redis_session_timeout_too_long
- CONFIG.UNSAFE_SESSION_TIMEOUT google_cloud_connect_datastore_unsafe_session_timeout
- CORS_MISCONFIGURATION_AUDIT cors_preflight_age_too_long
- CSRF database_update
- CSRF filesystem_modification
- CSRF none
- CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_cookie_name
- CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_no_validation
- CSRF_MISCONFIGURATION_HAPI_CRUMB insecure_cookie
- CSRF_MISCONFIGURATION_HAPI_CRUMB insufficient_token_entropy
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_max_age
- INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_aws
- INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_google
- JSONWEBTOKEN_UNTRUSTED_DECODE jwt_untrusted_decode
- MULTER_MISCONFIGURATION multer_custom_file_filter
- TEMPORARY_CREDENTIALS_DURATION temporary_credentials_duration
- UNCHECKED_ORIGIN none
|
|
|
- CONFIG.SYMFONY_CSRF_PROTECTION_DISABLED none
|
- CSRF database_update
- CSRF none
|
- CSRF csrf_not_protected_by_raising_exception_med
- CSRF csrf_protection_disabled_hi
- CSRF csrf_protection_missing_hi
- CSRF cve_2011_0447_hi
|
|
|
- CONFIG.CSURF_IGNORE_METHODS csurf_ignore_methods
- CONFIG.HANA_XS_PREVENT_XSRF_DISABLED none
- CONFIG.UNSAFE_SESSION_TIMEOUT client_sessions_unsafe_session_timeout
- CONFIG.UNSAFE_SESSION_TIMEOUT connect_mongo_session_timeout_too_long
- CONFIG.UNSAFE_SESSION_TIMEOUT connect_redis_session_timeout_too_long
- CONFIG.UNSAFE_SESSION_TIMEOUT google_cloud_connect_datastore_unsafe_session_timeout
- CORS_MISCONFIGURATION_AUDIT cors_preflight_age_too_long
- CSRF database_update
- CSRF filesystem_modification
- CSRF none
- CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_cookie_name
- CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_no_validation
- CSRF_MISCONFIGURATION_HAPI_CRUMB insecure_cookie
- CSRF_MISCONFIGURATION_HAPI_CRUMB insufficient_token_entropy
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_max_age
- INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_aws
- INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_google
- JSONWEBTOKEN_UNTRUSTED_DECODE jwt_untrusted_decode
- MULTER_MISCONFIGURATION multer_custom_file_filter
- TEMPORARY_CREDENTIALS_DURATION temporary_credentials_duration
- UNCHECKED_ORIGIN none
|
- CSRF database_update
- CSRF filesystem_modification
- CSRF none
|
| 346 Origin Validation Error |
|
|
|
|
- CONFIG.UNSAFE_SESSION_TIMEOUT none
|
- CONFIG.UNSAFE_SESSION_TIMEOUT client_sessions_unsafe_session_timeout
- CONFIG.UNSAFE_SESSION_TIMEOUT connect_mongo_session_timeout_too_long
- CONFIG.UNSAFE_SESSION_TIMEOUT connect_redis_session_timeout_too_long
- CONFIG.UNSAFE_SESSION_TIMEOUT google_cloud_connect_datastore_unsafe_session_timeout
- CORS_MISCONFIGURATION_AUDIT cors_preflight_age_too_long
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_max_age
- INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_aws
- INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_google
- TEMPORARY_CREDENTIALS_DURATION temporary_credentials_duration
- UNCHECKED_ORIGIN none
|
|
|
|
|
|
|
|
- CONFIG.UNSAFE_SESSION_TIMEOUT client_sessions_unsafe_session_timeout
- CONFIG.UNSAFE_SESSION_TIMEOUT connect_mongo_session_timeout_too_long
- CONFIG.UNSAFE_SESSION_TIMEOUT connect_redis_session_timeout_too_long
- CONFIG.UNSAFE_SESSION_TIMEOUT google_cloud_connect_datastore_unsafe_session_timeout
- CORS_MISCONFIGURATION_AUDIT cors_preflight_age_too_long
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_max_age
- INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_aws
- INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_google
- TEMPORARY_CREDENTIALS_DURATION temporary_credentials_duration
- UNCHECKED_ORIGIN none
|
|
| 347 Improper Verification of Cryptographic Signature |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 348 Use of Less Trusted Source |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 349 Acceptance of Extraneous Untrusted Data With Trusted Data |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 350 Reliance on Reverse DNS Resolution for a Security-Critical Action |
|
- WEAK_GUARD dns
- WEAK_GUARD dns_sensitive_op
|
- WEAK_GUARD dns
- WEAK_GUARD dns_sensitive_op
|
|
- WEAK_GUARD dns
- WEAK_GUARD dns_sensitive_op
|
|
|
- WEAK_GUARD dns
- WEAK_GUARD dns_sensitive_op
|
|
|
|
|
|
|
|
| 351 Insufficient Type Distinction |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 352 Cross-Site Request Forgery (CSRF) |
- CSRF database_update
- CSRF filesystem_modification
- CSRF none
|
|
|
|
- CONFIG.SPRING_SECURITY_CSRF_PROTECTION_DISABLED spring_security
- CSRF database_update
- CSRF filesystem_modification
- CSRF none
|
- CONFIG.CSURF_IGNORE_METHODS csurf_ignore_methods
- CONFIG.HANA_XS_PREVENT_XSRF_DISABLED none
- CSRF database_update
- CSRF filesystem_modification
- CSRF none
- CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_cookie_name
- CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_no_validation
- CSRF_MISCONFIGURATION_HAPI_CRUMB insecure_cookie
- CSRF_MISCONFIGURATION_HAPI_CRUMB insufficient_token_entropy
|
|
|
- CONFIG.SYMFONY_CSRF_PROTECTION_DISABLED none
|
- CSRF database_update
- CSRF none
|
- CSRF csrf_not_protected_by_raising_exception_med
- CSRF csrf_protection_disabled_hi
- CSRF csrf_protection_missing_hi
- CSRF cve_2011_0447_hi
|
|
|
- CONFIG.CSURF_IGNORE_METHODS csurf_ignore_methods
- CONFIG.HANA_XS_PREVENT_XSRF_DISABLED none
- CSRF database_update
- CSRF filesystem_modification
- CSRF none
- CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_cookie_name
- CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_no_validation
- CSRF_MISCONFIGURATION_HAPI_CRUMB insecure_cookie
- CSRF_MISCONFIGURATION_HAPI_CRUMB insufficient_token_entropy
|
- CSRF database_update
- CSRF filesystem_modification
- CSRF none
|
| 353 Missing Support for Integrity Check |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 354 Improper Validation of Integrity Check Value |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 355 User Interface Security Issues |
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
|
- CSS_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
|
|
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
|
- CSS_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
|
| 356 Product UI does not Warn User of Unsafe Actions |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 357 Insufficient UI Warning of Dangerous Operations |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 358 Improperly Implemented Security Check for Standard |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 359 Exposure of Private Personal Information to an Unauthorized Actor |
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
|
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
|
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
|
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
|
- CONFIG.SPRING_BOOT_SSL_DISABLED spring_boot_ssl_disabled
- CONFIG.SPRING_SECURITY_EXPOSED_SESSIONID session_id_in_url
- CONFIG.SPRING_SECURITY_LOGIN_OVER_HTTP spring_security_login_over_http
- CONFIG.SPRING_SECURITY_UNSAFE_AUTHENTICATION_FILTER authentication_filter
- CORS_MISCONFIGURATION_AUDIT cors_expose_sensitive_header
- DISABLED_ENCRYPTION text_encryptor
- INSECURE_COMMUNICATION insecure_communication
- INSECURE_COMMUNICATION unencrypted_connection
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_clipboard
- SENSITIVE_DATA_LEAK cleartext_storage_in_content_provider
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_intent
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- VERBOSE_ERROR_REPORTING exception_information
- VERBOSE_ERROR_REPORTING stack_trace
|
- AWS_SSL_DISABLED aws_ssl_disabled
- CORS_MISCONFIGURATION cors_configured_globally
- CORS_MISCONFIGURATION cors_origin_string
- CORS_MISCONFIGURATION_AUDIT cors_expose_sensitive_header
- CORS_MISCONFIGURATION_AUDIT cors_origin_string
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_report_uri
- INSECURE_ACL insecure_acl
- INSECURE_COMMUNICATION insecure_connection
- INSECURE_REFERRER_POLICY insecure_referrer_policy
- REVERSE_TABNABBING react_target_blank
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNSAFE_BUFFER_METHOD unsafe_buffer_method
|
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_clipboard
- SENSITIVE_DATA_LEAK cleartext_storage_in_content_provider
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_intent
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
|
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
|
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
|
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
|
- SENSITIVE_DATA_LEAK detailed_exceptions_hi
- SENSITIVE_DATA_LEAK detailed_exceptions_med
- SENSITIVE_DATA_LEAK local_request_config_hi
|
|
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
|
- AWS_SSL_DISABLED aws_ssl_disabled
- CORS_MISCONFIGURATION cors_configured_globally
- CORS_MISCONFIGURATION cors_origin_string
- CORS_MISCONFIGURATION_AUDIT cors_expose_sensitive_header
- CORS_MISCONFIGURATION_AUDIT cors_origin_string
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_report_uri
- INSECURE_ACL insecure_acl
- INSECURE_COMMUNICATION insecure_connection
- INSECURE_REFERRER_POLICY insecure_referrer_policy
- REVERSE_TABNABBING react_target_blank
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNSAFE_BUFFER_METHOD unsafe_buffer_method
|
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
|
| 360 Trust of System Event Data |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 361 7PK - Time and State |
- ASPNET_MVC_VERSION_HEADER none
- BAD_LOCK_OBJECT boxed_lock
- BAD_LOCK_OBJECT interned_string_lock
- BAD_LOCK_OBJECT none
- BAD_LOCK_OBJECT single_thread_lock
- BAD_LOCK_OBJECT unsafe_assign_to_locked_field
- CONFIG.ASPNET_VERSION_HEADER none
- CONFIG.CONNECTION_STRING_PASSWORD none
- CONFIG.COOKIES_MISSING_HTTPONLY none
- CONFIG.DEAD_AUTHORIZATION_RULE dead_allow_rule
- CONFIG.DEAD_AUTHORIZATION_RULE dead_deny_rule
- CONFIG.DYNAMIC_DATA_HTML_COMMENT none
- CONFIG.ENABLED_DEBUG_MODE none
- CONFIG.ENABLED_TRACE_MODE none
- GUARDED_BY_VIOLATION none
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HEADER_INJECTION none
- INSECURE_COOKIE dotnet
- LOCK_EVASION none
- LOCK_INVERSION none
- MISSING_AUTHZ none
- NON_STATIC_GUARDING_STATIC none
- NOSQL_QUERY_INJECTION none
- OPEN_REDIRECT none
- PATH_MANIPULATION none
- REGEX_INJECTION none
- RESOURCE_LEAK channel
- RESOURCE_LEAK database
- RESOURCE_LEAK exceptional_path
- RESOURCE_LEAK none
- RESOURCE_LEAK socket
- RESOURCE_LEAK stream
- RISKY_CRYPTO ssl_protocol
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- UNKNOWN_LANGUAGE_INJECTION none
- UNLOGGED_SECURITY_EXCEPTION unlogged_security_exception
- UNRESTRICTED_DISPATCH none
- UNSAFE_DESERIALIZATION none
- UNSAFE_NAMED_QUERY none
- VOLATILE_ATOMICITY compare
- VOLATILE_ATOMICITY none
- VOLATILE_ATOMICITY semantic
- VOLATILE_ATOMICITY threshold
- XML_EXTERNAL_ENTITY entity_expansion
- XML_EXTERNAL_ENTITY external_entities
- XML_EXTERNAL_ENTITY unrestricted_dtds
- XPATH_INJECTION none
|
- ALLOC_FREE_MISMATCH none
- ATOMICITY none
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK nested_memory_access
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK sensitive_data_comparison
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_execution_data_leak
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_uninitialized_use
- AUTOSAR C++14 A15-3-3 none
- BAD_FREE address
- BAD_FREE alloca
- BAD_FREE array
- BAD_FREE first_field_address
- BAD_FREE function_pointer
- BAD_FREE none
- CHAR_IO none
- CHROOT none
- COM.ADDROF_LEAK none
- COM.BAD_FREE none
- COM.BSTR.ALLOC double_free
- COM.BSTR.ALLOC free_uninit
- COM.BSTR.ALLOC leak
- COM.BSTR.ALLOC none
- COM.BSTR.ALLOC use_after_free
- COM.BSTR.ALLOC use_uninit
- CTOR_DTOR_LEAK none
- DELETE_ARRAY non_array_delete
- DELETE_ARRAY none
- DELETE_ARRAY object
- DELETE_ARRAY scalar
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- INCOMPATIBLE_CAST float_vs_integral
- INCOMPATIBLE_CAST none
- LOCK double_lock
- LOCK missing_unlock
- LOCK none
- MISRA C++-2008 Rule 15-3-2 none
- MISRA_CAST bitwise_op_bad_cast
- MISRA_CAST bitwise_op_no_cast
- MISRA_CAST float_complex_conversion
- MISRA_CAST float_narrowing_conversion
- MISRA_CAST float_non_constant_arg_conversion
- MISRA_CAST float_non_constant_conversion
- MISRA_CAST float_non_constant_rtn_conversion
- MISRA_CAST float_to_integer_cast
- MISRA_CAST float_to_integer_conversion
- MISRA_CAST float_widening_cast
- MISRA_CAST integer_complex_conversion
- MISRA_CAST integer_narrowing_conversion
- MISRA_CAST integer_non_constant_arg_conversion
- MISRA_CAST integer_non_constant_conversion
- MISRA_CAST integer_non_constant_rtn_conversion
- MISRA_CAST integer_signedness_changing_cast
- MISRA_CAST integer_signedness_changing_conversion
- MISRA_CAST integer_to_float_cast
- MISRA_CAST integer_to_float_conversion
- MISRA_CAST integer_widening_cast
- MISRA_CAST none
- MISSING_ASSIGN none
- MISSING_ASSIGN uncalled
- MISSING_COPY none
- MISSING_COPY uncalled
- MISSING_LOCK none
- NO_EFFECT bad_memset_fill_value
- NO_EFFECT bad_memset_truncated_fill
- NO_EFFECT bad_memset_zero_size
- NO_EFFECT incomplete_delete
- NO_EFFECT self_assign
- ORDER_REVERSAL none
- PATH_MANIPULATION none
- PW.BAD_CAST none
- PW.BRANCH_PAST_INITIALIZATION none
- PW.CONVERSION_TO_POINTER_LOSES_BITS none
- PW.RETURN_PTR_TO_LOCAL_TEMP none
- RESOURCE_LEAK exceptional_path
- RESOURCE_LEAK fds_handles
- RESOURCE_LEAK none
- RETURN_LOCAL escape_local_addr_to_fields_or_globals
- RETURN_LOCAL none
- RISKY_CRYPTO ssl_protocol
- SECURE_TEMP none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SIGN_EXTENSION none
- SLEEP none
- SQLI none
- STACK_USE none
- TAINTED_SCALAR allocation
- TOCTOU none
- UNCAUGHT_EXCEPT none
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- UNINIT array_index_read
- UNINIT array_index_write
- UNINIT none
- UNINIT pointer_deref_read
- UNINIT pointer_deref_write
- UNINIT_CTOR none
- UNINIT_CTOR pointer
- URL_MANIPULATION none
- USE_AFTER_FREE deref_read_after_free
- USE_AFTER_FREE deref_write_after_free
- USE_AFTER_FREE double_close
- USE_AFTER_FREE double_free
- USE_AFTER_FREE none
- USE_AFTER_FREE use_after_close
- VIRTUAL_DTOR empty_dtor
- VIRTUAL_DTOR none
- WEAK_GUARD dns
- WEAK_GUARD dns_sensitive_op
- WEAK_GUARD http_referer
- WEAK_GUARD http_referer_sensitive_op
- WEAK_GUARD ip_address
- WEAK_GUARD ip_address_sensitive_op
- WEAK_GUARD none
- WEAK_GUARD os_login
- WEAK_GUARD os_login_sensitive_op
- WEAK_GUARD principal_name
- WEAK_GUARD principal_name_sensitive_op
- WRAPPER_ESCAPE COM_deref_read_after_free
- WRAPPER_ESCAPE COM_deref_write_after_free
- WRAPPER_ESCAPE COM_use_after_free
- WRAPPER_ESCAPE deref_read_after_free
- WRAPPER_ESCAPE deref_write_after_free
- WRAPPER_ESCAPE none
- XPATH_INJECTION none
- Y2K38_SAFETY declaration_with_small_time_t
- Y2K38_SAFETY truncation_of_time_t
|
- ALLOC_FREE_MISMATCH none
- ATOMICITY none
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK nested_memory_access
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK sensitive_data_comparison
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_execution_data_leak
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_uninitialized_use
- AUTOSAR C++14 A15-3-3 none
- BAD_FREE address
- BAD_FREE alloca
- BAD_FREE array
- BAD_FREE first_field_address
- BAD_FREE function_pointer
- BAD_FREE none
- CHAR_IO none
- CHROOT none
- CTOR_DTOR_LEAK none
- DELETE_ARRAY non_array_delete
- DELETE_ARRAY none
- DELETE_ARRAY object
- DELETE_ARRAY scalar
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- INCOMPATIBLE_CAST float_vs_integral
- INCOMPATIBLE_CAST none
- LOCK double_lock
- LOCK missing_unlock
- LOCK none
- MISRA C++-2008 Rule 15-3-2 none
- MISRA_CAST bitwise_op_bad_cast
- MISRA_CAST bitwise_op_no_cast
- MISRA_CAST float_complex_conversion
- MISRA_CAST float_narrowing_conversion
- MISRA_CAST float_non_constant_arg_conversion
- MISRA_CAST float_non_constant_conversion
- MISRA_CAST float_non_constant_rtn_conversion
- MISRA_CAST float_to_integer_cast
- MISRA_CAST float_to_integer_conversion
- MISRA_CAST float_widening_cast
- MISRA_CAST integer_complex_conversion
- MISRA_CAST integer_narrowing_conversion
- MISRA_CAST integer_non_constant_arg_conversion
- MISRA_CAST integer_non_constant_conversion
- MISRA_CAST integer_non_constant_rtn_conversion
- MISRA_CAST integer_signedness_changing_cast
- MISRA_CAST integer_signedness_changing_conversion
- MISRA_CAST integer_to_float_cast
- MISRA_CAST integer_to_float_conversion
- MISRA_CAST integer_widening_cast
- MISRA_CAST none
- MISSING_ASSIGN none
- MISSING_ASSIGN uncalled
- MISSING_COPY none
- MISSING_COPY uncalled
- MISSING_LOCK none
- NO_EFFECT bad_memset_fill_value
- NO_EFFECT bad_memset_truncated_fill
- NO_EFFECT bad_memset_zero_size
- NO_EFFECT incomplete_delete
- NO_EFFECT self_assign
- ORDER_REVERSAL none
- PATH_MANIPULATION none
- PW.BAD_CAST none
- PW.BRANCH_PAST_INITIALIZATION none
- PW.CONVERSION_TO_POINTER_LOSES_BITS none
- PW.RETURN_PTR_TO_LOCAL_TEMP none
- RESOURCE_LEAK exceptional_path
- RESOURCE_LEAK fds_handles
- RESOURCE_LEAK none
- RETURN_LOCAL escape_local_addr_to_fields_or_globals
- RETURN_LOCAL none
- RISKY_CRYPTO ssl_protocol
- SECURE_TEMP none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SIGN_EXTENSION none
- SLEEP none
- SQLI none
- STACK_USE none
- TAINTED_SCALAR allocation
- TOCTOU none
- UNCAUGHT_EXCEPT none
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- UNINIT array_index_read
- UNINIT array_index_write
- UNINIT none
- UNINIT pointer_deref_read
- UNINIT pointer_deref_write
- UNINIT_CTOR none
- UNINIT_CTOR pointer
- URL_MANIPULATION none
- USE_AFTER_FREE deref_read_after_free
- USE_AFTER_FREE deref_write_after_free
- USE_AFTER_FREE double_close
- USE_AFTER_FREE double_free
- USE_AFTER_FREE none
- USE_AFTER_FREE use_after_close
- VIRTUAL_DTOR empty_dtor
- VIRTUAL_DTOR none
- WEAK_GUARD dns
- WEAK_GUARD dns_sensitive_op
- WEAK_GUARD http_referer
- WEAK_GUARD http_referer_sensitive_op
- WEAK_GUARD ip_address
- WEAK_GUARD ip_address_sensitive_op
- WEAK_GUARD none
- WEAK_GUARD os_login
- WEAK_GUARD os_login_sensitive_op
- WEAK_GUARD principal_name
- WEAK_GUARD principal_name_sensitive_op
- WRAPPER_ESCAPE COM_deref_read_after_free
- WRAPPER_ESCAPE COM_deref_write_after_free
- WRAPPER_ESCAPE COM_use_after_free
- WRAPPER_ESCAPE deref_read_after_free
- WRAPPER_ESCAPE deref_write_after_free
- WRAPPER_ESCAPE none
- XPATH_INJECTION none
|
- ATOMICITY none
- DISTRUSTED_DATA_DESERIALIZATION none
- GUARDED_BY_VIOLATION none
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- INSUFFICIENT_LOGGING logging_obligation
- LOCK double_lock
- LOCK missing_unlock
- LOCK none
- LOCK_INVERSION none
- NOSQL_QUERY_INJECTION none
- OPEN_REDIRECT none
- PATH_MANIPULATION none
- RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SLEEP none
- SQLI none
- SQLI nosink
- SQLI sink
- TEMPLATE_INJECTION none
- URL_MANIPULATION none
- XML_EXTERNAL_ENTITY entity_expansion
- XML_EXTERNAL_ENTITY external_entities
|
- ANDROID_CAPABILITY_LEAK none
- ANDROID_DEBUG_MODE none
- ANDROID_WEBVIEW_FILEACCESS android_webview_file_access
- ATOMICITY none
- BAD_CERT_VERIFICATION bad_hostname_verifier
- BAD_CERT_VERIFICATION bad_revocation_check
- BAD_CERT_VERIFICATION bad_ssl_session
- BAD_CERT_VERIFICATION bad_trust_manager
- BAD_LOCK_OBJECT boxed_lock
- BAD_LOCK_OBJECT interned_string_lock
- BAD_LOCK_OBJECT none
- BAD_LOCK_OBJECT single_thread_lock
- BAD_LOCK_OBJECT unsafe_assign_to_locked_field
- CALL_SUPER clone
- CALL_SUPER finalize
- CONFIG.ANDROID_BACKUPS_ALLOWED android
- CONFIG.DWR_DEBUG_MODE none
- CONFIG.DYNAMIC_DATA_HTML_COMMENT none
- CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
- CONFIG.JAVAEE_MISSING_HTTPONLY none
- CONFIG.JAVAEE_MISSING_SERVLET_MAPPING javaee
- CONFIG.MISSING_JSF2_SECURITY_CONSTRAINT none
- CONFIG.MYBATIS_MAPPER_SQLI none
- CONFIG.SPRING_BOOT_SENSITIVE_LOGGING spring_boot_logging
- CONFIG.SPRING_BOOT_SSL_DISABLED spring_boot_certificate_validation_skipped
- CONFIG.SPRING_BOOT_SSL_DISABLED spring_boot_ssl_disabled
- CONFIG.SPRING_SECURITY_DEBUG_MODE spring_debug_mode_enabled
- CONFIG.SPRING_SECURITY_DISABLE_AUTH_TAGS none
- CONFIG.SPRING_SECURITY_EXPOSED_SESSIONID session_id_in_url
- CONFIG.SPRING_SECURITY_HARDCODED_CREDENTIALS none
- CONFIG.SPRING_SECURITY_LOGIN_OVER_HTTP spring_security_login_over_http
- CONFIG.SPRING_SECURITY_REMEMBER_ME_HARDCODED_KEY none
- CONFIG.SPRING_SECURITY_SESSION_FIXATION none
- CONFIG.SPRING_SECURITY_SESSION_FIXATION spring_security_source_code
- CONFIG.SPRING_SECURITY_UNSAFE_AUTHENTICATION_FILTER authentication_filter
- CONFIG.SPRING_SECURITY_WEAK_PASSWORD_HASH weak_encoding_for_password
- CONFIG.STRUTS2_CONFIG_BROWSER_PLUGIN none
- CONFIG.STRUTS2_DYNAMIC_METHOD_INVOCATION none
- CONFIG.STRUTS2_ENABLED_DEV_MODE none
- CONFIG.UNSAFE_SESSION_TIMEOUT none
- CORS_MISCONFIGURATION cors_with_credentials_http_origin
- CORS_MISCONFIGURATION cors_with_credentials_null_origin
- CORS_MISCONFIGURATION_AUDIT cors_expose_sensitive_header
- CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
- CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
- DC.DEADLOCK none
- DISABLED_ENCRYPTION text_encryptor
- EXPOSED_PREFERENCES none
- FB.BX_BOXING_IMMEDIATELY_UNBOXED_TO_PERFORM_COERCION none
- FB.CN_IDIOM none
- FB.CN_IDIOM_NO_SUPER_CALL none
- FB.CN_IMPLEMENTS_CLONE_BUT_NOT_CLONEABLE none
- FB.DC_DOUBLECHECK none
- FB.DC_PARTIALLY_CONSTRUCTED none
- FB.DMI_CONSTANT_DB_PASSWORD none
- FB.DMI_EMPTY_DB_PASSWORD none
- FB.DM_EXIT none
- FB.EI_EXPOSE_REP none
- FB.EI_EXPOSE_REP2 none
- FB.ESYNC_EMPTY_SYNC none
- FB.FI_PUBLIC_SHOULD_BE_PROTECTED none
- FB.ICAST_BAD_SHIFT_AMOUNT none
- FB.ICAST_IDIV_CAST_TO_DOUBLE none
- FB.ICAST_INTEGER_MULTIPLY_CAST_TO_LONG none
- FB.ICAST_INT_2_LONG_AS_INSTANT none
- FB.ICAST_INT_CAST_TO_DOUBLE_PASSED_TO_CEIL none
- FB.ICAST_INT_CAST_TO_FLOAT_PASSED_TO_ROUND none
- FB.ICAST_QUESTIONABLE_UNSIGNED_RIGHT_SHIFT none
- FB.IL_INFINITE_RECURSIVE_LOOP none
- FB.IS2_INCONSISTENT_SYNC none
- FB.IS_FIELD_NOT_GUARDED none
- FB.IS_INCONSISTENT_SYNC none
- FB.LI_LAZY_INIT_STATIC none
- FB.LI_LAZY_INIT_UPDATE_STATIC none
- FB.MS_CANNOT_BE_FINAL none
- FB.NP_SYNC_AND_NULL_CHECK_FIELD none
- FB.PT_ABSOLUTE_PATH_TRAVERSAL none
- FB.PT_RELATIVE_PATH_TRAVERSAL none
- FB.REC_CATCH_EXCEPTION none
- FB.RU_INVOKE_RUN none
- FB.STCAL_INVOKE_ON_STATIC_CALENDAR_INSTANCE none
- FB.STCAL_INVOKE_ON_STATIC_DATE_FORMAT_INSTANCE none
- FB.STCAL_STATIC_CALENDAR_INSTANCE none
- FB.STCAL_STATIC_SIMPLE_DATE_FORMAT_INSTANCE none
- GUARDED_BY_VIOLATION none
- GUARDED_BY_VIOLATION unlocked_read
- GUARDED_BY_VIOLATION unlocked_write
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HEADER_INJECTION none
- IMPLICIT_INTENT none
- INSECURE_COMMUNICATION insecure_communication
- INSECURE_COMMUNICATION none
- INSECURE_COMMUNICATION unencrypted_connection
- INSECURE_REMEMBER_ME_COOKIE remember_me_cookie
- JAVA_CODE_INJECTION none
- JCR_INJECTION none
- JSP_DYNAMIC_INCLUDE none
- JSP_SQL_INJECTION none
- LOCK_EVASION none
- LOCK_INVERSION none
- MISSING_AUTHZ none
- MISSING_PERMISSION_FOR_BROADCAST none
- MISSING_PERMISSION_ON_EXPORTED_COMPONENT none
- NON_STATIC_GUARDING_STATIC none
- NOSQL_QUERY_INJECTION none
- OGNL_INJECTION none
- OPEN_REDIRECT none
- PATH_MANIPULATION none
- REGEX_INJECTION none
- RESOURCE_LEAK exceptional_path
- RESOURCE_LEAK none
- RESOURCE_LEAK socket
- RESOURCE_LEAK stream
- RISKY_CRYPTO ssl_protocol
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_clipboard
- SENSITIVE_DATA_LEAK cleartext_storage_in_content_provider
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_intent
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SERVLET_ATOMICITY attribute_init_race
- SERVLET_ATOMICITY none
- SERVLET_ATOMICITY violation_on_session_object
- SESSION_FIXATION none
- SINGLETON_RACE none
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
- TRUST_BOUNDARY_VIOLATION none
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- UNKNOWN_LANGUAGE_INJECTION none
- UNLIMITED_CONCURRENT_SESSIONS unlimited_concurrent_sessions
- UNLOGGED_SECURITY_EXCEPTION unlogged_security_exception
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_access
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_read
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_write
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_access
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_read
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_write
- UNRESTRICTED_DISPATCH none
- UNSAFE_DESERIALIZATION none
- UNSAFE_JNI none
- UNSAFE_NAMED_QUERY none
- UNSAFE_REFLECTION none
- URL_MANIPULATION bad_content_uri
- URL_MANIPULATION bad_intent_uri
- URL_MANIPULATION bad_web_uri
- USE_AFTER_FREE none
- VERBOSE_ERROR_REPORTING exception_information
- VERBOSE_ERROR_REPORTING stack_trace
- VOLATILE_ATOMICITY compare
- VOLATILE_ATOMICITY none
- VOLATILE_ATOMICITY semantic
- VOLATILE_ATOMICITY threshold
- WEAK_GUARD dns
- WEAK_GUARD dns_sensitive_op
- WEAK_GUARD http_referer
- WEAK_GUARD http_referer_sensitive_op
- WEAK_GUARD ip_address
- WEAK_GUARD ip_address_sensitive_op
- WEAK_GUARD none
- WEAK_GUARD os_login
- WEAK_GUARD os_login_sensitive_op
- WEAK_GUARD principal_name
- WEAK_GUARD principal_name_sensitive_op
- XML_EXTERNAL_ENTITY entity_expansion
- XML_EXTERNAL_ENTITY external_entities
- XML_EXTERNAL_ENTITY unrestricted_dtds
- XPATH_INJECTION none
|
- ANGULAR_EXPRESSION_INJECTION none
- AWS_SSL_DISABLED aws_ssl_disabled
- AWS_VALIDATION_DISABLED aws_credentials_validation
- AWS_VALIDATION_DISABLED aws_parameters_validation
- BAD_CERT_VERIFICATION bad_cert_verification
- BAD_CERT_VERIFICATION certificate_validation_disabled
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_fields
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_filesize
- CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
- CONFIG.CORDOVA_EXCESSIVE_LOGGING cordova
- CONFIG.ENABLED_DEBUG_MODE debug_mode_enabled
- CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
- CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
- CONFIG.JSONWEBTOKEN_NON_EXPIRING_TOKEN jwt_non_expiring_token
- CONFIG.MYSQL_SSL_VERIFY_DISABLED mysql_ssl_verify_disabled
- CONFIG.REQUEST_STRICTSSL_DISABLED request_strictssl_disabled
- CONFIG.SEQUELIZE_ENABLED_LOGGING sequelize_logging_enabled
- CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
- CONFIG.SOCKETIO_MAXHTTPBUFFERSIZE_SET_TOO_LARGE socketio_max_buffer_size
- CONFIG.SOCKETIO_ORIGINS_ACCEPT_ALL socketio_all_origins
- CONFIG.UNSAFE_SESSION_TIMEOUT client_sessions_unsafe_session_timeout
- CONFIG.UNSAFE_SESSION_TIMEOUT connect_mongo_session_timeout_too_long
- CONFIG.UNSAFE_SESSION_TIMEOUT connect_redis_session_timeout_too_long
- CONFIG.UNSAFE_SESSION_TIMEOUT google_cloud_connect_datastore_unsafe_session_timeout
- CONFIG.VUE_ROUTER_PARAMS_EXPOSED_TO_PROPS vuerouter_exposed_params
- CORS_MISCONFIGURATION cors_configured_globally
- CORS_MISCONFIGURATION cors_origin_string
- CORS_MISCONFIGURATION cors_with_credentials_all_origin
- CORS_MISCONFIGURATION cors_with_credentials_http_origin
- CORS_MISCONFIGURATION cors_with_credentials_null_origin
- CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
- CORS_MISCONFIGURATION_AUDIT cors_expose_sensitive_header
- CORS_MISCONFIGURATION_AUDIT cors_headers_allowed
- CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
- CORS_MISCONFIGURATION_AUDIT cors_origin_string
- CORS_MISCONFIGURATION_AUDIT cors_preflight_age_too_long
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_all_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_http_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_null_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
- DNS_PREFETCHING helmet_dns_prefetching
- EXPRESS_SESSION_UNSAFE_MEMORYSTORE express_session_unsafe_memorystore
- EXPRESS_WINSTON_SENSITIVE_LOGGING error_logger
- EXPRESS_WINSTON_SENSITIVE_LOGGING meta_data
- EXPRESS_WINSTON_SENSITIVE_LOGGING request_logger
- EXPRESS_X_POWERED_BY_ENABLED x_powered_by_http_header
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_fields
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_filesize
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_use_temp_files
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_max_age
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_report_uri
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_set_if
- INSECURE_ACL insecure_acl
- INSECURE_COMMUNICATION insecure_connection
- INSECURE_COOKIE client_sessions_express_session
- INSECURE_COOKIE hapi_server_session
- INSECURE_REFERRER_POLICY insecure_referrer_policy
- INSUFFICIENT_LOGGING logging_obligation
- INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_aws
- INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_google
- JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_exipration
- JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_not_before
- LOCALSTORAGE_WRITE none
- MISSING_AUTHZ none
- MISSING_IFRAME_SANDBOX none
- MULTER_MISCONFIGURATION multer_applied_globally
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_count
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
- MULTER_MISCONFIGURATION multer_misconfiguration_of_limits
- MULTER_MISCONFIGURATION multer_misconfiguration_of_storage
- NOSQL_QUERY_INJECTION none
- NO_EFFECT self_assign
- OPEN_REDIRECT none
- PATH_MANIPULATION none
- REGEX_INJECTION none
- REVERSE_TABNABBING react_target_blank
- RISKY_CRYPTO ssl_protocol
- SA.RISKY_CRYPTO ssl_protocol
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- TEMPLATE_INJECTION none
- TEMPORARY_CREDENTIALS_DURATION temporary_credentials_duration
- UNCHECKED_ORIGIN none
- UNLESS_CASE_SENSITIVE_ROUTE_MATCHING express_unless_case_sensitive_route_matching
- UNRESTRICTED_MESSAGE_TARGET none
- UNSAFE_BUFFER_METHOD unsafe_buffer_method
- UNSAFE_DESERIALIZATION none
- URL_MANIPULATION none
- WEAK_URL_SANITIZATION hostname_regular_expression
- WEAK_URL_SANITIZATION regular_expression_anchor
- WEAK_URL_SANITIZATION url_substring
- XML_EXTERNAL_ENTITY entity_expansion
- XML_EXTERNAL_ENTITY external_entities
|
- ANDROID_CAPABILITY_LEAK none
- ANDROID_DEBUG_MODE none
- BAD_CERT_VERIFICATION bad_hostname_verifier
- BAD_CERT_VERIFICATION bad_revocation_check
- BAD_CERT_VERIFICATION bad_ssl_session
- BAD_CERT_VERIFICATION bad_trust_manager
- CONFIG.ANDROID_BACKUPS_ALLOWED android
- EXPOSED_PREFERENCES none
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HEADER_INJECTION none
- IMPLICIT_INTENT none
- INSECURE_COMMUNICATION none
- MISSING_PERMISSION_FOR_BROADCAST none
- PATH_MANIPULATION none
- RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_clipboard
- SENSITIVE_DATA_LEAK cleartext_storage_in_content_provider
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_intent
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_access
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_read
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_write
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_access
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_read
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_write
- UNSAFE_DESERIALIZATION none
- URL_MANIPULATION bad_content_uri
- URL_MANIPULATION bad_intent_uri
- URL_MANIPULATION bad_web_uri
- XML_EXTERNAL_ENTITY entity_expansion
- XML_EXTERNAL_ENTITY external_entities
- XML_EXTERNAL_ENTITY unrestricted_dtds
|
- ALLOC_FREE_MISMATCH none
- ATOMICITY none
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK nested_memory_access
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK sensitive_data_comparison
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_execution_data_leak
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_uninitialized_use
- BAD_FREE address
- BAD_FREE alloca
- BAD_FREE array
- BAD_FREE first_field_address
- BAD_FREE function_pointer
- BAD_FREE none
- CHAR_IO none
- CHROOT none
- CTOR_DTOR_LEAK none
- DELETE_ARRAY non_array_delete
- DELETE_ARRAY none
- DELETE_ARRAY object
- DELETE_ARRAY scalar
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- INCOMPATIBLE_CAST float_vs_integral
- INCOMPATIBLE_CAST none
- LOCK double_lock
- LOCK missing_unlock
- LOCK none
- MISRA_CAST bitwise_op_bad_cast
- MISRA_CAST bitwise_op_no_cast
- MISRA_CAST float_complex_conversion
- MISRA_CAST float_narrowing_conversion
- MISRA_CAST float_non_constant_arg_conversion
- MISRA_CAST float_non_constant_conversion
- MISRA_CAST float_non_constant_rtn_conversion
- MISRA_CAST float_to_integer_cast
- MISRA_CAST float_to_integer_conversion
- MISRA_CAST float_widening_cast
- MISRA_CAST integer_complex_conversion
- MISRA_CAST integer_narrowing_conversion
- MISRA_CAST integer_non_constant_arg_conversion
- MISRA_CAST integer_non_constant_conversion
- MISRA_CAST integer_non_constant_rtn_conversion
- MISRA_CAST integer_signedness_changing_cast
- MISRA_CAST integer_signedness_changing_conversion
- MISRA_CAST integer_to_float_cast
- MISRA_CAST integer_to_float_conversion
- MISRA_CAST integer_widening_cast
- MISRA_CAST none
- MISSING_ASSIGN none
- MISSING_ASSIGN uncalled
- MISSING_COPY none
- MISSING_COPY uncalled
- MISSING_LOCK none
- NO_EFFECT bad_memset_fill_value
- NO_EFFECT bad_memset_truncated_fill
- NO_EFFECT bad_memset_zero_size
- NO_EFFECT incomplete_delete
- NO_EFFECT self_assign
- ORDER_REVERSAL none
- PATH_MANIPULATION none
- RESOURCE_LEAK exceptional_path
- RESOURCE_LEAK fds_handles
- RESOURCE_LEAK none
- RETURN_LOCAL escape_local_addr_to_fields_or_globals
- RETURN_LOCAL none
- RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SIGN_EXTENSION none
- SLEEP none
- SQLI none
- STACK_USE none
- TAINTED_SCALAR allocation
- TOCTOU none
- UNCAUGHT_EXCEPT none
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- UNINIT array_index_read
- UNINIT array_index_write
- UNINIT none
- UNINIT pointer_deref_read
- UNINIT pointer_deref_write
- UNINIT_CTOR none
- UNINIT_CTOR pointer
- URL_MANIPULATION none
- USE_AFTER_FREE deref_read_after_free
- USE_AFTER_FREE deref_write_after_free
- USE_AFTER_FREE double_close
- USE_AFTER_FREE double_free
- USE_AFTER_FREE none
- USE_AFTER_FREE use_after_close
- VIRTUAL_DTOR empty_dtor
- VIRTUAL_DTOR none
- WEAK_GUARD dns
- WEAK_GUARD dns_sensitive_op
- WEAK_GUARD http_referer
- WEAK_GUARD http_referer_sensitive_op
- WEAK_GUARD ip_address
- WEAK_GUARD ip_address_sensitive_op
- WEAK_GUARD none
- WEAK_GUARD os_login
- WEAK_GUARD os_login_sensitive_op
- WEAK_GUARD principal_name
- WEAK_GUARD principal_name_sensitive_op
- WRAPPER_ESCAPE COM_deref_read_after_free
- WRAPPER_ESCAPE COM_deref_write_after_free
- WRAPPER_ESCAPE COM_use_after_free
- WRAPPER_ESCAPE deref_read_after_free
- WRAPPER_ESCAPE deref_write_after_free
- WRAPPER_ESCAPE none
- XPATH_INJECTION none
|
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HEADER_INJECTION none
- MISSING_AUTHZ none
- NOSQL_QUERY_INJECTION none
- NO_EFFECT self_assign
- OPEN_REDIRECT none
- PATH_MANIPULATION none
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- UNSAFE_DESERIALIZATION none
- UNSAFE_REFLECTION none
- XML_EXTERNAL_ENTITY external_entities
|
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- MISSING_AUTHZ none
- NOSQL_QUERY_INJECTION none
- OPEN_REDIRECT none
- PATH_MANIPULATION none
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- UNSAFE_DESERIALIZATION none
- XML_EXTERNAL_ENTITY external_entities
|
- BAD_CERT_VERIFICATION ssl_verification_bypass_hi
- COOKIE_SERIALIZER_CONFIG unsafe_cookie_serialization_med
- DYNAMIC_OBJECT_ATTRIBUTES attr_protected_used_med
- DYNAMIC_OBJECT_ATTRIBUTES cve_2013_0276_hi
- DYNAMIC_OBJECT_ATTRIBUTES dangerous_attr_accessible_hi
- DYNAMIC_OBJECT_ATTRIBUTES dangerous_attr_accessible_low
- DYNAMIC_OBJECT_ATTRIBUTES dangerous_attr_accessible_med
- DYNAMIC_OBJECT_ATTRIBUTES dangerous_permit_key_hi
- DYNAMIC_OBJECT_ATTRIBUTES dangerous_permit_key_med
- DYNAMIC_OBJECT_ATTRIBUTES mass_assign_call_hi
- DYNAMIC_OBJECT_ATTRIBUTES mass_assign_call_low
- DYNAMIC_OBJECT_ATTRIBUTES mass_assign_call_med
- DYNAMIC_OBJECT_ATTRIBUTES mass_assign_permit_all_hi
- DYNAMIC_OBJECT_ATTRIBUTES mass_assign_permit_all_med
- DYNAMIC_OBJECT_ATTRIBUTES mass_assign_without_protection_hi
- DYNAMIC_OBJECT_ATTRIBUTES mass_assign_without_protection_med
- DYNAMIC_OBJECT_ATTRIBUTES no_attr_accessible_hi
- HARDCODED_CREDENTIALS secret_in_source_med
- INSECURE_COOKIE missing_httponly_low
- INSECURE_DIRECT_OBJECT_REFERENCE unscoped_find_low
- NO_EFFECT self_assign
- OPEN_REDIRECT open_redirect_hi
- OPEN_REDIRECT open_redirect_low
- PATH_MANIPULATION dynamic_render_path_hi
- PATH_MANIPULATION dynamic_render_path_low
- PATH_MANIPULATION dynamic_render_path_med
- PATH_MANIPULATION dynamic_render_path_rce_hi
- PATH_MANIPULATION file_access_hi
- PATH_MANIPULATION file_access_low
- PATH_MANIPULATION file_access_med
- RAILS_DEFAULT_ROUTES all_default_routes_hi
- RAILS_DEFAULT_ROUTES controller_default_routes_med
- RAILS_DEFAULT_ROUTES cve_2014_0130_hi
- RAILS_DEFAULT_ROUTES cve_2014_0130_med
- RAILS_DEVISE_CONFIG devise_lock_strategy_low
- RAILS_DEVISE_CONFIG devise_password_length_max_low
- RAILS_DEVISE_CONFIG devise_password_length_max_med
- RAILS_DEVISE_CONFIG devise_password_length_min_low
- RAILS_DEVISE_CONFIG devise_password_length_min_med
- RAILS_DEVISE_CONFIG devise_reset_timeout_hi
- RAILS_MISSING_FILTER_ACTION missing_action_filter_low
- REGEX_INJECTION regex_dos_hi
- REGEX_INJECTION regex_dos_low
- REGEX_INJECTION regex_dos_med
- RESOURCE_LEAK unsafe_symbol_creation_low
- REVERSE_TABNABBING reverse_tabnabbing_low
- RUBY_VULNERABLE_LIBRARY cve_2011_2929_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_3424_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_3424_low
- RUBY_VULNERABLE_LIBRARY cve_2013_0156_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_0269_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_0269_low
- RUBY_VULNERABLE_LIBRARY cve_2013_0269_med
- RUBY_VULNERABLE_LIBRARY cve_2013_0277_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_0277_med
- RUBY_VULNERABLE_LIBRARY cve_2013_0333_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_1854_med
- RUBY_VULNERABLE_LIBRARY cve_2013_6414_med
- RUBY_VULNERABLE_LIBRARY cve_2014_0082_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_7829_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_3227_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7576_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_7581_med
- RUBY_VULNERABLE_LIBRARY cve_2016_0751_med
- RUBY_VULNERABLE_LIBRARY cve_2018_3760_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_3760_low
- SCRIPT_CODE_INJECTION code_eval_hi
- SCRIPT_CODE_INJECTION code_eval_low
- SENSITIVE_DATA_LEAK detailed_exceptions_hi
- SENSITIVE_DATA_LEAK detailed_exceptions_med
- SENSITIVE_DATA_LEAK local_request_config_hi
- SESSION_MANIPULATION session_key_manipulation_hi
- SESSION_MANIPULATION session_key_manipulation_med
- SQLI sql_injection_dynamic_finder_med
- STRICT_TRANSPORT_SECURITY force_ssl_disabled_med
- UNSAFE_BASIC_AUTH basic_auth_password_hi
- UNSAFE_BASIC_AUTH basic_auth_timing_attack_low
- UNSAFE_BASIC_AUTH basic_auth_usage_low
- UNSAFE_DESERIALIZATION unsafe_deserialize_hi
- UNSAFE_DESERIALIZATION unsafe_deserialize_med
- UNSAFE_REFLECTION dangerous_send_hi
- UNSAFE_REFLECTION unsafe_constantize_hi
- UNSAFE_REFLECTION unsafe_constantize_med
- UNSAFE_SESSION_SETTING http_cookies_hi
- UNSAFE_SESSION_SETTING session_secret_hi
|
|
- BAD_CERT_VERIFICATION bad_trust_manager
- BAD_CERT_VERIFICATION none
- CONFIG.ATS_INSECURE none
- CUSTOM_KEYBOARD_DATA_LEAK none
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- INSECURE_COMMUNICATION none
- INSECURE_MULTIPEER_CONNECTION none
- PATH_MANIPULATION none
- REGEX_INJECTION none
- RISKY_CRYPTO ssl_protocol
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- WEAK_BIOMETRIC_AUTH none
- XML_EXTERNAL_ENTITY external_entities
- XPATH_INJECTION none
|
- ANGULAR_EXPRESSION_INJECTION none
- AWS_SSL_DISABLED aws_ssl_disabled
- AWS_VALIDATION_DISABLED aws_credentials_validation
- AWS_VALIDATION_DISABLED aws_parameters_validation
- BAD_CERT_VERIFICATION bad_cert_verification
- BAD_CERT_VERIFICATION certificate_validation_disabled
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_fields
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_filesize
- CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
- CONFIG.CORDOVA_EXCESSIVE_LOGGING cordova
- CONFIG.ENABLED_DEBUG_MODE debug_mode_enabled
- CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
- CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
- CONFIG.JSONWEBTOKEN_NON_EXPIRING_TOKEN jwt_non_expiring_token
- CONFIG.MYSQL_SSL_VERIFY_DISABLED mysql_ssl_verify_disabled
- CONFIG.REQUEST_STRICTSSL_DISABLED request_strictssl_disabled
- CONFIG.SEQUELIZE_ENABLED_LOGGING sequelize_logging_enabled
- CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
- CONFIG.SOCKETIO_MAXHTTPBUFFERSIZE_SET_TOO_LARGE socketio_max_buffer_size
- CONFIG.SOCKETIO_ORIGINS_ACCEPT_ALL socketio_all_origins
- CONFIG.UNSAFE_SESSION_TIMEOUT client_sessions_unsafe_session_timeout
- CONFIG.UNSAFE_SESSION_TIMEOUT connect_mongo_session_timeout_too_long
- CONFIG.UNSAFE_SESSION_TIMEOUT connect_redis_session_timeout_too_long
- CONFIG.UNSAFE_SESSION_TIMEOUT google_cloud_connect_datastore_unsafe_session_timeout
- CONFIG.VUE_ROUTER_PARAMS_EXPOSED_TO_PROPS vuerouter_exposed_params
- CORS_MISCONFIGURATION cors_configured_globally
- CORS_MISCONFIGURATION cors_origin_string
- CORS_MISCONFIGURATION cors_with_credentials_all_origin
- CORS_MISCONFIGURATION cors_with_credentials_http_origin
- CORS_MISCONFIGURATION cors_with_credentials_null_origin
- CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
- CORS_MISCONFIGURATION_AUDIT cors_expose_sensitive_header
- CORS_MISCONFIGURATION_AUDIT cors_headers_allowed
- CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
- CORS_MISCONFIGURATION_AUDIT cors_origin_string
- CORS_MISCONFIGURATION_AUDIT cors_preflight_age_too_long
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_all_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_http_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_null_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
- DNS_PREFETCHING helmet_dns_prefetching
- EXPRESS_SESSION_UNSAFE_MEMORYSTORE express_session_unsafe_memorystore
- EXPRESS_WINSTON_SENSITIVE_LOGGING error_logger
- EXPRESS_WINSTON_SENSITIVE_LOGGING meta_data
- EXPRESS_WINSTON_SENSITIVE_LOGGING request_logger
- EXPRESS_X_POWERED_BY_ENABLED x_powered_by_http_header
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_fields
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_filesize
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_use_temp_files
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_max_age
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_report_uri
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_set_if
- INSECURE_ACL insecure_acl
- INSECURE_COMMUNICATION insecure_connection
- INSECURE_COOKIE client_sessions_express_session
- INSECURE_COOKIE hapi_server_session
- INSECURE_REFERRER_POLICY insecure_referrer_policy
- INSUFFICIENT_LOGGING logging_obligation
- INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_aws
- INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_google
- JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_exipration
- JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_not_before
- LOCALSTORAGE_WRITE none
- MISSING_AUTHZ none
- MISSING_IFRAME_SANDBOX none
- MULTER_MISCONFIGURATION multer_applied_globally
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_count
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
- MULTER_MISCONFIGURATION multer_misconfiguration_of_limits
- MULTER_MISCONFIGURATION multer_misconfiguration_of_storage
- NOSQL_QUERY_INJECTION none
- NO_EFFECT self_assign
- OPEN_REDIRECT none
- PATH_MANIPULATION none
- REGEX_INJECTION none
- REVERSE_TABNABBING react_target_blank
- RISKY_CRYPTO ssl_protocol
- SA.RISKY_CRYPTO ssl_protocol
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- TEMPLATE_INJECTION none
- TEMPORARY_CREDENTIALS_DURATION temporary_credentials_duration
- UNCHECKED_ORIGIN none
- UNLESS_CASE_SENSITIVE_ROUTE_MATCHING express_unless_case_sensitive_route_matching
- UNRESTRICTED_MESSAGE_TARGET none
- UNSAFE_BUFFER_METHOD unsafe_buffer_method
- UNSAFE_DESERIALIZATION none
- URL_MANIPULATION none
- WEAK_URL_SANITIZATION hostname_regular_expression
- WEAK_URL_SANITIZATION regular_expression_anchor
- WEAK_URL_SANITIZATION url_substring
- XML_EXTERNAL_ENTITY entity_expansion
- XML_EXTERNAL_ENTITY external_entities
|
- ASPNET_MVC_VERSION_HEADER none
- CONFIG.DYNAMIC_DATA_HTML_COMMENT none
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HEADER_INJECTION none
- LOCK_EVASION none
- MISSING_AUTHZ none
- OPEN_REDIRECT none
- PATH_MANIPULATION none
- REGEX_INJECTION none
- RESOURCE_LEAK channel
- RESOURCE_LEAK database
- RESOURCE_LEAK exceptional_path
- RESOURCE_LEAK none
- RESOURCE_LEAK socket
- RESOURCE_LEAK stream
- RISKY_CRYPTO ssl_protocol
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
- UNLOGGED_SECURITY_EXCEPTION unlogged_security_exception
- UNRESTRICTED_DISPATCH none
- UNSAFE_DESERIALIZATION none
- UNSAFE_NAMED_QUERY none
- XML_EXTERNAL_ENTITY entity_expansion
- XML_EXTERNAL_ENTITY external_entities
- XML_EXTERNAL_ENTITY unrestricted_dtds
- XPATH_INJECTION none
|
| 362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') |
- GUARDED_BY_VIOLATION none
- NON_STATIC_GUARDING_STATIC none
- VOLATILE_ATOMICITY compare
- VOLATILE_ATOMICITY none
- VOLATILE_ATOMICITY semantic
- VOLATILE_ATOMICITY threshold
|
- MISSING_LOCK none
- TOCTOU none
|
- MISSING_LOCK none
- TOCTOU none
|
- GUARDED_BY_VIOLATION none
|
- FB.IS2_INCONSISTENT_SYNC none
- FB.IS_FIELD_NOT_GUARDED none
- FB.IS_INCONSISTENT_SYNC none
- FB.STCAL_INVOKE_ON_STATIC_CALENDAR_INSTANCE none
- FB.STCAL_INVOKE_ON_STATIC_DATE_FORMAT_INSTANCE none
- FB.STCAL_STATIC_CALENDAR_INSTANCE none
- FB.STCAL_STATIC_SIMPLE_DATE_FORMAT_INSTANCE none
- GUARDED_BY_VIOLATION none
- GUARDED_BY_VIOLATION unlocked_read
- GUARDED_BY_VIOLATION unlocked_write
- NON_STATIC_GUARDING_STATIC none
- VOLATILE_ATOMICITY compare
- VOLATILE_ATOMICITY none
- VOLATILE_ATOMICITY semantic
- VOLATILE_ATOMICITY threshold
|
|
|
- MISSING_LOCK none
- TOCTOU none
|
|
|
|
|
|
|
|
| 363 Race Condition Enabling Link Following |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 364 Signal Handler Race Condition |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 365 Race Condition in Switch |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 366 Race Condition within a Thread |
- GUARDED_BY_VIOLATION none
- NON_STATIC_GUARDING_STATIC none
- VOLATILE_ATOMICITY compare
- VOLATILE_ATOMICITY none
- VOLATILE_ATOMICITY semantic
- VOLATILE_ATOMICITY threshold
|
|
|
- GUARDED_BY_VIOLATION none
|
- FB.IS2_INCONSISTENT_SYNC none
- FB.IS_FIELD_NOT_GUARDED none
- FB.IS_INCONSISTENT_SYNC none
- FB.STCAL_INVOKE_ON_STATIC_CALENDAR_INSTANCE none
- FB.STCAL_INVOKE_ON_STATIC_DATE_FORMAT_INSTANCE none
- FB.STCAL_STATIC_CALENDAR_INSTANCE none
- FB.STCAL_STATIC_SIMPLE_DATE_FORMAT_INSTANCE none
- GUARDED_BY_VIOLATION none
- GUARDED_BY_VIOLATION unlocked_read
- GUARDED_BY_VIOLATION unlocked_write
- NON_STATIC_GUARDING_STATIC none
- VOLATILE_ATOMICITY compare
- VOLATILE_ATOMICITY none
- VOLATILE_ATOMICITY semantic
- VOLATILE_ATOMICITY threshold
|
|
|
|
|
|
|
|
|
|
|
| 367 Time-of-check Time-of-use (TOCTOU) Race Condition |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 368 Context Switching Race Condition |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 369 Divide By Zero |
- DIVIDE_BY_ZERO float_divisor
- DIVIDE_BY_ZERO none
|
- DIVIDE_BY_ZERO float_divisor
- DIVIDE_BY_ZERO none
- PW.DIVIDE_BY_ZERO none
- TAINTED_SCALAR divisor
|
- DIVIDE_BY_ZERO float_divisor
- DIVIDE_BY_ZERO none
- PW.DIVIDE_BY_ZERO none
- TAINTED_SCALAR divisor
|
- DIVIDE_BY_ZERO float_divisor
- DIVIDE_BY_ZERO none
|
- DIVIDE_BY_ZERO float_divisor
- DIVIDE_BY_ZERO none
|
|
|
- DIVIDE_BY_ZERO float_divisor
- DIVIDE_BY_ZERO none
- TAINTED_SCALAR divisor
|
|
|
- DIVIDE_BY_ZERO divide_by_zero_low
- DIVIDE_BY_ZERO divide_by_zero_med
|
|
|
|
- DIVIDE_BY_ZERO float_divisor
- DIVIDE_BY_ZERO none
|
| 370 Missing Check for Certificate Revocation after Initial Check |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 371 State Issues |
- UNRESTRICTED_DISPATCH none
|
|
|
|
- FB.EI_EXPOSE_REP none
- FB.EI_EXPOSE_REP2 none
- FB.ESYNC_EMPTY_SYNC none
- FB.NP_SYNC_AND_NULL_CHECK_FIELD none
- UNRESTRICTED_DISPATCH none
|
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
- CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
|
|
|
|
|
- RUBY_VULNERABLE_LIBRARY cve_2014_7829_hi
- SESSION_MANIPULATION session_key_manipulation_hi
- SESSION_MANIPULATION session_key_manipulation_med
|
|
|
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
- CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
|
- UNRESTRICTED_DISPATCH none
|
| 372 Incomplete Internal State Distinction |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 373 DEPRECATED: State Synchronization Error |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 374 Passing Mutable Objects to an Untrusted Method |
|
|
|
|
- FB.EI_EXPOSE_REP none
- FB.EI_EXPOSE_REP2 none
|
|
|
|
|
|
|
|
|
|
|
| 375 Returning a Mutable Object to an Untrusted Caller |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 376 DEPRECATED: Temporary File Issues |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 377 Insecure Temporary File |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 378 Creation of Temporary File With Insecure Permissions |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 379 Creation of Temporary File in Directory with Insecure Permissions |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 380 DEPRECATED: Technology-Specific Time and State Issues |
- BAD_LOCK_OBJECT boxed_lock
- BAD_LOCK_OBJECT interned_string_lock
- BAD_LOCK_OBJECT none
- BAD_LOCK_OBJECT single_thread_lock
- BAD_LOCK_OBJECT unsafe_assign_to_locked_field
- LOCK_EVASION none
- NON_STATIC_GUARDING_STATIC none
|
|
|
|
- BAD_LOCK_OBJECT boxed_lock
- BAD_LOCK_OBJECT interned_string_lock
- BAD_LOCK_OBJECT none
- BAD_LOCK_OBJECT single_thread_lock
- BAD_LOCK_OBJECT unsafe_assign_to_locked_field
- FB.DM_EXIT none
- FB.LI_LAZY_INIT_STATIC none
- FB.LI_LAZY_INIT_UPDATE_STATIC none
- LOCK_EVASION none
- NON_STATIC_GUARDING_STATIC none
- SINGLETON_RACE none
|
|
|
|
|
|
|
|
|
|
|
| 381 DEPRECATED: J2EE Time and State Issues |
- BAD_LOCK_OBJECT boxed_lock
- BAD_LOCK_OBJECT interned_string_lock
- BAD_LOCK_OBJECT none
- BAD_LOCK_OBJECT single_thread_lock
- BAD_LOCK_OBJECT unsafe_assign_to_locked_field
- LOCK_EVASION none
- NON_STATIC_GUARDING_STATIC none
|
|
|
|
- BAD_LOCK_OBJECT boxed_lock
- BAD_LOCK_OBJECT interned_string_lock
- BAD_LOCK_OBJECT none
- BAD_LOCK_OBJECT single_thread_lock
- BAD_LOCK_OBJECT unsafe_assign_to_locked_field
- FB.DM_EXIT none
- FB.LI_LAZY_INIT_STATIC none
- FB.LI_LAZY_INIT_UPDATE_STATIC none
- LOCK_EVASION none
- NON_STATIC_GUARDING_STATIC none
- SINGLETON_RACE none
|
|
|
|
|
|
|
|
|
|
|
| 382 J2EE Bad Practices: Use of System.exit() |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 383 J2EE Bad Practices: Direct Use of Threads |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 384 Session Fixation |
|
|
|
|
- CONFIG.SPRING_SECURITY_SESSION_FIXATION none
- CONFIG.SPRING_SECURITY_SESSION_FIXATION spring_security_source_code
- SESSION_FIXATION none
|
|
|
|
|
|
|
|
|
|
|
| 385 Covert Timing Channel |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 386 Symbolic Name not Mapping to Correct Object |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 387 Signal Errors |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 388 7PK - Errors |
- CONFIG.MISSING_CUSTOM_ERROR_PAGE none
- MISSING_THROW none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
|
- AUTOSAR C++14 A15-3-3 none
- BAD_COMPARE comparator_misuse
- CHECKED_RETURN library_function
- CHECKED_RETURN none
- CHECKED_RETURN returns_error_info
- CHECKED_RETURN short_read
- CHECKED_RETURN unchecked_arg
- CHECKED_RETURN user_required
- LOCK lock_assert
- MISRA C++-2008 Rule 15-3-2 none
- NEGATIVE_RETURNS none
- REVERSE_NEGATIVE none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- TAINTED_SCALAR allocation
- TAINTED_SCALAR array_index_read
- TAINTED_SCALAR array_index_write
- TAINTED_SCALAR critical_argument
- TAINTED_SCALAR divisor
- TAINTED_SCALAR loop_bound
- TAINTED_SCALAR none
- TAINTED_SCALAR pointer_deref_read
- TAINTED_SCALAR pointer_deref_write
- UNCAUGHT_EXCEPT none
|
- AUTOSAR C++14 A15-3-3 none
- BAD_COMPARE comparator_misuse
- CHECKED_RETURN library_function
- CHECKED_RETURN none
- CHECKED_RETURN returns_error_info
- CHECKED_RETURN short_read
- CHECKED_RETURN unchecked_arg
- CHECKED_RETURN user_required
- LOCK lock_assert
- MISRA C++-2008 Rule 15-3-2 none
- NEGATIVE_RETURNS none
- REVERSE_NEGATIVE none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- TAINTED_SCALAR allocation
- TAINTED_SCALAR array_index_read
- TAINTED_SCALAR array_index_write
- TAINTED_SCALAR critical_argument
- TAINTED_SCALAR divisor
- TAINTED_SCALAR loop_bound
- TAINTED_SCALAR none
- TAINTED_SCALAR pointer_deref_read
- TAINTED_SCALAR pointer_deref_write
- UNCAUGHT_EXCEPT none
|
- CHECKED_RETURN none
- CHECKED_RETURN unchecked_arg
- LOCK lock_assert
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
|
- CHECKED_RETURN library_function
- CHECKED_RETURN none
- CHECKED_RETURN short_read
- CHECKED_RETURN user_required
- CONFIG.MISSING_GLOBAL_EXCEPTION_HANDLER none
- FB.DE_MIGHT_DROP none
- FB.DE_MIGHT_IGNORE none
- FB.REC_CATCH_EXCEPTION none
- FB.RV_RETURN_VALUE_IGNORED_BAD_PRACTICE none
- MISSING_THROW none
- ORM_LOAD_NULL_CHECK none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- VERBOSE_ERROR_REPORTING exception_information
- VERBOSE_ERROR_REPORTING stack_trace
|
- CONFIG.MISSING_GLOBAL_EXCEPTION_HANDLER winston_exception_handling
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
|
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
|
- BAD_COMPARE comparator_misuse
- CHECKED_RETURN library_function
- CHECKED_RETURN none
- CHECKED_RETURN short_read
- CHECKED_RETURN unchecked_arg
- CHECKED_RETURN user_required
- LOCK lock_assert
- NEGATIVE_RETURNS none
- REVERSE_NEGATIVE none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- TAINTED_SCALAR allocation
- TAINTED_SCALAR array_index_read
- TAINTED_SCALAR array_index_write
- TAINTED_SCALAR critical_argument
- TAINTED_SCALAR divisor
- TAINTED_SCALAR loop_bound
- TAINTED_SCALAR none
- TAINTED_SCALAR pointer_deref_read
- TAINTED_SCALAR pointer_deref_write
- UNCAUGHT_EXCEPT none
|
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
|
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
|
- SENSITIVE_DATA_LEAK detailed_exceptions_hi
- SENSITIVE_DATA_LEAK detailed_exceptions_med
|
|
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- UNEXPECTED_CONTROL_FLOW ignored_exception_to_optional
|
- CONFIG.MISSING_GLOBAL_EXCEPTION_HANDLER winston_exception_handling
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
|
- CONFIG.MISSING_CUSTOM_ERROR_PAGE none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
|
| 389 Error Conditions, Return Values, Status Codes |
- CONFIG.MISSING_CUSTOM_ERROR_PAGE none
- MISSING_THROW none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
|
- AUTOSAR C++14 A15-3-3 none
- BAD_COMPARE comparator_misuse
- CHECKED_RETURN library_function
- CHECKED_RETURN none
- CHECKED_RETURN returns_error_info
- CHECKED_RETURN short_read
- CHECKED_RETURN unchecked_arg
- CHECKED_RETURN user_required
- LOCK lock_assert
- MISRA C++-2008 Rule 15-3-2 none
- NEGATIVE_RETURNS none
- REVERSE_NEGATIVE none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- TAINTED_SCALAR allocation
- TAINTED_SCALAR array_index_read
- TAINTED_SCALAR array_index_write
- TAINTED_SCALAR critical_argument
- TAINTED_SCALAR divisor
- TAINTED_SCALAR loop_bound
- TAINTED_SCALAR none
- TAINTED_SCALAR pointer_deref_read
- TAINTED_SCALAR pointer_deref_write
- UNCAUGHT_EXCEPT none
|
- AUTOSAR C++14 A15-3-3 none
- BAD_COMPARE comparator_misuse
- CHECKED_RETURN library_function
- CHECKED_RETURN none
- CHECKED_RETURN returns_error_info
- CHECKED_RETURN short_read
- CHECKED_RETURN unchecked_arg
- CHECKED_RETURN user_required
- LOCK lock_assert
- MISRA C++-2008 Rule 15-3-2 none
- NEGATIVE_RETURNS none
- REVERSE_NEGATIVE none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- TAINTED_SCALAR allocation
- TAINTED_SCALAR array_index_read
- TAINTED_SCALAR array_index_write
- TAINTED_SCALAR critical_argument
- TAINTED_SCALAR divisor
- TAINTED_SCALAR loop_bound
- TAINTED_SCALAR none
- TAINTED_SCALAR pointer_deref_read
- TAINTED_SCALAR pointer_deref_write
- UNCAUGHT_EXCEPT none
|
- CHECKED_RETURN none
- CHECKED_RETURN unchecked_arg
- LOCK lock_assert
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
|
- CHECKED_RETURN library_function
- CHECKED_RETURN none
- CHECKED_RETURN short_read
- CHECKED_RETURN user_required
- CONFIG.MISSING_GLOBAL_EXCEPTION_HANDLER none
- FB.DE_MIGHT_DROP none
- FB.DE_MIGHT_IGNORE none
- FB.REC_CATCH_EXCEPTION none
- FB.RV_RETURN_VALUE_IGNORED_BAD_PRACTICE none
- MISSING_THROW none
- ORM_LOAD_NULL_CHECK none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- VERBOSE_ERROR_REPORTING exception_information
- VERBOSE_ERROR_REPORTING stack_trace
|
- CONFIG.MISSING_GLOBAL_EXCEPTION_HANDLER winston_exception_handling
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
|
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
|
- BAD_COMPARE comparator_misuse
- CHECKED_RETURN library_function
- CHECKED_RETURN none
- CHECKED_RETURN short_read
- CHECKED_RETURN unchecked_arg
- CHECKED_RETURN user_required
- LOCK lock_assert
- NEGATIVE_RETURNS none
- REVERSE_NEGATIVE none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- TAINTED_SCALAR allocation
- TAINTED_SCALAR array_index_read
- TAINTED_SCALAR array_index_write
- TAINTED_SCALAR critical_argument
- TAINTED_SCALAR divisor
- TAINTED_SCALAR loop_bound
- TAINTED_SCALAR none
- TAINTED_SCALAR pointer_deref_read
- TAINTED_SCALAR pointer_deref_write
- UNCAUGHT_EXCEPT none
|
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
|
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
|
- SENSITIVE_DATA_LEAK detailed_exceptions_hi
- SENSITIVE_DATA_LEAK detailed_exceptions_med
|
|
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- UNEXPECTED_CONTROL_FLOW ignored_exception_to_optional
|
- CONFIG.MISSING_GLOBAL_EXCEPTION_HANDLER winston_exception_handling
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
|
- CONFIG.MISSING_CUSTOM_ERROR_PAGE none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
|
| 390 Detection of Error Condition Without Action |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 391 Unchecked Error Condition |
|
|
|
|
- FB.DE_MIGHT_DROP none
- FB.DE_MIGHT_IGNORE none
|
|
|
|
|
|
|
|
- UNEXPECTED_CONTROL_FLOW ignored_exception_to_optional
|
|
|
| 392 Missing Report of Error Condition |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 393 Return of Wrong Status Code |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 394 Unexpected Status Code or Return Value |
|
- NEGATIVE_RETURNS none
- REVERSE_NEGATIVE none
|
- NEGATIVE_RETURNS none
- REVERSE_NEGATIVE none
|
|
|
|
|
- NEGATIVE_RETURNS none
- REVERSE_NEGATIVE none
|
|
|
|
|
|
|
|
| 395 Use of NullPointerException Catch to Detect NULL Pointer Dereference |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 396 Declaration of Catch for Generic Exception |
|
|
|
|
- FB.REC_CATCH_EXCEPTION none
|
|
|
|
|
|
|
|
|
|
|
| 397 Declaration of Throws for Generic Exception |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 398 7PK - Code Quality |
- BAD_EQ referential
- BAD_EQ_TYPES none
- CONSTANT_EXPRESSION_RESULT bit_and_with_zero
- CONSTANT_EXPRESSION_RESULT extra_high_bits
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT missing_parentheses
- CONSTANT_EXPRESSION_RESULT none
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT result_independent_of_operands
- CONSTANT_EXPRESSION_RESULT same_on_both_sides
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- COPY_PASTE_ERROR none
- DEADCODE dead_case_in_switch
- DEADCODE dead_default_in_switch
- DEADCODE effectively_constant
- DEADCODE none
- DEADCODE redundant_test
- FORWARD_NULL deref_constant_null
- FORWARD_NULL deref_constant_zero
- FORWARD_NULL dynamic_cast
- FORWARD_NULL none
- FORWARD_NULL null_from_as
- FORWARD_NULL throws_on_null
- IDENTICAL_BRANCHES case
- IDENTICAL_BRANCHES chain
- IDENTICAL_BRANCHES if
- IDENTICAL_BRANCHES ternary
- LOCK_INVERSION none
- NESTING_INDENT_MISMATCH bad_indentation
- NESTING_INDENT_MISMATCH none
- NOSQL_QUERY_INJECTION none
- NULL_RETURNS none
- NULL_RETURNS unimpl
- PROPERTY_MIXUP none
- REGEX_INJECTION none
- RESOURCE_LEAK channel
- RESOURCE_LEAK database
- RESOURCE_LEAK exceptional_path
- RESOURCE_LEAK none
- RESOURCE_LEAK socket
- RESOURCE_LEAK stream
- REVERSE_INULL none
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- UNEXPECTED_CONTROL_FLOW continue_in_do_while_false
- UNKNOWN_LANGUAGE_INJECTION none
- UNREACHABLE none
- UNRESTRICTED_DISPATCH none
- UNSAFE_DESERIALIZATION none
- UNSAFE_NAMED_QUERY none
- UNUSED_VALUE adjacent
- UNUSED_VALUE none
- XML_EXTERNAL_ENTITY entity_expansion
- XML_EXTERNAL_ENTITY unrestricted_dtds
- XPATH_INJECTION none
|
- ALLOC_FREE_MISMATCH none
- BAD_COMPARE misuse_of_not
- BAD_COMPARE string_lit_comparison
- BAD_FREE address
- BAD_FREE alloca
- BAD_FREE array
- BAD_FREE first_field_address
- BAD_FREE function_pointer
- BAD_FREE none
- COM.ADDROF_LEAK none
- COM.BAD_FREE none
- COM.BSTR.ALLOC double_free
- COM.BSTR.ALLOC free_uninit
- COM.BSTR.ALLOC leak
- COM.BSTR.ALLOC none
- COM.BSTR.ALLOC use_after_free
- COM.BSTR.ALLOC use_uninit
- CONSTANT_EXPRESSION_RESULT bit_and_with_zero
- CONSTANT_EXPRESSION_RESULT extra_high_bits
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT missing_parentheses
- CONSTANT_EXPRESSION_RESULT none
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT pointless_string_compare
- CONSTANT_EXPRESSION_RESULT result_independent_of_operands
- CONSTANT_EXPRESSION_RESULT same_on_both_sides
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- COPY_PASTE_ERROR none
- CTOR_DTOR_LEAK none
- DC.PREDICTABLE_KEY_PASSWORD none
- DC.STREAM_BUFFER none
- DC.STRING_BUFFER none
- DC.WEAK_CRYPTO none
- DEADCODE dead_case_in_switch
- DEADCODE dead_default_in_switch
- DEADCODE effectively_constant
- DEADCODE none
- DEADCODE redundant_test
- DELETE_ARRAY non_array_delete
- DELETE_ARRAY none
- DELETE_ARRAY object
- DELETE_ARRAY scalar
- ENUM_AS_BOOLEAN none
- FORWARD_NULL deref_constant_null
- FORWARD_NULL dynamic_cast
- FORWARD_NULL none
- FORWARD_NULL throws_on_null
- IDENTICAL_BRANCHES case
- IDENTICAL_BRANCHES chain
- IDENTICAL_BRANCHES if
- IDENTICAL_BRANCHES ternary
- LOCK double_lock
- LOCK lock_assert
- MISMATCHED_ITERATOR mismatched_comparison
- MISSING_ASSIGN none
- MISSING_ASSIGN uncalled
- MISSING_BREAK none
- MISSING_COPY none
- MISSING_COPY uncalled
- MIXED_ENUMS inferred
- MIXED_ENUMS none
- NESTING_INDENT_MISMATCH bad_indentation
- NESTING_INDENT_MISMATCH none
- NO_EFFECT array_null
- NO_EFFECT bad_memset_zero_size
- NO_EFFECT extra_comma
- NO_EFFECT incomplete_delete
- NO_EFFECT no_effect_deref
- NO_EFFECT no_effect_test
- NO_EFFECT self_assign
- NO_EFFECT static_through_instance
- NO_EFFECT unsigned_compare
- NO_EFFECT unsigned_compare_macros
- NO_EFFECT unsigned_enums
- NO_EFFECT useless_continue
- NULL_RETURNS none
- NULL_RETURNS unimpl
- ORDER_REVERSAL none
- PASS_BY_VALUE none
- PRINTF_ARGS invalid_printf_format_string
- PW.* none
- PW.ASSIGN_WHERE_COMPARE_MEANT none
- PW.BRANCH_PAST_INITIALIZATION none
- PW.RETURN_PTR_TO_LOCAL_TEMP none
- PW.UNSIGNED_COMPARE_WITH_NEGATIVE none
- RESOURCE_LEAK exceptional_path
- RESOURCE_LEAK fds_handles
- RESOURCE_LEAK none
- RETURN_LOCAL escape_local_addr_to_fields_or_globals
- RETURN_LOCAL none
- REVERSE_INULL none
- SECURE_CODING none
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SIZEOF_MISMATCH extra_sizeof
- SIZEOF_MISMATCH missing_parentheses
- SIZEOF_MISMATCH none
- SIZEOF_MISMATCH sizeof_punning
- SIZEOF_MISMATCH wrong_size_value
- SIZEOF_MISMATCH wrong_sizeof
- STACK_USE none
- TAINTED_SCALAR allocation
- UNEXPECTED_CONTROL_FLOW continue_in_do_while_false
- UNINIT array_index_read
- UNINIT array_index_write
- UNINIT none
- UNINIT pointer_deref_read
- UNINIT pointer_deref_write
- UNINIT_CTOR none
- UNINIT_CTOR pointer
- UNREACHABLE none
- UNUSED_VALUE adjacent
- UNUSED_VALUE none
- USE_AFTER_FREE deref_read_after_free
- USE_AFTER_FREE deref_write_after_free
- USE_AFTER_FREE double_free
- USE_AFTER_FREE none
- VIRTUAL_DTOR empty_dtor
- VIRTUAL_DTOR none
- WRAPPER_ESCAPE COM_deref_read_after_free
- WRAPPER_ESCAPE COM_deref_write_after_free
- WRAPPER_ESCAPE COM_use_after_free
- WRAPPER_ESCAPE deref_read_after_free
- WRAPPER_ESCAPE deref_write_after_free
- WRAPPER_ESCAPE none
- XPATH_INJECTION none
|
- ALLOC_FREE_MISMATCH none
- BAD_COMPARE misuse_of_not
- BAD_COMPARE string_lit_comparison
- BAD_FREE address
- BAD_FREE alloca
- BAD_FREE array
- BAD_FREE first_field_address
- BAD_FREE function_pointer
- BAD_FREE none
- CONSTANT_EXPRESSION_RESULT bit_and_with_zero
- CONSTANT_EXPRESSION_RESULT extra_high_bits
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT missing_parentheses
- CONSTANT_EXPRESSION_RESULT none
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT pointless_string_compare
- CONSTANT_EXPRESSION_RESULT result_independent_of_operands
- CONSTANT_EXPRESSION_RESULT same_on_both_sides
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- COPY_PASTE_ERROR none
- CTOR_DTOR_LEAK none
- DC.PREDICTABLE_KEY_PASSWORD none
- DC.STREAM_BUFFER none
- DC.STRING_BUFFER none
- DC.WEAK_CRYPTO none
- DEADCODE dead_case_in_switch
- DEADCODE dead_default_in_switch
- DEADCODE effectively_constant
- DEADCODE none
- DEADCODE redundant_test
- DELETE_ARRAY non_array_delete
- DELETE_ARRAY none
- DELETE_ARRAY object
- DELETE_ARRAY scalar
- ENUM_AS_BOOLEAN none
- FORWARD_NULL deref_constant_null
- FORWARD_NULL dynamic_cast
- FORWARD_NULL none
- FORWARD_NULL throws_on_null
- IDENTICAL_BRANCHES case
- IDENTICAL_BRANCHES chain
- IDENTICAL_BRANCHES if
- IDENTICAL_BRANCHES ternary
- LOCK double_lock
- LOCK lock_assert
- MISMATCHED_ITERATOR mismatched_comparison
- MISSING_ASSIGN none
- MISSING_ASSIGN uncalled
- MISSING_BREAK none
- MISSING_COPY none
- MISSING_COPY uncalled
- MIXED_ENUMS inferred
- MIXED_ENUMS none
- NESTING_INDENT_MISMATCH bad_indentation
- NESTING_INDENT_MISMATCH none
- NO_EFFECT array_null
- NO_EFFECT bad_memset_zero_size
- NO_EFFECT extra_comma
- NO_EFFECT incomplete_delete
- NO_EFFECT no_effect_deref
- NO_EFFECT no_effect_test
- NO_EFFECT self_assign
- NO_EFFECT static_through_instance
- NO_EFFECT unsigned_compare
- NO_EFFECT unsigned_compare_macros
- NO_EFFECT unsigned_enums
- NO_EFFECT useless_continue
- NULL_RETURNS none
- NULL_RETURNS unimpl
- ORDER_REVERSAL none
- PASS_BY_VALUE none
- PRINTF_ARGS invalid_printf_format_string
- PW.* none
- PW.ASSIGN_WHERE_COMPARE_MEANT none
- PW.BRANCH_PAST_INITIALIZATION none
- PW.RETURN_PTR_TO_LOCAL_TEMP none
- PW.UNSIGNED_COMPARE_WITH_NEGATIVE none
- RESOURCE_LEAK exceptional_path
- RESOURCE_LEAK fds_handles
- RESOURCE_LEAK none
- RETURN_LOCAL escape_local_addr_to_fields_or_globals
- RETURN_LOCAL none
- REVERSE_INULL none
- SECURE_CODING none
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SIZEOF_MISMATCH extra_sizeof
- SIZEOF_MISMATCH missing_parentheses
- SIZEOF_MISMATCH none
- SIZEOF_MISMATCH sizeof_punning
- SIZEOF_MISMATCH wrong_size_value
- SIZEOF_MISMATCH wrong_sizeof
- STACK_USE none
- TAINTED_SCALAR allocation
- UNEXPECTED_CONTROL_FLOW continue_in_do_while_false
- UNINIT array_index_read
- UNINIT array_index_write
- UNINIT none
- UNINIT pointer_deref_read
- UNINIT pointer_deref_write
- UNINIT_CTOR none
- UNINIT_CTOR pointer
- UNREACHABLE none
- UNUSED_VALUE adjacent
- UNUSED_VALUE none
- USE_AFTER_FREE deref_read_after_free
- USE_AFTER_FREE deref_write_after_free
- USE_AFTER_FREE double_free
- USE_AFTER_FREE none
- VIRTUAL_DTOR empty_dtor
- VIRTUAL_DTOR none
- WRAPPER_ESCAPE COM_deref_read_after_free
- WRAPPER_ESCAPE COM_deref_write_after_free
- WRAPPER_ESCAPE COM_use_after_free
- WRAPPER_ESCAPE deref_read_after_free
- WRAPPER_ESCAPE deref_write_after_free
- WRAPPER_ESCAPE none
- XPATH_INJECTION none
|
- CONSTANT_EXPRESSION_RESULT bit_and_with_zero
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT missing_parentheses
- CONSTANT_EXPRESSION_RESULT none
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT result_independent_of_operands
- CONSTANT_EXPRESSION_RESULT same_on_both_sides
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- COPY_PASTE_ERROR none
- DEADCODE dead_case_in_switch
- DEADCODE dead_default_in_switch
- DEADCODE effectively_constant
- DEADCODE none
- DEADCODE redundant_test
- DISTRUSTED_DATA_DESERIALIZATION none
- FORWARD_NULL deref_constant_null
- FORWARD_NULL none
- IDENTICAL_BRANCHES case
- IDENTICAL_BRANCHES chain
- IDENTICAL_BRANCHES if
- IDENTICAL_BRANCHES ternary
- LOCK double_lock
- LOCK lock_assert
- LOCK_INVERSION none
- NOSQL_QUERY_INJECTION none
- NULL_RETURNS none
- NULL_RETURNS unimpl
- REVERSE_INULL none
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- TEMPLATE_INJECTION none
- UNUSED_VALUE adjacent
- UNUSED_VALUE none
- XML_EXTERNAL_ENTITY entity_expansion
|
- BAD_CERT_VERIFICATION bad_revocation_check
- CALL_SUPER finalize
- CONSTANT_EXPRESSION_RESULT bit_and_with_zero
- CONSTANT_EXPRESSION_RESULT extra_high_bits
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT missing_parentheses
- CONSTANT_EXPRESSION_RESULT none
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT result_independent_of_operands
- CONSTANT_EXPRESSION_RESULT same_on_both_sides
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- COPY_PASTE_ERROR none
- DC.DANGEROUS none
- DC.DEADLOCK none
- DEADCODE dead_case_in_switch
- DEADCODE dead_default_in_switch
- DEADCODE effectively_constant
- DEADCODE none
- DEADCODE redundant_test
- FB.BC_IMPOSSIBLE_CAST none
- FB.BC_IMPOSSIBLE_DOWNCAST none
- FB.BC_IMPOSSIBLE_DOWNCAST_OF_TOARRAY none
- FB.BC_IMPOSSIBLE_INSTANCEOF none
- FB.BC_NULL_INSTANCEOF none
- FB.BC_VACUOUS_INSTANCEOF none
- FB.DC_DOUBLECHECK none
- FB.DC_PARTIALLY_CONSTRUCTED none
- FB.DLS_DEAD_LOCAL_INCREMENT_IN_RETURN none
- FB.DLS_DEAD_LOCAL_STORE none
- FB.DLS_DEAD_LOCAL_STORE_IN_RETURN none
- FB.DLS_DEAD_LOCAL_STORE_OF_NULL none
- FB.DLS_DEAD_LOCAL_STORE_SHADOWS_FIELD none
- FB.DLS_DEAD_STORE_OF_CLASS_LITERAL none
- FB.DLS_OVERWRITTEN_INCREMENT none
- FB.EQ_ABSTRACT_SELF none
- FB.EQ_ALWAYS_FALSE none
- FB.EQ_ALWAYS_TRUE none
- FB.EQ_CHECK_FOR_OPERAND_NOT_COMPATIBLE_WITH_THIS none
- FB.EQ_COMPARETO_USE_OBJECT_EQUALS none
- FB.EQ_COMPARING_CLASS_NAMES none
- FB.EQ_DOESNT_OVERRIDE_EQUALS none
- FB.EQ_DONT_DEFINE_EQUALS_FOR_ENUM none
- FB.EQ_GETCLASS_AND_CLASS_CONSTANT none
- FB.EQ_OTHER_NO_OBJECT none
- FB.EQ_OTHER_USE_OBJECT none
- FB.EQ_OVERRIDING_EQUALS_NOT_SYMMETRIC none
- FB.EQ_SELF_NO_OBJECT none
- FB.EQ_SELF_USE_OBJECT none
- FB.EQ_UNUSUAL none
- FB.ESYNC_EMPTY_SYNC none
- FB.ES_COMPARING_PARAMETER_STRING_WITH_EQ none
- FB.ES_COMPARING_STRINGS_WITH_EQ none
- FB.FI_EMPTY none
- FB.FI_EXPLICIT_INVOCATION none
- FB.FI_FINALIZER_NULLS_FIELDS none
- FB.FI_FINALIZER_ONLY_NULLS_FIELDS none
- FB.FI_MISSING_SUPER_CALL none
- FB.FI_NULLIFY_SUPER none
- FB.FI_USELESS none
- FB.IP_PARAMETER_IS_DEAD_BUT_OVERWRITTEN none
- FB.NP_ALWAYS_NULL none
- FB.NP_ALWAYS_NULL_EXCEPTION none
- FB.NP_ARGUMENT_MIGHT_BE_NULL none
- FB.NP_BOOLEAN_RETURN_NULL none
- FB.NP_CLONE_COULD_RETURN_NULL none
- FB.NP_CLOSING_NULL none
- FB.NP_DEREFERENCE_OF_READLINE_VALUE none
- FB.NP_DOES_NOT_HANDLE_NULL none
- FB.NP_EQUALS_SHOULD_HANDLE_NULL_ARGUMENT none
- FB.NP_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR none
- FB.NP_GUARANTEED_DEREF none
- FB.NP_GUARANTEED_DEREF_ON_EXCEPTION_PATH none
- FB.NP_IMMEDIATE_DEREFERENCE_OF_READLINE none
- FB.NP_LOAD_OF_KNOWN_NULL_VALUE none
- FB.NP_METHOD_PARAMETER_RELAXING_ANNOTATION none
- FB.NP_METHOD_PARAMETER_TIGHTENS_ANNOTATION none
- FB.NP_METHOD_RETURN_RELAXING_ANNOTATION none
- FB.NP_NONNULL_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR none
- FB.NP_NONNULL_PARAM_VIOLATION none
- FB.NP_NONNULL_RETURN_VIOLATION none
- FB.NP_NULL_INSTANCEOF none
- FB.NP_NULL_ON_SOME_PATH none
- FB.NP_NULL_ON_SOME_PATH_EXCEPTION none
- FB.NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE none
- FB.NP_NULL_ON_SOME_PATH_MIGHT_BE_INFEASIBLE none
- FB.NP_NULL_PARAM_DEREF none
- FB.NP_NULL_PARAM_DEREF_ALL_TARGETS_DANGEROUS none
- FB.NP_NULL_PARAM_DEREF_NONVIRTUAL none
- FB.NP_OPTIONAL_RETURN_NULL none
- FB.NP_PARAMETER_MUST_BE_NONNULL_BUT_MARKED_AS_NULLABLE none
- FB.NP_STORE_INTO_NONNULL_FIELD none
- FB.NP_SYNC_AND_NULL_CHECK_FIELD none
- FB.NP_TOSTRING_COULD_RETURN_NULL none
- FB.NP_UNWRITTEN_FIELD none
- FB.NP_UNWRITTEN_PUBLIC_OR_PROTECTED_FIELD none
- FB.QBA_QUESTIONABLE_BOOLEAN_ASSIGNMENT none
- FB.RCN_REDUNDANT_COMPARISON_OF_NULL_AND_NONNULL_VALUE none
- FB.RCN_REDUNDANT_COMPARISON_TWO_NULL_VALUES none
- FB.RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE none
- FB.RCN_REDUNDANT_NULLCHECK_OF_NULL_VALUE none
- FB.RCN_REDUNDANT_NULLCHECK_WOULD_HAVE_BEEN_A_NPE none
- FB.SF_DEAD_STORE_DUE_TO_SWITCH_FALLTHROUGH none
- FB.SF_DEAD_STORE_DUE_TO_SWITCH_FALLTHROUGH_TO_THROW none
- FB.SF_SWITCH_FALLTHROUGH none
- FORWARD_NULL deref_constant_null
- FORWARD_NULL deref_constant_zero
- FORWARD_NULL needs_null_check
- FORWARD_NULL none
- HIBERNATE_BAD_HASHCODE bad_equals
- IDENTICAL_BRANCHES case
- IDENTICAL_BRANCHES chain
- IDENTICAL_BRANCHES if
- IDENTICAL_BRANCHES ternary
- JAVA_CODE_INJECTION none
- JCR_INJECTION none
- JSP_DYNAMIC_INCLUDE none
- LOCK_INVERSION none
- MISSING_BREAK none
- NESTING_INDENT_MISMATCH bad_indentation
- NESTING_INDENT_MISMATCH none
- NOSQL_QUERY_INJECTION none
- NULL_RETURNS none
- NULL_RETURNS unimpl
- OGNL_INJECTION none
- PROPERTY_MIXUP none
- REGEX_INJECTION none
- RESOURCE_LEAK exceptional_path
- RESOURCE_LEAK none
- RESOURCE_LEAK socket
- RESOURCE_LEAK stream
- REVERSE_INULL none
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- UNEXPECTED_CONTROL_FLOW continue_in_do_while_false
- UNKNOWN_LANGUAGE_INJECTION none
- UNLIMITED_CONCURRENT_SESSIONS unlimited_concurrent_sessions
- UNREACHABLE none
- UNRESTRICTED_DISPATCH none
- UNSAFE_DESERIALIZATION none
- UNSAFE_JNI none
- UNSAFE_NAMED_QUERY none
- UNSAFE_REFLECTION none
- UNUSED_VALUE adjacent
- UNUSED_VALUE none
- XML_EXTERNAL_ENTITY entity_expansion
- XML_EXTERNAL_ENTITY unrestricted_dtds
- XPATH_INJECTION none
|
- ANGULAR_EXPRESSION_INJECTION none
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_fields
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_filesize
- CONFIG.CORDOVA_EXCESSIVE_LOGGING cordova
- CONFIG.SOCKETIO_MAXHTTPBUFFERSIZE_SET_TOO_LARGE socketio_max_buffer_size
- CONFIG.SOCKETIO_ORIGINS_ACCEPT_ALL socketio_all_origins
- CONSTANT_EXPRESSION_RESULT bit_and_with_zero
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT missing_parentheses
- CONSTANT_EXPRESSION_RESULT none
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT result_independent_of_operands
- CONSTANT_EXPRESSION_RESULT same_on_both_sides
- CONSTANT_EXPRESSION_RESULT typeof_misuse
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- COPY_PASTE_ERROR none
- DEADCODE none
- DEADCODE redundant_test
- EXPRESS_SESSION_UNSAFE_MEMORYSTORE express_session_unsafe_memorystore
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_fields
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_filesize
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_use_temp_files
- FORWARD_NULL bad_null_value_use
- IDENTICAL_BRANCHES case
- IDENTICAL_BRANCHES chain
- IDENTICAL_BRANCHES if
- IDENTICAL_BRANCHES ternary
- MISSING_BREAK none
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_count
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
- MULTER_MISCONFIGURATION multer_misconfiguration_of_limits
- MULTER_MISCONFIGURATION multer_misconfiguration_of_storage
- NESTING_INDENT_MISMATCH bad_indentation
- NESTING_INDENT_MISMATCH none
- NOSQL_QUERY_INJECTION none
- NO_EFFECT none
- NO_EFFECT self_assign
- NULL_RETURNS none
- REGEX_INJECTION none
- REVERSE_INULL none
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- TEMPLATE_INJECTION none
- UNEXPECTED_CONTROL_FLOW continue_in_do_while_false
- UNREACHABLE none
- UNSAFE_DESERIALIZATION none
- XML_EXTERNAL_ENTITY entity_expansion
|
- BAD_CERT_VERIFICATION bad_revocation_check
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- UNSAFE_DESERIALIZATION none
- XML_EXTERNAL_ENTITY entity_expansion
- XML_EXTERNAL_ENTITY unrestricted_dtds
|
- ALLOC_FREE_MISMATCH none
- BAD_COMPARE misuse_of_not
- BAD_COMPARE string_lit_comparison
- BAD_FREE address
- BAD_FREE alloca
- BAD_FREE array
- BAD_FREE first_field_address
- BAD_FREE function_pointer
- BAD_FREE none
- CONSTANT_EXPRESSION_RESULT bit_and_with_zero
- CONSTANT_EXPRESSION_RESULT extra_high_bits
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT missing_parentheses
- CONSTANT_EXPRESSION_RESULT none
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT pointless_string_compare
- CONSTANT_EXPRESSION_RESULT result_independent_of_operands
- CONSTANT_EXPRESSION_RESULT same_on_both_sides
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- COPY_PASTE_ERROR none
- CTOR_DTOR_LEAK none
- DC.PREDICTABLE_KEY_PASSWORD none
- DC.STREAM_BUFFER none
- DC.STRING_BUFFER none
- DC.WEAK_CRYPTO none
- DEADCODE dead_case_in_switch
- DEADCODE dead_default_in_switch
- DEADCODE effectively_constant
- DEADCODE none
- DEADCODE redundant_test
- DELETE_ARRAY non_array_delete
- DELETE_ARRAY none
- DELETE_ARRAY object
- DELETE_ARRAY scalar
- ENUM_AS_BOOLEAN none
- FORWARD_NULL deref_constant_null
- FORWARD_NULL dynamic_cast
- FORWARD_NULL none
- FORWARD_NULL throws_on_null
- IDENTICAL_BRANCHES case
- IDENTICAL_BRANCHES chain
- IDENTICAL_BRANCHES if
- IDENTICAL_BRANCHES ternary
- LOCK double_lock
- LOCK lock_assert
- MISMATCHED_ITERATOR mismatched_comparison
- MISSING_ASSIGN none
- MISSING_ASSIGN uncalled
- MISSING_BREAK none
- MISSING_COPY none
- MISSING_COPY uncalled
- MIXED_ENUMS inferred
- MIXED_ENUMS none
- NESTING_INDENT_MISMATCH bad_indentation
- NESTING_INDENT_MISMATCH none
- NO_EFFECT array_null
- NO_EFFECT bad_memset_zero_size
- NO_EFFECT extra_comma
- NO_EFFECT incomplete_delete
- NO_EFFECT no_effect_deref
- NO_EFFECT no_effect_test
- NO_EFFECT self_assign
- NO_EFFECT static_through_instance
- NO_EFFECT unsigned_compare
- NO_EFFECT unsigned_compare_macros
- NO_EFFECT unsigned_enums
- NO_EFFECT useless_continue
- NULL_RETURNS none
- NULL_RETURNS unimpl
- ORDER_REVERSAL none
- PASS_BY_VALUE none
- PRINTF_ARGS invalid_printf_format_string
- RESOURCE_LEAK exceptional_path
- RESOURCE_LEAK fds_handles
- RESOURCE_LEAK none
- RETURN_LOCAL escape_local_addr_to_fields_or_globals
- RETURN_LOCAL none
- REVERSE_INULL none
- SECURE_CODING none
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SIZEOF_MISMATCH extra_sizeof
- SIZEOF_MISMATCH missing_parentheses
- SIZEOF_MISMATCH none
- SIZEOF_MISMATCH sizeof_punning
- SIZEOF_MISMATCH wrong_size_value
- SIZEOF_MISMATCH wrong_sizeof
- STACK_USE none
- TAINTED_SCALAR allocation
- UNEXPECTED_CONTROL_FLOW continue_in_do_while_false
- UNINIT array_index_read
- UNINIT array_index_write
- UNINIT none
- UNINIT pointer_deref_read
- UNINIT pointer_deref_write
- UNINIT_CTOR none
- UNINIT_CTOR pointer
- UNREACHABLE none
- UNUSED_VALUE adjacent
- UNUSED_VALUE none
- USE_AFTER_FREE deref_read_after_free
- USE_AFTER_FREE deref_write_after_free
- USE_AFTER_FREE double_free
- USE_AFTER_FREE none
- VIRTUAL_DTOR empty_dtor
- VIRTUAL_DTOR none
- WRAPPER_ESCAPE COM_deref_read_after_free
- WRAPPER_ESCAPE COM_deref_write_after_free
- WRAPPER_ESCAPE COM_use_after_free
- WRAPPER_ESCAPE deref_read_after_free
- WRAPPER_ESCAPE deref_write_after_free
- WRAPPER_ESCAPE none
- XPATH_INJECTION none
|
- CONSTANT_EXPRESSION_RESULT bit_and_with_zero
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT missing_parentheses
- CONSTANT_EXPRESSION_RESULT none
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT result_independent_of_operands
- CONSTANT_EXPRESSION_RESULT same_on_both_sides
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- COPY_PASTE_ERROR none
- DEADCODE none
- DEADCODE redundant_test
- FORWARD_NULL bad_null_value_use
- IDENTICAL_BRANCHES case
- IDENTICAL_BRANCHES chain
- IDENTICAL_BRANCHES if
- IDENTICAL_BRANCHES ternary
- MISSING_BREAK none
- NESTING_INDENT_MISMATCH bad_indentation
- NESTING_INDENT_MISMATCH none
- NOSQL_QUERY_INJECTION none
- NO_EFFECT none
- NO_EFFECT self_assign
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- UNEXPECTED_CONTROL_FLOW continue_in_do_while_false
- UNREACHABLE none
- UNSAFE_DESERIALIZATION none
- UNSAFE_REFLECTION none
|
- CONSTANT_EXPRESSION_RESULT bit_and_with_zero
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT missing_parentheses
- CONSTANT_EXPRESSION_RESULT none
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT result_independent_of_operands
- CONSTANT_EXPRESSION_RESULT same_on_both_sides
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- COPY_PASTE_ERROR none
- DEADCODE none
- DEADCODE redundant_test
- FORWARD_NULL bad_null_value_use
- IDENTICAL_BRANCHES chain
- IDENTICAL_BRANCHES if
- IDENTICAL_BRANCHES ternary
- NOSQL_QUERY_INJECTION none
- REVERSE_INULL none
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- UNREACHABLE none
- UNSAFE_DESERIALIZATION none
|
- CONSTANT_EXPRESSION_RESULT bit_and_with_zero
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT missing_parentheses
- CONSTANT_EXPRESSION_RESULT none
- CONSTANT_EXPRESSION_RESULT number_as_truth_value
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT result_independent_of_operands
- CONSTANT_EXPRESSION_RESULT same_on_both_sides
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- COOKIE_SERIALIZER_CONFIG unsafe_cookie_serialization_med
- COPY_PASTE_ERROR none
- DEADCODE none
- DEADCODE redundant_test
- DYNAMIC_OBJECT_ATTRIBUTES attr_protected_used_med
- DYNAMIC_OBJECT_ATTRIBUTES cve_2013_0276_hi
- DYNAMIC_OBJECT_ATTRIBUTES dangerous_attr_accessible_hi
- DYNAMIC_OBJECT_ATTRIBUTES dangerous_attr_accessible_low
- DYNAMIC_OBJECT_ATTRIBUTES dangerous_attr_accessible_med
- DYNAMIC_OBJECT_ATTRIBUTES dangerous_permit_key_hi
- DYNAMIC_OBJECT_ATTRIBUTES dangerous_permit_key_med
- DYNAMIC_OBJECT_ATTRIBUTES mass_assign_call_hi
- DYNAMIC_OBJECT_ATTRIBUTES mass_assign_call_low
- DYNAMIC_OBJECT_ATTRIBUTES mass_assign_call_med
- DYNAMIC_OBJECT_ATTRIBUTES mass_assign_permit_all_hi
- DYNAMIC_OBJECT_ATTRIBUTES mass_assign_permit_all_med
- DYNAMIC_OBJECT_ATTRIBUTES mass_assign_without_protection_hi
- DYNAMIC_OBJECT_ATTRIBUTES mass_assign_without_protection_med
- DYNAMIC_OBJECT_ATTRIBUTES no_attr_accessible_hi
- FORWARD_NULL bad_null_value_use
- IDENTICAL_BRANCHES chain
- IDENTICAL_BRANCHES if
- IDENTICAL_BRANCHES ternary
- NO_EFFECT none
- NO_EFFECT self_assign
- PARSE_ERROR none
- PATH_MANIPULATION dynamic_render_path_rce_hi
- RAILS_DEFAULT_ROUTES cve_2014_0130_hi
- RAILS_DEFAULT_ROUTES cve_2014_0130_med
- RAILS_DEVISE_CONFIG devise_reset_timeout_hi
- REGEX_INJECTION regex_dos_hi
- REGEX_INJECTION regex_dos_low
- REGEX_INJECTION regex_dos_med
- RESOURCE_LEAK unsafe_symbol_creation_low
- REVERSE_INULL none
- RUBY_VULNERABLE_LIBRARY cve_2012_3424_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_3424_low
- RUBY_VULNERABLE_LIBRARY cve_2013_0156_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_0269_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_0269_low
- RUBY_VULNERABLE_LIBRARY cve_2013_0269_med
- RUBY_VULNERABLE_LIBRARY cve_2013_0277_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_0277_med
- RUBY_VULNERABLE_LIBRARY cve_2013_0333_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_1854_med
- RUBY_VULNERABLE_LIBRARY cve_2013_6414_med
- RUBY_VULNERABLE_LIBRARY cve_2014_0082_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_7829_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_3227_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7581_med
- RUBY_VULNERABLE_LIBRARY cve_2016_0751_med
- SCRIPT_CODE_INJECTION code_eval_hi
- SCRIPT_CODE_INJECTION code_eval_low
- UNEXPECTED_CONTROL_FLOW continue_in_do_while_false
- UNREACHABLE none
- UNSAFE_DESERIALIZATION unsafe_deserialize_hi
- UNSAFE_DESERIALIZATION unsafe_deserialize_med
- UNSAFE_REFLECTION dangerous_send_hi
- UNSAFE_REFLECTION unsafe_constantize_hi
- UNSAFE_REFLECTION unsafe_constantize_med
|
- CONSTANT_EXPRESSION_RESULT bit_and_with_zero
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT missing_parentheses
- CONSTANT_EXPRESSION_RESULT none
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT result_independent_of_operands
- CONSTANT_EXPRESSION_RESULT same_on_both_sides
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- COPY_PASTE_ERROR none
- DEADCODE dead_case_in_switch
- DEADCODE dead_default_in_switch
- DEADCODE effectively_constant
- DEADCODE none
- DEADCODE redundant_test
- FORWARD_NULL deref_constant_null
- FORWARD_NULL none
- IDENTICAL_BRANCHES case
- IDENTICAL_BRANCHES chain
- IDENTICAL_BRANCHES if
- IDENTICAL_BRANCHES ternary
- NESTING_INDENT_MISMATCH bad_indentation
- NESTING_INDENT_MISMATCH none
- NO_EFFECT none
- NO_EFFECT self_assign
- REVERSE_INULL none
- UNREACHABLE none
|
- CONSTANT_EXPRESSION_RESULT bit_and_with_zero
- CONSTANT_EXPRESSION_RESULT none
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT result_independent_of_operands
- CONSTANT_EXPRESSION_RESULT same_on_both_sides
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- COPY_PASTE_ERROR none
- DEADCODE dead_case_in_switch
- DEADCODE dead_default_in_switch
- DEADCODE effectively_constant
- DEADCODE none
- DEADCODE redundant_test
- FORWARD_NULL deref_constant_null
- FORWARD_NULL none
- IDENTICAL_BRANCHES case
- IDENTICAL_BRANCHES chain
- IDENTICAL_BRANCHES if
- IDENTICAL_BRANCHES ternary
- PROPERTY_MIXUP none
- PW.* none
- REGEX_INJECTION none
- REVERSE_INULL none
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- UNEXPECTED_CONTROL_FLOW continue_in_do_while_false
- UNEXPECTED_CONTROL_FLOW ignored_exception_to_optional
- UNEXPECTED_CONTROL_FLOW useless_defer
- XPATH_INJECTION none
|
- ANGULAR_EXPRESSION_INJECTION none
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_fields
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_filesize
- CONFIG.CORDOVA_EXCESSIVE_LOGGING cordova
- CONFIG.SOCKETIO_MAXHTTPBUFFERSIZE_SET_TOO_LARGE socketio_max_buffer_size
- CONFIG.SOCKETIO_ORIGINS_ACCEPT_ALL socketio_all_origins
- CONSTANT_EXPRESSION_RESULT bit_and_with_zero
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT missing_parentheses
- CONSTANT_EXPRESSION_RESULT none
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT result_independent_of_operands
- CONSTANT_EXPRESSION_RESULT same_on_both_sides
- CONSTANT_EXPRESSION_RESULT typeof_misuse
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- COPY_PASTE_ERROR none
- DEADCODE none
- DEADCODE redundant_test
- EXPRESS_SESSION_UNSAFE_MEMORYSTORE express_session_unsafe_memorystore
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_fields
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_filesize
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_use_temp_files
- FORWARD_NULL bad_null_value_use
- IDENTICAL_BRANCHES case
- IDENTICAL_BRANCHES chain
- IDENTICAL_BRANCHES if
- IDENTICAL_BRANCHES ternary
- MISSING_BREAK none
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_count
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
- MULTER_MISCONFIGURATION multer_misconfiguration_of_limits
- MULTER_MISCONFIGURATION multer_misconfiguration_of_storage
- NESTING_INDENT_MISMATCH bad_indentation
- NESTING_INDENT_MISMATCH none
- NOSQL_QUERY_INJECTION none
- NO_EFFECT none
- NO_EFFECT self_assign
- NULL_RETURNS none
- REGEX_INJECTION none
- REVERSE_INULL none
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- TEMPLATE_INJECTION none
- UNEXPECTED_CONTROL_FLOW continue_in_do_while_false
- UNREACHABLE none
- UNSAFE_DESERIALIZATION none
- XML_EXTERNAL_ENTITY entity_expansion
|
- COPY_PASTE_ERROR none
- DEADCODE dead_case_in_switch
- DEADCODE dead_default_in_switch
- DEADCODE effectively_constant
- DEADCODE none
- DEADCODE redundant_test
- FORWARD_NULL deref_constant_null
- FORWARD_NULL deref_constant_zero
- FORWARD_NULL dynamic_cast
- FORWARD_NULL none
- FORWARD_NULL null_from_as
- FORWARD_NULL throws_on_null
- IDENTICAL_BRANCHES case
- IDENTICAL_BRANCHES chain
- IDENTICAL_BRANCHES if
- IDENTICAL_BRANCHES ternary
- NULL_RETURNS none
- PROPERTY_MIXUP none
- REGEX_INJECTION none
- RESOURCE_LEAK channel
- RESOURCE_LEAK database
- RESOURCE_LEAK exceptional_path
- RESOURCE_LEAK none
- RESOURCE_LEAK socket
- RESOURCE_LEAK stream
- REVERSE_INULL none
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- UNEXPECTED_CONTROL_FLOW continue_in_do_while_false
- UNREACHABLE none
- UNRESTRICTED_DISPATCH none
- UNSAFE_DESERIALIZATION none
- UNSAFE_NAMED_QUERY none
- XML_EXTERNAL_ENTITY entity_expansion
- XML_EXTERNAL_ENTITY unrestricted_dtds
- XPATH_INJECTION none
|
| 399 Resource Management Errors |
- LOCK_INVERSION none
- NOSQL_QUERY_INJECTION none
- REGEX_INJECTION none
- RESOURCE_LEAK channel
- RESOURCE_LEAK database
- RESOURCE_LEAK exceptional_path
- RESOURCE_LEAK none
- RESOURCE_LEAK socket
- RESOURCE_LEAK stream
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- UNKNOWN_LANGUAGE_INJECTION none
- UNRESTRICTED_DISPATCH none
- UNSAFE_DESERIALIZATION none
- UNSAFE_NAMED_QUERY none
- XML_EXTERNAL_ENTITY entity_expansion
- XML_EXTERNAL_ENTITY unrestricted_dtds
- XPATH_INJECTION none
|
- ALLOC_FREE_MISMATCH none
- BAD_FREE address
- BAD_FREE alloca
- BAD_FREE array
- BAD_FREE first_field_address
- BAD_FREE function_pointer
- BAD_FREE none
- COM.ADDROF_LEAK none
- COM.BAD_FREE none
- COM.BSTR.ALLOC double_free
- COM.BSTR.ALLOC free_uninit
- COM.BSTR.ALLOC leak
- COM.BSTR.ALLOC none
- COM.BSTR.ALLOC use_after_free
- COM.BSTR.ALLOC use_uninit
- CTOR_DTOR_LEAK none
- DELETE_ARRAY non_array_delete
- DELETE_ARRAY none
- DELETE_ARRAY object
- DELETE_ARRAY scalar
- LOCK double_lock
- MISSING_ASSIGN none
- MISSING_ASSIGN uncalled
- MISSING_COPY none
- MISSING_COPY uncalled
- NO_EFFECT bad_memset_zero_size
- NO_EFFECT incomplete_delete
- ORDER_REVERSAL none
- RESOURCE_LEAK exceptional_path
- RESOURCE_LEAK fds_handles
- RESOURCE_LEAK none
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- STACK_USE none
- TAINTED_SCALAR allocation
- USE_AFTER_FREE deref_read_after_free
- USE_AFTER_FREE deref_write_after_free
- USE_AFTER_FREE double_free
- USE_AFTER_FREE none
- VIRTUAL_DTOR empty_dtor
- VIRTUAL_DTOR none
- WRAPPER_ESCAPE COM_deref_read_after_free
- WRAPPER_ESCAPE COM_deref_write_after_free
- WRAPPER_ESCAPE COM_use_after_free
- WRAPPER_ESCAPE deref_read_after_free
- WRAPPER_ESCAPE deref_write_after_free
- WRAPPER_ESCAPE none
- XPATH_INJECTION none
|
- ALLOC_FREE_MISMATCH none
- BAD_FREE address
- BAD_FREE alloca
- BAD_FREE array
- BAD_FREE first_field_address
- BAD_FREE function_pointer
- BAD_FREE none
- CTOR_DTOR_LEAK none
- DELETE_ARRAY non_array_delete
- DELETE_ARRAY none
- DELETE_ARRAY object
- DELETE_ARRAY scalar
- LOCK double_lock
- MISSING_ASSIGN none
- MISSING_ASSIGN uncalled
- MISSING_COPY none
- MISSING_COPY uncalled
- NO_EFFECT bad_memset_zero_size
- NO_EFFECT incomplete_delete
- ORDER_REVERSAL none
- RESOURCE_LEAK exceptional_path
- RESOURCE_LEAK fds_handles
- RESOURCE_LEAK none
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- STACK_USE none
- TAINTED_SCALAR allocation
- USE_AFTER_FREE deref_read_after_free
- USE_AFTER_FREE deref_write_after_free
- USE_AFTER_FREE double_free
- USE_AFTER_FREE none
- VIRTUAL_DTOR empty_dtor
- VIRTUAL_DTOR none
- WRAPPER_ESCAPE COM_deref_read_after_free
- WRAPPER_ESCAPE COM_deref_write_after_free
- WRAPPER_ESCAPE COM_use_after_free
- WRAPPER_ESCAPE deref_read_after_free
- WRAPPER_ESCAPE deref_write_after_free
- WRAPPER_ESCAPE none
- XPATH_INJECTION none
|
- DISTRUSTED_DATA_DESERIALIZATION none
- LOCK double_lock
- LOCK_INVERSION none
- NOSQL_QUERY_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- TEMPLATE_INJECTION none
- XML_EXTERNAL_ENTITY entity_expansion
|
- BAD_CERT_VERIFICATION bad_revocation_check
- CALL_SUPER finalize
- DC.DEADLOCK none
- FB.DC_DOUBLECHECK none
- FB.DC_PARTIALLY_CONSTRUCTED none
- JAVA_CODE_INJECTION none
- JCR_INJECTION none
- JSP_DYNAMIC_INCLUDE none
- LOCK_INVERSION none
- NOSQL_QUERY_INJECTION none
- OGNL_INJECTION none
- REGEX_INJECTION none
- RESOURCE_LEAK exceptional_path
- RESOURCE_LEAK none
- RESOURCE_LEAK socket
- RESOURCE_LEAK stream
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- UNKNOWN_LANGUAGE_INJECTION none
- UNLIMITED_CONCURRENT_SESSIONS unlimited_concurrent_sessions
- UNRESTRICTED_DISPATCH none
- UNSAFE_DESERIALIZATION none
- UNSAFE_JNI none
- UNSAFE_NAMED_QUERY none
- UNSAFE_REFLECTION none
- XML_EXTERNAL_ENTITY entity_expansion
- XML_EXTERNAL_ENTITY unrestricted_dtds
- XPATH_INJECTION none
|
- ANGULAR_EXPRESSION_INJECTION none
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_fields
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_filesize
- CONFIG.CORDOVA_EXCESSIVE_LOGGING cordova
- CONFIG.SOCKETIO_MAXHTTPBUFFERSIZE_SET_TOO_LARGE socketio_max_buffer_size
- CONFIG.SOCKETIO_ORIGINS_ACCEPT_ALL socketio_all_origins
- EXPRESS_SESSION_UNSAFE_MEMORYSTORE express_session_unsafe_memorystore
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_fields
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_filesize
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_use_temp_files
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_count
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
- MULTER_MISCONFIGURATION multer_misconfiguration_of_limits
- MULTER_MISCONFIGURATION multer_misconfiguration_of_storage
- NOSQL_QUERY_INJECTION none
- REGEX_INJECTION none
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- TEMPLATE_INJECTION none
- UNSAFE_DESERIALIZATION none
- XML_EXTERNAL_ENTITY entity_expansion
|
- BAD_CERT_VERIFICATION bad_revocation_check
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- UNSAFE_DESERIALIZATION none
- XML_EXTERNAL_ENTITY entity_expansion
- XML_EXTERNAL_ENTITY unrestricted_dtds
|
- ALLOC_FREE_MISMATCH none
- BAD_FREE address
- BAD_FREE alloca
- BAD_FREE array
- BAD_FREE first_field_address
- BAD_FREE function_pointer
- BAD_FREE none
- CTOR_DTOR_LEAK none
- DELETE_ARRAY non_array_delete
- DELETE_ARRAY none
- DELETE_ARRAY object
- DELETE_ARRAY scalar
- LOCK double_lock
- MISSING_ASSIGN none
- MISSING_ASSIGN uncalled
- MISSING_COPY none
- MISSING_COPY uncalled
- NO_EFFECT bad_memset_zero_size
- NO_EFFECT incomplete_delete
- ORDER_REVERSAL none
- RESOURCE_LEAK exceptional_path
- RESOURCE_LEAK fds_handles
- RESOURCE_LEAK none
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- STACK_USE none
- TAINTED_SCALAR allocation
- USE_AFTER_FREE deref_read_after_free
- USE_AFTER_FREE deref_write_after_free
- USE_AFTER_FREE double_free
- USE_AFTER_FREE none
- VIRTUAL_DTOR empty_dtor
- VIRTUAL_DTOR none
- WRAPPER_ESCAPE COM_deref_read_after_free
- WRAPPER_ESCAPE COM_deref_write_after_free
- WRAPPER_ESCAPE COM_use_after_free
- WRAPPER_ESCAPE deref_read_after_free
- WRAPPER_ESCAPE deref_write_after_free
- WRAPPER_ESCAPE none
- XPATH_INJECTION none
|
- NOSQL_QUERY_INJECTION none
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- UNSAFE_DESERIALIZATION none
- UNSAFE_REFLECTION none
|
- NOSQL_QUERY_INJECTION none
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- UNSAFE_DESERIALIZATION none
|
- COOKIE_SERIALIZER_CONFIG unsafe_cookie_serialization_med
- DYNAMIC_OBJECT_ATTRIBUTES attr_protected_used_med
- DYNAMIC_OBJECT_ATTRIBUTES cve_2013_0276_hi
- DYNAMIC_OBJECT_ATTRIBUTES dangerous_attr_accessible_hi
- DYNAMIC_OBJECT_ATTRIBUTES dangerous_attr_accessible_low
- DYNAMIC_OBJECT_ATTRIBUTES dangerous_attr_accessible_med
- DYNAMIC_OBJECT_ATTRIBUTES dangerous_permit_key_hi
- DYNAMIC_OBJECT_ATTRIBUTES dangerous_permit_key_med
- DYNAMIC_OBJECT_ATTRIBUTES mass_assign_call_hi
- DYNAMIC_OBJECT_ATTRIBUTES mass_assign_call_low
- DYNAMIC_OBJECT_ATTRIBUTES mass_assign_call_med
- DYNAMIC_OBJECT_ATTRIBUTES mass_assign_permit_all_hi
- DYNAMIC_OBJECT_ATTRIBUTES mass_assign_permit_all_med
- DYNAMIC_OBJECT_ATTRIBUTES mass_assign_without_protection_hi
- DYNAMIC_OBJECT_ATTRIBUTES mass_assign_without_protection_med
- DYNAMIC_OBJECT_ATTRIBUTES no_attr_accessible_hi
- PATH_MANIPULATION dynamic_render_path_rce_hi
- RAILS_DEFAULT_ROUTES cve_2014_0130_hi
- RAILS_DEFAULT_ROUTES cve_2014_0130_med
- RAILS_DEVISE_CONFIG devise_reset_timeout_hi
- REGEX_INJECTION regex_dos_hi
- REGEX_INJECTION regex_dos_low
- REGEX_INJECTION regex_dos_med
- RESOURCE_LEAK unsafe_symbol_creation_low
- RUBY_VULNERABLE_LIBRARY cve_2012_3424_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_3424_low
- RUBY_VULNERABLE_LIBRARY cve_2013_0156_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_0269_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_0269_low
- RUBY_VULNERABLE_LIBRARY cve_2013_0269_med
- RUBY_VULNERABLE_LIBRARY cve_2013_0277_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_0277_med
- RUBY_VULNERABLE_LIBRARY cve_2013_0333_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_1854_med
- RUBY_VULNERABLE_LIBRARY cve_2013_6414_med
- RUBY_VULNERABLE_LIBRARY cve_2014_0082_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_7829_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_3227_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7581_med
- RUBY_VULNERABLE_LIBRARY cve_2016_0751_med
- SCRIPT_CODE_INJECTION code_eval_hi
- SCRIPT_CODE_INJECTION code_eval_low
- UNSAFE_DESERIALIZATION unsafe_deserialize_hi
- UNSAFE_DESERIALIZATION unsafe_deserialize_med
- UNSAFE_REFLECTION dangerous_send_hi
- UNSAFE_REFLECTION unsafe_constantize_hi
- UNSAFE_REFLECTION unsafe_constantize_med
|
|
- REGEX_INJECTION none
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- XPATH_INJECTION none
|
- ANGULAR_EXPRESSION_INJECTION none
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_fields
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_filesize
- CONFIG.CORDOVA_EXCESSIVE_LOGGING cordova
- CONFIG.SOCKETIO_MAXHTTPBUFFERSIZE_SET_TOO_LARGE socketio_max_buffer_size
- CONFIG.SOCKETIO_ORIGINS_ACCEPT_ALL socketio_all_origins
- EXPRESS_SESSION_UNSAFE_MEMORYSTORE express_session_unsafe_memorystore
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_fields
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_filesize
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_use_temp_files
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_count
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
- MULTER_MISCONFIGURATION multer_misconfiguration_of_limits
- MULTER_MISCONFIGURATION multer_misconfiguration_of_storage
- NOSQL_QUERY_INJECTION none
- REGEX_INJECTION none
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- TEMPLATE_INJECTION none
- UNSAFE_DESERIALIZATION none
- XML_EXTERNAL_ENTITY entity_expansion
|
- REGEX_INJECTION none
- RESOURCE_LEAK channel
- RESOURCE_LEAK database
- RESOURCE_LEAK exceptional_path
- RESOURCE_LEAK none
- RESOURCE_LEAK socket
- RESOURCE_LEAK stream
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- UNRESTRICTED_DISPATCH none
- UNSAFE_DESERIALIZATION none
- UNSAFE_NAMED_QUERY none
- XML_EXTERNAL_ENTITY entity_expansion
- XML_EXTERNAL_ENTITY unrestricted_dtds
- XPATH_INJECTION none
|
| 400 Uncontrolled Resource Consumption |
|
- COM.ADDROF_LEAK none
- COM.BSTR.ALLOC leak
- CTOR_DTOR_LEAK none
- NO_EFFECT incomplete_delete
- RESOURCE_LEAK fds_handles
- STACK_USE none
- TAINTED_SCALAR allocation
- VIRTUAL_DTOR empty_dtor
- VIRTUAL_DTOR none
|
- CTOR_DTOR_LEAK none
- NO_EFFECT incomplete_delete
- RESOURCE_LEAK fds_handles
- STACK_USE none
- TAINTED_SCALAR allocation
- VIRTUAL_DTOR empty_dtor
- VIRTUAL_DTOR none
|
|
- UNLIMITED_CONCURRENT_SESSIONS unlimited_concurrent_sessions
|
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_fields
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_filesize
- CONFIG.CORDOVA_EXCESSIVE_LOGGING cordova
- CONFIG.SOCKETIO_MAXHTTPBUFFERSIZE_SET_TOO_LARGE socketio_max_buffer_size
- CONFIG.SOCKETIO_ORIGINS_ACCEPT_ALL socketio_all_origins
- EXPRESS_SESSION_UNSAFE_MEMORYSTORE express_session_unsafe_memorystore
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_fields
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_filesize
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_use_temp_files
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_count
- MULTER_MISCONFIGURATION multer_misconfiguration_of_limits
- MULTER_MISCONFIGURATION multer_misconfiguration_of_storage
|
|
- CTOR_DTOR_LEAK none
- NO_EFFECT incomplete_delete
- RESOURCE_LEAK fds_handles
- STACK_USE none
- TAINTED_SCALAR allocation
- VIRTUAL_DTOR empty_dtor
- VIRTUAL_DTOR none
|
|
|
- RAILS_DEFAULT_ROUTES cve_2014_0130_hi
- RAILS_DEFAULT_ROUTES cve_2014_0130_med
- RESOURCE_LEAK unsafe_symbol_creation_low
- RUBY_VULNERABLE_LIBRARY cve_2012_3424_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_3424_low
- RUBY_VULNERABLE_LIBRARY cve_2013_1854_med
- RUBY_VULNERABLE_LIBRARY cve_2013_6414_med
- RUBY_VULNERABLE_LIBRARY cve_2014_0082_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_3227_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7581_med
- RUBY_VULNERABLE_LIBRARY cve_2016_0751_med
|
|
|
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_fields
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_filesize
- CONFIG.CORDOVA_EXCESSIVE_LOGGING cordova
- CONFIG.SOCKETIO_MAXHTTPBUFFERSIZE_SET_TOO_LARGE socketio_max_buffer_size
- CONFIG.SOCKETIO_ORIGINS_ACCEPT_ALL socketio_all_origins
- EXPRESS_SESSION_UNSAFE_MEMORYSTORE express_session_unsafe_memorystore
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_fields
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_filesize
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_use_temp_files
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_count
- MULTER_MISCONFIGURATION multer_misconfiguration_of_limits
- MULTER_MISCONFIGURATION multer_misconfiguration_of_storage
|
|
| 401 Missing Release of Memory after Effective Lifetime |
|
- COM.ADDROF_LEAK none
- COM.BSTR.ALLOC leak
- CTOR_DTOR_LEAK none
- NO_EFFECT incomplete_delete
|
- CTOR_DTOR_LEAK none
- NO_EFFECT incomplete_delete
|
|
|
|
|
- CTOR_DTOR_LEAK none
- NO_EFFECT incomplete_delete
|
|
|
|
|
|
|
|
| 402 Transmission of Private Resources into a New Sphere ('Resource Leak') |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 403 Exposure of File Descriptor to Unintended Control Sphere ('File Descriptor Leak') |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 404 Improper Resource Shutdown or Release |
- RESOURCE_LEAK channel
- RESOURCE_LEAK database
- RESOURCE_LEAK exceptional_path
- RESOURCE_LEAK none
- RESOURCE_LEAK socket
- RESOURCE_LEAK stream
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
|
- ALLOC_FREE_MISMATCH none
- BAD_FREE address
- BAD_FREE alloca
- BAD_FREE array
- BAD_FREE first_field_address
- BAD_FREE function_pointer
- BAD_FREE none
- COM.ADDROF_LEAK none
- COM.BAD_FREE none
- COM.BSTR.ALLOC leak
- CTOR_DTOR_LEAK none
- DELETE_ARRAY non_array_delete
- DELETE_ARRAY none
- DELETE_ARRAY object
- DELETE_ARRAY scalar
- NO_EFFECT incomplete_delete
- RESOURCE_LEAK exceptional_path
- RESOURCE_LEAK fds_handles
- RESOURCE_LEAK none
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- VIRTUAL_DTOR empty_dtor
- VIRTUAL_DTOR none
|
- ALLOC_FREE_MISMATCH none
- BAD_FREE address
- BAD_FREE alloca
- BAD_FREE array
- BAD_FREE first_field_address
- BAD_FREE function_pointer
- BAD_FREE none
- CTOR_DTOR_LEAK none
- DELETE_ARRAY non_array_delete
- DELETE_ARRAY none
- DELETE_ARRAY object
- DELETE_ARRAY scalar
- NO_EFFECT incomplete_delete
- RESOURCE_LEAK exceptional_path
- RESOURCE_LEAK fds_handles
- RESOURCE_LEAK none
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- VIRTUAL_DTOR empty_dtor
- VIRTUAL_DTOR none
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
|
- BAD_CERT_VERIFICATION bad_revocation_check
- CALL_SUPER finalize
- RESOURCE_LEAK exceptional_path
- RESOURCE_LEAK none
- RESOURCE_LEAK socket
- RESOURCE_LEAK stream
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
|
- BAD_CERT_VERIFICATION bad_revocation_check
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
|
- ALLOC_FREE_MISMATCH none
- BAD_FREE address
- BAD_FREE alloca
- BAD_FREE array
- BAD_FREE first_field_address
- BAD_FREE function_pointer
- BAD_FREE none
- CTOR_DTOR_LEAK none
- DELETE_ARRAY non_array_delete
- DELETE_ARRAY none
- DELETE_ARRAY object
- DELETE_ARRAY scalar
- NO_EFFECT incomplete_delete
- RESOURCE_LEAK exceptional_path
- RESOURCE_LEAK fds_handles
- RESOURCE_LEAK none
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- VIRTUAL_DTOR empty_dtor
- VIRTUAL_DTOR none
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
|
- RAILS_DEVISE_CONFIG devise_reset_timeout_hi
- RESOURCE_LEAK unsafe_symbol_creation_low
|
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
|
- RESOURCE_LEAK channel
- RESOURCE_LEAK database
- RESOURCE_LEAK exceptional_path
- RESOURCE_LEAK none
- RESOURCE_LEAK socket
- RESOURCE_LEAK stream
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
|
| 405 Asymmetric Resource Consumption (Amplification) |
- XML_EXTERNAL_ENTITY entity_expansion
- XML_EXTERNAL_ENTITY unrestricted_dtds
|
|
|
- XML_EXTERNAL_ENTITY entity_expansion
|
- XML_EXTERNAL_ENTITY entity_expansion
- XML_EXTERNAL_ENTITY unrestricted_dtds
|
- XML_EXTERNAL_ENTITY entity_expansion
|
- XML_EXTERNAL_ENTITY entity_expansion
- XML_EXTERNAL_ENTITY unrestricted_dtds
|
|
|
|
|
|
|
- XML_EXTERNAL_ENTITY entity_expansion
|
- XML_EXTERNAL_ENTITY entity_expansion
- XML_EXTERNAL_ENTITY unrestricted_dtds
|
| 406 Insufficient Control of Network Message Volume (Network Amplification) |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 407 Inefficient Algorithmic Complexity |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 408 Incorrect Behavior Order: Early Amplification |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 409 Improper Handling of Highly Compressed Data (Data Amplification) |
- XML_EXTERNAL_ENTITY entity_expansion
- XML_EXTERNAL_ENTITY unrestricted_dtds
|
|
|
- XML_EXTERNAL_ENTITY entity_expansion
|
- XML_EXTERNAL_ENTITY entity_expansion
- XML_EXTERNAL_ENTITY unrestricted_dtds
|
- XML_EXTERNAL_ENTITY entity_expansion
|
- XML_EXTERNAL_ENTITY entity_expansion
- XML_EXTERNAL_ENTITY unrestricted_dtds
|
|
|
|
|
|
|
- XML_EXTERNAL_ENTITY entity_expansion
|
- XML_EXTERNAL_ENTITY entity_expansion
- XML_EXTERNAL_ENTITY unrestricted_dtds
|
| 410 Insufficient Resource Pool |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 411 Resource Locking Problems |
|
- LOCK double_lock
- ORDER_REVERSAL none
|
- LOCK double_lock
- ORDER_REVERSAL none
|
- LOCK double_lock
- LOCK_INVERSION none
|
- DC.DEADLOCK none
- FB.DC_DOUBLECHECK none
- FB.DC_PARTIALLY_CONSTRUCTED none
- LOCK_INVERSION none
|
|
|
- LOCK double_lock
- ORDER_REVERSAL none
|
|
|
|
|
|
|
|
| 412 Unrestricted Externally Accessible Lock |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 413 Improper Resource Locking |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 414 Missing Lock Check |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 415 Double Free |
|
- COM.BSTR.ALLOC double_free
- USE_AFTER_FREE double_free
|
- USE_AFTER_FREE double_free
|
|
|
|
|
- USE_AFTER_FREE double_free
|
|
|
|
|
|
|
|
| 416 Use After Free |
|
- COM.BAD_FREE none
- COM.BSTR.ALLOC double_free
- COM.BSTR.ALLOC free_uninit
- COM.BSTR.ALLOC none
- COM.BSTR.ALLOC use_after_free
- COM.BSTR.ALLOC use_uninit
- MISSING_ASSIGN none
- MISSING_ASSIGN uncalled
- MISSING_COPY none
- MISSING_COPY uncalled
- USE_AFTER_FREE deref_read_after_free
- USE_AFTER_FREE deref_write_after_free
- USE_AFTER_FREE none
- WRAPPER_ESCAPE COM_deref_read_after_free
- WRAPPER_ESCAPE COM_deref_write_after_free
- WRAPPER_ESCAPE COM_use_after_free
- WRAPPER_ESCAPE deref_read_after_free
- WRAPPER_ESCAPE deref_write_after_free
- WRAPPER_ESCAPE none
|
- MISSING_ASSIGN none
- MISSING_ASSIGN uncalled
- MISSING_COPY none
- MISSING_COPY uncalled
- USE_AFTER_FREE deref_read_after_free
- USE_AFTER_FREE deref_write_after_free
- USE_AFTER_FREE none
- WRAPPER_ESCAPE COM_deref_read_after_free
- WRAPPER_ESCAPE COM_deref_write_after_free
- WRAPPER_ESCAPE COM_use_after_free
- WRAPPER_ESCAPE deref_read_after_free
- WRAPPER_ESCAPE deref_write_after_free
- WRAPPER_ESCAPE none
|
|
|
|
|
- MISSING_ASSIGN none
- MISSING_ASSIGN uncalled
- MISSING_COPY none
- MISSING_COPY uncalled
- USE_AFTER_FREE deref_read_after_free
- USE_AFTER_FREE deref_write_after_free
- USE_AFTER_FREE none
- WRAPPER_ESCAPE COM_deref_read_after_free
- WRAPPER_ESCAPE COM_deref_write_after_free
- WRAPPER_ESCAPE COM_use_after_free
- WRAPPER_ESCAPE deref_read_after_free
- WRAPPER_ESCAPE deref_write_after_free
- WRAPPER_ESCAPE none
|
|
|
|
|
|
|
|
| 417 Communication Channel Errors |
|
|
|
|
- CONFIG.MISSING_JSF2_SECURITY_CONSTRAINT none
- CONFIG.UNSAFE_SESSION_TIMEOUT none
- UNSAFE_JNI none
|
- CONFIG.UNSAFE_SESSION_TIMEOUT client_sessions_unsafe_session_timeout
- CONFIG.UNSAFE_SESSION_TIMEOUT connect_mongo_session_timeout_too_long
- CONFIG.UNSAFE_SESSION_TIMEOUT connect_redis_session_timeout_too_long
- CONFIG.UNSAFE_SESSION_TIMEOUT google_cloud_connect_datastore_unsafe_session_timeout
- CORS_MISCONFIGURATION_AUDIT cors_preflight_age_too_long
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_max_age
- INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_aws
- INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_google
- TEMPORARY_CREDENTIALS_DURATION temporary_credentials_duration
- UNCHECKED_ORIGIN none
|
|
|
|
|
|
|
|
- CONFIG.UNSAFE_SESSION_TIMEOUT client_sessions_unsafe_session_timeout
- CONFIG.UNSAFE_SESSION_TIMEOUT connect_mongo_session_timeout_too_long
- CONFIG.UNSAFE_SESSION_TIMEOUT connect_redis_session_timeout_too_long
- CONFIG.UNSAFE_SESSION_TIMEOUT google_cloud_connect_datastore_unsafe_session_timeout
- CORS_MISCONFIGURATION_AUDIT cors_preflight_age_too_long
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_max_age
- INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_aws
- INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_google
- TEMPORARY_CREDENTIALS_DURATION temporary_credentials_duration
- UNCHECKED_ORIGIN none
|
|
| 418 DEPRECATED: Channel Errors |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 419 Unprotected Primary Channel |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 420 Unprotected Alternate Channel |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 421 Race Condition During Access to Alternate Channel |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 422 Unprotected Windows Messaging Channel ('Shatter') |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 423 DEPRECATED (Duplicate): Proxied Trusted Channel |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 424 Improper Protection of Alternate Path |
|
|
|
|
- CONFIG.MISSING_JSF2_SECURITY_CONSTRAINT none
|
|
|
|
|
|
|
|
|
|
|
| 425 Direct Request ('Forced Browsing') |
|
|
|
|
- CONFIG.MISSING_JSF2_SECURITY_CONSTRAINT none
|
|
|
|
|
|
|
|
|
|
|
| 426 Untrusted Search Path |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 427 Uncontrolled Search Path Element |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 428 Unquoted Search Path or Element |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 429 Handler Errors |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 430 Deployment of Wrong Handler |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 431 Missing Handler |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 432 Dangerous Signal Handler not Disabled During Sensitive Operations |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 433 Unparsed Raw Web Content Delivery |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 434 Unrestricted Upload of File with Dangerous Type |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 435 Improper Interaction Between Multiple Correctly-Behaving Entities |
|
- INCOMPATIBLE_CAST endianness
|
- INCOMPATIBLE_CAST endianness
|
|
- CONFIG.HTTP_VERB_TAMPERING none
- CONFIG.SPRING_SECURITY_DEPRECATED_XSS_HEADER deprecated_xss_header
- INSECURE_HTTP_FIREWALL spring_security
- XSS none
- XSS stored_xss
|
- ANGULAR_SCE_DISABLED angular_sce_disabled
- DOM_XSS none
- REACT_DANGEROUS_INNERHTML react_set_unsafe_html
- VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
- XSS none
|
|
- INCOMPATIBLE_CAST endianness
|
|
|
- XSS cross_site_scripting_hi
- XSS cross_site_scripting_inline_hi
- XSS cross_site_scripting_inline_med
- XSS cross_site_scripting_low
- XSS cross_site_scripting_med
- XSS cve_2011_0446_hi
- XSS cve_2012_3464_med
- XSS cve_2016_6316_hi
- XSS cve_2016_6316_med
- XSS unquoted_attribute_hi
- XSS unquoted_attribute_low
- XSS unquoted_attribute_med
- XSS xss_content_tag_hi
- XSS xss_content_tag_med
- XSS xss_link_to_hi
- XSS xss_link_to_href_hi
- XSS xss_link_to_href_low
- XSS xss_link_to_med
- XSS xss_to_json_hi
- XSS xss_to_json_med
|
|
|
- ANGULAR_SCE_DISABLED angular_sce_disabled
- DOM_XSS none
- REACT_DANGEROUS_INNERHTML react_set_unsafe_html
- VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
- XSS none
|
|
| 436 Interpretation Conflict |
|
|
|
|
- CONFIG.HTTP_VERB_TAMPERING none
- CONFIG.SPRING_SECURITY_DEPRECATED_XSS_HEADER deprecated_xss_header
- INSECURE_HTTP_FIREWALL spring_security
- XSS none
- XSS stored_xss
|
- ANGULAR_SCE_DISABLED angular_sce_disabled
- DOM_XSS none
- REACT_DANGEROUS_INNERHTML react_set_unsafe_html
- VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
- XSS none
|
|
|
|
|
- XSS cross_site_scripting_hi
- XSS cross_site_scripting_inline_hi
- XSS cross_site_scripting_inline_med
- XSS cross_site_scripting_low
- XSS cross_site_scripting_med
- XSS cve_2011_0446_hi
- XSS cve_2012_3464_med
- XSS cve_2016_6316_hi
- XSS cve_2016_6316_med
- XSS unquoted_attribute_hi
- XSS unquoted_attribute_low
- XSS unquoted_attribute_med
- XSS xss_content_tag_hi
- XSS xss_content_tag_med
- XSS xss_link_to_hi
- XSS xss_link_to_href_hi
- XSS xss_link_to_href_low
- XSS xss_link_to_med
- XSS xss_to_json_hi
- XSS xss_to_json_med
|
|
|
- ANGULAR_SCE_DISABLED angular_sce_disabled
- DOM_XSS none
- REACT_DANGEROUS_INNERHTML react_set_unsafe_html
- VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
- XSS none
|
|
| 437 Incomplete Model of Endpoint Features |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 438 Behavioral Problems |
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT missing_parentheses
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- INFINITE_LOOP no_escape
- INFINITE_LOOP none
- NESTING_INDENT_MISMATCH bad_indentation
- NESTING_INDENT_MISMATCH none
- STRAY_SEMICOLON none
- XML_EXTERNAL_ENTITY entity_expansion
- XML_EXTERNAL_ENTITY unrestricted_dtds
- XSS none
- XSS stored_xss
|
- BAD_COMPARE misuse_of_not
- BAD_COMPARE string_lit_comparison
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT missing_parentheses
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- INFINITE_LOOP no_escape
- INFINITE_LOOP none
- LOCK lock_assert
- MISSING_BREAK none
- NESTING_INDENT_MISMATCH bad_indentation
- NESTING_INDENT_MISMATCH none
- NO_EFFECT extra_comma
- NO_EFFECT no_effect_test
- PW.ASSIGN_WHERE_COMPARE_MEANT none
- SIZEOF_MISMATCH missing_parentheses
- STRAY_SEMICOLON none
- UNCAUGHT_EXCEPT none
|
- BAD_COMPARE misuse_of_not
- BAD_COMPARE string_lit_comparison
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT missing_parentheses
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- INFINITE_LOOP no_escape
- INFINITE_LOOP none
- LOCK lock_assert
- MISSING_BREAK none
- NESTING_INDENT_MISMATCH bad_indentation
- NESTING_INDENT_MISMATCH none
- NO_EFFECT extra_comma
- NO_EFFECT no_effect_test
- PW.ASSIGN_WHERE_COMPARE_MEANT none
- SIZEOF_MISMATCH missing_parentheses
- STRAY_SEMICOLON none
- UNCAUGHT_EXCEPT none
|
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT missing_parentheses
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- INFINITE_LOOP no_escape
- INFINITE_LOOP none
- LOCK lock_assert
- XML_EXTERNAL_ENTITY entity_expansion
- XSS none
|
- CONFIG.HTTP_VERB_TAMPERING none
- CONFIG.SPRING_SECURITY_DEPRECATED_XSS_HEADER deprecated_xss_header
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT missing_parentheses
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- FB.DMI_ANNOTATION_IS_NOT_VISIBLE_TO_REFLECTION none
- FB.DMI_ARGUMENTS_WRONG_ORDER none
- FB.DMI_BAD_MONTH none
- FB.DMI_BIGDECIMAL_CONSTRUCTED_FROM_DOUBLE none
- FB.DMI_BLOCKING_METHODS_ON_URL none
- FB.DMI_CALLING_NEXT_FROM_HASNEXT none
- FB.DMI_COLLECTIONS_SHOULD_NOT_CONTAIN_THEMSELVES none
- FB.DMI_COLLECTION_OF_URLS none
- FB.DMI_DOH none
- FB.DMI_ENTRY_SETS_MAY_REUSE_ENTRY_OBJECTS none
- FB.DMI_FUTILE_ATTEMPT_TO_CHANGE_MAXPOOL_SIZE_OF_SCHEDULED_THREAD none
- FB.DMI_HARDCODED_ABSOLUTE_FILENAME none
- FB.DMI_INVOKING_HASHCODE_ON_ARRAY none
- FB.DMI_INVOKING_TOSTRING_ON_ANONYMOUS_ARRAY none
- FB.DMI_INVOKING_TOSTRING_ON_ARRAY none
- FB.DMI_LONG_BITS_TO_DOUBLE_INVOKED_ON_INT none
- FB.DMI_NONSERIALIZABLE_OBJECT_WRITTEN none
- FB.DMI_RANDOM_USED_ONLY_ONCE none
- FB.DMI_SCHEDULED_THREAD_POOL_EXECUTOR_WITH_ZERO_CORE_THREADS none
- FB.DMI_THREAD_PASSED_WHERE_RUNNABLE_EXPECTED none
- FB.DMI_UNSUPPORTED_METHOD none
- FB.DMI_USELESS_SUBSTRING none
- FB.DMI_USING_REMOVEALL_TO_CLEAR_COLLECTION none
- FB.DMI_VACUOUS_CALL_TO_EASYMOCK_METHOD none
- FB.DMI_VACUOUS_SELF_COLLECTION_CALL none
- FB.DM_EXIT none
- FB.ES_COMPARING_PARAMETER_STRING_WITH_EQ none
- FB.ES_COMPARING_STRINGS_WITH_EQ none
- FB.IL_INFINITE_RECURSIVE_LOOP none
- FB.QBA_QUESTIONABLE_BOOLEAN_ASSIGNMENT none
- FB.REC_CATCH_EXCEPTION none
- FB.RV_01_TO_INT none
- FB.RV_ABSOLUTE_VALUE_OF_HASHCODE none
- FB.RV_ABSOLUTE_VALUE_OF_RANDOM_INT none
- FB.RV_CHECK_COMPARETO_FOR_SPECIFIC_RETURN_VALUE none
- FB.RV_CHECK_FOR_POSITIVE_INDEXOF none
- FB.RV_DONT_JUST_NULL_CHECK_READLINE none
- FB.RV_EXCEPTION_NOT_THROWN none
- FB.RV_NEGATING_RESULT_OF_COMPARETO none
- FB.RV_REM_OF_HASHCODE none
- FB.RV_REM_OF_RANDOM_INT none
- FB.RV_RETURN_VALUE_IGNORED none
- FB.RV_RETURN_VALUE_IGNORED2 none
- FB.RV_RETURN_VALUE_IGNORED_INFERRED none
- FB.RV_RETURN_VALUE_IGNORED_NO_SIDE_EFFECT none
- FB.RV_RETURN_VALUE_OF_PUTIFABSENT_IGNORED none
- FB.SF_DEAD_STORE_DUE_TO_SWITCH_FALLTHROUGH none
- FB.SF_DEAD_STORE_DUE_TO_SWITCH_FALLTHROUGH_TO_THROW none
- FB.SF_SWITCH_FALLTHROUGH none
- INFINITE_LOOP no_escape
- INFINITE_LOOP none
- INSECURE_HTTP_FIREWALL spring_security
- MISSING_BREAK none
- NESTING_INDENT_MISMATCH bad_indentation
- NESTING_INDENT_MISMATCH none
- STRAY_SEMICOLON none
- XML_EXTERNAL_ENTITY entity_expansion
- XML_EXTERNAL_ENTITY unrestricted_dtds
- XSS none
- XSS stored_xss
|
- ANGULAR_SCE_DISABLED angular_sce_disabled
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT missing_parentheses
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- DOM_XSS none
- MISSING_BREAK none
- NESTING_INDENT_MISMATCH bad_indentation
- NESTING_INDENT_MISMATCH none
- REACT_DANGEROUS_INNERHTML react_set_unsafe_html
- STRAY_SEMICOLON none
- VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
- XML_EXTERNAL_ENTITY entity_expansion
- XSS none
|
- XML_EXTERNAL_ENTITY entity_expansion
- XML_EXTERNAL_ENTITY unrestricted_dtds
|
- BAD_COMPARE misuse_of_not
- BAD_COMPARE string_lit_comparison
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT missing_parentheses
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- INFINITE_LOOP no_escape
- INFINITE_LOOP none
- LOCK lock_assert
- MISSING_BREAK none
- NESTING_INDENT_MISMATCH bad_indentation
- NESTING_INDENT_MISMATCH none
- NO_EFFECT extra_comma
- NO_EFFECT no_effect_test
- SIZEOF_MISMATCH missing_parentheses
- STRAY_SEMICOLON none
- UNCAUGHT_EXCEPT none
|
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT missing_parentheses
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- MISSING_BREAK none
- NESTING_INDENT_MISMATCH bad_indentation
- NESTING_INDENT_MISMATCH none
- STRAY_SEMICOLON none
- XSS none
|
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT missing_parentheses
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- XSS none
|
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT missing_parentheses
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- RAILS_DEVISE_CONFIG devise_lock_strategy_low
- XSS cross_site_scripting_hi
- XSS cross_site_scripting_inline_hi
- XSS cross_site_scripting_inline_med
- XSS cross_site_scripting_low
- XSS cross_site_scripting_med
- XSS cve_2011_0446_hi
- XSS cve_2012_3464_med
- XSS cve_2016_6316_hi
- XSS cve_2016_6316_med
- XSS unquoted_attribute_hi
- XSS unquoted_attribute_low
- XSS unquoted_attribute_med
- XSS xss_content_tag_hi
- XSS xss_content_tag_med
- XSS xss_link_to_hi
- XSS xss_link_to_href_hi
- XSS xss_link_to_href_low
- XSS xss_link_to_med
- XSS xss_to_json_hi
- XSS xss_to_json_med
|
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT missing_parentheses
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- NESTING_INDENT_MISMATCH bad_indentation
- NESTING_INDENT_MISMATCH none
|
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
|
- ANGULAR_SCE_DISABLED angular_sce_disabled
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT missing_parentheses
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- DOM_XSS none
- MISSING_BREAK none
- NESTING_INDENT_MISMATCH bad_indentation
- NESTING_INDENT_MISMATCH none
- REACT_DANGEROUS_INNERHTML react_set_unsafe_html
- STRAY_SEMICOLON none
- VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
- XML_EXTERNAL_ENTITY entity_expansion
- XSS none
|
- INFINITE_LOOP no_escape
- INFINITE_LOOP none
- XML_EXTERNAL_ENTITY entity_expansion
- XML_EXTERNAL_ENTITY unrestricted_dtds
- XSS none
- XSS stored_xss
|
| 439 Behavioral Change in New Version or Environment |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 440 Expected Behavior Violation |
|
|
|
|
- FB.DMI_ANNOTATION_IS_NOT_VISIBLE_TO_REFLECTION none
- FB.DMI_ARGUMENTS_WRONG_ORDER none
- FB.DMI_BAD_MONTH none
- FB.DMI_BIGDECIMAL_CONSTRUCTED_FROM_DOUBLE none
- FB.DMI_BLOCKING_METHODS_ON_URL none
- FB.DMI_CALLING_NEXT_FROM_HASNEXT none
- FB.DMI_COLLECTIONS_SHOULD_NOT_CONTAIN_THEMSELVES none
- FB.DMI_COLLECTION_OF_URLS none
- FB.DMI_DOH none
- FB.DMI_ENTRY_SETS_MAY_REUSE_ENTRY_OBJECTS none
- FB.DMI_FUTILE_ATTEMPT_TO_CHANGE_MAXPOOL_SIZE_OF_SCHEDULED_THREAD none
- FB.DMI_HARDCODED_ABSOLUTE_FILENAME none
- FB.DMI_INVOKING_HASHCODE_ON_ARRAY none
- FB.DMI_INVOKING_TOSTRING_ON_ANONYMOUS_ARRAY none
- FB.DMI_INVOKING_TOSTRING_ON_ARRAY none
- FB.DMI_LONG_BITS_TO_DOUBLE_INVOKED_ON_INT none
- FB.DMI_NONSERIALIZABLE_OBJECT_WRITTEN none
- FB.DMI_RANDOM_USED_ONLY_ONCE none
- FB.DMI_SCHEDULED_THREAD_POOL_EXECUTOR_WITH_ZERO_CORE_THREADS none
- FB.DMI_THREAD_PASSED_WHERE_RUNNABLE_EXPECTED none
- FB.DMI_UNSUPPORTED_METHOD none
- FB.DMI_USELESS_SUBSTRING none
- FB.DMI_USING_REMOVEALL_TO_CLEAR_COLLECTION none
- FB.DMI_VACUOUS_CALL_TO_EASYMOCK_METHOD none
- FB.DMI_VACUOUS_SELF_COLLECTION_CALL none
- FB.RV_01_TO_INT none
- FB.RV_ABSOLUTE_VALUE_OF_HASHCODE none
- FB.RV_ABSOLUTE_VALUE_OF_RANDOM_INT none
- FB.RV_CHECK_COMPARETO_FOR_SPECIFIC_RETURN_VALUE none
- FB.RV_CHECK_FOR_POSITIVE_INDEXOF none
- FB.RV_DONT_JUST_NULL_CHECK_READLINE none
- FB.RV_EXCEPTION_NOT_THROWN none
- FB.RV_NEGATING_RESULT_OF_COMPARETO none
- FB.RV_REM_OF_HASHCODE none
- FB.RV_REM_OF_RANDOM_INT none
- FB.RV_RETURN_VALUE_IGNORED none
- FB.RV_RETURN_VALUE_IGNORED2 none
- FB.RV_RETURN_VALUE_IGNORED_INFERRED none
- FB.RV_RETURN_VALUE_IGNORED_NO_SIDE_EFFECT none
- FB.RV_RETURN_VALUE_OF_PUTIFABSENT_IGNORED none
|
|
|
|
|
|
|
|
|
|
|
| 441 Unintended Proxy or Intermediary ('Confused Deputy') |
|
|
|
|
- URL_MANIPULATION bad_content_uri
- URL_MANIPULATION bad_intent_uri
- URL_MANIPULATION bad_web_uri
|
|
- URL_MANIPULATION bad_content_uri
- URL_MANIPULATION bad_intent_uri
- URL_MANIPULATION bad_web_uri
|
|
|
|
|
|
|
|
|
| 442 DEPRECATED: Web Problems |
- CSRF database_update
- CSRF filesystem_modification
- CSRF none
- INSECURE_COOKIE dotnet
- OPEN_REDIRECT none
- XML_EXTERNAL_ENTITY entity_expansion
- XML_EXTERNAL_ENTITY external_entities
- XML_EXTERNAL_ENTITY unrestricted_dtds
- XSS none
- XSS stored_xss
|
- HEADER_INJECTION none
- URL_MANIPULATION none
|
- HEADER_INJECTION none
- URL_MANIPULATION none
|
- HEADER_INJECTION none
- OPEN_REDIRECT none
- URL_MANIPULATION none
- XML_EXTERNAL_ENTITY entity_expansion
- XML_EXTERNAL_ENTITY external_entities
- XSS none
|
- CONFIG.MISSING_JSF2_SECURITY_CONSTRAINT none
- CONFIG.SPRING_SECURITY_CSRF_PROTECTION_DISABLED spring_security
- CONFIG.SPRING_SECURITY_DEPRECATED_XSS_HEADER deprecated_xss_header
- CSRF database_update
- CSRF filesystem_modification
- CSRF none
- FB.HRS_REQUEST_PARAMETER_TO_COOKIE none
- FB.HRS_REQUEST_PARAMETER_TO_HTTP_HEADER none
- FB.XSS_REQUEST_PARAMETER_TO_JSP_WRITER none
- FB.XSS_REQUEST_PARAMETER_TO_SEND_ERROR none
- FB.XSS_REQUEST_PARAMETER_TO_SERVLET_WRITER none
- INSECURE_COOKIE java
- INSECURE_REMEMBER_ME_COOKIE remember_me_cookie
- MISSING_HEADER_VALIDATION missing_header_validation
- OPEN_REDIRECT none
- URL_MANIPULATION bad_content_uri
- URL_MANIPULATION bad_intent_uri
- URL_MANIPULATION bad_web_uri
- XML_EXTERNAL_ENTITY entity_expansion
- XML_EXTERNAL_ENTITY external_entities
- XML_EXTERNAL_ENTITY unrestricted_dtds
- XSS none
- XSS stored_xss
|
- ANGULAR_BYPASS_SECURITY none
- ANGULAR_ELEMENT_REFERENCE none
- ANGULAR_SCE_DISABLED angular_sce_disabled
- CONFIG.CSURF_IGNORE_METHODS csurf_ignore_methods
- CONFIG.HANA_XS_PREVENT_XSRF_DISABLED none
- CSRF database_update
- CSRF filesystem_modification
- CSRF none
- CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_cookie_name
- CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_no_validation
- CSRF_MISCONFIGURATION_HAPI_CRUMB insecure_cookie
- CSRF_MISCONFIGURATION_HAPI_CRUMB insufficient_token_entropy
- DOM_XSS none
- HEADER_INJECTION none
- INSECURE_COOKIE client_sessions_express_session
- INSECURE_COOKIE hapi_server_session
- MULTER_MISCONFIGURATION multer_custom_file_filter
- OPEN_REDIRECT none
- REACT_DANGEROUS_INNERHTML react_set_unsafe_html
- REVERSE_TABNABBING react_target_blank
- URL_MANIPULATION none
- VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
- XML_EXTERNAL_ENTITY entity_expansion
- XML_EXTERNAL_ENTITY external_entities
- XSS none
|
- URL_MANIPULATION bad_content_uri
- URL_MANIPULATION bad_intent_uri
- URL_MANIPULATION bad_web_uri
- XML_EXTERNAL_ENTITY entity_expansion
- XML_EXTERNAL_ENTITY external_entities
- XML_EXTERNAL_ENTITY unrestricted_dtds
|
- HEADER_INJECTION none
- URL_MANIPULATION none
|
- CONFIG.SYMFONY_CSRF_PROTECTION_DISABLED none
- OPEN_REDIRECT none
- XML_EXTERNAL_ENTITY external_entities
- XSS none
|
- CSRF database_update
- CSRF none
- OPEN_REDIRECT none
- XML_EXTERNAL_ENTITY external_entities
- XSS none
|
- CSRF csrf_not_protected_by_raising_exception_med
- CSRF csrf_protection_disabled_hi
- CSRF csrf_protection_missing_hi
- CSRF cve_2011_0447_hi
- INSECURE_COOKIE cookie_missing_secure_flag_low
- INSECURE_COOKIE missing_httponly_low
- OPEN_REDIRECT open_redirect_hi
- OPEN_REDIRECT open_redirect_low
- REVERSE_TABNABBING reverse_tabnabbing_low
- RUBY_VULNERABLE_LIBRARY cve_2011_2931_hi
- RUBY_VULNERABLE_LIBRARY cve_2011_2932_hi
- RUBY_VULNERABLE_LIBRARY cve_2011_3186_med
- RUBY_VULNERABLE_LIBRARY cve_2012_3463_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_3465_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_1855_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_1857_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_4491_med
- RUBY_VULNERABLE_LIBRARY cve_2013_6416_call_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_6416_med
- RUBY_VULNERABLE_LIBRARY cve_2014_0081_call_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_0081_med
- RUBY_VULNERABLE_LIBRARY cve_2015_3226_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_3226_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7578_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_7578_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7579_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_7579_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7580_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_7580_med
- RUBY_VULNERABLE_LIBRARY cve_2018_3741_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_3741_med
- RUBY_VULNERABLE_LIBRARY cve_2018_8048_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_8048_med
- RUBY_VULNERABLE_LIBRARY safe_buffer_vuln_med
- RUBY_VULNERABLE_LIBRARY select_options_vuln_low
- RUBY_VULNERABLE_LIBRARY select_options_vuln_med
- RUBY_VULNERABLE_LIBRARY translate_vuln_hi
- RUBY_VULNERABLE_LIBRARY translate_vuln_med
- UNESCAPED_HTML unescaped_output_low
- UNSAFE_SESSION_SETTING http_cookies_hi
- UNSAFE_SESSION_SETTING secure_cookies_hi
- XSS cross_site_scripting_hi
- XSS cross_site_scripting_inline_hi
- XSS cross_site_scripting_inline_med
- XSS cross_site_scripting_low
- XSS cross_site_scripting_med
- XSS cve_2011_0446_hi
- XSS cve_2012_3464_med
- XSS cve_2016_6316_hi
- XSS cve_2016_6316_med
- XSS unquoted_attribute_hi
- XSS unquoted_attribute_low
- XSS unquoted_attribute_med
- XSS xss_content_tag_hi
- XSS xss_content_tag_med
- XSS xss_link_to_hi
- XSS xss_link_to_href_hi
- XSS xss_link_to_href_low
- XSS xss_link_to_med
- XSS xss_to_json_hi
- XSS xss_to_json_med
|
|
- XML_EXTERNAL_ENTITY external_entities
|
- ANGULAR_BYPASS_SECURITY none
- ANGULAR_ELEMENT_REFERENCE none
- ANGULAR_SCE_DISABLED angular_sce_disabled
- CONFIG.CSURF_IGNORE_METHODS csurf_ignore_methods
- CONFIG.HANA_XS_PREVENT_XSRF_DISABLED none
- CSRF database_update
- CSRF filesystem_modification
- CSRF none
- CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_cookie_name
- CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_no_validation
- CSRF_MISCONFIGURATION_HAPI_CRUMB insecure_cookie
- CSRF_MISCONFIGURATION_HAPI_CRUMB insufficient_token_entropy
- DOM_XSS none
- HEADER_INJECTION none
- INSECURE_COOKIE client_sessions_express_session
- INSECURE_COOKIE hapi_server_session
- MULTER_MISCONFIGURATION multer_custom_file_filter
- OPEN_REDIRECT none
- REACT_DANGEROUS_INNERHTML react_set_unsafe_html
- REVERSE_TABNABBING react_target_blank
- URL_MANIPULATION none
- VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
- XML_EXTERNAL_ENTITY entity_expansion
- XML_EXTERNAL_ENTITY external_entities
- XSS none
|
- CSRF database_update
- CSRF filesystem_modification
- CSRF none
- OPEN_REDIRECT none
- XML_EXTERNAL_ENTITY entity_expansion
- XML_EXTERNAL_ENTITY external_entities
- XML_EXTERNAL_ENTITY unrestricted_dtds
- XSS none
- XSS stored_xss
|
| 443 DEPRECATED (Duplicate): HTTP response splitting |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 444 Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 445 DEPRECATED: User Interface Errors |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 446 UI Discrepancy for Security Feature |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 447 Unimplemented or Unsupported Feature in UI |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 448 Obsolete Feature in UI |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 449 The UI Performs the Wrong Action |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 450 Multiple Interpretations of UI Input |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 451 User Interface (UI) Misrepresentation of Critical Information |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 452 Initialization and Cleanup Errors |
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
|
- DELETE_ARRAY non_array_delete
- DELETE_ARRAY none
- DELETE_ARRAY object
- DELETE_ARRAY scalar
- NO_EFFECT bad_memset_fill_value
- NO_EFFECT bad_memset_zero_size
- NO_EFFECT self_assign
- PW.BRANCH_PAST_INITIALIZATION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- TAINTED_SCALAR allocation
- UNINIT array_index_read
- UNINIT array_index_write
- UNINIT none
- UNINIT pointer_deref_read
- UNINIT pointer_deref_write
- UNINIT_CTOR none
- UNINIT_CTOR pointer
|
- DELETE_ARRAY non_array_delete
- DELETE_ARRAY none
- DELETE_ARRAY object
- DELETE_ARRAY scalar
- NO_EFFECT bad_memset_fill_value
- NO_EFFECT bad_memset_zero_size
- NO_EFFECT self_assign
- PW.BRANCH_PAST_INITIALIZATION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- TAINTED_SCALAR allocation
- UNINIT array_index_read
- UNINIT array_index_write
- UNINIT none
- UNINIT pointer_deref_read
- UNINIT pointer_deref_write
- UNINIT_CTOR none
- UNINIT_CTOR pointer
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
|
- CALL_SUPER finalize
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
|
- EXPRESS_SESSION_UNSAFE_MEMORYSTORE express_session_unsafe_memorystore
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_count
- MULTER_MISCONFIGURATION multer_misconfiguration_of_limits
- NO_EFFECT self_assign
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
|
- DELETE_ARRAY non_array_delete
- DELETE_ARRAY none
- DELETE_ARRAY object
- DELETE_ARRAY scalar
- NO_EFFECT bad_memset_fill_value
- NO_EFFECT bad_memset_zero_size
- NO_EFFECT self_assign
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- TAINTED_SCALAR allocation
- UNINIT array_index_read
- UNINIT array_index_write
- UNINIT none
- UNINIT pointer_deref_read
- UNINIT pointer_deref_write
- UNINIT_CTOR none
- UNINIT_CTOR pointer
|
- NO_EFFECT self_assign
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
|
|
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
|
- EXPRESS_SESSION_UNSAFE_MEMORYSTORE express_session_unsafe_memorystore
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_count
- MULTER_MISCONFIGURATION multer_misconfiguration_of_limits
- NO_EFFECT self_assign
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
|
| 453 Insecure Default Variable Initialization |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 454 External Initialization of Trusted Variables or Data Stores |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 455 Non-exit on Failed Initialization |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 456 Missing Initialization of a Variable |
|
- NO_EFFECT bad_memset_zero_size
|
- NO_EFFECT bad_memset_zero_size
|
|
|
|
|
- NO_EFFECT bad_memset_zero_size
|
|
|
|
|
|
|
|
| 457 Use of Uninitialized Variable |
|
- PW.BRANCH_PAST_INITIALIZATION none
- UNINIT array_index_read
- UNINIT array_index_write
- UNINIT none
- UNINIT pointer_deref_read
- UNINIT pointer_deref_write
- UNINIT_CTOR none
- UNINIT_CTOR pointer
|
- PW.BRANCH_PAST_INITIALIZATION none
- UNINIT array_index_read
- UNINIT array_index_write
- UNINIT none
- UNINIT pointer_deref_read
- UNINIT pointer_deref_write
- UNINIT_CTOR none
- UNINIT_CTOR pointer
|
|
|
|
|
- UNINIT array_index_read
- UNINIT array_index_write
- UNINIT none
- UNINIT pointer_deref_read
- UNINIT pointer_deref_write
- UNINIT_CTOR none
- UNINIT_CTOR pointer
|
|
|
|
|
|
|
|
| 458 DEPRECATED: Incorrect Initialization |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 459 Incomplete Cleanup |
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
|
- DELETE_ARRAY non_array_delete
- DELETE_ARRAY none
- DELETE_ARRAY object
- DELETE_ARRAY scalar
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
|
- DELETE_ARRAY non_array_delete
- DELETE_ARRAY none
- DELETE_ARRAY object
- DELETE_ARRAY scalar
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
|
- CALL_SUPER finalize
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
|
- DELETE_ARRAY non_array_delete
- DELETE_ARRAY none
- DELETE_ARRAY object
- DELETE_ARRAY scalar
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
|
|
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
|
| 460 Improper Cleanup on Thrown Exception |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 461 DEPRECATED: Data Structure Issues |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 462 Duplicate Key in Associative List (Alist) |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 463 Deletion of Data Structure Sentinel |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 464 Addition of Data Structure Sentinel |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 465 Pointer Issues |
- FORWARD_NULL deref_constant_null
- FORWARD_NULL deref_constant_zero
- FORWARD_NULL dynamic_cast
- FORWARD_NULL none
- FORWARD_NULL null_from_as
- FORWARD_NULL throws_on_null
- NULL_RETURNS none
- NULL_RETURNS unimpl
- REVERSE_INULL none
|
- ALLOC_FREE_MISMATCH none
- BAD_FREE address
- BAD_FREE alloca
- BAD_FREE array
- BAD_FREE first_field_address
- BAD_FREE function_pointer
- BAD_FREE none
- BAD_SIZEOF none
- BAD_SIZEOF sizeof_ptr_expr
- COM.BAD_FREE none
- COM.BSTR.ALLOC double_free
- COM.BSTR.ALLOC free_uninit
- COM.BSTR.ALLOC none
- COM.BSTR.ALLOC use_after_free
- COM.BSTR.ALLOC use_uninit
- FORWARD_NULL deref_constant_null
- FORWARD_NULL dynamic_cast
- FORWARD_NULL none
- FORWARD_NULL throws_on_null
- MISSING_ASSIGN none
- MISSING_ASSIGN uncalled
- MISSING_COPY none
- MISSING_COPY uncalled
- NO_EFFECT no_effect_deref
- NO_EFFECT useless_continue
- NULL_RETURNS none
- NULL_RETURNS unimpl
- REVERSE_INULL none
- SIZEOF_MISMATCH sizeof_punning
- USE_AFTER_FREE deref_read_after_free
- USE_AFTER_FREE deref_write_after_free
- USE_AFTER_FREE double_free
- USE_AFTER_FREE none
- WRAPPER_ESCAPE COM_deref_read_after_free
- WRAPPER_ESCAPE COM_deref_write_after_free
- WRAPPER_ESCAPE COM_use_after_free
- WRAPPER_ESCAPE deref_read_after_free
- WRAPPER_ESCAPE deref_write_after_free
- WRAPPER_ESCAPE none
|
- ALLOC_FREE_MISMATCH none
- BAD_FREE address
- BAD_FREE alloca
- BAD_FREE array
- BAD_FREE first_field_address
- BAD_FREE function_pointer
- BAD_FREE none
- BAD_SIZEOF none
- BAD_SIZEOF sizeof_ptr_expr
- FORWARD_NULL deref_constant_null
- FORWARD_NULL dynamic_cast
- FORWARD_NULL none
- FORWARD_NULL throws_on_null
- MISSING_ASSIGN none
- MISSING_ASSIGN uncalled
- MISSING_COPY none
- MISSING_COPY uncalled
- NO_EFFECT no_effect_deref
- NO_EFFECT useless_continue
- NULL_RETURNS none
- NULL_RETURNS unimpl
- REVERSE_INULL none
- SIZEOF_MISMATCH sizeof_punning
- USE_AFTER_FREE deref_read_after_free
- USE_AFTER_FREE deref_write_after_free
- USE_AFTER_FREE double_free
- USE_AFTER_FREE none
- WRAPPER_ESCAPE COM_deref_read_after_free
- WRAPPER_ESCAPE COM_deref_write_after_free
- WRAPPER_ESCAPE COM_use_after_free
- WRAPPER_ESCAPE deref_read_after_free
- WRAPPER_ESCAPE deref_write_after_free
- WRAPPER_ESCAPE none
|
- FORWARD_NULL deref_constant_null
- FORWARD_NULL none
- NULL_RETURNS none
- NULL_RETURNS unimpl
- REVERSE_INULL none
|
- FB.BC_NULL_INSTANCEOF none
- FB.NP_ALWAYS_NULL none
- FB.NP_ALWAYS_NULL_EXCEPTION none
- FB.NP_ARGUMENT_MIGHT_BE_NULL none
- FB.NP_BOOLEAN_RETURN_NULL none
- FB.NP_CLONE_COULD_RETURN_NULL none
- FB.NP_CLOSING_NULL none
- FB.NP_DEREFERENCE_OF_READLINE_VALUE none
- FB.NP_DOES_NOT_HANDLE_NULL none
- FB.NP_EQUALS_SHOULD_HANDLE_NULL_ARGUMENT none
- FB.NP_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR none
- FB.NP_GUARANTEED_DEREF none
- FB.NP_GUARANTEED_DEREF_ON_EXCEPTION_PATH none
- FB.NP_IMMEDIATE_DEREFERENCE_OF_READLINE none
- FB.NP_LOAD_OF_KNOWN_NULL_VALUE none
- FB.NP_METHOD_PARAMETER_RELAXING_ANNOTATION none
- FB.NP_METHOD_PARAMETER_TIGHTENS_ANNOTATION none
- FB.NP_METHOD_RETURN_RELAXING_ANNOTATION none
- FB.NP_NONNULL_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR none
- FB.NP_NONNULL_PARAM_VIOLATION none
- FB.NP_NONNULL_RETURN_VIOLATION none
- FB.NP_NULL_INSTANCEOF none
- FB.NP_NULL_ON_SOME_PATH none
- FB.NP_NULL_ON_SOME_PATH_EXCEPTION none
- FB.NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE none
- FB.NP_NULL_ON_SOME_PATH_MIGHT_BE_INFEASIBLE none
- FB.NP_NULL_PARAM_DEREF none
- FB.NP_NULL_PARAM_DEREF_ALL_TARGETS_DANGEROUS none
- FB.NP_NULL_PARAM_DEREF_NONVIRTUAL none
- FB.NP_OPTIONAL_RETURN_NULL none
- FB.NP_PARAMETER_MUST_BE_NONNULL_BUT_MARKED_AS_NULLABLE none
- FB.NP_STORE_INTO_NONNULL_FIELD none
- FB.NP_TOSTRING_COULD_RETURN_NULL none
- FB.NP_UNWRITTEN_FIELD none
- FB.NP_UNWRITTEN_PUBLIC_OR_PROTECTED_FIELD none
- FB.RCN_REDUNDANT_COMPARISON_OF_NULL_AND_NONNULL_VALUE none
- FB.RCN_REDUNDANT_COMPARISON_TWO_NULL_VALUES none
- FB.RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE none
- FB.RCN_REDUNDANT_NULLCHECK_OF_NULL_VALUE none
- FB.RCN_REDUNDANT_NULLCHECK_WOULD_HAVE_BEEN_A_NPE none
- FORWARD_NULL deref_constant_null
- FORWARD_NULL deref_constant_zero
- FORWARD_NULL needs_null_check
- FORWARD_NULL none
- NULL_RETURNS none
- NULL_RETURNS unimpl
- REVERSE_INULL none
|
- FORWARD_NULL bad_null_value_use
- NULL_RETURNS none
- REVERSE_INULL none
|
|
- ALLOC_FREE_MISMATCH none
- BAD_FREE address
- BAD_FREE alloca
- BAD_FREE array
- BAD_FREE first_field_address
- BAD_FREE function_pointer
- BAD_FREE none
- BAD_SIZEOF none
- BAD_SIZEOF sizeof_ptr_expr
- FORWARD_NULL deref_constant_null
- FORWARD_NULL dynamic_cast
- FORWARD_NULL none
- FORWARD_NULL throws_on_null
- MISSING_ASSIGN none
- MISSING_ASSIGN uncalled
- MISSING_COPY none
- MISSING_COPY uncalled
- NO_EFFECT no_effect_deref
- NO_EFFECT useless_continue
- NULL_RETURNS none
- NULL_RETURNS unimpl
- REVERSE_INULL none
- SIZEOF_MISMATCH sizeof_punning
- USE_AFTER_FREE deref_read_after_free
- USE_AFTER_FREE deref_write_after_free
- USE_AFTER_FREE double_free
- USE_AFTER_FREE none
- WRAPPER_ESCAPE COM_deref_read_after_free
- WRAPPER_ESCAPE COM_deref_write_after_free
- WRAPPER_ESCAPE COM_use_after_free
- WRAPPER_ESCAPE deref_read_after_free
- WRAPPER_ESCAPE deref_write_after_free
- WRAPPER_ESCAPE none
|
- FORWARD_NULL bad_null_value_use
|
- FORWARD_NULL bad_null_value_use
- REVERSE_INULL none
|
- FORWARD_NULL bad_null_value_use
- REVERSE_INULL none
|
- FORWARD_NULL deref_constant_null
- FORWARD_NULL none
- REVERSE_INULL none
|
- FORWARD_NULL deref_constant_null
- FORWARD_NULL none
- REVERSE_INULL none
|
- FORWARD_NULL bad_null_value_use
- NULL_RETURNS none
- REVERSE_INULL none
|
- FORWARD_NULL deref_constant_null
- FORWARD_NULL deref_constant_zero
- FORWARD_NULL dynamic_cast
- FORWARD_NULL none
- FORWARD_NULL null_from_as
- FORWARD_NULL throws_on_null
- NULL_RETURNS none
- REVERSE_INULL none
|
| 466 Return of Pointer Value Outside of Expected Range |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 467 Use of sizeof() on a Pointer Type |
|
- BAD_SIZEOF none
- BAD_SIZEOF sizeof_ptr_expr
- SIZEOF_MISMATCH sizeof_punning
|
- BAD_SIZEOF none
- BAD_SIZEOF sizeof_ptr_expr
- SIZEOF_MISMATCH sizeof_punning
|
|
|
|
|
- BAD_SIZEOF none
- BAD_SIZEOF sizeof_ptr_expr
- SIZEOF_MISMATCH sizeof_punning
|
|
|
|
|
|
|
|
| 468 Incorrect Pointer Scaling |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 469 Use of Pointer Subtraction to Determine Size |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 470 Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') |
|
|
|
|
- JSP_DYNAMIC_INCLUDE none
- UNSAFE_JNI none
- UNSAFE_NAMED_QUERY none
- UNSAFE_REFLECTION none
|
|
|
|
|
|
- UNSAFE_REFLECTION dangerous_send_hi
- UNSAFE_REFLECTION unsafe_constantize_hi
- UNSAFE_REFLECTION unsafe_constantize_med
|
|
|
|
|
| 471 Modification of Assumed-Immutable Data (MAID) |
|
- WEAK_GUARD ip_address
- WEAK_GUARD ip_address_sensitive_op
|
- WEAK_GUARD ip_address
- WEAK_GUARD ip_address_sensitive_op
|
|
- WEAK_GUARD ip_address
- WEAK_GUARD ip_address_sensitive_op
|
|
|
- WEAK_GUARD ip_address
- WEAK_GUARD ip_address_sensitive_op
|
|
|
|
|
|
|
|
| 472 External Control of Assumed-Immutable Web Parameter |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 473 PHP External Variable Modification |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 474 Use of Function with Inconsistent Implementations |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 475 Undefined Behavior for Input to API |
|
- PRINTF_ARGS invalid_printf_format_string
|
- PRINTF_ARGS invalid_printf_format_string
|
|
|
|
|
- PRINTF_ARGS invalid_printf_format_string
|
|
|
|
|
|
|
|
| 476 NULL Pointer Dereference |
- FORWARD_NULL deref_constant_null
- FORWARD_NULL deref_constant_zero
- FORWARD_NULL dynamic_cast
- FORWARD_NULL none
- FORWARD_NULL null_from_as
- FORWARD_NULL throws_on_null
- NULL_RETURNS none
- NULL_RETURNS unimpl
- REVERSE_INULL none
|
- FORWARD_NULL deref_constant_null
- FORWARD_NULL dynamic_cast
- FORWARD_NULL none
- FORWARD_NULL throws_on_null
- NULL_RETURNS none
- NULL_RETURNS unimpl
- REVERSE_INULL none
|
- FORWARD_NULL deref_constant_null
- FORWARD_NULL dynamic_cast
- FORWARD_NULL none
- FORWARD_NULL throws_on_null
- NULL_RETURNS none
- NULL_RETURNS unimpl
- REVERSE_INULL none
|
- FORWARD_NULL deref_constant_null
- FORWARD_NULL none
- NULL_RETURNS none
- NULL_RETURNS unimpl
- REVERSE_INULL none
|
- FB.BC_NULL_INSTANCEOF none
- FB.NP_ALWAYS_NULL none
- FB.NP_ALWAYS_NULL_EXCEPTION none
- FB.NP_ARGUMENT_MIGHT_BE_NULL none
- FB.NP_BOOLEAN_RETURN_NULL none
- FB.NP_CLONE_COULD_RETURN_NULL none
- FB.NP_CLOSING_NULL none
- FB.NP_DEREFERENCE_OF_READLINE_VALUE none
- FB.NP_DOES_NOT_HANDLE_NULL none
- FB.NP_EQUALS_SHOULD_HANDLE_NULL_ARGUMENT none
- FB.NP_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR none
- FB.NP_GUARANTEED_DEREF none
- FB.NP_GUARANTEED_DEREF_ON_EXCEPTION_PATH none
- FB.NP_IMMEDIATE_DEREFERENCE_OF_READLINE none
- FB.NP_LOAD_OF_KNOWN_NULL_VALUE none
- FB.NP_METHOD_PARAMETER_RELAXING_ANNOTATION none
- FB.NP_METHOD_PARAMETER_TIGHTENS_ANNOTATION none
- FB.NP_METHOD_RETURN_RELAXING_ANNOTATION none
- FB.NP_NONNULL_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR none
- FB.NP_NONNULL_PARAM_VIOLATION none
- FB.NP_NONNULL_RETURN_VIOLATION none
- FB.NP_NULL_INSTANCEOF none
- FB.NP_NULL_ON_SOME_PATH none
- FB.NP_NULL_ON_SOME_PATH_EXCEPTION none
- FB.NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE none
- FB.NP_NULL_ON_SOME_PATH_MIGHT_BE_INFEASIBLE none
- FB.NP_NULL_PARAM_DEREF none
- FB.NP_NULL_PARAM_DEREF_ALL_TARGETS_DANGEROUS none
- FB.NP_NULL_PARAM_DEREF_NONVIRTUAL none
- FB.NP_OPTIONAL_RETURN_NULL none
- FB.NP_PARAMETER_MUST_BE_NONNULL_BUT_MARKED_AS_NULLABLE none
- FB.NP_STORE_INTO_NONNULL_FIELD none
- FB.NP_TOSTRING_COULD_RETURN_NULL none
- FB.NP_UNWRITTEN_FIELD none
- FB.NP_UNWRITTEN_PUBLIC_OR_PROTECTED_FIELD none
- FB.RCN_REDUNDANT_COMPARISON_OF_NULL_AND_NONNULL_VALUE none
- FB.RCN_REDUNDANT_COMPARISON_TWO_NULL_VALUES none
- FB.RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE none
- FB.RCN_REDUNDANT_NULLCHECK_OF_NULL_VALUE none
- FB.RCN_REDUNDANT_NULLCHECK_WOULD_HAVE_BEEN_A_NPE none
- FORWARD_NULL deref_constant_null
- FORWARD_NULL deref_constant_zero
- FORWARD_NULL needs_null_check
- FORWARD_NULL none
- NULL_RETURNS none
- NULL_RETURNS unimpl
- REVERSE_INULL none
|
- FORWARD_NULL bad_null_value_use
- NULL_RETURNS none
- REVERSE_INULL none
|
|
- FORWARD_NULL deref_constant_null
- FORWARD_NULL dynamic_cast
- FORWARD_NULL none
- FORWARD_NULL throws_on_null
- NULL_RETURNS none
- NULL_RETURNS unimpl
- REVERSE_INULL none
|
- FORWARD_NULL bad_null_value_use
|
- FORWARD_NULL bad_null_value_use
- REVERSE_INULL none
|
- FORWARD_NULL bad_null_value_use
- REVERSE_INULL none
|
- FORWARD_NULL deref_constant_null
- FORWARD_NULL none
- REVERSE_INULL none
|
- FORWARD_NULL deref_constant_null
- FORWARD_NULL none
- REVERSE_INULL none
|
- FORWARD_NULL bad_null_value_use
- NULL_RETURNS none
- REVERSE_INULL none
|
- FORWARD_NULL deref_constant_null
- FORWARD_NULL deref_constant_zero
- FORWARD_NULL dynamic_cast
- FORWARD_NULL none
- FORWARD_NULL null_from_as
- FORWARD_NULL throws_on_null
- NULL_RETURNS none
- REVERSE_INULL none
|
| 477 Use of Obsolete Function |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 478 Missing Default Case in Switch Statement |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 479 Signal Handler Use of a Non-reentrant Function |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 480 Use of Incorrect Operator |
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
|
- BAD_COMPARE string_lit_comparison
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- NO_EFFECT extra_comma
- NO_EFFECT no_effect_test
- PW.ASSIGN_WHERE_COMPARE_MEANT none
|
- BAD_COMPARE string_lit_comparison
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- NO_EFFECT extra_comma
- NO_EFFECT no_effect_test
- PW.ASSIGN_WHERE_COMPARE_MEANT none
|
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
|
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- FB.ES_COMPARING_PARAMETER_STRING_WITH_EQ none
- FB.ES_COMPARING_STRINGS_WITH_EQ none
- FB.QBA_QUESTIONABLE_BOOLEAN_ASSIGNMENT none
|
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
|
|
- BAD_COMPARE string_lit_comparison
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- NO_EFFECT extra_comma
- NO_EFFECT no_effect_test
|
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
|
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
|
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
|
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
|
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
|
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
|
|
| 481 Assigning instead of Comparing |
|
- PW.ASSIGN_WHERE_COMPARE_MEANT none
|
- PW.ASSIGN_WHERE_COMPARE_MEANT none
|
|
- FB.QBA_QUESTIONABLE_BOOLEAN_ASSIGNMENT none
|
|
|
|
|
|
|
|
|
|
|
| 482 Comparing instead of Assigning |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 483 Incorrect Block Delimitation |
- NESTING_INDENT_MISMATCH bad_indentation
- NESTING_INDENT_MISMATCH none
|
- NESTING_INDENT_MISMATCH bad_indentation
- NESTING_INDENT_MISMATCH none
|
- NESTING_INDENT_MISMATCH bad_indentation
- NESTING_INDENT_MISMATCH none
|
|
- NESTING_INDENT_MISMATCH bad_indentation
- NESTING_INDENT_MISMATCH none
|
- NESTING_INDENT_MISMATCH bad_indentation
- NESTING_INDENT_MISMATCH none
|
|
- NESTING_INDENT_MISMATCH bad_indentation
- NESTING_INDENT_MISMATCH none
|
- NESTING_INDENT_MISMATCH bad_indentation
- NESTING_INDENT_MISMATCH none
|
|
|
- NESTING_INDENT_MISMATCH bad_indentation
- NESTING_INDENT_MISMATCH none
|
|
- NESTING_INDENT_MISMATCH bad_indentation
- NESTING_INDENT_MISMATCH none
|
|
| 484 Omitted Break Statement in Switch |
|
|
|
|
- FB.SF_DEAD_STORE_DUE_TO_SWITCH_FALLTHROUGH none
- FB.SF_DEAD_STORE_DUE_TO_SWITCH_FALLTHROUGH_TO_THROW none
- FB.SF_SWITCH_FALLTHROUGH none
- MISSING_BREAK none
|
|
|
|
|
|
|
|
|
|
|
| 485 7PK - Encapsulation |
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
|
- CALL_SUPER clone
- CONFIG.SPRING_BOOT_SENSITIVE_LOGGING spring_boot_logging
- CONFIG.SPRING_SECURITY_DEBUG_MODE spring_debug_mode_enabled
- FB.CN_IDIOM none
- FB.CN_IDIOM_NO_SUPER_CALL none
- FB.CN_IMPLEMENTS_CLONE_BUT_NOT_CLONEABLE none
- FB.EI_EXPOSE_REP none
- FB.EI_EXPOSE_REP2 none
- FB.FI_PUBLIC_SHOULD_BE_PROTECTED none
- FB.MS_CANNOT_BE_FINAL none
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- TRUST_BOUNDARY_VIOLATION none
|
- CONFIG.ENABLED_DEBUG_MODE debug_mode_enabled
- CONFIG.SEQUELIZE_ENABLED_LOGGING sequelize_logging_enabled
- EXPRESS_WINSTON_SENSITIVE_LOGGING error_logger
- EXPRESS_WINSTON_SENSITIVE_LOGGING meta_data
- EXPRESS_WINSTON_SENSITIVE_LOGGING request_logger
- INSECURE_COOKIE client_sessions_express_session
- INSECURE_COOKIE hapi_server_session
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
|
|
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
|
- CONFIG.ENABLED_DEBUG_MODE debug_mode_enabled
- CONFIG.SEQUELIZE_ENABLED_LOGGING sequelize_logging_enabled
- EXPRESS_WINSTON_SENSITIVE_LOGGING error_logger
- EXPRESS_WINSTON_SENSITIVE_LOGGING meta_data
- EXPRESS_WINSTON_SENSITIVE_LOGGING request_logger
- INSECURE_COOKIE client_sessions_express_session
- INSECURE_COOKIE hapi_server_session
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
|
| 486 Comparison of Classes by Name |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 487 Reliance on Package-level Scope |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 488 Exposure of Data Element to Wrong Session |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 489 Active Debug Code |
|
|
|
|
- CONFIG.SPRING_SECURITY_DEBUG_MODE spring_debug_mode_enabled
|
- CONFIG.ENABLED_DEBUG_MODE debug_mode_enabled
|
|
|
|
|
|
|
|
- CONFIG.ENABLED_DEBUG_MODE debug_mode_enabled
|
|
| 490 DEPRECATED: Mobile Code Issues |
|
|
|
|
- FB.EI_EXPOSE_REP none
- FB.EI_EXPOSE_REP2 none
- FB.FI_PUBLIC_SHOULD_BE_PROTECTED none
- FB.MS_CANNOT_BE_FINAL none
|
|
|
|
|
|
|
|
|
|
|
| 491 Public cloneable() Method Without Final ('Object Hijack') |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 492 Use of Inner Class Containing Sensitive Data |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 493 Critical Public Variable Without Final Modifier |
|
|
|
|
- FB.MS_CANNOT_BE_FINAL none
|
|
|
|
|
|
|
|
|
|
|
| 494 Download of Code Without Integrity Check |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 495 Private Data Structure Returned From A Public Method |
|
|
|
|
- FB.EI_EXPOSE_REP none
- FB.EI_EXPOSE_REP2 none
|
|
|
|
|
|
|
|
|
|
|
| 496 Public Data Assigned to Private Array-Typed Field |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 497 Exposure of Sensitive System Information to an Unauthorized Control Sphere |
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
|
- CONFIG.SPRING_BOOT_SENSITIVE_LOGGING spring_boot_logging
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
|
- CONFIG.SEQUELIZE_ENABLED_LOGGING sequelize_logging_enabled
- EXPRESS_WINSTON_SENSITIVE_LOGGING error_logger
- EXPRESS_WINSTON_SENSITIVE_LOGGING meta_data
- EXPRESS_WINSTON_SENSITIVE_LOGGING request_logger
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
|
|
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
|
- CONFIG.SEQUELIZE_ENABLED_LOGGING sequelize_logging_enabled
- EXPRESS_WINSTON_SENSITIVE_LOGGING error_logger
- EXPRESS_WINSTON_SENSITIVE_LOGGING meta_data
- EXPRESS_WINSTON_SENSITIVE_LOGGING request_logger
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
|
| 498 Cloneable Class Containing Sensitive Information |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 499 Serializable Class Containing Sensitive Data |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 500 Public Static Field Not Marked Final |
|
|
|
|
- FB.MS_CANNOT_BE_FINAL none
|
|
|
|
|
|
|
|
|
|
|
| 501 Trust Boundary Violation |
|
|
|
|
- TRUST_BOUNDARY_VIOLATION none
|
|
|
|
|
|
|
|
|
|
|
| 502 Deserialization of Untrusted Data |
- UNSAFE_DESERIALIZATION none
|
|
|
- DISTRUSTED_DATA_DESERIALIZATION none
|
- UNSAFE_DESERIALIZATION none
|
- UNSAFE_DESERIALIZATION none
|
- UNSAFE_DESERIALIZATION none
|
|
- UNSAFE_DESERIALIZATION none
|
- UNSAFE_DESERIALIZATION none
|
- COOKIE_SERIALIZER_CONFIG unsafe_cookie_serialization_med
- RUBY_VULNERABLE_LIBRARY cve_2013_0156_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_0269_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_0269_low
- RUBY_VULNERABLE_LIBRARY cve_2013_0269_med
- RUBY_VULNERABLE_LIBRARY cve_2013_0277_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_0277_med
- RUBY_VULNERABLE_LIBRARY cve_2013_0333_hi
- UNSAFE_DESERIALIZATION unsafe_deserialize_hi
- UNSAFE_DESERIALIZATION unsafe_deserialize_med
|
|
|
- UNSAFE_DESERIALIZATION none
|
- UNSAFE_DESERIALIZATION none
|
| 503 DEPRECATED: Byte/Object Code |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 504 DEPRECATED: Motivation/Intent |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 505 DEPRECATED: Intentionally Introduced Weakness |
- NOSQL_QUERY_INJECTION none
- REGEX_INJECTION none
- SCRIPT_CODE_INJECTION none
- UNKNOWN_LANGUAGE_INJECTION none
- UNSAFE_DESERIALIZATION none
- UNSAFE_NAMED_QUERY none
- XPATH_INJECTION none
|
|
|
- DISTRUSTED_DATA_DESERIALIZATION none
- NOSQL_QUERY_INJECTION none
- TEMPLATE_INJECTION none
|
- JAVA_CODE_INJECTION none
- JCR_INJECTION none
- JSP_DYNAMIC_INCLUDE none
- NOSQL_QUERY_INJECTION none
- OGNL_INJECTION none
- REGEX_INJECTION none
- SCRIPT_CODE_INJECTION none
- UNKNOWN_LANGUAGE_INJECTION none
- UNSAFE_DESERIALIZATION none
- UNSAFE_JNI none
- UNSAFE_NAMED_QUERY none
- UNSAFE_REFLECTION none
- XPATH_INJECTION none
|
- ANGULAR_EXPRESSION_INJECTION none
- NOSQL_QUERY_INJECTION none
- REGEX_INJECTION none
- SCRIPT_CODE_INJECTION none
- TEMPLATE_INJECTION none
- UNSAFE_DESERIALIZATION none
|
- UNSAFE_DESERIALIZATION none
|
|
- NOSQL_QUERY_INJECTION none
- SCRIPT_CODE_INJECTION none
- UNSAFE_DESERIALIZATION none
- UNSAFE_REFLECTION none
|
- NOSQL_QUERY_INJECTION none
- SCRIPT_CODE_INJECTION none
- UNSAFE_DESERIALIZATION none
|
- COOKIE_SERIALIZER_CONFIG unsafe_cookie_serialization_med
- DYNAMIC_OBJECT_ATTRIBUTES attr_protected_used_med
- DYNAMIC_OBJECT_ATTRIBUTES cve_2013_0276_hi
- DYNAMIC_OBJECT_ATTRIBUTES dangerous_attr_accessible_hi
- DYNAMIC_OBJECT_ATTRIBUTES dangerous_attr_accessible_low
- DYNAMIC_OBJECT_ATTRIBUTES dangerous_attr_accessible_med
- DYNAMIC_OBJECT_ATTRIBUTES dangerous_permit_key_hi
- DYNAMIC_OBJECT_ATTRIBUTES dangerous_permit_key_med
- DYNAMIC_OBJECT_ATTRIBUTES mass_assign_call_hi
- DYNAMIC_OBJECT_ATTRIBUTES mass_assign_call_low
- DYNAMIC_OBJECT_ATTRIBUTES mass_assign_call_med
- DYNAMIC_OBJECT_ATTRIBUTES mass_assign_permit_all_hi
- DYNAMIC_OBJECT_ATTRIBUTES mass_assign_permit_all_med
- DYNAMIC_OBJECT_ATTRIBUTES mass_assign_without_protection_hi
- DYNAMIC_OBJECT_ATTRIBUTES mass_assign_without_protection_med
- DYNAMIC_OBJECT_ATTRIBUTES no_attr_accessible_hi
- PATH_MANIPULATION dynamic_render_path_rce_hi
- REGEX_INJECTION regex_dos_hi
- REGEX_INJECTION regex_dos_low
- REGEX_INJECTION regex_dos_med
- RUBY_VULNERABLE_LIBRARY cve_2013_0156_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_0269_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_0269_low
- RUBY_VULNERABLE_LIBRARY cve_2013_0269_med
- RUBY_VULNERABLE_LIBRARY cve_2013_0277_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_0277_med
- RUBY_VULNERABLE_LIBRARY cve_2013_0333_hi
- SCRIPT_CODE_INJECTION code_eval_hi
- SCRIPT_CODE_INJECTION code_eval_low
- UNSAFE_DESERIALIZATION unsafe_deserialize_hi
- UNSAFE_DESERIALIZATION unsafe_deserialize_med
- UNSAFE_REFLECTION dangerous_send_hi
- UNSAFE_REFLECTION unsafe_constantize_hi
- UNSAFE_REFLECTION unsafe_constantize_med
|
|
- REGEX_INJECTION none
- SCRIPT_CODE_INJECTION none
- XPATH_INJECTION none
|
- ANGULAR_EXPRESSION_INJECTION none
- NOSQL_QUERY_INJECTION none
- REGEX_INJECTION none
- SCRIPT_CODE_INJECTION none
- TEMPLATE_INJECTION none
- UNSAFE_DESERIALIZATION none
|
- REGEX_INJECTION none
- SCRIPT_CODE_INJECTION none
- UNSAFE_DESERIALIZATION none
- UNSAFE_NAMED_QUERY none
- XPATH_INJECTION none
|
| 506 Embedded Malicious Code |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 507 Trojan Horse |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 508 Non-Replicating Malicious Code |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 509 Replicating Malicious Code (Virus or Worm) |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 510 Trapdoor |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 511 Logic/Time Bomb |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 512 Spyware |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 513 DEPRECATED: Intentionally Introduced Nonmalicious Weakness |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 514 Covert Channel |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 515 Covert Storage Channel |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 516 DEPRECATED (Duplicate): Covert Timing Channel |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 517 DEPRECATED: Other Intentional, Nonmalicious Weakness |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 518 DEPRECATED: Inadvertently Introduced Weakness |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 519 DEPRECATED: .NET Environment Issues |
- CONFIG.ASPNET_VERSION_HEADER none
- CONFIG.ASP_VIEWSTATE_MAC none
- CONFIG.CONNECTION_STRING_PASSWORD none
- CONFIG.COOKIES_MISSING_HTTPONLY none
- CONFIG.DEAD_AUTHORIZATION_RULE dead_allow_rule
- CONFIG.DEAD_AUTHORIZATION_RULE dead_deny_rule
- CONFIG.ENABLED_DEBUG_MODE none
- CONFIG.ENABLED_TRACE_MODE none
- CONFIG.MISSING_CUSTOM_ERROR_PAGE none
|
|
|
|
|
|
|
|
|
|
|
|
|
|
- CONFIG.MISSING_CUSTOM_ERROR_PAGE none
|
| 520 .NET Misconfiguration: Use of Impersonation |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 521 Weak Password Requirements |
|
|
|
|
|
|
|
|
|
|
- RAILS_DEVISE_CONFIG devise_password_length_max_low
- RAILS_DEVISE_CONFIG devise_password_length_max_med
- RAILS_DEVISE_CONFIG devise_password_length_min_low
- RAILS_DEVISE_CONFIG devise_password_length_min_med
|
|
|
|
|
| 522 Insufficiently Protected Credentials |
- CONFIG.CONNECTION_STRING_PASSWORD none
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_transmission
|
- CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
- INSECURE_COMMUNICATION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
|
- AWS_SSL_DISABLED aws_ssl_disabled
- CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
- CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
- CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
- INSECURE_COMMUNICATION insecure_connection
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_transmission
|
- INSECURE_COMMUNICATION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_transmission
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_transmission
|
- STRICT_TRANSPORT_SECURITY force_ssl_disabled_med
|
|
- CONFIG.ATS_INSECURE none
- INSECURE_COMMUNICATION none
- INSECURE_MULTIPEER_CONNECTION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
|
- AWS_SSL_DISABLED aws_ssl_disabled
- CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
- CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
- CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
- INSECURE_COMMUNICATION insecure_connection
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_transmission
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_transmission
|
| 523 Unprotected Transport of Credentials |
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
|
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
|
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
|
- SENSITIVE_DATA_LEAK cleartext_transmission
|
- INSECURE_COMMUNICATION none
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
|
- AWS_SSL_DISABLED aws_ssl_disabled
- CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
- INSECURE_COMMUNICATION insecure_connection
- SENSITIVE_DATA_LEAK cleartext_transmission
|
- INSECURE_COMMUNICATION none
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
|
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
|
- SENSITIVE_DATA_LEAK cleartext_transmission
|
- SENSITIVE_DATA_LEAK cleartext_transmission
|
- STRICT_TRANSPORT_SECURITY force_ssl_disabled_med
|
|
- CONFIG.ATS_INSECURE none
- INSECURE_COMMUNICATION none
- INSECURE_MULTIPEER_CONNECTION none
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
|
- AWS_SSL_DISABLED aws_ssl_disabled
- CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
- INSECURE_COMMUNICATION insecure_connection
- SENSITIVE_DATA_LEAK cleartext_transmission
|
- SENSITIVE_DATA_LEAK cleartext_transmission
|
| 524 Use of Cache Containing Sensitive Information |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 525 Use of Web Browser Cache Containing Sensitive Information |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 526 Exposure of Sensitive Information Through Environmental Variables |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 527 Exposure of Version-Control Repository to an Unauthorized Control Sphere |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 528 Exposure of Core Dump File to an Unauthorized Control Sphere |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 529 Exposure of Access Control List Files to an Unauthorized Control Sphere |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 530 Exposure of Backup File to an Unauthorized Control Sphere |
|
|
|
|
- CONFIG.ANDROID_BACKUPS_ALLOWED android
|
|
- CONFIG.ANDROID_BACKUPS_ALLOWED android
|
|
|
|
|
|
|
|
|
| 531 Inclusion of Sensitive Information in Test Code |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 532 Insertion of Sensitive Information into Log File |
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
|
- CONFIG.SPRING_BOOT_SENSITIVE_LOGGING spring_boot_logging
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
|
- CONFIG.SEQUELIZE_ENABLED_LOGGING sequelize_logging_enabled
- EXPRESS_WINSTON_SENSITIVE_LOGGING error_logger
- EXPRESS_WINSTON_SENSITIVE_LOGGING meta_data
- EXPRESS_WINSTON_SENSITIVE_LOGGING request_logger
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
|
|
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
|
- CONFIG.SEQUELIZE_ENABLED_LOGGING sequelize_logging_enabled
- EXPRESS_WINSTON_SENSITIVE_LOGGING error_logger
- EXPRESS_WINSTON_SENSITIVE_LOGGING meta_data
- EXPRESS_WINSTON_SENSITIVE_LOGGING request_logger
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
|
| 533 DEPRECATED: Information Exposure Through Server Log Files |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 534 DEPRECATED: Information Exposure Through Debug Log Files |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 535 Exposure of Information Through Shell Error Message |
|
- AUTOSAR C++14 A15-3-3 none
- MISRA C++-2008 Rule 15-3-2 none
|
- AUTOSAR C++14 A15-3-3 none
- MISRA C++-2008 Rule 15-3-2 none
|
|
|
|
|
|
|
|
|
|
|
|
|
| 536 Servlet Runtime Error Message Containing Sensitive Information |
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
|
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
|
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
|
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
|
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
|
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
|
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
|
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
|
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
|
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
|
|
|
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
|
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
|
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
|
| 537 Java Runtime Error Message Containing Sensitive Information |
|
|
|
|
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
|
|
|
|
|
|
|
|
|
|
|
| 538 Insertion of Sensitive Information into Externally-Accessible File or Directory |
- CONFIG.DYNAMIC_DATA_HTML_COMMENT none
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
|
- CONFIG.ANDROID_BACKUPS_ALLOWED android
- CONFIG.DYNAMIC_DATA_HTML_COMMENT none
- CONFIG.SPRING_BOOT_SENSITIVE_LOGGING spring_boot_logging
- EXPOSED_PREFERENCES none
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_access
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_read
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_write
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_access
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_read
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_write
|
- CONFIG.SEQUELIZE_ENABLED_LOGGING sequelize_logging_enabled
- EXPRESS_WINSTON_SENSITIVE_LOGGING error_logger
- EXPRESS_WINSTON_SENSITIVE_LOGGING meta_data
- EXPRESS_WINSTON_SENSITIVE_LOGGING request_logger
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
|
- CONFIG.ANDROID_BACKUPS_ALLOWED android
- EXPOSED_PREFERENCES none
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_access
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_read
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_write
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_access
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_read
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_write
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
|
|
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
|
- CONFIG.SEQUELIZE_ENABLED_LOGGING sequelize_logging_enabled
- EXPRESS_WINSTON_SENSITIVE_LOGGING error_logger
- EXPRESS_WINSTON_SENSITIVE_LOGGING meta_data
- EXPRESS_WINSTON_SENSITIVE_LOGGING request_logger
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
|
- CONFIG.DYNAMIC_DATA_HTML_COMMENT none
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
|
| 539 Use of Persistent Cookies Containing Sensitive Information |
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
|
|
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
|
| 540 Inclusion of Sensitive Information in Source Code |
- CONFIG.DYNAMIC_DATA_HTML_COMMENT none
|
|
|
|
- CONFIG.DYNAMIC_DATA_HTML_COMMENT none
|
|
|
|
|
|
|
|
|
|
- CONFIG.DYNAMIC_DATA_HTML_COMMENT none
|
| 541 Inclusion of Sensitive Information in an Include File |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 542 DEPRECATED: Information Exposure Through Cleanup Log Files |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 543 Use of Singleton Pattern Without Synchronization in a Multithreaded Context |
- BAD_LOCK_OBJECT boxed_lock
- BAD_LOCK_OBJECT interned_string_lock
- BAD_LOCK_OBJECT none
- BAD_LOCK_OBJECT single_thread_lock
- BAD_LOCK_OBJECT unsafe_assign_to_locked_field
- LOCK_EVASION none
- NON_STATIC_GUARDING_STATIC none
|
|
|
|
- BAD_LOCK_OBJECT boxed_lock
- BAD_LOCK_OBJECT interned_string_lock
- BAD_LOCK_OBJECT none
- BAD_LOCK_OBJECT single_thread_lock
- BAD_LOCK_OBJECT unsafe_assign_to_locked_field
- FB.LI_LAZY_INIT_STATIC none
- FB.LI_LAZY_INIT_UPDATE_STATIC none
- LOCK_EVASION none
- NON_STATIC_GUARDING_STATIC none
- SINGLETON_RACE none
|
|
|
|
|
|
|
|
|
|
|
| 544 Missing Standardized Error Handling Mechanism |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 545 DEPRECATED: Use of Dynamic Class Loading |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 546 Suspicious Comment |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 547 Use of Hard-coded, Security-relevant Constants |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 548 Exposure of Information Through Directory Listing |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 549 Missing Password Field Masking |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 550 Server-generated Error Message Containing Sensitive Information |
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
|
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
|
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
|
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
|
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
|
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
|
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
|
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
|
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
|
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
|
|
|
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
|
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
|
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
|
| 551 Incorrect Behavior Order: Authorization Before Parsing and Canonicalization |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 552 Files or Directories Accessible to External Parties |
- CONFIG.DYNAMIC_DATA_HTML_COMMENT none
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
|
- CONFIG.ANDROID_BACKUPS_ALLOWED android
- CONFIG.DYNAMIC_DATA_HTML_COMMENT none
- CONFIG.SPRING_BOOT_SENSITIVE_LOGGING spring_boot_logging
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
|
- CONFIG.SEQUELIZE_ENABLED_LOGGING sequelize_logging_enabled
- EXPRESS_WINSTON_SENSITIVE_LOGGING error_logger
- EXPRESS_WINSTON_SENSITIVE_LOGGING meta_data
- EXPRESS_WINSTON_SENSITIVE_LOGGING request_logger
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
|
- CONFIG.ANDROID_BACKUPS_ALLOWED android
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
|
|
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
|
- CONFIG.SEQUELIZE_ENABLED_LOGGING sequelize_logging_enabled
- EXPRESS_WINSTON_SENSITIVE_LOGGING error_logger
- EXPRESS_WINSTON_SENSITIVE_LOGGING meta_data
- EXPRESS_WINSTON_SENSITIVE_LOGGING request_logger
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
|
- CONFIG.DYNAMIC_DATA_HTML_COMMENT none
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
|
| 553 Command Shell in Externally Accessible Directory |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 554 ASP.NET Misconfiguration: Not Using Input Validation Framework |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 555 J2EE Misconfiguration: Plaintext Password in Configuration File |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 556 ASP.NET Misconfiguration: Use of Identity Impersonation |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 557 Concurrency Issues |
- BAD_LOCK_OBJECT boxed_lock
- BAD_LOCK_OBJECT interned_string_lock
- BAD_LOCK_OBJECT none
- BAD_LOCK_OBJECT single_thread_lock
- BAD_LOCK_OBJECT unsafe_assign_to_locked_field
- GUARDED_BY_VIOLATION none
- LOCK_EVASION none
- NON_STATIC_GUARDING_STATIC none
- VOLATILE_ATOMICITY compare
- VOLATILE_ATOMICITY none
- VOLATILE_ATOMICITY semantic
- VOLATILE_ATOMICITY threshold
|
- MISSING_LOCK none
- TOCTOU none
|
- MISSING_LOCK none
- TOCTOU none
|
- GUARDED_BY_VIOLATION none
|
- BAD_LOCK_OBJECT boxed_lock
- BAD_LOCK_OBJECT interned_string_lock
- BAD_LOCK_OBJECT none
- BAD_LOCK_OBJECT single_thread_lock
- BAD_LOCK_OBJECT unsafe_assign_to_locked_field
- FB.ESYNC_EMPTY_SYNC none
- FB.IS2_INCONSISTENT_SYNC none
- FB.IS_FIELD_NOT_GUARDED none
- FB.IS_INCONSISTENT_SYNC none
- FB.LI_LAZY_INIT_STATIC none
- FB.LI_LAZY_INIT_UPDATE_STATIC none
- FB.NP_SYNC_AND_NULL_CHECK_FIELD none
- FB.RU_INVOKE_RUN none
- FB.STCAL_INVOKE_ON_STATIC_CALENDAR_INSTANCE none
- FB.STCAL_INVOKE_ON_STATIC_DATE_FORMAT_INSTANCE none
- FB.STCAL_STATIC_CALENDAR_INSTANCE none
- FB.STCAL_STATIC_SIMPLE_DATE_FORMAT_INSTANCE none
- GUARDED_BY_VIOLATION none
- GUARDED_BY_VIOLATION unlocked_read
- GUARDED_BY_VIOLATION unlocked_write
- LOCK_EVASION none
- NON_STATIC_GUARDING_STATIC none
- SERVLET_ATOMICITY attribute_init_race
- SERVLET_ATOMICITY none
- SERVLET_ATOMICITY violation_on_session_object
- SINGLETON_RACE none
- VOLATILE_ATOMICITY compare
- VOLATILE_ATOMICITY none
- VOLATILE_ATOMICITY semantic
- VOLATILE_ATOMICITY threshold
|
|
|
- MISSING_LOCK none
- TOCTOU none
|
|
|
|
|
|
|
|
| 558 Use of getlogin() in Multithreaded Application |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 559 DEPRECATED: Often Misused: Arguments and Parameters |
|
- BAD_COMPARE none
- NEGATIVE_RETURNS critical_argument
- PRINTF_ARGS extra_printf_arg
- PRINTF_ARGS invalid_type_printf_arg
- PRINTF_ARGS missing_printf_arg
- PW.BAD_PRINTF_FORMAT_STRING none
- PW.TOO_FEW_PRINTF_ARGS none
- PW.TOO_MANY_PRINTF_ARGS none
- SWAPPED_ARGUMENTS none
|
- BAD_COMPARE none
- NEGATIVE_RETURNS critical_argument
- PRINTF_ARGS extra_printf_arg
- PRINTF_ARGS invalid_type_printf_arg
- PRINTF_ARGS missing_printf_arg
- PW.BAD_PRINTF_FORMAT_STRING none
- PW.TOO_FEW_PRINTF_ARGS none
- PW.TOO_MANY_PRINTF_ARGS none
- SWAPPED_ARGUMENTS none
|
|
|
- EXPLICIT_THIS_EXPECTED none
- IDENTIFIER_TYPO none
|
|
- BAD_COMPARE none
- NEGATIVE_RETURNS critical_argument
- PRINTF_ARGS extra_printf_arg
- PRINTF_ARGS invalid_type_printf_arg
- PRINTF_ARGS missing_printf_arg
- SWAPPED_ARGUMENTS none
|
|
|
|
|
|
- EXPLICIT_THIS_EXPECTED none
- IDENTIFIER_TYPO none
|
|
| 560 Use of umask() with chmod-style Argument |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 561 Dead Code |
- BAD_EQ_TYPES none
- DEADCODE dead_case_in_switch
- DEADCODE dead_default_in_switch
- DEADCODE effectively_constant
- DEADCODE none
- DEADCODE redundant_test
- UNREACHABLE none
|
- DEADCODE dead_case_in_switch
- DEADCODE dead_default_in_switch
- DEADCODE effectively_constant
- DEADCODE none
- DEADCODE redundant_test
- NO_EFFECT unsigned_compare
- NO_EFFECT unsigned_compare_macros
- NO_EFFECT unsigned_enums
- PW.UNSIGNED_COMPARE_WITH_NEGATIVE none
- UNREACHABLE none
|
- DEADCODE dead_case_in_switch
- DEADCODE dead_default_in_switch
- DEADCODE effectively_constant
- DEADCODE none
- DEADCODE redundant_test
- NO_EFFECT unsigned_compare
- NO_EFFECT unsigned_compare_macros
- NO_EFFECT unsigned_enums
- PW.UNSIGNED_COMPARE_WITH_NEGATIVE none
- UNREACHABLE none
|
- DEADCODE dead_case_in_switch
- DEADCODE dead_default_in_switch
- DEADCODE effectively_constant
- DEADCODE none
- DEADCODE redundant_test
|
- DEADCODE dead_case_in_switch
- DEADCODE dead_default_in_switch
- DEADCODE effectively_constant
- DEADCODE none
- DEADCODE redundant_test
- FB.BC_IMPOSSIBLE_CAST none
- FB.BC_IMPOSSIBLE_DOWNCAST none
- FB.BC_IMPOSSIBLE_DOWNCAST_OF_TOARRAY none
- FB.BC_IMPOSSIBLE_INSTANCEOF none
- FB.BC_VACUOUS_INSTANCEOF none
- UNREACHABLE none
|
- DEADCODE none
- DEADCODE redundant_test
- UNREACHABLE none
|
|
- DEADCODE dead_case_in_switch
- DEADCODE dead_default_in_switch
- DEADCODE effectively_constant
- DEADCODE none
- DEADCODE redundant_test
- NO_EFFECT unsigned_compare
- NO_EFFECT unsigned_compare_macros
- NO_EFFECT unsigned_enums
- UNREACHABLE none
|
- DEADCODE none
- DEADCODE redundant_test
- UNREACHABLE none
|
- DEADCODE none
- DEADCODE redundant_test
- UNREACHABLE none
|
- DEADCODE none
- DEADCODE redundant_test
- UNREACHABLE none
|
- DEADCODE dead_case_in_switch
- DEADCODE dead_default_in_switch
- DEADCODE effectively_constant
- DEADCODE none
- DEADCODE redundant_test
- UNREACHABLE none
|
- DEADCODE dead_case_in_switch
- DEADCODE dead_default_in_switch
- DEADCODE effectively_constant
- DEADCODE none
- DEADCODE redundant_test
|
- DEADCODE none
- DEADCODE redundant_test
- UNREACHABLE none
|
- DEADCODE dead_case_in_switch
- DEADCODE dead_default_in_switch
- DEADCODE effectively_constant
- DEADCODE none
- DEADCODE redundant_test
- UNREACHABLE none
|
| 562 Return of Stack Variable Address |
|
- PW.RETURN_PTR_TO_LOCAL_TEMP none
- RETURN_LOCAL escape_local_addr_to_fields_or_globals
- RETURN_LOCAL none
|
- PW.RETURN_PTR_TO_LOCAL_TEMP none
- RETURN_LOCAL escape_local_addr_to_fields_or_globals
- RETURN_LOCAL none
|
|
|
|
|
- RETURN_LOCAL escape_local_addr_to_fields_or_globals
- RETURN_LOCAL none
|
|
|
|
|
|
|
|
| 563 Assignment to Variable without Use |
- UNUSED_VALUE adjacent
- UNUSED_VALUE none
|
- UNUSED_VALUE adjacent
- UNUSED_VALUE none
|
- UNUSED_VALUE adjacent
- UNUSED_VALUE none
|
- UNUSED_VALUE adjacent
- UNUSED_VALUE none
|
- FB.DLS_DEAD_LOCAL_INCREMENT_IN_RETURN none
- FB.DLS_DEAD_LOCAL_STORE none
- FB.DLS_DEAD_LOCAL_STORE_IN_RETURN none
- FB.DLS_DEAD_LOCAL_STORE_OF_NULL none
- FB.DLS_DEAD_LOCAL_STORE_SHADOWS_FIELD none
- FB.DLS_DEAD_STORE_OF_CLASS_LITERAL none
- FB.DLS_OVERWRITTEN_INCREMENT none
- FB.IP_PARAMETER_IS_DEAD_BUT_OVERWRITTEN none
- UNUSED_VALUE adjacent
- UNUSED_VALUE none
|
|
|
- UNUSED_VALUE adjacent
- UNUSED_VALUE none
|
|
|
|
|
|
|
|
| 564 SQL Injection: Hibernate |
|
|
|
|
- CONFIG.MYBATIS_MAPPER_SQLI none
- JSP_SQL_INJECTION none
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
|
|
|
|
|
|
|
|
|
|
|
| 565 Reliance on Cookies without Validation and Integrity Checking |
|
|
|
|
|
- CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
|
|
|
|
|
|
|
|
- CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
|
|
| 566 Authorization Bypass Through User-Controlled SQL Primary Key |
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
|
|
|
- SQLI none
- SQLI nosink
- SQLI sink
|
- CONFIG.MYBATIS_MAPPER_SQLI none
- JSP_SQL_INJECTION none
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
|
- SQLI none
- SQLI nosink
- SQLI sink
|
- SQLI none
- SQLI nosink
- SQLI sink
|
|
- SQLI none
- SQLI nosink
- SQLI sink
|
- SQLI none
- SQLI nosink
- SQLI sink
|
|
|
- SQLI none
- SQLI nosink
- SQLI sink
|
- SQLI none
- SQLI nosink
- SQLI sink
|
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
|
| 567 Unsynchronized Access to Shared Data in a Multithreaded Context |
- GUARDED_BY_VIOLATION none
- NON_STATIC_GUARDING_STATIC none
|
|
|
- GUARDED_BY_VIOLATION none
|
- GUARDED_BY_VIOLATION none
- GUARDED_BY_VIOLATION unlocked_read
- GUARDED_BY_VIOLATION unlocked_write
- NON_STATIC_GUARDING_STATIC none
- SERVLET_ATOMICITY attribute_init_race
- SERVLET_ATOMICITY none
- SERVLET_ATOMICITY violation_on_session_object
|
|
|
|
|
|
|
|
|
|
|
| 568 finalize() Method Without super.finalize() |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 569 Expression Issues |
- BAD_EQ referential
- BAD_EQ_TYPES none
- CONSTANT_EXPRESSION_RESULT bit_and_with_zero
- CONSTANT_EXPRESSION_RESULT extra_high_bits
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT missing_parentheses
- CONSTANT_EXPRESSION_RESULT none
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT result_independent_of_operands
- CONSTANT_EXPRESSION_RESULT same_on_both_sides
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
|
- BAD_COMPARE misuse_of_not
- BAD_COMPARE string_lit_comparison
- CONSTANT_EXPRESSION_RESULT bit_and_with_zero
- CONSTANT_EXPRESSION_RESULT extra_high_bits
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT missing_parentheses
- CONSTANT_EXPRESSION_RESULT none
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT pointless_string_compare
- CONSTANT_EXPRESSION_RESULT result_independent_of_operands
- CONSTANT_EXPRESSION_RESULT same_on_both_sides
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- NO_EFFECT extra_comma
- NO_EFFECT no_effect_test
- NO_EFFECT unsigned_compare
- NO_EFFECT unsigned_compare_macros
- NO_EFFECT unsigned_enums
- PW.ASSIGN_WHERE_COMPARE_MEANT none
- PW.UNSIGNED_COMPARE_WITH_NEGATIVE none
- SIZEOF_MISMATCH extra_sizeof
- SIZEOF_MISMATCH missing_parentheses
- SIZEOF_MISMATCH none
- SIZEOF_MISMATCH sizeof_punning
- SIZEOF_MISMATCH wrong_size_value
- SIZEOF_MISMATCH wrong_sizeof
|
- BAD_COMPARE misuse_of_not
- BAD_COMPARE string_lit_comparison
- CONSTANT_EXPRESSION_RESULT bit_and_with_zero
- CONSTANT_EXPRESSION_RESULT extra_high_bits
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT missing_parentheses
- CONSTANT_EXPRESSION_RESULT none
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT pointless_string_compare
- CONSTANT_EXPRESSION_RESULT result_independent_of_operands
- CONSTANT_EXPRESSION_RESULT same_on_both_sides
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- NO_EFFECT extra_comma
- NO_EFFECT no_effect_test
- NO_EFFECT unsigned_compare
- NO_EFFECT unsigned_compare_macros
- NO_EFFECT unsigned_enums
- PW.ASSIGN_WHERE_COMPARE_MEANT none
- PW.UNSIGNED_COMPARE_WITH_NEGATIVE none
- SIZEOF_MISMATCH extra_sizeof
- SIZEOF_MISMATCH missing_parentheses
- SIZEOF_MISMATCH none
- SIZEOF_MISMATCH sizeof_punning
- SIZEOF_MISMATCH wrong_size_value
- SIZEOF_MISMATCH wrong_sizeof
|
- CONSTANT_EXPRESSION_RESULT bit_and_with_zero
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT missing_parentheses
- CONSTANT_EXPRESSION_RESULT none
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT result_independent_of_operands
- CONSTANT_EXPRESSION_RESULT same_on_both_sides
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
|
- CONSTANT_EXPRESSION_RESULT bit_and_with_zero
- CONSTANT_EXPRESSION_RESULT extra_high_bits
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT missing_parentheses
- CONSTANT_EXPRESSION_RESULT none
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT result_independent_of_operands
- CONSTANT_EXPRESSION_RESULT same_on_both_sides
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- FB.BC_IMPOSSIBLE_CAST none
- FB.BC_IMPOSSIBLE_DOWNCAST none
- FB.BC_IMPOSSIBLE_DOWNCAST_OF_TOARRAY none
- FB.BC_IMPOSSIBLE_INSTANCEOF none
- FB.BC_VACUOUS_INSTANCEOF none
- FB.EQ_ABSTRACT_SELF none
- FB.EQ_ALWAYS_FALSE none
- FB.EQ_ALWAYS_TRUE none
- FB.EQ_CHECK_FOR_OPERAND_NOT_COMPATIBLE_WITH_THIS none
- FB.EQ_COMPARETO_USE_OBJECT_EQUALS none
- FB.EQ_COMPARING_CLASS_NAMES none
- FB.EQ_DOESNT_OVERRIDE_EQUALS none
- FB.EQ_DONT_DEFINE_EQUALS_FOR_ENUM none
- FB.EQ_GETCLASS_AND_CLASS_CONSTANT none
- FB.EQ_OTHER_NO_OBJECT none
- FB.EQ_OTHER_USE_OBJECT none
- FB.EQ_OVERRIDING_EQUALS_NOT_SYMMETRIC none
- FB.EQ_SELF_NO_OBJECT none
- FB.EQ_SELF_USE_OBJECT none
- FB.EQ_UNUSUAL none
- FB.ES_COMPARING_PARAMETER_STRING_WITH_EQ none
- FB.ES_COMPARING_STRINGS_WITH_EQ none
- FB.QBA_QUESTIONABLE_BOOLEAN_ASSIGNMENT none
- HIBERNATE_BAD_HASHCODE bad_equals
|
- CONSTANT_EXPRESSION_RESULT bit_and_with_zero
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT missing_parentheses
- CONSTANT_EXPRESSION_RESULT none
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT result_independent_of_operands
- CONSTANT_EXPRESSION_RESULT same_on_both_sides
- CONSTANT_EXPRESSION_RESULT typeof_misuse
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
|
|
- BAD_COMPARE misuse_of_not
- BAD_COMPARE string_lit_comparison
- CONSTANT_EXPRESSION_RESULT bit_and_with_zero
- CONSTANT_EXPRESSION_RESULT extra_high_bits
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT missing_parentheses
- CONSTANT_EXPRESSION_RESULT none
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT pointless_string_compare
- CONSTANT_EXPRESSION_RESULT result_independent_of_operands
- CONSTANT_EXPRESSION_RESULT same_on_both_sides
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- NO_EFFECT extra_comma
- NO_EFFECT no_effect_test
- NO_EFFECT unsigned_compare
- NO_EFFECT unsigned_compare_macros
- NO_EFFECT unsigned_enums
- SIZEOF_MISMATCH extra_sizeof
- SIZEOF_MISMATCH missing_parentheses
- SIZEOF_MISMATCH none
- SIZEOF_MISMATCH sizeof_punning
- SIZEOF_MISMATCH wrong_size_value
- SIZEOF_MISMATCH wrong_sizeof
|
- CONSTANT_EXPRESSION_RESULT bit_and_with_zero
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT missing_parentheses
- CONSTANT_EXPRESSION_RESULT none
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT result_independent_of_operands
- CONSTANT_EXPRESSION_RESULT same_on_both_sides
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
|
- CONSTANT_EXPRESSION_RESULT bit_and_with_zero
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT missing_parentheses
- CONSTANT_EXPRESSION_RESULT none
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT result_independent_of_operands
- CONSTANT_EXPRESSION_RESULT same_on_both_sides
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
|
- CONSTANT_EXPRESSION_RESULT bit_and_with_zero
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT missing_parentheses
- CONSTANT_EXPRESSION_RESULT none
- CONSTANT_EXPRESSION_RESULT number_as_truth_value
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT result_independent_of_operands
- CONSTANT_EXPRESSION_RESULT same_on_both_sides
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
|
- CONSTANT_EXPRESSION_RESULT bit_and_with_zero
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT missing_parentheses
- CONSTANT_EXPRESSION_RESULT none
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT result_independent_of_operands
- CONSTANT_EXPRESSION_RESULT same_on_both_sides
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
|
- CONSTANT_EXPRESSION_RESULT bit_and_with_zero
- CONSTANT_EXPRESSION_RESULT none
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT result_independent_of_operands
- CONSTANT_EXPRESSION_RESULT same_on_both_sides
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
|
- CONSTANT_EXPRESSION_RESULT bit_and_with_zero
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT missing_parentheses
- CONSTANT_EXPRESSION_RESULT none
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT result_independent_of_operands
- CONSTANT_EXPRESSION_RESULT same_on_both_sides
- CONSTANT_EXPRESSION_RESULT typeof_misuse
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
|
|
| 570 Expression is Always False |
|
- NO_EFFECT unsigned_compare
- NO_EFFECT unsigned_compare_macros
- NO_EFFECT unsigned_enums
- PW.UNSIGNED_COMPARE_WITH_NEGATIVE none
|
- NO_EFFECT unsigned_compare
- NO_EFFECT unsigned_compare_macros
- NO_EFFECT unsigned_enums
- PW.UNSIGNED_COMPARE_WITH_NEGATIVE none
|
|
- FB.BC_IMPOSSIBLE_CAST none
- FB.BC_IMPOSSIBLE_DOWNCAST none
- FB.BC_IMPOSSIBLE_DOWNCAST_OF_TOARRAY none
- FB.BC_IMPOSSIBLE_INSTANCEOF none
|
|
|
- NO_EFFECT unsigned_compare
- NO_EFFECT unsigned_compare_macros
- NO_EFFECT unsigned_enums
|
|
|
|
|
|
|
|
| 571 Expression is Always True |
|
|
|
|
- FB.BC_VACUOUS_INSTANCEOF none
|
|
|
|
|
|
|
|
|
|
|
| 572 Call to Thread run() instead of start() |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 573 Improper Following of Specification by Caller |
- CALL_SUPER none
- MISSING_RESTORE likely
- MISSING_RESTORE none
- MISSING_RESTORE possible
- SWAPPED_ARGUMENTS none
|
- BAD_COMPARE comparator_misuse
- BAD_COMPARE none
- CHECKED_RETURN library_function
- CHECKED_RETURN none
- CHECKED_RETURN returns_error_info
- CHECKED_RETURN short_read
- CHECKED_RETURN unchecked_arg
- CHECKED_RETURN user_required
- CHROOT none
- COM.BSTR.ALLOC double_free
- INVALIDATE_ITERATOR none
- LOCK double_lock
- MISSING_RESTORE likely
- MISSING_RESTORE none
- MISSING_RESTORE possible
- NEGATIVE_RETURNS critical_argument
- OPEN_ARGS none
- PRINTF_ARGS extra_printf_arg
- PRINTF_ARGS invalid_printf_format_string
- PRINTF_ARGS invalid_type_printf_arg
- PRINTF_ARGS missing_printf_arg
- PW.BAD_PRINTF_FORMAT_STRING none
- PW.TOO_FEW_PRINTF_ARGS none
- PW.TOO_MANY_PRINTF_ARGS none
- SWAPPED_ARGUMENTS none
- USE_AFTER_FREE double_free
- VARARGS none
|
- BAD_COMPARE comparator_misuse
- BAD_COMPARE none
- CHECKED_RETURN library_function
- CHECKED_RETURN none
- CHECKED_RETURN returns_error_info
- CHECKED_RETURN short_read
- CHECKED_RETURN unchecked_arg
- CHECKED_RETURN user_required
- CHROOT none
- INVALIDATE_ITERATOR none
- LOCK double_lock
- MISSING_RESTORE likely
- MISSING_RESTORE none
- MISSING_RESTORE possible
- NEGATIVE_RETURNS critical_argument
- OPEN_ARGS none
- PRINTF_ARGS extra_printf_arg
- PRINTF_ARGS invalid_printf_format_string
- PRINTF_ARGS invalid_type_printf_arg
- PRINTF_ARGS missing_printf_arg
- PW.BAD_PRINTF_FORMAT_STRING none
- PW.TOO_FEW_PRINTF_ARGS none
- PW.TOO_MANY_PRINTF_ARGS none
- SWAPPED_ARGUMENTS none
- USE_AFTER_FREE double_free
- VARARGS none
|
- CHECKED_RETURN none
- CHECKED_RETURN unchecked_arg
- LOCK double_lock
|
- ATTRIBUTE_NAME_CONFLICT jsp_tag
- BAD_CERT_VERIFICATION bad_trust_manager
- CALL_SUPER clone
- CALL_SUPER finalize
- CALL_SUPER none
- CHECKED_RETURN library_function
- CHECKED_RETURN none
- CHECKED_RETURN short_read
- CHECKED_RETURN user_required
- FB.CN_IDIOM none
- FB.CN_IDIOM_NO_SUPER_CALL none
- FB.CN_IMPLEMENTS_CLONE_BUT_NOT_CLONEABLE none
- FB.J2EE_STORE_OF_NON_SERIALIZABLE_OBJECT_INTO_SESSION none
- FB.RV_RETURN_VALUE_IGNORED_BAD_PRACTICE none
- INVALIDATE_ITERATOR map_put
- INVALIDATE_ITERATOR none
- MISSING_RESTORE likely
- MISSING_RESTORE none
- MISSING_RESTORE possible
- ORM_LOAD_NULL_CHECK none
- SWAPPED_ARGUMENTS none
|
- EXPLICIT_THIS_EXPECTED none
- IDENTIFIER_TYPO none
|
- BAD_CERT_VERIFICATION bad_trust_manager
|
- BAD_COMPARE comparator_misuse
- BAD_COMPARE none
- CHECKED_RETURN library_function
- CHECKED_RETURN none
- CHECKED_RETURN short_read
- CHECKED_RETURN unchecked_arg
- CHECKED_RETURN user_required
- CHROOT none
- INVALIDATE_ITERATOR none
- LOCK double_lock
- MISSING_RESTORE likely
- MISSING_RESTORE none
- MISSING_RESTORE possible
- NEGATIVE_RETURNS critical_argument
- OPEN_ARGS none
- PRINTF_ARGS extra_printf_arg
- PRINTF_ARGS invalid_printf_format_string
- PRINTF_ARGS invalid_type_printf_arg
- PRINTF_ARGS missing_printf_arg
- SWAPPED_ARGUMENTS none
- USE_AFTER_FREE double_free
- VARARGS none
|
|
|
|
|
- BAD_CERT_VERIFICATION bad_trust_manager
|
- EXPLICIT_THIS_EXPECTED none
- IDENTIFIER_TYPO none
|
- CALL_SUPER none
- SWAPPED_ARGUMENTS none
|
| 574 EJB Bad Practices: Use of Synchronization Primitives |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 575 EJB Bad Practices: Use of AWT Swing |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 576 EJB Bad Practices: Use of Java I/O |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 577 EJB Bad Practices: Use of Sockets |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 578 EJB Bad Practices: Use of Class Loader |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 579 J2EE Bad Practices: Non-serializable Object Stored in Session |
|
|
|
|
- FB.J2EE_STORE_OF_NON_SERIALIZABLE_OBJECT_INTO_SESSION none
|
|
|
|
|
|
|
|
|
|
|
| 580 clone() Method Without super.clone() |
|
|
|
|
- CALL_SUPER clone
- FB.CN_IDIOM none
- FB.CN_IDIOM_NO_SUPER_CALL none
- FB.CN_IMPLEMENTS_CLONE_BUT_NOT_CLONEABLE none
|
|
|
|
|
|
|
|
|
|
|
| 581 Object Model Violation: Just One of Equals and Hashcode Defined |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 582 Array Declared Public, Final, and Static |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 583 finalize() Method Declared Public |
|
|
|
|
- FB.FI_PUBLIC_SHOULD_BE_PROTECTED none
|
|
|
|
|
|
|
|
|
|
|
| 584 Return Inside Finally Block |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 585 Empty Synchronized Block |
|
|
|
|
- FB.ESYNC_EMPTY_SYNC none
- FB.NP_SYNC_AND_NULL_CHECK_FIELD none
|
|
|
|
|
|
|
|
|
|
|
| 586 Explicit Call to Finalize() |
|
|
|
|
- FB.FI_EMPTY none
- FB.FI_EXPLICIT_INVOCATION none
- FB.FI_FINALIZER_NULLS_FIELDS none
- FB.FI_FINALIZER_ONLY_NULLS_FIELDS none
- FB.FI_MISSING_SUPER_CALL none
- FB.FI_NULLIFY_SUPER none
- FB.FI_USELESS none
|
|
|
|
|
|
|
|
|
|
|
| 587 Assignment of a Fixed Address to a Pointer |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 588 Attempt to Access Child of a Non-structure Pointer |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 589 Call to Non-ubiquitous API |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 590 Free of Memory not on the Heap |
|
- BAD_FREE address
- BAD_FREE alloca
- BAD_FREE array
- BAD_FREE first_field_address
- BAD_FREE function_pointer
- BAD_FREE none
|
- BAD_FREE address
- BAD_FREE alloca
- BAD_FREE array
- BAD_FREE first_field_address
- BAD_FREE function_pointer
- BAD_FREE none
|
|
|
|
|
- BAD_FREE address
- BAD_FREE alloca
- BAD_FREE array
- BAD_FREE first_field_address
- BAD_FREE function_pointer
- BAD_FREE none
|
|
|
|
|
|
|
|
| 591 Sensitive Data Storage in Improperly Locked Memory |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 592 DEPRECATED: Authentication Bypass Issues |
|
- WEAK_GUARD dns
- WEAK_GUARD dns_sensitive_op
- WEAK_GUARD http_referer
- WEAK_GUARD http_referer_sensitive_op
- WEAK_GUARD ip_address
- WEAK_GUARD ip_address_sensitive_op
- WEAK_GUARD none
- WEAK_GUARD os_login
- WEAK_GUARD os_login_sensitive_op
- WEAK_GUARD principal_name
- WEAK_GUARD principal_name_sensitive_op
|
- WEAK_GUARD dns
- WEAK_GUARD dns_sensitive_op
- WEAK_GUARD http_referer
- WEAK_GUARD http_referer_sensitive_op
- WEAK_GUARD ip_address
- WEAK_GUARD ip_address_sensitive_op
- WEAK_GUARD none
- WEAK_GUARD os_login
- WEAK_GUARD os_login_sensitive_op
- WEAK_GUARD principal_name
- WEAK_GUARD principal_name_sensitive_op
|
|
- CONFIG.MISSING_JSF2_SECURITY_CONSTRAINT none
- WEAK_GUARD dns
- WEAK_GUARD dns_sensitive_op
- WEAK_GUARD http_referer
- WEAK_GUARD http_referer_sensitive_op
- WEAK_GUARD ip_address
- WEAK_GUARD ip_address_sensitive_op
- WEAK_GUARD none
- WEAK_GUARD os_login
- WEAK_GUARD os_login_sensitive_op
- WEAK_GUARD principal_name
- WEAK_GUARD principal_name_sensitive_op
|
- MULTER_MISCONFIGURATION multer_applied_globally
- UNLESS_CASE_SENSITIVE_ROUTE_MATCHING express_unless_case_sensitive_route_matching
- WEAK_URL_SANITIZATION hostname_regular_expression
- WEAK_URL_SANITIZATION regular_expression_anchor
- WEAK_URL_SANITIZATION url_substring
|
|
- WEAK_GUARD dns
- WEAK_GUARD dns_sensitive_op
- WEAK_GUARD http_referer
- WEAK_GUARD http_referer_sensitive_op
- WEAK_GUARD ip_address
- WEAK_GUARD ip_address_sensitive_op
- WEAK_GUARD none
- WEAK_GUARD os_login
- WEAK_GUARD os_login_sensitive_op
- WEAK_GUARD principal_name
- WEAK_GUARD principal_name_sensitive_op
|
|
|
- RUBY_VULNERABLE_LIBRARY cve_2015_7576_hi
- UNSAFE_BASIC_AUTH basic_auth_timing_attack_low
|
|
|
- MULTER_MISCONFIGURATION multer_applied_globally
- UNLESS_CASE_SENSITIVE_ROUTE_MATCHING express_unless_case_sensitive_route_matching
- WEAK_URL_SANITIZATION hostname_regular_expression
- WEAK_URL_SANITIZATION regular_expression_anchor
- WEAK_URL_SANITIZATION url_substring
|
|
| 593 Authentication Bypass: OpenSSL CTX Object Modified after SSL Objects are Created |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 594 J2EE Framework: Saving Unserializable Objects to Disk |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 595 Comparison of Object References Instead of Object Contents |
|
- BAD_COMPARE string_lit_comparison
|
- BAD_COMPARE string_lit_comparison
|
|
- FB.EQ_ABSTRACT_SELF none
- FB.EQ_ALWAYS_FALSE none
- FB.EQ_ALWAYS_TRUE none
- FB.EQ_CHECK_FOR_OPERAND_NOT_COMPATIBLE_WITH_THIS none
- FB.EQ_COMPARETO_USE_OBJECT_EQUALS none
- FB.EQ_COMPARING_CLASS_NAMES none
- FB.EQ_DOESNT_OVERRIDE_EQUALS none
- FB.EQ_DONT_DEFINE_EQUALS_FOR_ENUM none
- FB.EQ_GETCLASS_AND_CLASS_CONSTANT none
- FB.EQ_OTHER_NO_OBJECT none
- FB.EQ_OTHER_USE_OBJECT none
- FB.EQ_OVERRIDING_EQUALS_NOT_SYMMETRIC none
- FB.EQ_SELF_NO_OBJECT none
- FB.EQ_SELF_USE_OBJECT none
- FB.EQ_UNUSUAL none
- FB.ES_COMPARING_PARAMETER_STRING_WITH_EQ none
- FB.ES_COMPARING_STRINGS_WITH_EQ none
|
|
|
- BAD_COMPARE string_lit_comparison
|
|
|
|
|
|
|
|
| 596 DEPRECATED: Incorrect Semantic Object Comparison |
|
|
|
|
- HIBERNATE_BAD_HASHCODE bad_equals
|
|
|
|
|
|
|
|
|
|
|
| 597 Use of Wrong Operator in String Comparison |
|
- BAD_COMPARE string_lit_comparison
|
- BAD_COMPARE string_lit_comparison
|
|
- FB.ES_COMPARING_PARAMETER_STRING_WITH_EQ none
- FB.ES_COMPARING_STRINGS_WITH_EQ none
|
|
|
- BAD_COMPARE string_lit_comparison
|
|
|
|
|
|
|
|
| 598 Use of GET Request Method With Sensitive Query Strings |
|
|
|
|
- CONFIG.SPRING_SECURITY_EXPOSED_SESSIONID session_id_in_url
- CONFIG.SPRING_SECURITY_UNSAFE_AUTHENTICATION_FILTER authentication_filter
|
|
|
|
|
|
|
|
|
|
|
| 599 Missing Validation of OpenSSL Certificate |
|
|
|
|
|
|
|
|
|
|
- BAD_CERT_VERIFICATION ssl_verification_bypass_hi
|
|
|
|
|
| 600 Uncaught Exception in Servlet |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 601 URL Redirection to Untrusted Site ('Open Redirect') |
|
|
|
|
|
- OPEN_REDIRECT none
- REVERSE_TABNABBING react_target_blank
|
|
|
|
|
- OPEN_REDIRECT open_redirect_hi
- OPEN_REDIRECT open_redirect_low
- REVERSE_TABNABBING reverse_tabnabbing_low
|
|
|
- OPEN_REDIRECT none
- REVERSE_TABNABBING react_target_blank
|
|
| 602 Client-Side Enforcement of Server-Side Security |
|
|
|
|
|
- CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
|
|
|
|
|
|
|
|
- CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
|
|
| 603 Use of Client-Side Authentication |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 604 Deprecated Entries |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 605 Multiple Binds to the Same Port |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 606 Unchecked Input for Loop Condition |
|
- NEGATIVE_RETURNS loop_bound
- TAINTED_SCALAR loop_bound
|
- NEGATIVE_RETURNS loop_bound
- TAINTED_SCALAR loop_bound
|
|
|
|
|
- NEGATIVE_RETURNS loop_bound
- TAINTED_SCALAR loop_bound
|
|
|
|
|
|
|
|
| 607 Public Static Final Field References Mutable Object |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 608 Struts: Non-private Field in ActionForm Class |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 609 Double-Checked Locking |
|
|
|
|
- FB.DC_DOUBLECHECK none
- FB.DC_PARTIALLY_CONSTRUCTED none
|
|
|
|
|
|
|
|
|
|
|
| 610 Externally Controlled Reference to a Resource in Another Sphere |
- HEADER_INJECTION none
- OPEN_REDIRECT none
- UNRESTRICTED_DISPATCH none
- UNSAFE_NAMED_QUERY none
- XML_EXTERNAL_ENTITY external_entities
- XML_EXTERNAL_ENTITY unrestricted_dtds
|
|
|
- OPEN_REDIRECT none
- URL_MANIPULATION none
- XML_EXTERNAL_ENTITY external_entities
|
- HEADER_INJECTION none
- JSP_DYNAMIC_INCLUDE none
- OPEN_REDIRECT none
- UNRESTRICTED_DISPATCH none
- UNSAFE_JNI none
- UNSAFE_NAMED_QUERY none
- UNSAFE_REFLECTION none
- URL_MANIPULATION bad_content_uri
- URL_MANIPULATION bad_intent_uri
- URL_MANIPULATION bad_web_uri
- XML_EXTERNAL_ENTITY external_entities
- XML_EXTERNAL_ENTITY unrestricted_dtds
|
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
- OPEN_REDIRECT none
- REVERSE_TABNABBING react_target_blank
- URL_MANIPULATION none
- XML_EXTERNAL_ENTITY external_entities
|
- HEADER_INJECTION none
- URL_MANIPULATION bad_content_uri
- URL_MANIPULATION bad_intent_uri
- URL_MANIPULATION bad_web_uri
- XML_EXTERNAL_ENTITY external_entities
- XML_EXTERNAL_ENTITY unrestricted_dtds
|
|
- HEADER_INJECTION none
- OPEN_REDIRECT none
- UNSAFE_REFLECTION none
- XML_EXTERNAL_ENTITY external_entities
|
- OPEN_REDIRECT none
- XML_EXTERNAL_ENTITY external_entities
|
- OPEN_REDIRECT open_redirect_hi
- OPEN_REDIRECT open_redirect_low
- REVERSE_TABNABBING reverse_tabnabbing_low
- RUBY_VULNERABLE_LIBRARY cve_2014_7829_hi
- UNSAFE_REFLECTION dangerous_send_hi
- UNSAFE_REFLECTION unsafe_constantize_hi
- UNSAFE_REFLECTION unsafe_constantize_med
|
|
- XML_EXTERNAL_ENTITY external_entities
|
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
- OPEN_REDIRECT none
- REVERSE_TABNABBING react_target_blank
- URL_MANIPULATION none
- XML_EXTERNAL_ENTITY external_entities
|
- HEADER_INJECTION none
- OPEN_REDIRECT none
- UNRESTRICTED_DISPATCH none
- UNSAFE_NAMED_QUERY none
- XML_EXTERNAL_ENTITY external_entities
- XML_EXTERNAL_ENTITY unrestricted_dtds
|
| 611 Improper Restriction of XML External Entity Reference |
- XML_EXTERNAL_ENTITY external_entities
- XML_EXTERNAL_ENTITY unrestricted_dtds
|
|
|
- XML_EXTERNAL_ENTITY external_entities
|
- XML_EXTERNAL_ENTITY external_entities
- XML_EXTERNAL_ENTITY unrestricted_dtds
|
- XML_EXTERNAL_ENTITY external_entities
|
- XML_EXTERNAL_ENTITY external_entities
- XML_EXTERNAL_ENTITY unrestricted_dtds
|
|
- XML_EXTERNAL_ENTITY external_entities
|
- XML_EXTERNAL_ENTITY external_entities
|
|
|
- XML_EXTERNAL_ENTITY external_entities
|
- XML_EXTERNAL_ENTITY external_entities
|
- XML_EXTERNAL_ENTITY external_entities
- XML_EXTERNAL_ENTITY unrestricted_dtds
|
| 612 Improper Authorization of Index Containing Sensitive Information |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 613 Insufficient Session Expiration |
|
|
|
|
- CONFIG.UNSAFE_SESSION_TIMEOUT none
|
- CONFIG.JSONWEBTOKEN_NON_EXPIRING_TOKEN jwt_non_expiring_token
- CONFIG.UNSAFE_SESSION_TIMEOUT client_sessions_unsafe_session_timeout
- CONFIG.UNSAFE_SESSION_TIMEOUT connect_mongo_session_timeout_too_long
- CONFIG.UNSAFE_SESSION_TIMEOUT connect_redis_session_timeout_too_long
- CONFIG.UNSAFE_SESSION_TIMEOUT google_cloud_connect_datastore_unsafe_session_timeout
- CORS_MISCONFIGURATION_AUDIT cors_preflight_age_too_long
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_max_age
- INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_aws
- INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_google
- JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_exipration
- JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_not_before
- TEMPORARY_CREDENTIALS_DURATION temporary_credentials_duration
|
|
|
|
|
|
|
|
- CONFIG.JSONWEBTOKEN_NON_EXPIRING_TOKEN jwt_non_expiring_token
- CONFIG.UNSAFE_SESSION_TIMEOUT client_sessions_unsafe_session_timeout
- CONFIG.UNSAFE_SESSION_TIMEOUT connect_mongo_session_timeout_too_long
- CONFIG.UNSAFE_SESSION_TIMEOUT connect_redis_session_timeout_too_long
- CONFIG.UNSAFE_SESSION_TIMEOUT google_cloud_connect_datastore_unsafe_session_timeout
- CORS_MISCONFIGURATION_AUDIT cors_preflight_age_too_long
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_max_age
- INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_aws
- INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_google
- JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_exipration
- JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_not_before
- TEMPORARY_CREDENTIALS_DURATION temporary_credentials_duration
|
|
| 614 Sensitive Cookie in HTTPS Session Without 'Secure' Attribute |
|
|
|
|
- INSECURE_COOKIE java
- INSECURE_REMEMBER_ME_COOKIE remember_me_cookie
|
- INSECURE_COOKIE client_sessions_express_session
- INSECURE_COOKIE hapi_server_session
|
|
|
|
|
- INSECURE_COOKIE cookie_missing_secure_flag_low
- UNSAFE_SESSION_SETTING secure_cookies_hi
|
|
|
- INSECURE_COOKIE client_sessions_express_session
- INSECURE_COOKIE hapi_server_session
|
|
| 615 Inclusion of Sensitive Information in Source Code Comments |
- CONFIG.DYNAMIC_DATA_HTML_COMMENT none
|
|
|
|
- CONFIG.DYNAMIC_DATA_HTML_COMMENT none
|
|
|
|
|
|
|
|
|
|
- CONFIG.DYNAMIC_DATA_HTML_COMMENT none
|
| 616 Incomplete Identification of Uploaded File Variables (PHP) |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 617 Reachable Assertion |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 618 Exposed Unsafe ActiveX Method |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 619 Dangling Database Cursor ('Cursor Injection') |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 620 Unverified Password Change |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 621 Variable Extraction Error |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 622 Improper Validation of Function Hook Arguments |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 623 Unsafe ActiveX Control Marked Safe For Scripting |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 624 Executable Regular Expression Error |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 625 Permissive Regular Expression |
|
|
|
|
|
- WEAK_URL_SANITIZATION hostname_regular_expression
- WEAK_URL_SANITIZATION regular_expression_anchor
|
|
|
|
|
- REGEX_MISSING_ANCHOR validation_regex_hi
|
|
|
- WEAK_URL_SANITIZATION hostname_regular_expression
- WEAK_URL_SANITIZATION regular_expression_anchor
|
|
| 626 Null Byte Interaction Error (Poison Null Byte) |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 627 Dynamic Variable Evaluation |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 628 Function Call with Incorrectly Specified Arguments |
|
- BAD_COMPARE none
- NEGATIVE_RETURNS critical_argument
- PRINTF_ARGS extra_printf_arg
- PRINTF_ARGS invalid_type_printf_arg
- PRINTF_ARGS missing_printf_arg
- PW.BAD_PRINTF_FORMAT_STRING none
- PW.TOO_FEW_PRINTF_ARGS none
- PW.TOO_MANY_PRINTF_ARGS none
- SWAPPED_ARGUMENTS none
|
- BAD_COMPARE none
- NEGATIVE_RETURNS critical_argument
- PRINTF_ARGS extra_printf_arg
- PRINTF_ARGS invalid_type_printf_arg
- PRINTF_ARGS missing_printf_arg
- PW.BAD_PRINTF_FORMAT_STRING none
- PW.TOO_FEW_PRINTF_ARGS none
- PW.TOO_MANY_PRINTF_ARGS none
- SWAPPED_ARGUMENTS none
|
|
|
- EXPLICIT_THIS_EXPECTED none
- IDENTIFIER_TYPO none
|
|
- BAD_COMPARE none
- NEGATIVE_RETURNS critical_argument
- PRINTF_ARGS extra_printf_arg
- PRINTF_ARGS invalid_type_printf_arg
- PRINTF_ARGS missing_printf_arg
- SWAPPED_ARGUMENTS none
|
|
|
|
|
|
- EXPLICIT_THIS_EXPECTED none
- IDENTIFIER_TYPO none
|
|
| 629 Weaknesses in OWASP Top Ten (2007) |
- ASPNET_MVC_VERSION_HEADER none
- CONFIG.ASPNET_VERSION_HEADER none
- CONFIG.CONNECTION_STRING_PASSWORD none
- CONFIG.COOKIES_MISSING_HTTPONLY none
- CONFIG.DEAD_AUTHORIZATION_RULE dead_allow_rule
- CONFIG.DEAD_AUTHORIZATION_RULE dead_deny_rule
- CONFIG.DYNAMIC_DATA_HTML_COMMENT none
- CONFIG.ENABLED_DEBUG_MODE none
- CONFIG.ENABLED_TRACE_MODE none
- CSRF database_update
- CSRF filesystem_modification
- CSRF none
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HEADER_INJECTION none
- INSECURE_COOKIE dotnet
- LDAP_INJECTION none
- LDAP_NOT_CONSTANT none
- MISSING_AUTHZ none
- OS_CMD_INJECTION command_argument
- OS_CMD_INJECTION executable_file
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- RISKY_CRYPTO hashing
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- XML_INJECTION none
- XPATH_INJECTION none
- XSS none
- XSS stored_xss
|
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK nested_memory_access
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK sensitive_data_comparison
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_execution_data_leak
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_uninitialized_use
- AUTOSAR C++14 A15-3-3 none
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HEADER_INJECTION none
- MISRA C++-2008 Rule 15-3-2 none
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- RISKY_CRYPTO hashing
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- UNCAUGHT_EXCEPT none
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- WEAK_GUARD dns
- WEAK_GUARD dns_sensitive_op
- WEAK_GUARD http_referer
- WEAK_GUARD http_referer_sensitive_op
- WEAK_GUARD ip_address
- WEAK_GUARD ip_address_sensitive_op
- WEAK_GUARD none
- WEAK_GUARD os_login
- WEAK_GUARD os_login_sensitive_op
- WEAK_GUARD principal_name
- WEAK_GUARD principal_name_sensitive_op
- XPATH_INJECTION none
|
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK nested_memory_access
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK sensitive_data_comparison
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_execution_data_leak
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_uninitialized_use
- AUTOSAR C++14 A15-3-3 none
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HEADER_INJECTION none
- MISRA C++-2008 Rule 15-3-2 none
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- RISKY_CRYPTO hashing
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- UNCAUGHT_EXCEPT none
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- WEAK_GUARD dns
- WEAK_GUARD dns_sensitive_op
- WEAK_GUARD http_referer
- WEAK_GUARD http_referer_sensitive_op
- WEAK_GUARD ip_address
- WEAK_GUARD ip_address_sensitive_op
- WEAK_GUARD none
- WEAK_GUARD os_login
- WEAK_GUARD os_login_sensitive_op
- WEAK_GUARD principal_name
- WEAK_GUARD principal_name_sensitive_op
- XPATH_INJECTION none
|
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HEADER_INJECTION none
- OS_CMD_INJECTION command_as_one_string
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- RISKY_CRYPTO hashing
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
- XSS none
|
- ANDROID_CAPABILITY_LEAK none
- ANDROID_DEBUG_MODE none
- CONFIG.ANDROID_BACKUPS_ALLOWED android
- CONFIG.DWR_DEBUG_MODE none
- CONFIG.DYNAMIC_DATA_HTML_COMMENT none
- CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
- CONFIG.JAVAEE_MISSING_HTTPONLY none
- CONFIG.JAVAEE_MISSING_SERVLET_MAPPING javaee
- CONFIG.MISSING_JSF2_SECURITY_CONSTRAINT none
- CONFIG.MYBATIS_MAPPER_SQLI none
- CONFIG.SPRING_BOOT_SENSITIVE_LOGGING spring_boot_logging
- CONFIG.SPRING_BOOT_SSL_DISABLED spring_boot_certificate_validation_skipped
- CONFIG.SPRING_BOOT_SSL_DISABLED spring_boot_ssl_disabled
- CONFIG.SPRING_SECURITY_CSRF_PROTECTION_DISABLED spring_security
- CONFIG.SPRING_SECURITY_DEBUG_MODE spring_debug_mode_enabled
- CONFIG.SPRING_SECURITY_DEPRECATED_XSS_HEADER deprecated_xss_header
- CONFIG.SPRING_SECURITY_DISABLE_AUTH_TAGS none
- CONFIG.SPRING_SECURITY_EXPOSED_SESSIONID session_id_in_url
- CONFIG.SPRING_SECURITY_HARDCODED_CREDENTIALS none
- CONFIG.SPRING_SECURITY_LOGIN_OVER_HTTP spring_security_login_over_http
- CONFIG.SPRING_SECURITY_REMEMBER_ME_HARDCODED_KEY none
- CONFIG.SPRING_SECURITY_SESSION_FIXATION none
- CONFIG.SPRING_SECURITY_SESSION_FIXATION spring_security_source_code
- CONFIG.SPRING_SECURITY_UNSAFE_AUTHENTICATION_FILTER authentication_filter
- CONFIG.SPRING_SECURITY_WEAK_PASSWORD_HASH weak_encoding_for_password
- CONFIG.STRUTS2_CONFIG_BROWSER_PLUGIN none
- CONFIG.STRUTS2_DYNAMIC_METHOD_INVOCATION none
- CONFIG.STRUTS2_ENABLED_DEV_MODE none
- CORS_MISCONFIGURATION cors_with_credentials_null_origin
- CORS_MISCONFIGURATION_AUDIT cors_expose_sensitive_header
- CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
- CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
- CSRF database_update
- CSRF filesystem_modification
- CSRF none
- DISABLED_ENCRYPTION text_encryptor
- EL_INJECTION none
- EXPOSED_PREFERENCES none
- FB.DMI_CONSTANT_DB_PASSWORD none
- FB.DMI_EMPTY_DB_PASSWORD none
- FB.HRS_REQUEST_PARAMETER_TO_COOKIE none
- FB.HRS_REQUEST_PARAMETER_TO_HTTP_HEADER none
- FB.PT_ABSOLUTE_PATH_TRAVERSAL none
- FB.PT_RELATIVE_PATH_TRAVERSAL none
- FB.SQL_NONCONSTANT_STRING_PASSED_TO_EXECUTE none
- FB.SQL_PREPARED_STATEMENT_GENERATED_FROM_NONCONSTANT_STRING none
- FB.XSS_REQUEST_PARAMETER_TO_JSP_WRITER none
- FB.XSS_REQUEST_PARAMETER_TO_SEND_ERROR none
- FB.XSS_REQUEST_PARAMETER_TO_SERVLET_WRITER none
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HEADER_INJECTION none
- IMPLICIT_INTENT none
- INSECURE_COMMUNICATION insecure_communication
- INSECURE_COMMUNICATION none
- INSECURE_COMMUNICATION unencrypted_connection
- INSECURE_COOKIE java
- INSECURE_REMEMBER_ME_COOKIE remember_me_cookie
- JSP_DYNAMIC_INCLUDE none
- JSP_SQL_INJECTION none
- LDAP_INJECTION none
- LDAP_NOT_CONSTANT none
- MISSING_AUTHZ none
- MISSING_HEADER_VALIDATION missing_header_validation
- MISSING_PERMISSION_FOR_BROADCAST none
- MISSING_PERMISSION_ON_EXPORTED_COMPONENT none
- OS_CMD_INJECTION command_as_array_of_args
- OS_CMD_INJECTION command_as_one_string
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- RISKY_CRYPTO hashing
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_clipboard
- SENSITIVE_DATA_LEAK cleartext_storage_in_content_provider
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_intent
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SESSION_FIXATION none
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_access
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_read
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_write
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_access
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_read
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_write
- VERBOSE_ERROR_REPORTING exception_information
- VERBOSE_ERROR_REPORTING stack_trace
- WEAK_GUARD dns
- WEAK_GUARD dns_sensitive_op
- WEAK_GUARD http_referer
- WEAK_GUARD http_referer_sensitive_op
- WEAK_GUARD ip_address
- WEAK_GUARD ip_address_sensitive_op
- WEAK_GUARD none
- WEAK_GUARD os_login
- WEAK_GUARD os_login_sensitive_op
- WEAK_GUARD principal_name
- WEAK_GUARD principal_name_sensitive_op
- XML_INJECTION none
- XPATH_INJECTION none
- XSS none
- XSS stored_xss
|
- ANGULAR_BYPASS_SECURITY none
- ANGULAR_ELEMENT_REFERENCE none
- ANGULAR_SCE_DISABLED angular_sce_disabled
- AWS_SSL_DISABLED aws_ssl_disabled
- AWS_VALIDATION_DISABLED aws_credentials_validation
- AWS_VALIDATION_DISABLED aws_parameters_validation
- BAD_CERT_VERIFICATION bad_cert_verification
- BAD_CERT_VERIFICATION certificate_validation_disabled
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
- CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
- CONFIG.CSURF_IGNORE_METHODS csurf_ignore_methods
- CONFIG.ENABLED_DEBUG_MODE debug_mode_enabled
- CONFIG.HANA_XS_PREVENT_XSRF_DISABLED none
- CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
- CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
- CONFIG.MYSQL_SSL_VERIFY_DISABLED mysql_ssl_verify_disabled
- CONFIG.SEQUELIZE_ENABLED_LOGGING sequelize_logging_enabled
- CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
- CONFIG.VUE_ROUTER_PARAMS_EXPOSED_TO_PROPS vuerouter_exposed_params
- CORS_MISCONFIGURATION cors_configured_globally
- CORS_MISCONFIGURATION cors_origin_string
- CORS_MISCONFIGURATION cors_with_credentials_all_origin
- CORS_MISCONFIGURATION cors_with_credentials_null_origin
- CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
- CORS_MISCONFIGURATION_AUDIT cors_expose_sensitive_header
- CORS_MISCONFIGURATION_AUDIT cors_headers_allowed
- CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
- CORS_MISCONFIGURATION_AUDIT cors_origin_string
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_all_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_null_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
- CSRF database_update
- CSRF filesystem_modification
- CSRF none
- CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_cookie_name
- CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_no_validation
- CSRF_MISCONFIGURATION_HAPI_CRUMB insecure_cookie
- CSRF_MISCONFIGURATION_HAPI_CRUMB insufficient_token_entropy
- DNS_PREFETCHING helmet_dns_prefetching
- DOM_XSS none
- EXPRESS_WINSTON_SENSITIVE_LOGGING error_logger
- EXPRESS_WINSTON_SENSITIVE_LOGGING meta_data
- EXPRESS_WINSTON_SENSITIVE_LOGGING request_logger
- EXPRESS_X_POWERED_BY_ENABLED x_powered_by_http_header
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HEADER_INJECTION none
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_report_uri
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_set_if
- INSECURE_ACL insecure_acl
- INSECURE_COMMUNICATION insecure_connection
- INSECURE_COOKIE client_sessions_express_session
- INSECURE_COOKIE hapi_server_session
- INSECURE_REFERRER_POLICY insecure_referrer_policy
- MISSING_AUTHZ none
- MULTER_MISCONFIGURATION multer_applied_globally
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- REACT_DANGEROUS_INNERHTML react_set_unsafe_html
- REVERSE_TABNABBING react_target_blank
- RISKY_CRYPTO hashing
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
- UNLESS_CASE_SENSITIVE_ROUTE_MATCHING express_unless_case_sensitive_route_matching
- UNSAFE_BUFFER_METHOD unsafe_buffer_method
- VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
- WEAK_URL_SANITIZATION hostname_regular_expression
- WEAK_URL_SANITIZATION regular_expression_anchor
- WEAK_URL_SANITIZATION url_substring
- XSS none
|
- ANDROID_CAPABILITY_LEAK none
- ANDROID_DEBUG_MODE none
- CONFIG.ANDROID_BACKUPS_ALLOWED android
- EXPOSED_PREFERENCES none
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HEADER_INJECTION none
- IMPLICIT_INTENT none
- INSECURE_COMMUNICATION none
- MISSING_PERMISSION_FOR_BROADCAST none
- OS_CMD_INJECTION command_as_array_of_args
- OS_CMD_INJECTION command_as_one_string
- PATH_MANIPULATION none
- RISKY_CRYPTO hashing
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_clipboard
- SENSITIVE_DATA_LEAK cleartext_storage_in_content_provider
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_intent
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_access
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_read
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_write
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_access
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_read
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_write
|
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK nested_memory_access
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK sensitive_data_comparison
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_execution_data_leak
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_uninitialized_use
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HEADER_INJECTION none
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- RISKY_CRYPTO hashing
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- UNCAUGHT_EXCEPT none
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- WEAK_GUARD dns
- WEAK_GUARD dns_sensitive_op
- WEAK_GUARD http_referer
- WEAK_GUARD http_referer_sensitive_op
- WEAK_GUARD ip_address
- WEAK_GUARD ip_address_sensitive_op
- WEAK_GUARD none
- WEAK_GUARD os_login
- WEAK_GUARD os_login_sensitive_op
- WEAK_GUARD principal_name
- WEAK_GUARD principal_name_sensitive_op
- XPATH_INJECTION none
|
- CONFIG.SYMFONY_CSRF_PROTECTION_DISABLED none
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HEADER_INJECTION none
- MISSING_AUTHZ none
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- XSS none
|
- CSRF database_update
- CSRF none
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- MISSING_AUTHZ none
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- XSS none
|
- CSRF csrf_not_protected_by_raising_exception_med
- CSRF csrf_protection_disabled_hi
- CSRF csrf_protection_missing_hi
- CSRF cve_2011_0447_hi
- DYNAMIC_OBJECT_ATTRIBUTES cve_2013_0276_hi
- HARDCODED_CREDENTIALS secret_in_source_med
- INSECURE_COOKIE cookie_missing_secure_flag_low
- INSECURE_COOKIE missing_httponly_low
- INSECURE_DIRECT_OBJECT_REFERENCE unscoped_find_low
- OS_CMD_INJECTION command_injection_hi
- OS_CMD_INJECTION command_injection_med
- PATH_MANIPULATION dynamic_render_path_hi
- PATH_MANIPULATION dynamic_render_path_low
- PATH_MANIPULATION dynamic_render_path_med
- PATH_MANIPULATION dynamic_render_path_rce_hi
- PATH_MANIPULATION file_access_hi
- PATH_MANIPULATION file_access_low
- PATH_MANIPULATION file_access_med
- RAILS_DEFAULT_ROUTES all_default_routes_hi
- RAILS_DEFAULT_ROUTES controller_default_routes_med
- RAILS_DEVISE_CONFIG devise_lock_strategy_low
- RAILS_DEVISE_CONFIG devise_password_length_max_low
- RAILS_DEVISE_CONFIG devise_password_length_max_med
- RAILS_DEVISE_CONFIG devise_password_length_min_low
- RAILS_DEVISE_CONFIG devise_password_length_min_med
- RAILS_DEVISE_CONFIG devise_reset_timeout_hi
- RAILS_MISSING_FILTER_ACTION missing_action_filter_low
- RUBY_VULNERABLE_LIBRARY cve_2010_3933_hi
- RUBY_VULNERABLE_LIBRARY cve_2011_2929_hi
- RUBY_VULNERABLE_LIBRARY cve_2011_2930_med
- RUBY_VULNERABLE_LIBRARY cve_2011_2931_hi
- RUBY_VULNERABLE_LIBRARY cve_2011_2932_hi
- RUBY_VULNERABLE_LIBRARY cve_2011_3186_med
- RUBY_VULNERABLE_LIBRARY cve_2012_2660_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_2661_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_2695_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_3463_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_3465_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_5664_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_0155_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_1855_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_1857_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_4491_med
- RUBY_VULNERABLE_LIBRARY cve_2013_6416_call_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_6416_med
- RUBY_VULNERABLE_LIBRARY cve_2013_6417_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_0080_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_0081_call_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_0081_med
- RUBY_VULNERABLE_LIBRARY cve_2014_3482_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_3483_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_low
- RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_med
- RUBY_VULNERABLE_LIBRARY cve_2014_3514_med
- RUBY_VULNERABLE_LIBRARY cve_2015_3226_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_3226_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7576_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_7577_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7578_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_7578_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7579_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_7579_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7580_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_7580_med
- RUBY_VULNERABLE_LIBRARY cve_2016_6317_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_3741_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_3741_med
- RUBY_VULNERABLE_LIBRARY cve_2018_3760_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_3760_low
- RUBY_VULNERABLE_LIBRARY cve_2018_8048_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_8048_med
- RUBY_VULNERABLE_LIBRARY safe_buffer_vuln_med
- RUBY_VULNERABLE_LIBRARY select_options_vuln_low
- RUBY_VULNERABLE_LIBRARY select_options_vuln_med
- RUBY_VULNERABLE_LIBRARY translate_vuln_hi
- RUBY_VULNERABLE_LIBRARY translate_vuln_med
- SCRIPT_CODE_INJECTION code_eval_hi
- SCRIPT_CODE_INJECTION code_eval_low
- SENSITIVE_DATA_LEAK detailed_exceptions_hi
- SENSITIVE_DATA_LEAK detailed_exceptions_med
- SENSITIVE_DATA_LEAK local_request_config_hi
- SQLI sql_injection_calculate_hi
- SQLI sql_injection_calculate_low
- SQLI sql_injection_calculate_med
- SQLI sql_injection_connection_hi
- SQLI sql_injection_connection_low
- SQLI sql_injection_connection_med
- SQLI sql_injection_delete_hi
- SQLI sql_injection_delete_low
- SQLI sql_injection_delete_med
- SQLI sql_injection_dynamic_finder_med
- SQLI sql_injection_exists_hi
- SQLI sql_injection_find_by_hi
- SQLI sql_injection_find_hi
- SQLI sql_injection_find_low
- SQLI sql_injection_find_med
- SQLI sql_injection_from_hi
- SQLI sql_injection_from_low
- SQLI sql_injection_from_med
- SQLI sql_injection_group_low
- SQLI sql_injection_group_med
- SQLI sql_injection_having_low
- SQLI sql_injection_having_med
- SQLI sql_injection_hi
- SQLI sql_injection_interp_hi
- SQLI sql_injection_interp_low
- SQLI sql_injection_interp_med
- SQLI sql_injection_joins_hi
- SQLI sql_injection_joins_low
- SQLI sql_injection_joins_med
- SQLI sql_injection_limit_offset_hi
- SQLI sql_injection_limit_offset_low
- SQLI sql_injection_low
- SQLI sql_injection_med
- SQLI sql_injection_not_low
- SQLI sql_injection_order_hi
- SQLI sql_injection_order_low
- SQLI sql_injection_order_med
- SQLI sql_injection_pluck_hi
- SQLI sql_injection_pluck_low
- SQLI sql_injection_pluck_med
- SQLI sql_injection_reorder_hi
- SQLI sql_injection_reorder_low
- SQLI sql_injection_reorder_med
- SQLI sql_injection_select_hi
- SQLI sql_injection_select_med
- SQLI sql_injection_where_hi
- SQLI sql_injection_where_low
- SQLI sql_injection_where_med
- STRICT_TRANSPORT_SECURITY force_ssl_disabled_med
- UNESCAPED_HTML unescaped_output_low
- UNSAFE_BASIC_AUTH basic_auth_password_hi
- UNSAFE_BASIC_AUTH basic_auth_timing_attack_low
- UNSAFE_BASIC_AUTH basic_auth_usage_low
- UNSAFE_SESSION_SETTING http_cookies_hi
- UNSAFE_SESSION_SETTING secure_cookies_hi
- UNSAFE_SESSION_SETTING session_secret_hi
- XSS cross_site_scripting_hi
- XSS cross_site_scripting_inline_hi
- XSS cross_site_scripting_inline_med
- XSS cross_site_scripting_low
- XSS cross_site_scripting_med
- XSS cve_2011_0446_hi
- XSS cve_2012_3464_med
- XSS cve_2016_6316_hi
- XSS cve_2016_6316_med
- XSS unquoted_attribute_hi
- XSS unquoted_attribute_low
- XSS unquoted_attribute_med
- XSS xss_content_tag_hi
- XSS xss_content_tag_med
- XSS xss_link_to_hi
- XSS xss_link_to_href_hi
- XSS xss_link_to_href_low
- XSS xss_link_to_med
- XSS xss_to_json_hi
- XSS xss_to_json_med
|
|
- CONFIG.ATS_INSECURE none
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- INSECURE_COMMUNICATION none
- INSECURE_MULTIPEER_CONNECTION none
- PATH_MANIPULATION none
- RISKY_CRYPTO hashing
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- WEAK_BIOMETRIC_AUTH none
- XPATH_INJECTION none
|
- ANGULAR_BYPASS_SECURITY none
- ANGULAR_ELEMENT_REFERENCE none
- ANGULAR_SCE_DISABLED angular_sce_disabled
- AWS_SSL_DISABLED aws_ssl_disabled
- AWS_VALIDATION_DISABLED aws_credentials_validation
- AWS_VALIDATION_DISABLED aws_parameters_validation
- BAD_CERT_VERIFICATION bad_cert_verification
- BAD_CERT_VERIFICATION certificate_validation_disabled
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
- CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
- CONFIG.CSURF_IGNORE_METHODS csurf_ignore_methods
- CONFIG.ENABLED_DEBUG_MODE debug_mode_enabled
- CONFIG.HANA_XS_PREVENT_XSRF_DISABLED none
- CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
- CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
- CONFIG.MYSQL_SSL_VERIFY_DISABLED mysql_ssl_verify_disabled
- CONFIG.SEQUELIZE_ENABLED_LOGGING sequelize_logging_enabled
- CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
- CONFIG.VUE_ROUTER_PARAMS_EXPOSED_TO_PROPS vuerouter_exposed_params
- CORS_MISCONFIGURATION cors_configured_globally
- CORS_MISCONFIGURATION cors_origin_string
- CORS_MISCONFIGURATION cors_with_credentials_all_origin
- CORS_MISCONFIGURATION cors_with_credentials_null_origin
- CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
- CORS_MISCONFIGURATION_AUDIT cors_expose_sensitive_header
- CORS_MISCONFIGURATION_AUDIT cors_headers_allowed
- CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
- CORS_MISCONFIGURATION_AUDIT cors_origin_string
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_all_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_null_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
- CSRF database_update
- CSRF filesystem_modification
- CSRF none
- CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_cookie_name
- CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_no_validation
- CSRF_MISCONFIGURATION_HAPI_CRUMB insecure_cookie
- CSRF_MISCONFIGURATION_HAPI_CRUMB insufficient_token_entropy
- DNS_PREFETCHING helmet_dns_prefetching
- DOM_XSS none
- EXPRESS_WINSTON_SENSITIVE_LOGGING error_logger
- EXPRESS_WINSTON_SENSITIVE_LOGGING meta_data
- EXPRESS_WINSTON_SENSITIVE_LOGGING request_logger
- EXPRESS_X_POWERED_BY_ENABLED x_powered_by_http_header
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HEADER_INJECTION none
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_report_uri
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_set_if
- INSECURE_ACL insecure_acl
- INSECURE_COMMUNICATION insecure_connection
- INSECURE_COOKIE client_sessions_express_session
- INSECURE_COOKIE hapi_server_session
- INSECURE_REFERRER_POLICY insecure_referrer_policy
- MISSING_AUTHZ none
- MULTER_MISCONFIGURATION multer_applied_globally
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- REACT_DANGEROUS_INNERHTML react_set_unsafe_html
- REVERSE_TABNABBING react_target_blank
- RISKY_CRYPTO hashing
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
- UNLESS_CASE_SENSITIVE_ROUTE_MATCHING express_unless_case_sensitive_route_matching
- UNSAFE_BUFFER_METHOD unsafe_buffer_method
- VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
- WEAK_URL_SANITIZATION hostname_regular_expression
- WEAK_URL_SANITIZATION regular_expression_anchor
- WEAK_URL_SANITIZATION url_substring
- XSS none
|
- ASPNET_MVC_VERSION_HEADER none
- CONFIG.DYNAMIC_DATA_HTML_COMMENT none
- CSRF database_update
- CSRF filesystem_modification
- CSRF none
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HEADER_INJECTION none
- LDAP_INJECTION none
- LDAP_NOT_CONSTANT none
- MISSING_AUTHZ none
- OS_CMD_INJECTION command_argument
- OS_CMD_INJECTION executable_file
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- RISKY_CRYPTO hashing
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
- XML_INJECTION none
- XPATH_INJECTION none
- XSS none
- XSS stored_xss
|
| 630 DEPRECATED: Weaknesses Examined by SAMATE |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 631 DEPRECATED: Resource-specific Weaknesses |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 632 DEPRECATED: Weaknesses that Affect Files or Directories |
- CONFIG.CONNECTION_STRING_PASSWORD none
- CONFIG.DEAD_AUTHORIZATION_RULE dead_allow_rule
- CONFIG.DEAD_AUTHORIZATION_RULE dead_deny_rule
- CONFIG.DYNAMIC_DATA_HTML_COMMENT none
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- INSECURE_COOKIE dotnet
- MISSING_AUTHZ none
- PATH_MANIPULATION none
- RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
|
- CHROOT none
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- PATH_MANIPULATION none
- RISKY_CRYPTO ssl_protocol
- SECURE_TEMP none
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- WEAK_GUARD dns
- WEAK_GUARD dns_sensitive_op
- WEAK_GUARD http_referer
- WEAK_GUARD http_referer_sensitive_op
- WEAK_GUARD ip_address
- WEAK_GUARD ip_address_sensitive_op
- WEAK_GUARD none
- WEAK_GUARD os_login
- WEAK_GUARD os_login_sensitive_op
- WEAK_GUARD principal_name
- WEAK_GUARD principal_name_sensitive_op
|
- CHROOT none
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- PATH_MANIPULATION none
- RISKY_CRYPTO ssl_protocol
- SECURE_TEMP none
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- WEAK_GUARD dns
- WEAK_GUARD dns_sensitive_op
- WEAK_GUARD http_referer
- WEAK_GUARD http_referer_sensitive_op
- WEAK_GUARD ip_address
- WEAK_GUARD ip_address_sensitive_op
- WEAK_GUARD none
- WEAK_GUARD os_login
- WEAK_GUARD os_login_sensitive_op
- WEAK_GUARD principal_name
- WEAK_GUARD principal_name_sensitive_op
|
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- PATH_MANIPULATION none
- RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
|
- ANDROID_CAPABILITY_LEAK none
- ANDROID_WEBVIEW_FILEACCESS android_webview_file_access
- BAD_CERT_VERIFICATION bad_hostname_verifier
- BAD_CERT_VERIFICATION bad_revocation_check
- BAD_CERT_VERIFICATION bad_ssl_session
- BAD_CERT_VERIFICATION bad_trust_manager
- CONFIG.ANDROID_BACKUPS_ALLOWED android
- CONFIG.DWR_DEBUG_MODE none
- CONFIG.DYNAMIC_DATA_HTML_COMMENT none
- CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
- CONFIG.JAVAEE_MISSING_SERVLET_MAPPING javaee
- CONFIG.MISSING_JSF2_SECURITY_CONSTRAINT none
- CONFIG.MYBATIS_MAPPER_SQLI none
- CONFIG.SPRING_BOOT_SENSITIVE_LOGGING spring_boot_logging
- CONFIG.SPRING_BOOT_SSL_DISABLED spring_boot_certificate_validation_skipped
- CONFIG.SPRING_SECURITY_DISABLE_AUTH_TAGS none
- CONFIG.SPRING_SECURITY_HARDCODED_CREDENTIALS none
- CONFIG.SPRING_SECURITY_REMEMBER_ME_HARDCODED_KEY none
- CONFIG.SPRING_SECURITY_SESSION_FIXATION none
- CONFIG.SPRING_SECURITY_SESSION_FIXATION spring_security_source_code
- CONFIG.SPRING_SECURITY_WEAK_PASSWORD_HASH weak_encoding_for_password
- CONFIG.STRUTS2_CONFIG_BROWSER_PLUGIN none
- CONFIG.STRUTS2_DYNAMIC_METHOD_INVOCATION none
- CONFIG.STRUTS2_ENABLED_DEV_MODE none
- CONFIG.UNSAFE_SESSION_TIMEOUT none
- CORS_MISCONFIGURATION cors_with_credentials_http_origin
- CORS_MISCONFIGURATION cors_with_credentials_null_origin
- CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
- CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
- FB.DMI_CONSTANT_DB_PASSWORD none
- FB.DMI_EMPTY_DB_PASSWORD none
- FB.PT_ABSOLUTE_PATH_TRAVERSAL none
- FB.PT_RELATIVE_PATH_TRAVERSAL none
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- IMPLICIT_INTENT none
- INSECURE_COMMUNICATION none
- INSECURE_REMEMBER_ME_COOKIE remember_me_cookie
- JSP_DYNAMIC_INCLUDE none
- JSP_SQL_INJECTION none
- MISSING_AUTHZ none
- MISSING_PERMISSION_FOR_BROADCAST none
- MISSING_PERMISSION_ON_EXPORTED_COMPONENT none
- PATH_MANIPULATION none
- RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_intent
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_transmission
- SESSION_FIXATION none
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- WEAK_GUARD dns
- WEAK_GUARD dns_sensitive_op
- WEAK_GUARD http_referer
- WEAK_GUARD http_referer_sensitive_op
- WEAK_GUARD ip_address
- WEAK_GUARD ip_address_sensitive_op
- WEAK_GUARD none
- WEAK_GUARD os_login
- WEAK_GUARD os_login_sensitive_op
- WEAK_GUARD principal_name
- WEAK_GUARD principal_name_sensitive_op
|
- AWS_SSL_DISABLED aws_ssl_disabled
- AWS_VALIDATION_DISABLED aws_credentials_validation
- AWS_VALIDATION_DISABLED aws_parameters_validation
- BAD_CERT_VERIFICATION bad_cert_verification
- BAD_CERT_VERIFICATION certificate_validation_disabled
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
- CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
- CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
- CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
- CONFIG.REQUEST_STRICTSSL_DISABLED request_strictssl_disabled
- CONFIG.SEQUELIZE_ENABLED_LOGGING sequelize_logging_enabled
- CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
- CONFIG.UNSAFE_SESSION_TIMEOUT client_sessions_unsafe_session_timeout
- CONFIG.UNSAFE_SESSION_TIMEOUT connect_mongo_session_timeout_too_long
- CONFIG.UNSAFE_SESSION_TIMEOUT connect_redis_session_timeout_too_long
- CONFIG.UNSAFE_SESSION_TIMEOUT google_cloud_connect_datastore_unsafe_session_timeout
- CORS_MISCONFIGURATION cors_with_credentials_all_origin
- CORS_MISCONFIGURATION cors_with_credentials_http_origin
- CORS_MISCONFIGURATION cors_with_credentials_null_origin
- CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
- CORS_MISCONFIGURATION_AUDIT cors_headers_allowed
- CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
- CORS_MISCONFIGURATION_AUDIT cors_preflight_age_too_long
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_all_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_http_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_null_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
- EXPRESS_WINSTON_SENSITIVE_LOGGING error_logger
- EXPRESS_WINSTON_SENSITIVE_LOGGING meta_data
- EXPRESS_WINSTON_SENSITIVE_LOGGING request_logger
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_max_age
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_set_if
- INSECURE_ACL insecure_acl
- INSECURE_COMMUNICATION insecure_connection
- INSECURE_COOKIE client_sessions_express_session
- INSECURE_COOKIE hapi_server_session
- INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_aws
- INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_google
- MISSING_AUTHZ none
- MULTER_MISCONFIGURATION multer_applied_globally
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
- PATH_MANIPULATION none
- RISKY_CRYPTO ssl_protocol
- SA.RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- TEMPORARY_CREDENTIALS_DURATION temporary_credentials_duration
- UNCHECKED_ORIGIN none
- UNLESS_CASE_SENSITIVE_ROUTE_MATCHING express_unless_case_sensitive_route_matching
- WEAK_URL_SANITIZATION hostname_regular_expression
- WEAK_URL_SANITIZATION regular_expression_anchor
- WEAK_URL_SANITIZATION url_substring
|
- ANDROID_CAPABILITY_LEAK none
- BAD_CERT_VERIFICATION bad_hostname_verifier
- BAD_CERT_VERIFICATION bad_revocation_check
- BAD_CERT_VERIFICATION bad_ssl_session
- BAD_CERT_VERIFICATION bad_trust_manager
- CONFIG.ANDROID_BACKUPS_ALLOWED android
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- IMPLICIT_INTENT none
- INSECURE_COMMUNICATION none
- MISSING_PERMISSION_FOR_BROADCAST none
- PATH_MANIPULATION none
- RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_intent
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
|
- CHROOT none
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- PATH_MANIPULATION none
- RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- WEAK_GUARD dns
- WEAK_GUARD dns_sensitive_op
- WEAK_GUARD http_referer
- WEAK_GUARD http_referer_sensitive_op
- WEAK_GUARD ip_address
- WEAK_GUARD ip_address_sensitive_op
- WEAK_GUARD none
- WEAK_GUARD os_login
- WEAK_GUARD os_login_sensitive_op
- WEAK_GUARD principal_name
- WEAK_GUARD principal_name_sensitive_op
|
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- MISSING_AUTHZ none
- PATH_MANIPULATION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
|
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- MISSING_AUTHZ none
- PATH_MANIPULATION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
|
- BAD_CERT_VERIFICATION ssl_verification_bypass_hi
- HARDCODED_CREDENTIALS secret_in_source_med
- INSECURE_COOKIE missing_httponly_low
- INSECURE_DIRECT_OBJECT_REFERENCE unscoped_find_low
- PATH_MANIPULATION dynamic_render_path_hi
- PATH_MANIPULATION dynamic_render_path_low
- PATH_MANIPULATION dynamic_render_path_med
- PATH_MANIPULATION dynamic_render_path_rce_hi
- PATH_MANIPULATION file_access_hi
- PATH_MANIPULATION file_access_low
- PATH_MANIPULATION file_access_med
- RAILS_DEFAULT_ROUTES all_default_routes_hi
- RAILS_DEFAULT_ROUTES controller_default_routes_med
- RAILS_DEVISE_CONFIG devise_lock_strategy_low
- RAILS_DEVISE_CONFIG devise_password_length_max_low
- RAILS_DEVISE_CONFIG devise_password_length_max_med
- RAILS_DEVISE_CONFIG devise_password_length_min_low
- RAILS_DEVISE_CONFIG devise_password_length_min_med
- RAILS_DEVISE_CONFIG devise_reset_timeout_hi
- RAILS_MISSING_FILTER_ACTION missing_action_filter_low
- RUBY_VULNERABLE_LIBRARY cve_2011_2929_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_7576_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_3760_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_3760_low
- STRICT_TRANSPORT_SECURITY force_ssl_disabled_med
- UNSAFE_BASIC_AUTH basic_auth_password_hi
- UNSAFE_BASIC_AUTH basic_auth_timing_attack_low
- UNSAFE_BASIC_AUTH basic_auth_usage_low
- UNSAFE_SESSION_SETTING http_cookies_hi
- UNSAFE_SESSION_SETTING session_secret_hi
|
|
- BAD_CERT_VERIFICATION bad_trust_manager
- BAD_CERT_VERIFICATION none
- CONFIG.ATS_INSECURE none
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- INSECURE_COMMUNICATION none
- INSECURE_MULTIPEER_CONNECTION none
- PATH_MANIPULATION none
- RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- WEAK_BIOMETRIC_AUTH none
|
- AWS_SSL_DISABLED aws_ssl_disabled
- AWS_VALIDATION_DISABLED aws_credentials_validation
- AWS_VALIDATION_DISABLED aws_parameters_validation
- BAD_CERT_VERIFICATION bad_cert_verification
- BAD_CERT_VERIFICATION certificate_validation_disabled
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
- CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
- CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
- CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
- CONFIG.REQUEST_STRICTSSL_DISABLED request_strictssl_disabled
- CONFIG.SEQUELIZE_ENABLED_LOGGING sequelize_logging_enabled
- CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
- CONFIG.UNSAFE_SESSION_TIMEOUT client_sessions_unsafe_session_timeout
- CONFIG.UNSAFE_SESSION_TIMEOUT connect_mongo_session_timeout_too_long
- CONFIG.UNSAFE_SESSION_TIMEOUT connect_redis_session_timeout_too_long
- CONFIG.UNSAFE_SESSION_TIMEOUT google_cloud_connect_datastore_unsafe_session_timeout
- CORS_MISCONFIGURATION cors_with_credentials_all_origin
- CORS_MISCONFIGURATION cors_with_credentials_http_origin
- CORS_MISCONFIGURATION cors_with_credentials_null_origin
- CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
- CORS_MISCONFIGURATION_AUDIT cors_headers_allowed
- CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
- CORS_MISCONFIGURATION_AUDIT cors_preflight_age_too_long
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_all_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_http_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_null_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
- EXPRESS_WINSTON_SENSITIVE_LOGGING error_logger
- EXPRESS_WINSTON_SENSITIVE_LOGGING meta_data
- EXPRESS_WINSTON_SENSITIVE_LOGGING request_logger
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_max_age
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_set_if
- INSECURE_ACL insecure_acl
- INSECURE_COMMUNICATION insecure_connection
- INSECURE_COOKIE client_sessions_express_session
- INSECURE_COOKIE hapi_server_session
- INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_aws
- INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_google
- MISSING_AUTHZ none
- MULTER_MISCONFIGURATION multer_applied_globally
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
- PATH_MANIPULATION none
- RISKY_CRYPTO ssl_protocol
- SA.RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- TEMPORARY_CREDENTIALS_DURATION temporary_credentials_duration
- UNCHECKED_ORIGIN none
- UNLESS_CASE_SENSITIVE_ROUTE_MATCHING express_unless_case_sensitive_route_matching
- WEAK_URL_SANITIZATION hostname_regular_expression
- WEAK_URL_SANITIZATION regular_expression_anchor
- WEAK_URL_SANITIZATION url_substring
|
- CONFIG.DYNAMIC_DATA_HTML_COMMENT none
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- MISSING_AUTHZ none
- PATH_MANIPULATION none
- RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
|
| 633 DEPRECATED: Weaknesses that Affect Memory |
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
|
- ALLOC_FREE_MISMATCH none
- ARRAY_VS_SINGLETON none
- BAD_ALLOC_ARITHMETIC none
- BAD_FREE address
- BAD_FREE alloca
- BAD_FREE array
- BAD_FREE first_field_address
- BAD_FREE function_pointer
- BAD_FREE none
- BUFFER_SIZE fixed_size_dest
- BUFFER_SIZE likely_overflow
- BUFFER_SIZE none
- BUFFER_SIZE overflow
- BUFFER_SIZE overlapping_buffer
- COM.ADDROF_LEAK none
- COM.BAD_FREE none
- COM.BSTR.ALLOC double_free
- COM.BSTR.ALLOC free_uninit
- COM.BSTR.ALLOC leak
- COM.BSTR.ALLOC none
- COM.BSTR.ALLOC use_after_free
- COM.BSTR.ALLOC use_uninit
- COM.BSTR.CONV none
- CTOR_DTOR_LEAK none
- FORMAT_STRING_INJECTION none
- FORMAT_STRING_INJECTION paranoid
- INCOMPATIBLE_CAST overrun
- INTEGER_OVERFLOW array_index_read
- INTEGER_OVERFLOW array_index_write
- INTEGER_OVERFLOW pointer_deref_read
- INTEGER_OVERFLOW pointer_deref_write
- INVALIDATE_ITERATOR none
- MISMATCHED_ITERATOR none
- MISMATCHED_ITERATOR splice_iterator_mismatch
- MISSING_ASSIGN none
- MISSING_ASSIGN uncalled
- MISSING_COPY none
- MISSING_COPY uncalled
- NEGATIVE_RETURNS array_index_read
- NEGATIVE_RETURNS array_index_write
- NO_EFFECT incomplete_delete
- OVERRUN illegal_address
- OVERRUN none
- OVERRUN read
- OVERRUN strlen
- OVERRUN write
- PW.NON_CONST_PRINTF_FORMAT_STRING none
- REVERSE_NEGATIVE array_index_read
- REVERSE_NEGATIVE array_index_write
- REVERSE_NEGATIVE critical_argument
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SIZECHECK likely_overflow
- STRING_OVERFLOW fixed_size_dest
- STRING_OVERFLOW likely_overflow
- STRING_OVERFLOW none
- STRING_SIZE none
- TAINTED_SCALAR allocation
- TAINTED_SCALAR array_index_read
- TAINTED_SCALAR array_index_write
- TAINTED_SCALAR critical_argument
- TAINTED_SCALAR divisor
- TAINTED_SCALAR loop_bound
- TAINTED_SCALAR none
- TAINTED_SCALAR pointer_deref_read
- TAINTED_SCALAR pointer_deref_write
- USE_AFTER_FREE deref_read_after_free
- USE_AFTER_FREE deref_write_after_free
- USE_AFTER_FREE double_free
- USE_AFTER_FREE none
- WRAPPER_ESCAPE COM_deref_read_after_free
- WRAPPER_ESCAPE COM_deref_write_after_free
- WRAPPER_ESCAPE COM_use_after_free
- WRAPPER_ESCAPE deref_read_after_free
- WRAPPER_ESCAPE deref_write_after_free
- WRAPPER_ESCAPE none
|
- ALLOC_FREE_MISMATCH none
- ARRAY_VS_SINGLETON none
- BAD_ALLOC_ARITHMETIC none
- BAD_FREE address
- BAD_FREE alloca
- BAD_FREE array
- BAD_FREE first_field_address
- BAD_FREE function_pointer
- BAD_FREE none
- BUFFER_SIZE fixed_size_dest
- BUFFER_SIZE likely_overflow
- BUFFER_SIZE none
- BUFFER_SIZE overflow
- BUFFER_SIZE overlapping_buffer
- CTOR_DTOR_LEAK none
- FORMAT_STRING_INJECTION none
- FORMAT_STRING_INJECTION paranoid
- INCOMPATIBLE_CAST overrun
- INTEGER_OVERFLOW array_index_read
- INTEGER_OVERFLOW array_index_write
- INTEGER_OVERFLOW pointer_deref_read
- INTEGER_OVERFLOW pointer_deref_write
- INVALIDATE_ITERATOR none
- MISMATCHED_ITERATOR none
- MISMATCHED_ITERATOR splice_iterator_mismatch
- MISSING_ASSIGN none
- MISSING_ASSIGN uncalled
- MISSING_COPY none
- MISSING_COPY uncalled
- NEGATIVE_RETURNS array_index_read
- NEGATIVE_RETURNS array_index_write
- NO_EFFECT incomplete_delete
- OVERRUN illegal_address
- OVERRUN none
- OVERRUN read
- OVERRUN strlen
- OVERRUN write
- PW.NON_CONST_PRINTF_FORMAT_STRING none
- REVERSE_NEGATIVE array_index_read
- REVERSE_NEGATIVE array_index_write
- REVERSE_NEGATIVE critical_argument
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SIZECHECK likely_overflow
- STRING_OVERFLOW fixed_size_dest
- STRING_OVERFLOW likely_overflow
- STRING_OVERFLOW none
- STRING_SIZE none
- TAINTED_SCALAR allocation
- TAINTED_SCALAR array_index_read
- TAINTED_SCALAR array_index_write
- TAINTED_SCALAR critical_argument
- TAINTED_SCALAR divisor
- TAINTED_SCALAR loop_bound
- TAINTED_SCALAR none
- TAINTED_SCALAR pointer_deref_read
- TAINTED_SCALAR pointer_deref_write
- USE_AFTER_FREE deref_read_after_free
- USE_AFTER_FREE deref_write_after_free
- USE_AFTER_FREE double_free
- USE_AFTER_FREE none
- WRAPPER_ESCAPE COM_deref_read_after_free
- WRAPPER_ESCAPE COM_deref_write_after_free
- WRAPPER_ESCAPE COM_use_after_free
- WRAPPER_ESCAPE deref_read_after_free
- WRAPPER_ESCAPE deref_write_after_free
- WRAPPER_ESCAPE none
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
|
- INVALIDATE_ITERATOR map_put
- INVALIDATE_ITERATOR none
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
|
- ALLOC_FREE_MISMATCH none
- ARRAY_VS_SINGLETON none
- BAD_ALLOC_ARITHMETIC none
- BAD_FREE address
- BAD_FREE alloca
- BAD_FREE array
- BAD_FREE first_field_address
- BAD_FREE function_pointer
- BAD_FREE none
- BUFFER_SIZE fixed_size_dest
- BUFFER_SIZE likely_overflow
- BUFFER_SIZE none
- BUFFER_SIZE overflow
- BUFFER_SIZE overlapping_buffer
- CTOR_DTOR_LEAK none
- FORMAT_STRING_INJECTION none
- FORMAT_STRING_INJECTION paranoid
- INCOMPATIBLE_CAST overrun
- INTEGER_OVERFLOW array_index_read
- INTEGER_OVERFLOW array_index_write
- INTEGER_OVERFLOW pointer_deref_read
- INTEGER_OVERFLOW pointer_deref_write
- INVALIDATE_ITERATOR none
- MISMATCHED_ITERATOR none
- MISMATCHED_ITERATOR splice_iterator_mismatch
- MISSING_ASSIGN none
- MISSING_ASSIGN uncalled
- MISSING_COPY none
- MISSING_COPY uncalled
- NEGATIVE_RETURNS array_index_read
- NEGATIVE_RETURNS array_index_write
- NO_EFFECT incomplete_delete
- OVERRUN illegal_address
- OVERRUN none
- OVERRUN read
- OVERRUN strlen
- OVERRUN write
- REVERSE_NEGATIVE array_index_read
- REVERSE_NEGATIVE array_index_write
- REVERSE_NEGATIVE critical_argument
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SIZECHECK likely_overflow
- STRING_OVERFLOW fixed_size_dest
- STRING_OVERFLOW likely_overflow
- STRING_OVERFLOW none
- STRING_SIZE none
- TAINTED_SCALAR allocation
- TAINTED_SCALAR array_index_read
- TAINTED_SCALAR array_index_write
- TAINTED_SCALAR critical_argument
- TAINTED_SCALAR divisor
- TAINTED_SCALAR loop_bound
- TAINTED_SCALAR none
- TAINTED_SCALAR pointer_deref_read
- TAINTED_SCALAR pointer_deref_write
- USE_AFTER_FREE deref_read_after_free
- USE_AFTER_FREE deref_write_after_free
- USE_AFTER_FREE double_free
- USE_AFTER_FREE none
- WRAPPER_ESCAPE COM_deref_read_after_free
- WRAPPER_ESCAPE COM_deref_write_after_free
- WRAPPER_ESCAPE COM_use_after_free
- WRAPPER_ESCAPE deref_read_after_free
- WRAPPER_ESCAPE deref_write_after_free
- WRAPPER_ESCAPE none
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
|
|
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
|
| 634 DEPRECATED: Weaknesses that Affect System Processes |
- GUARDED_BY_VIOLATION none
- HEADER_INJECTION none
- NON_STATIC_GUARDING_STATIC none
- OS_CMD_INJECTION command_argument
- OS_CMD_INJECTION executable_file
- OS_CMD_INJECTION none
- RESOURCE_LEAK socket
- VOLATILE_ATOMICITY compare
- VOLATILE_ATOMICITY none
- VOLATILE_ATOMICITY semantic
- VOLATILE_ATOMICITY threshold
|
- HEADER_INJECTION none
- MISSING_LOCK none
- OS_CMD_INJECTION none
|
- HEADER_INJECTION none
- MISSING_LOCK none
- OS_CMD_INJECTION none
|
- GUARDED_BY_VIOLATION none
- HEADER_INJECTION none
- OS_CMD_INJECTION command_as_one_string
- OS_CMD_INJECTION none
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
|
- FB.IS2_INCONSISTENT_SYNC none
- FB.IS_FIELD_NOT_GUARDED none
- FB.IS_INCONSISTENT_SYNC none
- FB.RU_INVOKE_RUN none
- FB.STCAL_INVOKE_ON_STATIC_CALENDAR_INSTANCE none
- FB.STCAL_INVOKE_ON_STATIC_DATE_FORMAT_INSTANCE none
- FB.STCAL_STATIC_CALENDAR_INSTANCE none
- FB.STCAL_STATIC_SIMPLE_DATE_FORMAT_INSTANCE none
- GUARDED_BY_VIOLATION none
- GUARDED_BY_VIOLATION unlocked_read
- GUARDED_BY_VIOLATION unlocked_write
- HEADER_INJECTION none
- MISSING_HEADER_VALIDATION missing_header_validation
- NON_STATIC_GUARDING_STATIC none
- OS_CMD_INJECTION command_as_array_of_args
- OS_CMD_INJECTION command_as_one_string
- OS_CMD_INJECTION none
- RESOURCE_LEAK socket
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
- VOLATILE_ATOMICITY compare
- VOLATILE_ATOMICITY none
- VOLATILE_ATOMICITY semantic
- VOLATILE_ATOMICITY threshold
|
- HEADER_INJECTION none
- OS_CMD_INJECTION none
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
|
- HEADER_INJECTION none
- OS_CMD_INJECTION command_as_array_of_args
- OS_CMD_INJECTION command_as_one_string
|
- HEADER_INJECTION none
- MISSING_LOCK none
- OS_CMD_INJECTION none
|
- HEADER_INJECTION none
- OS_CMD_INJECTION none
|
|
- OS_CMD_INJECTION command_injection_hi
- OS_CMD_INJECTION command_injection_med
|
|
|
- HEADER_INJECTION none
- OS_CMD_INJECTION none
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
|
- HEADER_INJECTION none
- OS_CMD_INJECTION command_argument
- OS_CMD_INJECTION executable_file
- OS_CMD_INJECTION none
- RESOURCE_LEAK socket
|
| 635 Weaknesses Originally Used by NVD from 2008 to 2016 |
- ASPNET_MVC_VERSION_HEADER none
- CONFIG.ASPNET_VERSION_HEADER none
- CONFIG.ASP_VIEWSTATE_MAC none
- CONFIG.CONNECTION_STRING_PASSWORD none
- CONFIG.COOKIES_MISSING_HTTPONLY none
- CONFIG.DEAD_AUTHORIZATION_RULE dead_allow_rule
- CONFIG.DEAD_AUTHORIZATION_RULE dead_deny_rule
- CONFIG.DYNAMIC_DATA_HTML_COMMENT none
- CONFIG.ENABLED_DEBUG_MODE none
- CONFIG.ENABLED_TRACE_MODE none
- CONFIG.MISSING_CUSTOM_ERROR_PAGE none
- CSRF database_update
- CSRF filesystem_modification
- CSRF none
- DIVIDE_BY_ZERO float_divisor
- DIVIDE_BY_ZERO none
- GUARDED_BY_VIOLATION none
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HEADER_INJECTION none
- INSECURE_COOKIE dotnet
- INSECURE_RANDOM insecure_random_used
- INSECURE_RANDOM insecure_random_value
- LDAP_INJECTION none
- LDAP_NOT_CONSTANT none
- LOCK_INVERSION none
- LOG_INJECTION none
- MISSING_AUTHZ none
- NON_STATIC_GUARDING_STATIC none
- NOSQL_QUERY_INJECTION none
- OPEN_REDIRECT none
- OS_CMD_INJECTION command_argument
- OS_CMD_INJECTION executable_file
- OS_CMD_INJECTION none
- OVERFLOW_BEFORE_WIDEN none
- PATH_MANIPULATION none
- REGEX_INJECTION none
- RESOURCE_LEAK channel
- RESOURCE_LEAK database
- RESOURCE_LEAK exceptional_path
- RESOURCE_LEAK none
- RESOURCE_LEAK socket
- RESOURCE_LEAK stream
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- UNKNOWN_LANGUAGE_INJECTION none
- UNRESTRICTED_DISPATCH none
- UNSAFE_DESERIALIZATION none
- UNSAFE_NAMED_QUERY none
- VOLATILE_ATOMICITY compare
- VOLATILE_ATOMICITY none
- VOLATILE_ATOMICITY semantic
- VOLATILE_ATOMICITY threshold
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
- XML_EXTERNAL_ENTITY entity_expansion
- XML_EXTERNAL_ENTITY external_entities
- XML_EXTERNAL_ENTITY unrestricted_dtds
- XML_INJECTION none
- XPATH_INJECTION none
- XSS none
- XSS stored_xss
|
- ALLOC_FREE_MISMATCH none
- ARRAY_VS_SINGLETON none
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK nested_memory_access
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK sensitive_data_comparison
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_execution_data_leak
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_uninitialized_use
- AUTOSAR C++14 A15-3-3 none
- BAD_ALLOC_ARITHMETIC none
- BAD_ALLOC_STRLEN none
- BAD_FREE address
- BAD_FREE alloca
- BAD_FREE array
- BAD_FREE first_field_address
- BAD_FREE function_pointer
- BAD_FREE none
- BAD_SIZEOF none
- BAD_SIZEOF sizeof_ptr_expr
- BUFFER_SIZE fixed_size_dest
- BUFFER_SIZE likely_overflow
- BUFFER_SIZE no_null_terminator
- BUFFER_SIZE no_null_terminator_warn
- BUFFER_SIZE none
- BUFFER_SIZE overflow
- BUFFER_SIZE overlapping_buffer
- CHAR_IO none
- CHROOT none
- COM.ADDROF_LEAK none
- COM.BAD_FREE none
- COM.BSTR.ALLOC double_free
- COM.BSTR.ALLOC free_uninit
- COM.BSTR.ALLOC leak
- COM.BSTR.ALLOC none
- COM.BSTR.ALLOC use_after_free
- COM.BSTR.ALLOC use_uninit
- COM.BSTR.CONV none
- CTOR_DTOR_LEAK none
- DELETE_ARRAY non_array_delete
- DELETE_ARRAY none
- DELETE_ARRAY object
- DELETE_ARRAY scalar
- DIVIDE_BY_ZERO float_divisor
- DIVIDE_BY_ZERO none
- FLOATING_POINT_EQUALITY none
- FORMAT_STRING_INJECTION none
- FORMAT_STRING_INJECTION paranoid
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HEADER_INJECTION none
- INCOMPATIBLE_CAST overrun
- INTEGER_OVERFLOW array_index_read
- INTEGER_OVERFLOW array_index_write
- INTEGER_OVERFLOW const_overflow
- INTEGER_OVERFLOW critical_argument
- INTEGER_OVERFLOW none
- INTEGER_OVERFLOW pointer_deref_read
- INTEGER_OVERFLOW pointer_deref_write
- INTEGER_OVERFLOW return_value_error
- INVALIDATE_ITERATOR none
- LOCK double_lock
- MISMATCHED_ITERATOR none
- MISMATCHED_ITERATOR splice_iterator_mismatch
- MISRA C++-2008 Rule 15-3-2 none
- MISRA_CAST bitwise_op_bad_cast
- MISRA_CAST bitwise_op_no_cast
- MISRA_CAST float_complex_conversion
- MISRA_CAST float_narrowing_conversion
- MISRA_CAST float_non_constant_arg_conversion
- MISRA_CAST float_non_constant_conversion
- MISRA_CAST float_non_constant_rtn_conversion
- MISRA_CAST float_to_integer_cast
- MISRA_CAST float_to_integer_conversion
- MISRA_CAST float_widening_cast
- MISRA_CAST integer_complex_conversion
- MISRA_CAST integer_narrowing_conversion
- MISRA_CAST integer_non_constant_arg_conversion
- MISRA_CAST integer_non_constant_conversion
- MISRA_CAST integer_non_constant_rtn_conversion
- MISRA_CAST integer_signedness_changing_cast
- MISRA_CAST integer_signedness_changing_conversion
- MISRA_CAST integer_to_float_cast
- MISRA_CAST integer_to_float_conversion
- MISRA_CAST integer_widening_cast
- MISRA_CAST none
- MISSING_ASSIGN none
- MISSING_ASSIGN uncalled
- MISSING_COPY none
- MISSING_COPY uncalled
- MISSING_LOCK none
- NEGATIVE_RETURNS array_index_read
- NEGATIVE_RETURNS array_index_write
- NEGATIVE_RETURNS loop_bound
- NO_EFFECT bad_memset_truncated_fill
- NO_EFFECT bad_memset_zero_size
- NO_EFFECT incomplete_delete
- ORDER_REVERSAL none
- OS_CMD_INJECTION none
- OVERFLOW_BEFORE_WIDEN none
- OVERRUN illegal_address
- OVERRUN none
- OVERRUN read
- OVERRUN strlen
- OVERRUN write
- PATH_MANIPULATION none
- PW.DIVIDE_BY_ZERO none
- PW.INTEGER_OVERFLOW none
- PW.INTEGER_TOO_LARGE none
- PW.NON_CONST_PRINTF_FORMAT_STRING none
- PW.SHIFT_COUNT_TOO_LARGE none
- READLINK none
- RESOURCE_LEAK exceptional_path
- RESOURCE_LEAK fds_handles
- RESOURCE_LEAK none
- REVERSE_NEGATIVE array_index_read
- REVERSE_NEGATIVE array_index_write
- REVERSE_NEGATIVE critical_argument
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SIGN_EXTENSION none
- SIZECHECK ampersand_in_size
- SIZECHECK improper_new
- SIZECHECK incorrect_multiplication
- SIZECHECK likely_overflow
- SIZECHECK no_null_terminator
- SIZECHECK none
- SIZEOF_MISMATCH sizeof_punning
- SQLI none
- STACK_USE none
- STRING_NULL none
- STRING_OVERFLOW fixed_size_dest
- STRING_OVERFLOW likely_overflow
- STRING_OVERFLOW none
- STRING_SIZE none
- TAINTED_SCALAR allocation
- TAINTED_SCALAR array_index_read
- TAINTED_SCALAR array_index_write
- TAINTED_SCALAR critical_argument
- TAINTED_SCALAR divisor
- TAINTED_SCALAR loop_bound
- TAINTED_SCALAR none
- TAINTED_SCALAR pointer_deref_read
- TAINTED_SCALAR pointer_deref_write
- TAINTED_STRING none
- TOCTOU none
- UNCAUGHT_EXCEPT none
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- URL_MANIPULATION none
- USER_POINTER none
- USE_AFTER_FREE deref_read_after_free
- USE_AFTER_FREE deref_write_after_free
- USE_AFTER_FREE double_free
- USE_AFTER_FREE none
- VIRTUAL_DTOR empty_dtor
- VIRTUAL_DTOR none
- WEAK_GUARD dns
- WEAK_GUARD dns_sensitive_op
- WEAK_GUARD http_referer
- WEAK_GUARD http_referer_sensitive_op
- WEAK_GUARD ip_address
- WEAK_GUARD ip_address_sensitive_op
- WEAK_GUARD none
- WEAK_GUARD os_login
- WEAK_GUARD os_login_sensitive_op
- WEAK_GUARD principal_name
- WEAK_GUARD principal_name_sensitive_op
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
- WRAPPER_ESCAPE COM_deref_read_after_free
- WRAPPER_ESCAPE COM_deref_write_after_free
- WRAPPER_ESCAPE COM_use_after_free
- WRAPPER_ESCAPE deref_read_after_free
- WRAPPER_ESCAPE deref_write_after_free
- WRAPPER_ESCAPE none
- XPATH_INJECTION none
- Y2K38_SAFETY declaration_with_small_time_t
- Y2K38_SAFETY truncation_of_time_t
|
- ALLOC_FREE_MISMATCH none
- ARRAY_VS_SINGLETON none
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK nested_memory_access
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK sensitive_data_comparison
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_execution_data_leak
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_uninitialized_use
- AUTOSAR C++14 A15-3-3 none
- BAD_ALLOC_ARITHMETIC none
- BAD_ALLOC_STRLEN none
- BAD_FREE address
- BAD_FREE alloca
- BAD_FREE array
- BAD_FREE first_field_address
- BAD_FREE function_pointer
- BAD_FREE none
- BAD_SIZEOF none
- BAD_SIZEOF sizeof_ptr_expr
- BUFFER_SIZE fixed_size_dest
- BUFFER_SIZE likely_overflow
- BUFFER_SIZE no_null_terminator
- BUFFER_SIZE no_null_terminator_warn
- BUFFER_SIZE none
- BUFFER_SIZE overflow
- BUFFER_SIZE overlapping_buffer
- CHAR_IO none
- CHROOT none
- CTOR_DTOR_LEAK none
- DELETE_ARRAY non_array_delete
- DELETE_ARRAY none
- DELETE_ARRAY object
- DELETE_ARRAY scalar
- DIVIDE_BY_ZERO float_divisor
- DIVIDE_BY_ZERO none
- FORMAT_STRING_INJECTION none
- FORMAT_STRING_INJECTION paranoid
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HEADER_INJECTION none
- INCOMPATIBLE_CAST overrun
- INTEGER_OVERFLOW array_index_read
- INTEGER_OVERFLOW array_index_write
- INTEGER_OVERFLOW const_overflow
- INTEGER_OVERFLOW critical_argument
- INTEGER_OVERFLOW none
- INTEGER_OVERFLOW pointer_deref_read
- INTEGER_OVERFLOW pointer_deref_write
- INTEGER_OVERFLOW return_value_error
- INVALIDATE_ITERATOR none
- LOCK double_lock
- MISMATCHED_ITERATOR none
- MISMATCHED_ITERATOR splice_iterator_mismatch
- MISRA C++-2008 Rule 15-3-2 none
- MISRA_CAST bitwise_op_bad_cast
- MISRA_CAST bitwise_op_no_cast
- MISRA_CAST float_complex_conversion
- MISRA_CAST float_narrowing_conversion
- MISRA_CAST float_non_constant_arg_conversion
- MISRA_CAST float_non_constant_conversion
- MISRA_CAST float_non_constant_rtn_conversion
- MISRA_CAST float_to_integer_cast
- MISRA_CAST float_to_integer_conversion
- MISRA_CAST float_widening_cast
- MISRA_CAST integer_complex_conversion
- MISRA_CAST integer_narrowing_conversion
- MISRA_CAST integer_non_constant_arg_conversion
- MISRA_CAST integer_non_constant_conversion
- MISRA_CAST integer_non_constant_rtn_conversion
- MISRA_CAST integer_signedness_changing_cast
- MISRA_CAST integer_signedness_changing_conversion
- MISRA_CAST integer_to_float_cast
- MISRA_CAST integer_to_float_conversion
- MISRA_CAST integer_widening_cast
- MISRA_CAST none
- MISSING_ASSIGN none
- MISSING_ASSIGN uncalled
- MISSING_COPY none
- MISSING_COPY uncalled
- MISSING_LOCK none
- NEGATIVE_RETURNS array_index_read
- NEGATIVE_RETURNS array_index_write
- NEGATIVE_RETURNS loop_bound
- NO_EFFECT bad_memset_truncated_fill
- NO_EFFECT bad_memset_zero_size
- NO_EFFECT incomplete_delete
- ORDER_REVERSAL none
- OS_CMD_INJECTION none
- OVERFLOW_BEFORE_WIDEN none
- OVERRUN illegal_address
- OVERRUN none
- OVERRUN read
- OVERRUN strlen
- OVERRUN write
- PATH_MANIPULATION none
- PW.DIVIDE_BY_ZERO none
- PW.INTEGER_OVERFLOW none
- PW.INTEGER_TOO_LARGE none
- PW.NON_CONST_PRINTF_FORMAT_STRING none
- PW.SHIFT_COUNT_TOO_LARGE none
- READLINK none
- RESOURCE_LEAK exceptional_path
- RESOURCE_LEAK fds_handles
- RESOURCE_LEAK none
- REVERSE_NEGATIVE array_index_read
- REVERSE_NEGATIVE array_index_write
- REVERSE_NEGATIVE critical_argument
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SIGN_EXTENSION none
- SIZECHECK ampersand_in_size
- SIZECHECK improper_new
- SIZECHECK incorrect_multiplication
- SIZECHECK likely_overflow
- SIZECHECK no_null_terminator
- SIZECHECK none
- SIZEOF_MISMATCH sizeof_punning
- SQLI none
- STACK_USE none
- STRING_NULL none
- STRING_OVERFLOW fixed_size_dest
- STRING_OVERFLOW likely_overflow
- STRING_OVERFLOW none
- STRING_SIZE none
- TAINTED_SCALAR allocation
- TAINTED_SCALAR array_index_read
- TAINTED_SCALAR array_index_write
- TAINTED_SCALAR critical_argument
- TAINTED_SCALAR divisor
- TAINTED_SCALAR loop_bound
- TAINTED_SCALAR none
- TAINTED_SCALAR pointer_deref_read
- TAINTED_SCALAR pointer_deref_write
- TAINTED_STRING none
- TOCTOU none
- UNCAUGHT_EXCEPT none
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- URL_MANIPULATION none
- USER_POINTER none
- USE_AFTER_FREE deref_read_after_free
- USE_AFTER_FREE deref_write_after_free
- USE_AFTER_FREE double_free
- USE_AFTER_FREE none
- VIRTUAL_DTOR empty_dtor
- VIRTUAL_DTOR none
- WEAK_GUARD dns
- WEAK_GUARD dns_sensitive_op
- WEAK_GUARD http_referer
- WEAK_GUARD http_referer_sensitive_op
- WEAK_GUARD ip_address
- WEAK_GUARD ip_address_sensitive_op
- WEAK_GUARD none
- WEAK_GUARD os_login
- WEAK_GUARD os_login_sensitive_op
- WEAK_GUARD principal_name
- WEAK_GUARD principal_name_sensitive_op
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
- WRAPPER_ESCAPE COM_deref_read_after_free
- WRAPPER_ESCAPE COM_deref_write_after_free
- WRAPPER_ESCAPE COM_use_after_free
- WRAPPER_ESCAPE deref_read_after_free
- WRAPPER_ESCAPE deref_write_after_free
- WRAPPER_ESCAPE none
- XPATH_INJECTION none
|
- DISTRUSTED_DATA_DESERIALIZATION none
- DIVIDE_BY_ZERO float_divisor
- DIVIDE_BY_ZERO none
- GUARDED_BY_VIOLATION none
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HEADER_INJECTION none
- LOCK double_lock
- LOCK_INVERSION none
- NOSQL_QUERY_INJECTION none
- OPEN_REDIRECT none
- OS_CMD_INJECTION command_as_one_string
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
- TEMPLATE_INJECTION none
- URL_MANIPULATION none
- XML_EXTERNAL_ENTITY entity_expansion
- XML_EXTERNAL_ENTITY external_entities
- XSS none
|
- ANDROID_CAPABILITY_LEAK none
- ANDROID_DEBUG_MODE none
- ANDROID_WEBVIEW_FILEACCESS android_webview_file_access
- BAD_CERT_VERIFICATION bad_hostname_verifier
- BAD_CERT_VERIFICATION bad_revocation_check
- BAD_CERT_VERIFICATION bad_ssl_session
- BAD_CERT_VERIFICATION bad_trust_manager
- CALL_SUPER clone
- CALL_SUPER finalize
- CONFIG.ANDROID_BACKUPS_ALLOWED android
- CONFIG.DUPLICATE_SERVLET_DEFINITION none
- CONFIG.DWR_DEBUG_MODE none
- CONFIG.DYNAMIC_DATA_HTML_COMMENT none
- CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
- CONFIG.HTTP_VERB_TAMPERING none
- CONFIG.JAVAEE_MISSING_HTTPONLY none
- CONFIG.JAVAEE_MISSING_SERVLET_MAPPING javaee
- CONFIG.MISSING_GLOBAL_EXCEPTION_HANDLER none
- CONFIG.MISSING_JSF2_SECURITY_CONSTRAINT none
- CONFIG.MYBATIS_MAPPER_SQLI none
- CONFIG.SPRING_BOOT_SENSITIVE_LOGGING spring_boot_logging
- CONFIG.SPRING_BOOT_SSL_DISABLED spring_boot_certificate_validation_skipped
- CONFIG.SPRING_BOOT_SSL_DISABLED spring_boot_ssl_disabled
- CONFIG.SPRING_SECURITY_CSRF_PROTECTION_DISABLED spring_security
- CONFIG.SPRING_SECURITY_DEBUG_MODE spring_debug_mode_enabled
- CONFIG.SPRING_SECURITY_DEPRECATED_XSS_HEADER deprecated_xss_header
- CONFIG.SPRING_SECURITY_DISABLE_AUTH_TAGS none
- CONFIG.SPRING_SECURITY_EXPOSED_SESSIONID session_id_in_url
- CONFIG.SPRING_SECURITY_HARDCODED_CREDENTIALS none
- CONFIG.SPRING_SECURITY_LOGIN_OVER_HTTP spring_security_login_over_http
- CONFIG.SPRING_SECURITY_REMEMBER_ME_HARDCODED_KEY none
- CONFIG.SPRING_SECURITY_SESSION_FIXATION none
- CONFIG.SPRING_SECURITY_SESSION_FIXATION spring_security_source_code
- CONFIG.SPRING_SECURITY_UNSAFE_AUTHENTICATION_FILTER authentication_filter
- CONFIG.SPRING_SECURITY_WEAK_PASSWORD_HASH weak_encoding_for_password
- CONFIG.STRUTS2_CONFIG_BROWSER_PLUGIN none
- CONFIG.STRUTS2_DYNAMIC_METHOD_INVOCATION none
- CONFIG.STRUTS2_ENABLED_DEV_MODE none
- CONFIG.UNSAFE_SESSION_TIMEOUT none
- CORS_MISCONFIGURATION cors_with_credentials_http_origin
- CORS_MISCONFIGURATION cors_with_credentials_null_origin
- CORS_MISCONFIGURATION_AUDIT cors_expose_sensitive_header
- CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
- CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
- CSRF database_update
- CSRF filesystem_modification
- CSRF none
- DC.DEADLOCK none
- DISABLED_ENCRYPTION text_encryptor
- DIVIDE_BY_ZERO float_divisor
- DIVIDE_BY_ZERO none
- EL_INJECTION none
- EXPOSED_PREFERENCES none
- FB.BX_BOXING_IMMEDIATELY_UNBOXED_TO_PERFORM_COERCION none
- FB.CN_IDIOM none
- FB.CN_IDIOM_NO_SUPER_CALL none
- FB.CN_IMPLEMENTS_CLONE_BUT_NOT_CLONEABLE none
- FB.DC_DOUBLECHECK none
- FB.DC_PARTIALLY_CONSTRUCTED none
- FB.DMI_CONSTANT_DB_PASSWORD none
- FB.DMI_EMPTY_DB_PASSWORD none
- FB.HRS_REQUEST_PARAMETER_TO_COOKIE none
- FB.HRS_REQUEST_PARAMETER_TO_HTTP_HEADER none
- FB.ICAST_BAD_SHIFT_AMOUNT none
- FB.ICAST_IDIV_CAST_TO_DOUBLE none
- FB.ICAST_INTEGER_MULTIPLY_CAST_TO_LONG none
- FB.ICAST_INT_2_LONG_AS_INSTANT none
- FB.ICAST_INT_CAST_TO_DOUBLE_PASSED_TO_CEIL none
- FB.ICAST_INT_CAST_TO_FLOAT_PASSED_TO_ROUND none
- FB.ICAST_QUESTIONABLE_UNSIGNED_RIGHT_SHIFT none
- FB.IS2_INCONSISTENT_SYNC none
- FB.IS_FIELD_NOT_GUARDED none
- FB.IS_INCONSISTENT_SYNC none
- FB.PT_ABSOLUTE_PATH_TRAVERSAL none
- FB.PT_RELATIVE_PATH_TRAVERSAL none
- FB.SQL_NONCONSTANT_STRING_PASSED_TO_EXECUTE none
- FB.SQL_PREPARED_STATEMENT_GENERATED_FROM_NONCONSTANT_STRING none
- FB.STCAL_INVOKE_ON_STATIC_CALENDAR_INSTANCE none
- FB.STCAL_INVOKE_ON_STATIC_DATE_FORMAT_INSTANCE none
- FB.STCAL_STATIC_CALENDAR_INSTANCE none
- FB.STCAL_STATIC_SIMPLE_DATE_FORMAT_INSTANCE none
- FB.XSS_REQUEST_PARAMETER_TO_JSP_WRITER none
- FB.XSS_REQUEST_PARAMETER_TO_SEND_ERROR none
- FB.XSS_REQUEST_PARAMETER_TO_SERVLET_WRITER none
- GUARDED_BY_VIOLATION none
- GUARDED_BY_VIOLATION unlocked_read
- GUARDED_BY_VIOLATION unlocked_write
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HEADER_INJECTION none
- IMPLICIT_INTENT none
- INSECURE_COMMUNICATION insecure_communication
- INSECURE_COMMUNICATION none
- INSECURE_COMMUNICATION unencrypted_connection
- INSECURE_COOKIE java
- INSECURE_HTTP_FIREWALL spring_security
- INSECURE_RANDOM insecure_random_used
- INSECURE_RANDOM insecure_random_value
- INSECURE_REMEMBER_ME_COOKIE remember_me_cookie
- INVALIDATE_ITERATOR map_put
- INVALIDATE_ITERATOR none
- JAVA_CODE_INJECTION none
- JCR_INJECTION none
- JSP_DYNAMIC_INCLUDE none
- JSP_SQL_INJECTION none
- LDAP_INJECTION none
- LDAP_NOT_CONSTANT none
- LOCK_INVERSION none
- LOG_INJECTION none
- MISSING_AUTHZ none
- MISSING_HEADER_VALIDATION missing_header_validation
- MISSING_PERMISSION_FOR_BROADCAST none
- MISSING_PERMISSION_ON_EXPORTED_COMPONENT none
- NON_STATIC_GUARDING_STATIC none
- NOSQL_QUERY_INJECTION none
- OGNL_INJECTION none
- OPEN_REDIRECT none
- OS_CMD_INJECTION command_as_array_of_args
- OS_CMD_INJECTION command_as_one_string
- OS_CMD_INJECTION none
- OVERFLOW_BEFORE_WIDEN none
- PATH_MANIPULATION none
- PREDICTABLE_RANDOM_SEED random_seed
- PREDICTABLE_RANDOM_SEED secure_random_seed_const
- PREDICTABLE_RANDOM_SEED secure_random_seed_sys_time
- REGEX_INJECTION none
- RESOURCE_LEAK exceptional_path
- RESOURCE_LEAK none
- RESOURCE_LEAK socket
- RESOURCE_LEAK stream
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_clipboard
- SENSITIVE_DATA_LEAK cleartext_storage_in_content_provider
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_intent
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SESSION_FIXATION none
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
- TRUST_BOUNDARY_VIOLATION none
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- UNKNOWN_LANGUAGE_INJECTION none
- UNLIMITED_CONCURRENT_SESSIONS unlimited_concurrent_sessions
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_access
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_read
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_write
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_access
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_read
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_write
- UNRESTRICTED_DISPATCH none
- UNSAFE_DESERIALIZATION none
- UNSAFE_JNI none
- UNSAFE_NAMED_QUERY none
- UNSAFE_REFLECTION none
- URL_MANIPULATION bad_content_uri
- URL_MANIPULATION bad_intent_uri
- URL_MANIPULATION bad_web_uri
- VERBOSE_ERROR_REPORTING exception_information
- VERBOSE_ERROR_REPORTING stack_trace
- VOLATILE_ATOMICITY compare
- VOLATILE_ATOMICITY none
- VOLATILE_ATOMICITY semantic
- VOLATILE_ATOMICITY threshold
- WEAK_GUARD dns
- WEAK_GUARD dns_sensitive_op
- WEAK_GUARD http_referer
- WEAK_GUARD http_referer_sensitive_op
- WEAK_GUARD ip_address
- WEAK_GUARD ip_address_sensitive_op
- WEAK_GUARD none
- WEAK_GUARD os_login
- WEAK_GUARD os_login_sensitive_op
- WEAK_GUARD principal_name
- WEAK_GUARD principal_name_sensitive_op
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
- XML_EXTERNAL_ENTITY entity_expansion
- XML_EXTERNAL_ENTITY external_entities
- XML_EXTERNAL_ENTITY unrestricted_dtds
- XML_INJECTION none
- XPATH_INJECTION none
- XSS none
- XSS stored_xss
|
- ANGULAR_BYPASS_SECURITY none
- ANGULAR_ELEMENT_REFERENCE none
- ANGULAR_EXPRESSION_INJECTION none
- ANGULAR_SCE_DISABLED angular_sce_disabled
- AWS_SSL_DISABLED aws_ssl_disabled
- AWS_VALIDATION_DISABLED aws_credentials_validation
- AWS_VALIDATION_DISABLED aws_parameters_validation
- BAD_CERT_VERIFICATION bad_cert_verification
- BAD_CERT_VERIFICATION certificate_validation_disabled
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_fields
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_filesize
- CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
- CONFIG.CORDOVA_EXCESSIVE_LOGGING cordova
- CONFIG.CSURF_IGNORE_METHODS csurf_ignore_methods
- CONFIG.ENABLED_DEBUG_MODE debug_mode_enabled
- CONFIG.HANA_XS_PREVENT_XSRF_DISABLED none
- CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
- CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
- CONFIG.MISSING_GLOBAL_EXCEPTION_HANDLER winston_exception_handling
- CONFIG.MYSQL_SSL_VERIFY_DISABLED mysql_ssl_verify_disabled
- CONFIG.REQUEST_STRICTSSL_DISABLED request_strictssl_disabled
- CONFIG.SEQUELIZE_ENABLED_LOGGING sequelize_logging_enabled
- CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
- CONFIG.SOCKETIO_MAXHTTPBUFFERSIZE_SET_TOO_LARGE socketio_max_buffer_size
- CONFIG.SOCKETIO_ORIGINS_ACCEPT_ALL socketio_all_origins
- CONFIG.UNSAFE_SESSION_TIMEOUT client_sessions_unsafe_session_timeout
- CONFIG.UNSAFE_SESSION_TIMEOUT connect_mongo_session_timeout_too_long
- CONFIG.UNSAFE_SESSION_TIMEOUT connect_redis_session_timeout_too_long
- CONFIG.UNSAFE_SESSION_TIMEOUT google_cloud_connect_datastore_unsafe_session_timeout
- CONFIG.VUE_ROUTER_PARAMS_EXPOSED_TO_PROPS vuerouter_exposed_params
- COOKIE_INJECTION none
- CORS_MISCONFIGURATION cors_configured_globally
- CORS_MISCONFIGURATION cors_origin_string
- CORS_MISCONFIGURATION cors_with_credentials_all_origin
- CORS_MISCONFIGURATION cors_with_credentials_http_origin
- CORS_MISCONFIGURATION cors_with_credentials_null_origin
- CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
- CORS_MISCONFIGURATION_AUDIT cors_expose_sensitive_header
- CORS_MISCONFIGURATION_AUDIT cors_headers_allowed
- CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
- CORS_MISCONFIGURATION_AUDIT cors_origin_string
- CORS_MISCONFIGURATION_AUDIT cors_preflight_age_too_long
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_all_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_http_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_null_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
- CSRF database_update
- CSRF filesystem_modification
- CSRF none
- CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_cookie_name
- CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_no_validation
- CSRF_MISCONFIGURATION_HAPI_CRUMB insecure_cookie
- CSRF_MISCONFIGURATION_HAPI_CRUMB insufficient_token_entropy
- CSS_INJECTION none
- DNS_PREFETCHING helmet_dns_prefetching
- DOM_XSS none
- EXPRESS_SESSION_UNSAFE_MEMORYSTORE express_session_unsafe_memorystore
- EXPRESS_WINSTON_SENSITIVE_LOGGING error_logger
- EXPRESS_WINSTON_SENSITIVE_LOGGING meta_data
- EXPRESS_WINSTON_SENSITIVE_LOGGING request_logger
- EXPRESS_X_POWERED_BY_ENABLED x_powered_by_http_header
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_fields
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_filesize
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_use_temp_files
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HEADER_INJECTION none
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_max_age
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_report_uri
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_set_if
- INSECURE_ACL insecure_acl
- INSECURE_COMMUNICATION insecure_connection
- INSECURE_COOKIE client_sessions_express_session
- INSECURE_COOKIE hapi_server_session
- INSECURE_RANDOM insecure_random_used
- INSECURE_RANDOM insecure_random_value
- INSECURE_REFERRER_POLICY insecure_referrer_policy
- INSECURE_SALT hardcoded
- INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_aws
- INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_google
- LOCALSTORAGE_MANIPULATION none
- MISSING_AUTHZ none
- MULTER_MISCONFIGURATION multer_applied_globally
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_count
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
- MULTER_MISCONFIGURATION multer_misconfiguration_of_limits
- MULTER_MISCONFIGURATION multer_misconfiguration_of_storage
- NOSQL_QUERY_INJECTION none
- OPEN_REDIRECT none
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- REACT_DANGEROUS_INNERHTML react_set_unsafe_html
- REGEX_INJECTION none
- REVERSE_TABNABBING react_target_blank
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO insecure_cipher
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SA.RISKY_CRYPTO ssl_protocol
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SESSIONSTORAGE_MANIPULATION none
- SQLI none
- SQLI nosink
- SQLI sink
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
- TEMPLATE_INJECTION none
- TEMPORARY_CREDENTIALS_DURATION temporary_credentials_duration
- UNCHECKED_ORIGIN none
- UNLESS_CASE_SENSITIVE_ROUTE_MATCHING express_unless_case_sensitive_route_matching
- UNSAFE_BUFFER_METHOD unsafe_buffer_method
- UNSAFE_DESERIALIZATION none
- URL_MANIPULATION none
- VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
- WEAK_URL_SANITIZATION hostname_regular_expression
- WEAK_URL_SANITIZATION regular_expression_anchor
- WEAK_URL_SANITIZATION url_substring
- XML_EXTERNAL_ENTITY entity_expansion
- XML_EXTERNAL_ENTITY external_entities
- XSS none
|
- ANDROID_CAPABILITY_LEAK none
- ANDROID_DEBUG_MODE none
- BAD_CERT_VERIFICATION bad_hostname_verifier
- BAD_CERT_VERIFICATION bad_revocation_check
- BAD_CERT_VERIFICATION bad_ssl_session
- BAD_CERT_VERIFICATION bad_trust_manager
- CONFIG.ANDROID_BACKUPS_ALLOWED android
- EXPOSED_PREFERENCES none
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HEADER_INJECTION none
- IMPLICIT_INTENT none
- INSECURE_COMMUNICATION none
- INSECURE_RANDOM insecure_random_used
- INSECURE_RANDOM insecure_random_value
- MISSING_PERMISSION_FOR_BROADCAST none
- OS_CMD_INJECTION command_as_array_of_args
- OS_CMD_INJECTION command_as_one_string
- PATH_MANIPULATION none
- PREDICTABLE_RANDOM_SEED random_seed
- PREDICTABLE_RANDOM_SEED secure_random_seed_const
- PREDICTABLE_RANDOM_SEED secure_random_seed_sys_time
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_clipboard
- SENSITIVE_DATA_LEAK cleartext_storage_in_content_provider
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_intent
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_access
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_read
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_write
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_access
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_read
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_write
- UNSAFE_DESERIALIZATION none
- URL_MANIPULATION bad_content_uri
- URL_MANIPULATION bad_intent_uri
- URL_MANIPULATION bad_web_uri
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
- XML_EXTERNAL_ENTITY entity_expansion
- XML_EXTERNAL_ENTITY external_entities
- XML_EXTERNAL_ENTITY unrestricted_dtds
|
- ALLOC_FREE_MISMATCH none
- ARRAY_VS_SINGLETON none
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK nested_memory_access
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK sensitive_data_comparison
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_execution_data_leak
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_uninitialized_use
- BAD_ALLOC_ARITHMETIC none
- BAD_ALLOC_STRLEN none
- BAD_FREE address
- BAD_FREE alloca
- BAD_FREE array
- BAD_FREE first_field_address
- BAD_FREE function_pointer
- BAD_FREE none
- BAD_SIZEOF none
- BAD_SIZEOF sizeof_ptr_expr
- BUFFER_SIZE fixed_size_dest
- BUFFER_SIZE likely_overflow
- BUFFER_SIZE no_null_terminator
- BUFFER_SIZE no_null_terminator_warn
- BUFFER_SIZE none
- BUFFER_SIZE overflow
- BUFFER_SIZE overlapping_buffer
- CHAR_IO none
- CHROOT none
- CTOR_DTOR_LEAK none
- DELETE_ARRAY non_array_delete
- DELETE_ARRAY none
- DELETE_ARRAY object
- DELETE_ARRAY scalar
- DIVIDE_BY_ZERO float_divisor
- DIVIDE_BY_ZERO none
- FORMAT_STRING_INJECTION none
- FORMAT_STRING_INJECTION paranoid
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HEADER_INJECTION none
- INCOMPATIBLE_CAST overrun
- INTEGER_OVERFLOW array_index_read
- INTEGER_OVERFLOW array_index_write
- INTEGER_OVERFLOW const_overflow
- INTEGER_OVERFLOW critical_argument
- INTEGER_OVERFLOW none
- INTEGER_OVERFLOW pointer_deref_read
- INTEGER_OVERFLOW pointer_deref_write
- INTEGER_OVERFLOW return_value_error
- INVALIDATE_ITERATOR none
- LOCK double_lock
- MISMATCHED_ITERATOR none
- MISMATCHED_ITERATOR splice_iterator_mismatch
- MISRA_CAST bitwise_op_bad_cast
- MISRA_CAST bitwise_op_no_cast
- MISRA_CAST float_complex_conversion
- MISRA_CAST float_narrowing_conversion
- MISRA_CAST float_non_constant_arg_conversion
- MISRA_CAST float_non_constant_conversion
- MISRA_CAST float_non_constant_rtn_conversion
- MISRA_CAST float_to_integer_cast
- MISRA_CAST float_to_integer_conversion
- MISRA_CAST float_widening_cast
- MISRA_CAST integer_complex_conversion
- MISRA_CAST integer_narrowing_conversion
- MISRA_CAST integer_non_constant_arg_conversion
- MISRA_CAST integer_non_constant_conversion
- MISRA_CAST integer_non_constant_rtn_conversion
- MISRA_CAST integer_signedness_changing_cast
- MISRA_CAST integer_signedness_changing_conversion
- MISRA_CAST integer_to_float_cast
- MISRA_CAST integer_to_float_conversion
- MISRA_CAST integer_widening_cast
- MISRA_CAST none
- MISSING_ASSIGN none
- MISSING_ASSIGN uncalled
- MISSING_COPY none
- MISSING_COPY uncalled
- MISSING_LOCK none
- NEGATIVE_RETURNS array_index_read
- NEGATIVE_RETURNS array_index_write
- NEGATIVE_RETURNS loop_bound
- NO_EFFECT bad_memset_truncated_fill
- NO_EFFECT bad_memset_zero_size
- NO_EFFECT incomplete_delete
- ORDER_REVERSAL none
- OS_CMD_INJECTION none
- OVERFLOW_BEFORE_WIDEN none
- OVERRUN illegal_address
- OVERRUN none
- OVERRUN read
- OVERRUN strlen
- OVERRUN write
- PATH_MANIPULATION none
- READLINK none
- RESOURCE_LEAK exceptional_path
- RESOURCE_LEAK fds_handles
- RESOURCE_LEAK none
- REVERSE_NEGATIVE array_index_read
- REVERSE_NEGATIVE array_index_write
- REVERSE_NEGATIVE critical_argument
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SIGN_EXTENSION none
- SIZECHECK ampersand_in_size
- SIZECHECK improper_new
- SIZECHECK incorrect_multiplication
- SIZECHECK likely_overflow
- SIZECHECK no_null_terminator
- SIZECHECK none
- SIZEOF_MISMATCH sizeof_punning
- SQLI none
- STACK_USE none
- STRING_NULL none
- STRING_OVERFLOW fixed_size_dest
- STRING_OVERFLOW likely_overflow
- STRING_OVERFLOW none
- STRING_SIZE none
- TAINTED_SCALAR allocation
- TAINTED_SCALAR array_index_read
- TAINTED_SCALAR array_index_write
- TAINTED_SCALAR critical_argument
- TAINTED_SCALAR divisor
- TAINTED_SCALAR loop_bound
- TAINTED_SCALAR none
- TAINTED_SCALAR pointer_deref_read
- TAINTED_SCALAR pointer_deref_write
- TAINTED_STRING none
- TOCTOU none
- UNCAUGHT_EXCEPT none
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- URL_MANIPULATION none
- USER_POINTER none
- USE_AFTER_FREE deref_read_after_free
- USE_AFTER_FREE deref_write_after_free
- USE_AFTER_FREE double_free
- USE_AFTER_FREE none
- VIRTUAL_DTOR empty_dtor
- VIRTUAL_DTOR none
- WEAK_GUARD dns
- WEAK_GUARD dns_sensitive_op
- WEAK_GUARD http_referer
- WEAK_GUARD http_referer_sensitive_op
- WEAK_GUARD ip_address
- WEAK_GUARD ip_address_sensitive_op
- WEAK_GUARD none
- WEAK_GUARD os_login
- WEAK_GUARD os_login_sensitive_op
- WEAK_GUARD principal_name
- WEAK_GUARD principal_name_sensitive_op
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
- WRAPPER_ESCAPE COM_deref_read_after_free
- WRAPPER_ESCAPE COM_deref_write_after_free
- WRAPPER_ESCAPE COM_use_after_free
- WRAPPER_ESCAPE deref_read_after_free
- WRAPPER_ESCAPE deref_write_after_free
- WRAPPER_ESCAPE none
- XPATH_INJECTION none
|
- CONFIG.SYMFONY_CSRF_PROTECTION_DISABLED none
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HEADER_INJECTION none
- MISSING_AUTHZ none
- NOSQL_QUERY_INJECTION none
- OPEN_REDIRECT none
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- SYMFONY_EL_INJECTION none
- UNSAFE_DESERIALIZATION none
- UNSAFE_REFLECTION none
- XML_EXTERNAL_ENTITY external_entities
- XSS none
|
- CSRF database_update
- CSRF none
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- MISSING_AUTHZ none
- NOSQL_QUERY_INJECTION none
- OPEN_REDIRECT none
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- UNSAFE_DESERIALIZATION none
- XML_EXTERNAL_ENTITY external_entities
- XSS none
|
- BAD_CERT_VERIFICATION ssl_verification_bypass_hi
- COOKIE_SERIALIZER_CONFIG unsafe_cookie_serialization_med
- CSRF csrf_not_protected_by_raising_exception_med
- CSRF csrf_protection_disabled_hi
- CSRF csrf_protection_missing_hi
- CSRF cve_2011_0447_hi
- DIVIDE_BY_ZERO divide_by_zero_low
- DIVIDE_BY_ZERO divide_by_zero_med
- DYNAMIC_OBJECT_ATTRIBUTES attr_protected_used_med
- DYNAMIC_OBJECT_ATTRIBUTES cve_2013_0276_hi
- DYNAMIC_OBJECT_ATTRIBUTES dangerous_attr_accessible_hi
- DYNAMIC_OBJECT_ATTRIBUTES dangerous_attr_accessible_low
- DYNAMIC_OBJECT_ATTRIBUTES dangerous_attr_accessible_med
- DYNAMIC_OBJECT_ATTRIBUTES dangerous_permit_key_hi
- DYNAMIC_OBJECT_ATTRIBUTES dangerous_permit_key_med
- DYNAMIC_OBJECT_ATTRIBUTES mass_assign_call_hi
- DYNAMIC_OBJECT_ATTRIBUTES mass_assign_call_low
- DYNAMIC_OBJECT_ATTRIBUTES mass_assign_call_med
- DYNAMIC_OBJECT_ATTRIBUTES mass_assign_permit_all_hi
- DYNAMIC_OBJECT_ATTRIBUTES mass_assign_permit_all_med
- DYNAMIC_OBJECT_ATTRIBUTES mass_assign_without_protection_hi
- DYNAMIC_OBJECT_ATTRIBUTES mass_assign_without_protection_med
- DYNAMIC_OBJECT_ATTRIBUTES no_attr_accessible_hi
- HARDCODED_CREDENTIALS secret_in_source_med
- INSECURE_COOKIE cookie_missing_secure_flag_low
- INSECURE_COOKIE missing_httponly_low
- INSECURE_DIRECT_OBJECT_REFERENCE unscoped_find_low
- OPEN_REDIRECT open_redirect_hi
- OPEN_REDIRECT open_redirect_low
- OS_CMD_INJECTION command_injection_hi
- OS_CMD_INJECTION command_injection_med
- PATH_MANIPULATION dynamic_render_path_hi
- PATH_MANIPULATION dynamic_render_path_low
- PATH_MANIPULATION dynamic_render_path_med
- PATH_MANIPULATION dynamic_render_path_rce_hi
- PATH_MANIPULATION file_access_hi
- PATH_MANIPULATION file_access_low
- PATH_MANIPULATION file_access_med
- RAILS_DEFAULT_ROUTES all_default_routes_hi
- RAILS_DEFAULT_ROUTES controller_default_routes_med
- RAILS_DEFAULT_ROUTES cve_2014_0130_hi
- RAILS_DEFAULT_ROUTES cve_2014_0130_med
- RAILS_DEVISE_CONFIG devise_encryptor_hi
- RAILS_DEVISE_CONFIG devise_lock_strategy_low
- RAILS_DEVISE_CONFIG devise_password_length_max_low
- RAILS_DEVISE_CONFIG devise_password_length_max_med
- RAILS_DEVISE_CONFIG devise_password_length_min_low
- RAILS_DEVISE_CONFIG devise_password_length_min_med
- RAILS_DEVISE_CONFIG devise_reset_timeout_hi
- RAILS_MISSING_FILTER_ACTION missing_action_filter_low
- REGEX_INJECTION regex_dos_hi
- REGEX_INJECTION regex_dos_low
- REGEX_INJECTION regex_dos_med
- RESOURCE_LEAK unsafe_symbol_creation_low
- REVERSE_TABNABBING reverse_tabnabbing_low
- RUBY_VULNERABLE_LIBRARY cve_2010_3933_hi
- RUBY_VULNERABLE_LIBRARY cve_2011_2929_hi
- RUBY_VULNERABLE_LIBRARY cve_2011_2930_med
- RUBY_VULNERABLE_LIBRARY cve_2011_2931_hi
- RUBY_VULNERABLE_LIBRARY cve_2011_2932_hi
- RUBY_VULNERABLE_LIBRARY cve_2011_3186_med
- RUBY_VULNERABLE_LIBRARY cve_2012_2660_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_2661_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_2695_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_3424_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_3424_low
- RUBY_VULNERABLE_LIBRARY cve_2012_3463_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_3465_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_5664_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_0155_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_0156_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_0269_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_0269_low
- RUBY_VULNERABLE_LIBRARY cve_2013_0269_med
- RUBY_VULNERABLE_LIBRARY cve_2013_0277_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_0277_med
- RUBY_VULNERABLE_LIBRARY cve_2013_0333_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_1854_med
- RUBY_VULNERABLE_LIBRARY cve_2013_1855_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_1857_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_4491_med
- RUBY_VULNERABLE_LIBRARY cve_2013_6414_med
- RUBY_VULNERABLE_LIBRARY cve_2013_6416_call_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_6416_med
- RUBY_VULNERABLE_LIBRARY cve_2013_6417_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_0080_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_0081_call_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_0081_med
- RUBY_VULNERABLE_LIBRARY cve_2014_0082_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_3482_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_3483_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_low
- RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_med
- RUBY_VULNERABLE_LIBRARY cve_2014_3514_med
- RUBY_VULNERABLE_LIBRARY cve_2014_7829_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_3226_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_3226_med
- RUBY_VULNERABLE_LIBRARY cve_2015_3227_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7576_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_7577_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7578_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_7578_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7579_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_7579_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7580_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_7580_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7581_med
- RUBY_VULNERABLE_LIBRARY cve_2016_0751_med
- RUBY_VULNERABLE_LIBRARY cve_2016_6317_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_3741_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_3741_med
- RUBY_VULNERABLE_LIBRARY cve_2018_3760_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_3760_low
- RUBY_VULNERABLE_LIBRARY cve_2018_8048_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_8048_med
- RUBY_VULNERABLE_LIBRARY safe_buffer_vuln_med
- RUBY_VULNERABLE_LIBRARY select_options_vuln_low
- RUBY_VULNERABLE_LIBRARY select_options_vuln_med
- RUBY_VULNERABLE_LIBRARY translate_vuln_hi
- RUBY_VULNERABLE_LIBRARY translate_vuln_med
- SCRIPT_CODE_INJECTION code_eval_hi
- SCRIPT_CODE_INJECTION code_eval_low
- SENSITIVE_DATA_LEAK detailed_exceptions_hi
- SENSITIVE_DATA_LEAK detailed_exceptions_med
- SENSITIVE_DATA_LEAK local_request_config_hi
- SQLI sql_injection_calculate_hi
- SQLI sql_injection_calculate_low
- SQLI sql_injection_calculate_med
- SQLI sql_injection_connection_hi
- SQLI sql_injection_connection_low
- SQLI sql_injection_connection_med
- SQLI sql_injection_delete_hi
- SQLI sql_injection_delete_low
- SQLI sql_injection_delete_med
- SQLI sql_injection_dynamic_finder_med
- SQLI sql_injection_exists_hi
- SQLI sql_injection_find_by_hi
- SQLI sql_injection_find_hi
- SQLI sql_injection_find_low
- SQLI sql_injection_find_med
- SQLI sql_injection_from_hi
- SQLI sql_injection_from_low
- SQLI sql_injection_from_med
- SQLI sql_injection_group_low
- SQLI sql_injection_group_med
- SQLI sql_injection_having_low
- SQLI sql_injection_having_med
- SQLI sql_injection_hi
- SQLI sql_injection_interp_hi
- SQLI sql_injection_interp_low
- SQLI sql_injection_interp_med
- SQLI sql_injection_joins_hi
- SQLI sql_injection_joins_low
- SQLI sql_injection_joins_med
- SQLI sql_injection_limit_offset_hi
- SQLI sql_injection_limit_offset_low
- SQLI sql_injection_low
- SQLI sql_injection_med
- SQLI sql_injection_not_low
- SQLI sql_injection_order_hi
- SQLI sql_injection_order_low
- SQLI sql_injection_order_med
- SQLI sql_injection_pluck_hi
- SQLI sql_injection_pluck_low
- SQLI sql_injection_pluck_med
- SQLI sql_injection_reorder_hi
- SQLI sql_injection_reorder_low
- SQLI sql_injection_reorder_med
- SQLI sql_injection_select_hi
- SQLI sql_injection_select_med
- SQLI sql_injection_where_hi
- SQLI sql_injection_where_low
- SQLI sql_injection_where_med
- STRICT_TRANSPORT_SECURITY force_ssl_disabled_med
- UNESCAPED_HTML unescaped_output_low
- UNSAFE_BASIC_AUTH basic_auth_password_hi
- UNSAFE_BASIC_AUTH basic_auth_timing_attack_low
- UNSAFE_BASIC_AUTH basic_auth_usage_low
- UNSAFE_DESERIALIZATION unsafe_deserialize_hi
- UNSAFE_DESERIALIZATION unsafe_deserialize_med
- UNSAFE_REFLECTION dangerous_send_hi
- UNSAFE_REFLECTION unsafe_constantize_hi
- UNSAFE_REFLECTION unsafe_constantize_med
- UNSAFE_SESSION_SETTING http_cookies_hi
- UNSAFE_SESSION_SETTING secure_cookies_hi
- UNSAFE_SESSION_SETTING session_secret_hi
- WEAK_PASSWORD_HASH weak_hash_digest_hi
- WEAK_PASSWORD_HASH weak_hash_digest_med
- WEAK_PASSWORD_HASH weak_hash_hmac_med
- XSS cross_site_scripting_hi
- XSS cross_site_scripting_inline_hi
- XSS cross_site_scripting_inline_med
- XSS cross_site_scripting_low
- XSS cross_site_scripting_med
- XSS cve_2011_0446_hi
- XSS cve_2012_3464_med
- XSS cve_2016_6316_hi
- XSS cve_2016_6316_med
- XSS unquoted_attribute_hi
- XSS unquoted_attribute_low
- XSS unquoted_attribute_med
- XSS xss_content_tag_hi
- XSS xss_content_tag_med
- XSS xss_link_to_hi
- XSS xss_link_to_href_hi
- XSS xss_link_to_href_low
- XSS xss_link_to_med
- XSS xss_to_json_hi
- XSS xss_to_json_med
|
- OVERFLOW_BEFORE_WIDEN none
|
- BAD_CERT_VERIFICATION bad_trust_manager
- BAD_CERT_VERIFICATION none
- CONFIG.ATS_INSECURE none
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- INSECURE_COMMUNICATION none
- INSECURE_MULTIPEER_CONNECTION none
- PATH_MANIPULATION none
- REGEX_INJECTION none
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- WEAK_BIOMETRIC_AUTH none
- XML_EXTERNAL_ENTITY external_entities
- XPATH_INJECTION none
|
- ANGULAR_BYPASS_SECURITY none
- ANGULAR_ELEMENT_REFERENCE none
- ANGULAR_EXPRESSION_INJECTION none
- ANGULAR_SCE_DISABLED angular_sce_disabled
- AWS_SSL_DISABLED aws_ssl_disabled
- AWS_VALIDATION_DISABLED aws_credentials_validation
- AWS_VALIDATION_DISABLED aws_parameters_validation
- BAD_CERT_VERIFICATION bad_cert_verification
- BAD_CERT_VERIFICATION certificate_validation_disabled
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_fields
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_filesize
- CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
- CONFIG.CORDOVA_EXCESSIVE_LOGGING cordova
- CONFIG.CSURF_IGNORE_METHODS csurf_ignore_methods
- CONFIG.ENABLED_DEBUG_MODE debug_mode_enabled
- CONFIG.HANA_XS_PREVENT_XSRF_DISABLED none
- CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
- CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
- CONFIG.MISSING_GLOBAL_EXCEPTION_HANDLER winston_exception_handling
- CONFIG.MYSQL_SSL_VERIFY_DISABLED mysql_ssl_verify_disabled
- CONFIG.REQUEST_STRICTSSL_DISABLED request_strictssl_disabled
- CONFIG.SEQUELIZE_ENABLED_LOGGING sequelize_logging_enabled
- CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
- CONFIG.SOCKETIO_MAXHTTPBUFFERSIZE_SET_TOO_LARGE socketio_max_buffer_size
- CONFIG.SOCKETIO_ORIGINS_ACCEPT_ALL socketio_all_origins
- CONFIG.UNSAFE_SESSION_TIMEOUT client_sessions_unsafe_session_timeout
- CONFIG.UNSAFE_SESSION_TIMEOUT connect_mongo_session_timeout_too_long
- CONFIG.UNSAFE_SESSION_TIMEOUT connect_redis_session_timeout_too_long
- CONFIG.UNSAFE_SESSION_TIMEOUT google_cloud_connect_datastore_unsafe_session_timeout
- CONFIG.VUE_ROUTER_PARAMS_EXPOSED_TO_PROPS vuerouter_exposed_params
- COOKIE_INJECTION none
- CORS_MISCONFIGURATION cors_configured_globally
- CORS_MISCONFIGURATION cors_origin_string
- CORS_MISCONFIGURATION cors_with_credentials_all_origin
- CORS_MISCONFIGURATION cors_with_credentials_http_origin
- CORS_MISCONFIGURATION cors_with_credentials_null_origin
- CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
- CORS_MISCONFIGURATION_AUDIT cors_expose_sensitive_header
- CORS_MISCONFIGURATION_AUDIT cors_headers_allowed
- CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
- CORS_MISCONFIGURATION_AUDIT cors_origin_string
- CORS_MISCONFIGURATION_AUDIT cors_preflight_age_too_long
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_all_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_http_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_null_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
- CSRF database_update
- CSRF filesystem_modification
- CSRF none
- CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_cookie_name
- CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_no_validation
- CSRF_MISCONFIGURATION_HAPI_CRUMB insecure_cookie
- CSRF_MISCONFIGURATION_HAPI_CRUMB insufficient_token_entropy
- CSS_INJECTION none
- DNS_PREFETCHING helmet_dns_prefetching
- DOM_XSS none
- EXPRESS_SESSION_UNSAFE_MEMORYSTORE express_session_unsafe_memorystore
- EXPRESS_WINSTON_SENSITIVE_LOGGING error_logger
- EXPRESS_WINSTON_SENSITIVE_LOGGING meta_data
- EXPRESS_WINSTON_SENSITIVE_LOGGING request_logger
- EXPRESS_X_POWERED_BY_ENABLED x_powered_by_http_header
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_fields
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_filesize
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_use_temp_files
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HEADER_INJECTION none
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_max_age
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_report_uri
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_set_if
- INSECURE_ACL insecure_acl
- INSECURE_COMMUNICATION insecure_connection
- INSECURE_COOKIE client_sessions_express_session
- INSECURE_COOKIE hapi_server_session
- INSECURE_RANDOM insecure_random_used
- INSECURE_RANDOM insecure_random_value
- INSECURE_REFERRER_POLICY insecure_referrer_policy
- INSECURE_SALT hardcoded
- INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_aws
- INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_google
- LOCALSTORAGE_MANIPULATION none
- MISSING_AUTHZ none
- MULTER_MISCONFIGURATION multer_applied_globally
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_count
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
- MULTER_MISCONFIGURATION multer_misconfiguration_of_limits
- MULTER_MISCONFIGURATION multer_misconfiguration_of_storage
- NOSQL_QUERY_INJECTION none
- OPEN_REDIRECT none
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- REACT_DANGEROUS_INNERHTML react_set_unsafe_html
- REGEX_INJECTION none
- REVERSE_TABNABBING react_target_blank
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO insecure_cipher
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SA.RISKY_CRYPTO ssl_protocol
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SESSIONSTORAGE_MANIPULATION none
- SQLI none
- SQLI nosink
- SQLI sink
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
- TEMPLATE_INJECTION none
- TEMPORARY_CREDENTIALS_DURATION temporary_credentials_duration
- UNCHECKED_ORIGIN none
- UNLESS_CASE_SENSITIVE_ROUTE_MATCHING express_unless_case_sensitive_route_matching
- UNSAFE_BUFFER_METHOD unsafe_buffer_method
- UNSAFE_DESERIALIZATION none
- URL_MANIPULATION none
- VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
- WEAK_URL_SANITIZATION hostname_regular_expression
- WEAK_URL_SANITIZATION regular_expression_anchor
- WEAK_URL_SANITIZATION url_substring
- XML_EXTERNAL_ENTITY entity_expansion
- XML_EXTERNAL_ENTITY external_entities
- XSS none
|
- ASPNET_MVC_VERSION_HEADER none
- CONFIG.DYNAMIC_DATA_HTML_COMMENT none
- CONFIG.MISSING_CUSTOM_ERROR_PAGE none
- CSRF database_update
- CSRF filesystem_modification
- CSRF none
- DIVIDE_BY_ZERO float_divisor
- DIVIDE_BY_ZERO none
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HEADER_INJECTION none
- INSECURE_RANDOM insecure_random_used
- INSECURE_RANDOM insecure_random_value
- LDAP_INJECTION none
- LDAP_NOT_CONSTANT none
- LOG_INJECTION none
- MISSING_AUTHZ none
- OPEN_REDIRECT none
- OS_CMD_INJECTION command_argument
- OS_CMD_INJECTION executable_file
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- REGEX_INJECTION none
- RESOURCE_LEAK channel
- RESOURCE_LEAK database
- RESOURCE_LEAK exceptional_path
- RESOURCE_LEAK none
- RESOURCE_LEAK socket
- RESOURCE_LEAK stream
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
- UNRESTRICTED_DISPATCH none
- UNSAFE_DESERIALIZATION none
- UNSAFE_NAMED_QUERY none
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
- XML_EXTERNAL_ENTITY entity_expansion
- XML_EXTERNAL_ENTITY external_entities
- XML_EXTERNAL_ENTITY unrestricted_dtds
- XML_INJECTION none
- XPATH_INJECTION none
- XSS none
- XSS stored_xss
|
| 636 Not Failing Securely ('Failing Open') |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 637 Unnecessary Complexity in Protection Mechanism (Not Using 'Economy of Mechanism') |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 638 Not Using Complete Mediation |
|
|
|
|
- CONFIG.MISSING_JSF2_SECURITY_CONSTRAINT none
|
|
|
|
|
|
|
|
|
|
|
| 639 Authorization Bypass Through User-Controlled Key |
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
|
|
|
- SQLI none
- SQLI nosink
- SQLI sink
|
- CONFIG.MYBATIS_MAPPER_SQLI none
- JSP_SQL_INJECTION none
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
|
- SQLI none
- SQLI nosink
- SQLI sink
|
- SQLI none
- SQLI nosink
- SQLI sink
|
|
- SQLI none
- SQLI nosink
- SQLI sink
|
- SQLI none
- SQLI nosink
- SQLI sink
|
- INSECURE_DIRECT_OBJECT_REFERENCE unscoped_find_low
|
|
- SQLI none
- SQLI nosink
- SQLI sink
|
- SQLI none
- SQLI nosink
- SQLI sink
|
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
|
| 640 Weak Password Recovery Mechanism for Forgotten Password |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 641 Improper Restriction of Names for Files and Other Resources |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 642 External Control of Critical State Data |
- UNRESTRICTED_DISPATCH none
|
|
|
|
- UNRESTRICTED_DISPATCH none
|
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
- CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
|
|
|
|
|
- RUBY_VULNERABLE_LIBRARY cve_2014_7829_hi
- SESSION_MANIPULATION session_key_manipulation_hi
- SESSION_MANIPULATION session_key_manipulation_med
|
|
|
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
- CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
|
- UNRESTRICTED_DISPATCH none
|
| 643 Improper Neutralization of Data within XPath Expressions ('XPath Injection') |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 644 Improper Neutralization of HTTP Headers for Scripting Syntax |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 645 Overly Restrictive Account Lockout Mechanism |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 646 Reliance on File Name or Extension of Externally-Supplied File |
|
|
|
|
|
- MULTER_MISCONFIGURATION multer_custom_file_filter
|
|
|
|
|
|
|
|
- MULTER_MISCONFIGURATION multer_custom_file_filter
|
|
| 647 Use of Non-Canonical URL Paths for Authorization Decisions |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 648 Incorrect Use of Privileged APIs |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 649 Reliance on Obfuscation or Encryption of Security-Relevant Inputs without Integrity Checking |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 650 Trusting HTTP Permission Methods on the Server Side |
|
|
|
|
- CONFIG.HTTP_VERB_TAMPERING none
- INSECURE_HTTP_FIREWALL spring_security
|
|
|
|
|
|
|
|
|
|
|
| 651 Exposure of WSDL File Containing Sensitive Information |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 652 Improper Neutralization of Data within XQuery Expressions ('XQuery Injection') |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 653 Insufficient Compartmentalization |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 654 Reliance on a Single Factor in a Security Decision |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 655 Insufficient Psychological Acceptability |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 656 Reliance on Security Through Obscurity |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 657 Violation of Secure Design Principles |
- CONFIG.CONNECTION_STRING_PASSWORD none
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
|
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
|
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
|
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
|
- CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
- CONFIG.MISSING_JSF2_SECURITY_CONSTRAINT none
- CONFIG.SPRING_SECURITY_HARDCODED_CREDENTIALS none
- CONFIG.SPRING_SECURITY_REMEMBER_ME_HARDCODED_KEY none
- FB.DMI_CONSTANT_DB_PASSWORD none
- FB.DMI_EMPTY_DB_PASSWORD none
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
|
- CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
- CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
|
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
|
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
|
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
|
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
|
- HARDCODED_CREDENTIALS secret_in_source_med
- UNSAFE_BASIC_AUTH basic_auth_password_hi
- UNSAFE_SESSION_SETTING session_secret_hi
|
|
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
|
- CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
- CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
|
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
|
| 658 Weaknesses in Software Written in C |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 659 Weaknesses in Software Written in C++ |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 660 Weaknesses in Software Written in Java |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 661 Weaknesses in Software Written in PHP |
|
|
|
|
|
|
|
|
|
|
- RUBY_VULNERABLE_LIBRARY cve_2013_1856_hi
|
|
|
|
|
| 662 Improper Synchronization |
- BAD_LOCK_OBJECT boxed_lock
- BAD_LOCK_OBJECT interned_string_lock
- BAD_LOCK_OBJECT none
- BAD_LOCK_OBJECT single_thread_lock
- BAD_LOCK_OBJECT unsafe_assign_to_locked_field
- GUARDED_BY_VIOLATION none
- LOCK_EVASION none
- LOCK_INVERSION none
- NON_STATIC_GUARDING_STATIC none
|
- ATOMICITY none
- LOCK double_lock
- LOCK missing_unlock
- LOCK none
- MISSING_LOCK none
- ORDER_REVERSAL none
- SLEEP none
|
- ATOMICITY none
- LOCK double_lock
- LOCK missing_unlock
- LOCK none
- MISSING_LOCK none
- ORDER_REVERSAL none
- SLEEP none
|
- ATOMICITY none
- GUARDED_BY_VIOLATION none
- LOCK double_lock
- LOCK missing_unlock
- LOCK none
- LOCK_INVERSION none
- SLEEP none
|
- ATOMICITY none
- BAD_LOCK_OBJECT boxed_lock
- BAD_LOCK_OBJECT interned_string_lock
- BAD_LOCK_OBJECT none
- BAD_LOCK_OBJECT single_thread_lock
- BAD_LOCK_OBJECT unsafe_assign_to_locked_field
- DC.DEADLOCK none
- FB.DC_DOUBLECHECK none
- FB.DC_PARTIALLY_CONSTRUCTED none
- FB.LI_LAZY_INIT_STATIC none
- FB.LI_LAZY_INIT_UPDATE_STATIC none
- FB.RU_INVOKE_RUN none
- GUARDED_BY_VIOLATION none
- GUARDED_BY_VIOLATION unlocked_read
- GUARDED_BY_VIOLATION unlocked_write
- LOCK_EVASION none
- LOCK_INVERSION none
- NON_STATIC_GUARDING_STATIC none
- SERVLET_ATOMICITY attribute_init_race
- SERVLET_ATOMICITY none
- SERVLET_ATOMICITY violation_on_session_object
- SINGLETON_RACE none
|
|
|
- ATOMICITY none
- LOCK double_lock
- LOCK missing_unlock
- LOCK none
- MISSING_LOCK none
- ORDER_REVERSAL none
- SLEEP none
|
|
|
|
|
|
|
|
| 663 Use of a Non-reentrant Function in a Concurrent Context |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 664 Improper Control of a Resource Through its Lifetime |
- ASPNET_MVC_VERSION_HEADER none
- BAD_LOCK_OBJECT boxed_lock
- BAD_LOCK_OBJECT interned_string_lock
- BAD_LOCK_OBJECT none
- BAD_LOCK_OBJECT single_thread_lock
- BAD_LOCK_OBJECT unsafe_assign_to_locked_field
- CONFIG.ASPNET_VERSION_HEADER none
- CONFIG.CONNECTION_STRING_PASSWORD none
- CONFIG.COOKIES_MISSING_HTTPONLY none
- CONFIG.DEAD_AUTHORIZATION_RULE dead_allow_rule
- CONFIG.DEAD_AUTHORIZATION_RULE dead_deny_rule
- CONFIG.DYNAMIC_DATA_HTML_COMMENT none
- CONFIG.ENABLED_DEBUG_MODE none
- CONFIG.ENABLED_TRACE_MODE none
- GUARDED_BY_VIOLATION none
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HEADER_INJECTION none
- INSECURE_COOKIE dotnet
- LOCK_EVASION none
- LOCK_INVERSION none
- MISSING_AUTHZ none
- NON_STATIC_GUARDING_STATIC none
- NOSQL_QUERY_INJECTION none
- OPEN_REDIRECT none
- PATH_MANIPULATION none
- REGEX_INJECTION none
- RESOURCE_LEAK channel
- RESOURCE_LEAK database
- RESOURCE_LEAK exceptional_path
- RESOURCE_LEAK none
- RESOURCE_LEAK socket
- RESOURCE_LEAK stream
- RISKY_CRYPTO ssl_protocol
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- UNKNOWN_LANGUAGE_INJECTION none
- UNLOGGED_SECURITY_EXCEPTION unlogged_security_exception
- UNRESTRICTED_DISPATCH none
- UNSAFE_DESERIALIZATION none
- UNSAFE_NAMED_QUERY none
- XML_EXTERNAL_ENTITY entity_expansion
- XML_EXTERNAL_ENTITY external_entities
- XML_EXTERNAL_ENTITY unrestricted_dtds
- XPATH_INJECTION none
|
- ALLOC_FREE_MISMATCH none
- ATOMICITY none
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK nested_memory_access
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK sensitive_data_comparison
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_execution_data_leak
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_uninitialized_use
- AUTOSAR C++14 A15-3-3 none
- BAD_FREE address
- BAD_FREE alloca
- BAD_FREE array
- BAD_FREE first_field_address
- BAD_FREE function_pointer
- BAD_FREE none
- CHAR_IO none
- CHROOT none
- COM.ADDROF_LEAK none
- COM.BAD_FREE none
- COM.BSTR.ALLOC double_free
- COM.BSTR.ALLOC free_uninit
- COM.BSTR.ALLOC leak
- COM.BSTR.ALLOC none
- COM.BSTR.ALLOC use_after_free
- COM.BSTR.ALLOC use_uninit
- CTOR_DTOR_LEAK none
- DELETE_ARRAY non_array_delete
- DELETE_ARRAY none
- DELETE_ARRAY object
- DELETE_ARRAY scalar
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- INCOMPATIBLE_CAST float_vs_integral
- INCOMPATIBLE_CAST none
- LOCK double_lock
- LOCK missing_unlock
- LOCK none
- MISRA C++-2008 Rule 15-3-2 none
- MISRA_CAST bitwise_op_bad_cast
- MISRA_CAST bitwise_op_no_cast
- MISRA_CAST float_complex_conversion
- MISRA_CAST float_narrowing_conversion
- MISRA_CAST float_non_constant_arg_conversion
- MISRA_CAST float_non_constant_conversion
- MISRA_CAST float_non_constant_rtn_conversion
- MISRA_CAST float_to_integer_cast
- MISRA_CAST float_to_integer_conversion
- MISRA_CAST float_widening_cast
- MISRA_CAST integer_complex_conversion
- MISRA_CAST integer_narrowing_conversion
- MISRA_CAST integer_non_constant_arg_conversion
- MISRA_CAST integer_non_constant_conversion
- MISRA_CAST integer_non_constant_rtn_conversion
- MISRA_CAST integer_signedness_changing_cast
- MISRA_CAST integer_signedness_changing_conversion
- MISRA_CAST integer_to_float_cast
- MISRA_CAST integer_to_float_conversion
- MISRA_CAST integer_widening_cast
- MISRA_CAST none
- MISSING_ASSIGN none
- MISSING_ASSIGN uncalled
- MISSING_COPY none
- MISSING_COPY uncalled
- MISSING_LOCK none
- NO_EFFECT bad_memset_fill_value
- NO_EFFECT bad_memset_truncated_fill
- NO_EFFECT bad_memset_zero_size
- NO_EFFECT incomplete_delete
- NO_EFFECT self_assign
- ORDER_REVERSAL none
- PATH_MANIPULATION none
- PW.BAD_CAST none
- PW.BRANCH_PAST_INITIALIZATION none
- PW.CONVERSION_TO_POINTER_LOSES_BITS none
- PW.RETURN_PTR_TO_LOCAL_TEMP none
- RESOURCE_LEAK exceptional_path
- RESOURCE_LEAK fds_handles
- RESOURCE_LEAK none
- RETURN_LOCAL escape_local_addr_to_fields_or_globals
- RETURN_LOCAL none
- RISKY_CRYPTO ssl_protocol
- SECURE_TEMP none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SIGN_EXTENSION none
- SLEEP none
- SQLI none
- STACK_USE none
- TAINTED_SCALAR allocation
- UNCAUGHT_EXCEPT none
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- UNINIT array_index_read
- UNINIT array_index_write
- UNINIT none
- UNINIT pointer_deref_read
- UNINIT pointer_deref_write
- UNINIT_CTOR none
- UNINIT_CTOR pointer
- URL_MANIPULATION none
- USE_AFTER_FREE deref_read_after_free
- USE_AFTER_FREE deref_write_after_free
- USE_AFTER_FREE double_close
- USE_AFTER_FREE double_free
- USE_AFTER_FREE none
- USE_AFTER_FREE use_after_close
- VIRTUAL_DTOR empty_dtor
- VIRTUAL_DTOR none
- WEAK_GUARD dns
- WEAK_GUARD dns_sensitive_op
- WEAK_GUARD http_referer
- WEAK_GUARD http_referer_sensitive_op
- WEAK_GUARD ip_address
- WEAK_GUARD ip_address_sensitive_op
- WEAK_GUARD none
- WEAK_GUARD os_login
- WEAK_GUARD os_login_sensitive_op
- WEAK_GUARD principal_name
- WEAK_GUARD principal_name_sensitive_op
- WRAPPER_ESCAPE COM_deref_read_after_free
- WRAPPER_ESCAPE COM_deref_write_after_free
- WRAPPER_ESCAPE COM_use_after_free
- WRAPPER_ESCAPE deref_read_after_free
- WRAPPER_ESCAPE deref_write_after_free
- WRAPPER_ESCAPE none
- XPATH_INJECTION none
- Y2K38_SAFETY declaration_with_small_time_t
- Y2K38_SAFETY truncation_of_time_t
|
- ALLOC_FREE_MISMATCH none
- ATOMICITY none
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK nested_memory_access
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK sensitive_data_comparison
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_execution_data_leak
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_uninitialized_use
- AUTOSAR C++14 A15-3-3 none
- BAD_FREE address
- BAD_FREE alloca
- BAD_FREE array
- BAD_FREE first_field_address
- BAD_FREE function_pointer
- BAD_FREE none
- CHAR_IO none
- CHROOT none
- CTOR_DTOR_LEAK none
- DELETE_ARRAY non_array_delete
- DELETE_ARRAY none
- DELETE_ARRAY object
- DELETE_ARRAY scalar
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- INCOMPATIBLE_CAST float_vs_integral
- INCOMPATIBLE_CAST none
- LOCK double_lock
- LOCK missing_unlock
- LOCK none
- MISRA C++-2008 Rule 15-3-2 none
- MISRA_CAST bitwise_op_bad_cast
- MISRA_CAST bitwise_op_no_cast
- MISRA_CAST float_complex_conversion
- MISRA_CAST float_narrowing_conversion
- MISRA_CAST float_non_constant_arg_conversion
- MISRA_CAST float_non_constant_conversion
- MISRA_CAST float_non_constant_rtn_conversion
- MISRA_CAST float_to_integer_cast
- MISRA_CAST float_to_integer_conversion
- MISRA_CAST float_widening_cast
- MISRA_CAST integer_complex_conversion
- MISRA_CAST integer_narrowing_conversion
- MISRA_CAST integer_non_constant_arg_conversion
- MISRA_CAST integer_non_constant_conversion
- MISRA_CAST integer_non_constant_rtn_conversion
- MISRA_CAST integer_signedness_changing_cast
- MISRA_CAST integer_signedness_changing_conversion
- MISRA_CAST integer_to_float_cast
- MISRA_CAST integer_to_float_conversion
- MISRA_CAST integer_widening_cast
- MISRA_CAST none
- MISSING_ASSIGN none
- MISSING_ASSIGN uncalled
- MISSING_COPY none
- MISSING_COPY uncalled
- MISSING_LOCK none
- NO_EFFECT bad_memset_fill_value
- NO_EFFECT bad_memset_truncated_fill
- NO_EFFECT bad_memset_zero_size
- NO_EFFECT incomplete_delete
- NO_EFFECT self_assign
- ORDER_REVERSAL none
- PATH_MANIPULATION none
- PW.BAD_CAST none
- PW.BRANCH_PAST_INITIALIZATION none
- PW.CONVERSION_TO_POINTER_LOSES_BITS none
- PW.RETURN_PTR_TO_LOCAL_TEMP none
- RESOURCE_LEAK exceptional_path
- RESOURCE_LEAK fds_handles
- RESOURCE_LEAK none
- RETURN_LOCAL escape_local_addr_to_fields_or_globals
- RETURN_LOCAL none
- RISKY_CRYPTO ssl_protocol
- SECURE_TEMP none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SIGN_EXTENSION none
- SLEEP none
- SQLI none
- STACK_USE none
- TAINTED_SCALAR allocation
- UNCAUGHT_EXCEPT none
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- UNINIT array_index_read
- UNINIT array_index_write
- UNINIT none
- UNINIT pointer_deref_read
- UNINIT pointer_deref_write
- UNINIT_CTOR none
- UNINIT_CTOR pointer
- URL_MANIPULATION none
- USE_AFTER_FREE deref_read_after_free
- USE_AFTER_FREE deref_write_after_free
- USE_AFTER_FREE double_close
- USE_AFTER_FREE double_free
- USE_AFTER_FREE none
- USE_AFTER_FREE use_after_close
- VIRTUAL_DTOR empty_dtor
- VIRTUAL_DTOR none
- WEAK_GUARD dns
- WEAK_GUARD dns_sensitive_op
- WEAK_GUARD http_referer
- WEAK_GUARD http_referer_sensitive_op
- WEAK_GUARD ip_address
- WEAK_GUARD ip_address_sensitive_op
- WEAK_GUARD none
- WEAK_GUARD os_login
- WEAK_GUARD os_login_sensitive_op
- WEAK_GUARD principal_name
- WEAK_GUARD principal_name_sensitive_op
- WRAPPER_ESCAPE COM_deref_read_after_free
- WRAPPER_ESCAPE COM_deref_write_after_free
- WRAPPER_ESCAPE COM_use_after_free
- WRAPPER_ESCAPE deref_read_after_free
- WRAPPER_ESCAPE deref_write_after_free
- WRAPPER_ESCAPE none
- XPATH_INJECTION none
|
- ATOMICITY none
- DISTRUSTED_DATA_DESERIALIZATION none
- GUARDED_BY_VIOLATION none
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- INSUFFICIENT_LOGGING logging_obligation
- LOCK double_lock
- LOCK missing_unlock
- LOCK none
- LOCK_INVERSION none
- NOSQL_QUERY_INJECTION none
- OPEN_REDIRECT none
- PATH_MANIPULATION none
- RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SLEEP none
- SQLI none
- SQLI nosink
- SQLI sink
- TEMPLATE_INJECTION none
- URL_MANIPULATION none
- XML_EXTERNAL_ENTITY entity_expansion
- XML_EXTERNAL_ENTITY external_entities
|
- ANDROID_CAPABILITY_LEAK none
- ANDROID_DEBUG_MODE none
- ANDROID_WEBVIEW_FILEACCESS android_webview_file_access
- ATOMICITY none
- BAD_CERT_VERIFICATION bad_hostname_verifier
- BAD_CERT_VERIFICATION bad_revocation_check
- BAD_CERT_VERIFICATION bad_ssl_session
- BAD_CERT_VERIFICATION bad_trust_manager
- BAD_LOCK_OBJECT boxed_lock
- BAD_LOCK_OBJECT interned_string_lock
- BAD_LOCK_OBJECT none
- BAD_LOCK_OBJECT single_thread_lock
- BAD_LOCK_OBJECT unsafe_assign_to_locked_field
- CALL_SUPER clone
- CALL_SUPER finalize
- CONFIG.ANDROID_BACKUPS_ALLOWED android
- CONFIG.DWR_DEBUG_MODE none
- CONFIG.DYNAMIC_DATA_HTML_COMMENT none
- CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
- CONFIG.JAVAEE_MISSING_HTTPONLY none
- CONFIG.JAVAEE_MISSING_SERVLET_MAPPING javaee
- CONFIG.MISSING_JSF2_SECURITY_CONSTRAINT none
- CONFIG.MYBATIS_MAPPER_SQLI none
- CONFIG.SPRING_BOOT_SENSITIVE_LOGGING spring_boot_logging
- CONFIG.SPRING_BOOT_SSL_DISABLED spring_boot_certificate_validation_skipped
- CONFIG.SPRING_BOOT_SSL_DISABLED spring_boot_ssl_disabled
- CONFIG.SPRING_SECURITY_DEBUG_MODE spring_debug_mode_enabled
- CONFIG.SPRING_SECURITY_DISABLE_AUTH_TAGS none
- CONFIG.SPRING_SECURITY_EXPOSED_SESSIONID session_id_in_url
- CONFIG.SPRING_SECURITY_HARDCODED_CREDENTIALS none
- CONFIG.SPRING_SECURITY_LOGIN_OVER_HTTP spring_security_login_over_http
- CONFIG.SPRING_SECURITY_REMEMBER_ME_HARDCODED_KEY none
- CONFIG.SPRING_SECURITY_SESSION_FIXATION none
- CONFIG.SPRING_SECURITY_SESSION_FIXATION spring_security_source_code
- CONFIG.SPRING_SECURITY_UNSAFE_AUTHENTICATION_FILTER authentication_filter
- CONFIG.SPRING_SECURITY_WEAK_PASSWORD_HASH weak_encoding_for_password
- CONFIG.STRUTS2_CONFIG_BROWSER_PLUGIN none
- CONFIG.STRUTS2_DYNAMIC_METHOD_INVOCATION none
- CONFIG.STRUTS2_ENABLED_DEV_MODE none
- CONFIG.UNSAFE_SESSION_TIMEOUT none
- CORS_MISCONFIGURATION cors_with_credentials_http_origin
- CORS_MISCONFIGURATION cors_with_credentials_null_origin
- CORS_MISCONFIGURATION_AUDIT cors_expose_sensitive_header
- CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
- CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
- DC.DEADLOCK none
- DISABLED_ENCRYPTION text_encryptor
- EXPOSED_PREFERENCES none
- FB.BX_BOXING_IMMEDIATELY_UNBOXED_TO_PERFORM_COERCION none
- FB.CN_IDIOM none
- FB.CN_IDIOM_NO_SUPER_CALL none
- FB.CN_IMPLEMENTS_CLONE_BUT_NOT_CLONEABLE none
- FB.DC_DOUBLECHECK none
- FB.DC_PARTIALLY_CONSTRUCTED none
- FB.DMI_CONSTANT_DB_PASSWORD none
- FB.DMI_EMPTY_DB_PASSWORD none
- FB.EI_EXPOSE_REP none
- FB.EI_EXPOSE_REP2 none
- FB.FI_PUBLIC_SHOULD_BE_PROTECTED none
- FB.ICAST_BAD_SHIFT_AMOUNT none
- FB.ICAST_IDIV_CAST_TO_DOUBLE none
- FB.ICAST_INTEGER_MULTIPLY_CAST_TO_LONG none
- FB.ICAST_INT_2_LONG_AS_INSTANT none
- FB.ICAST_INT_CAST_TO_DOUBLE_PASSED_TO_CEIL none
- FB.ICAST_INT_CAST_TO_FLOAT_PASSED_TO_ROUND none
- FB.ICAST_QUESTIONABLE_UNSIGNED_RIGHT_SHIFT none
- FB.LI_LAZY_INIT_STATIC none
- FB.LI_LAZY_INIT_UPDATE_STATIC none
- FB.MS_CANNOT_BE_FINAL none
- FB.PT_ABSOLUTE_PATH_TRAVERSAL none
- FB.PT_RELATIVE_PATH_TRAVERSAL none
- FB.REC_CATCH_EXCEPTION none
- FB.RU_INVOKE_RUN none
- GUARDED_BY_VIOLATION none
- GUARDED_BY_VIOLATION unlocked_read
- GUARDED_BY_VIOLATION unlocked_write
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HEADER_INJECTION none
- IMPLICIT_INTENT none
- INSECURE_COMMUNICATION insecure_communication
- INSECURE_COMMUNICATION none
- INSECURE_COMMUNICATION unencrypted_connection
- INSECURE_REMEMBER_ME_COOKIE remember_me_cookie
- JAVA_CODE_INJECTION none
- JCR_INJECTION none
- JSP_DYNAMIC_INCLUDE none
- JSP_SQL_INJECTION none
- LOCK_EVASION none
- LOCK_INVERSION none
- MISSING_AUTHZ none
- MISSING_PERMISSION_FOR_BROADCAST none
- MISSING_PERMISSION_ON_EXPORTED_COMPONENT none
- NON_STATIC_GUARDING_STATIC none
- NOSQL_QUERY_INJECTION none
- OGNL_INJECTION none
- OPEN_REDIRECT none
- PATH_MANIPULATION none
- REGEX_INJECTION none
- RESOURCE_LEAK exceptional_path
- RESOURCE_LEAK none
- RESOURCE_LEAK socket
- RESOURCE_LEAK stream
- RISKY_CRYPTO ssl_protocol
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_clipboard
- SENSITIVE_DATA_LEAK cleartext_storage_in_content_provider
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_intent
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SERVLET_ATOMICITY attribute_init_race
- SERVLET_ATOMICITY none
- SERVLET_ATOMICITY violation_on_session_object
- SESSION_FIXATION none
- SINGLETON_RACE none
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
- TRUST_BOUNDARY_VIOLATION none
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- UNKNOWN_LANGUAGE_INJECTION none
- UNLIMITED_CONCURRENT_SESSIONS unlimited_concurrent_sessions
- UNLOGGED_SECURITY_EXCEPTION unlogged_security_exception
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_access
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_read
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_write
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_access
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_read
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_write
- UNRESTRICTED_DISPATCH none
- UNSAFE_DESERIALIZATION none
- UNSAFE_JNI none
- UNSAFE_NAMED_QUERY none
- UNSAFE_REFLECTION none
- URL_MANIPULATION bad_content_uri
- URL_MANIPULATION bad_intent_uri
- URL_MANIPULATION bad_web_uri
- USE_AFTER_FREE none
- VERBOSE_ERROR_REPORTING exception_information
- VERBOSE_ERROR_REPORTING stack_trace
- WEAK_GUARD dns
- WEAK_GUARD dns_sensitive_op
- WEAK_GUARD http_referer
- WEAK_GUARD http_referer_sensitive_op
- WEAK_GUARD ip_address
- WEAK_GUARD ip_address_sensitive_op
- WEAK_GUARD none
- WEAK_GUARD os_login
- WEAK_GUARD os_login_sensitive_op
- WEAK_GUARD principal_name
- WEAK_GUARD principal_name_sensitive_op
- XML_EXTERNAL_ENTITY entity_expansion
- XML_EXTERNAL_ENTITY external_entities
- XML_EXTERNAL_ENTITY unrestricted_dtds
- XPATH_INJECTION none
|
- ANGULAR_EXPRESSION_INJECTION none
- AWS_SSL_DISABLED aws_ssl_disabled
- AWS_VALIDATION_DISABLED aws_credentials_validation
- AWS_VALIDATION_DISABLED aws_parameters_validation
- BAD_CERT_VERIFICATION bad_cert_verification
- BAD_CERT_VERIFICATION certificate_validation_disabled
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_fields
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_filesize
- CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
- CONFIG.CORDOVA_EXCESSIVE_LOGGING cordova
- CONFIG.ENABLED_DEBUG_MODE debug_mode_enabled
- CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
- CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
- CONFIG.JSONWEBTOKEN_NON_EXPIRING_TOKEN jwt_non_expiring_token
- CONFIG.MYSQL_SSL_VERIFY_DISABLED mysql_ssl_verify_disabled
- CONFIG.REQUEST_STRICTSSL_DISABLED request_strictssl_disabled
- CONFIG.SEQUELIZE_ENABLED_LOGGING sequelize_logging_enabled
- CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
- CONFIG.SOCKETIO_MAXHTTPBUFFERSIZE_SET_TOO_LARGE socketio_max_buffer_size
- CONFIG.SOCKETIO_ORIGINS_ACCEPT_ALL socketio_all_origins
- CONFIG.UNSAFE_SESSION_TIMEOUT client_sessions_unsafe_session_timeout
- CONFIG.UNSAFE_SESSION_TIMEOUT connect_mongo_session_timeout_too_long
- CONFIG.UNSAFE_SESSION_TIMEOUT connect_redis_session_timeout_too_long
- CONFIG.UNSAFE_SESSION_TIMEOUT google_cloud_connect_datastore_unsafe_session_timeout
- CONFIG.VUE_ROUTER_PARAMS_EXPOSED_TO_PROPS vuerouter_exposed_params
- CORS_MISCONFIGURATION cors_configured_globally
- CORS_MISCONFIGURATION cors_origin_string
- CORS_MISCONFIGURATION cors_with_credentials_all_origin
- CORS_MISCONFIGURATION cors_with_credentials_http_origin
- CORS_MISCONFIGURATION cors_with_credentials_null_origin
- CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
- CORS_MISCONFIGURATION_AUDIT cors_expose_sensitive_header
- CORS_MISCONFIGURATION_AUDIT cors_headers_allowed
- CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
- CORS_MISCONFIGURATION_AUDIT cors_origin_string
- CORS_MISCONFIGURATION_AUDIT cors_preflight_age_too_long
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_all_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_http_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_null_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
- DNS_PREFETCHING helmet_dns_prefetching
- EXPRESS_SESSION_UNSAFE_MEMORYSTORE express_session_unsafe_memorystore
- EXPRESS_WINSTON_SENSITIVE_LOGGING error_logger
- EXPRESS_WINSTON_SENSITIVE_LOGGING meta_data
- EXPRESS_WINSTON_SENSITIVE_LOGGING request_logger
- EXPRESS_X_POWERED_BY_ENABLED x_powered_by_http_header
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_fields
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_filesize
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_use_temp_files
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_max_age
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_report_uri
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_set_if
- INSECURE_ACL insecure_acl
- INSECURE_COMMUNICATION insecure_connection
- INSECURE_COOKIE client_sessions_express_session
- INSECURE_COOKIE hapi_server_session
- INSECURE_REFERRER_POLICY insecure_referrer_policy
- INSUFFICIENT_LOGGING logging_obligation
- INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_aws
- INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_google
- JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_exipration
- JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_not_before
- LOCALSTORAGE_WRITE none
- MISSING_AUTHZ none
- MISSING_IFRAME_SANDBOX none
- MULTER_MISCONFIGURATION multer_applied_globally
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_count
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
- MULTER_MISCONFIGURATION multer_misconfiguration_of_limits
- MULTER_MISCONFIGURATION multer_misconfiguration_of_storage
- NOSQL_QUERY_INJECTION none
- NO_EFFECT self_assign
- OPEN_REDIRECT none
- PATH_MANIPULATION none
- REGEX_INJECTION none
- REVERSE_TABNABBING react_target_blank
- RISKY_CRYPTO ssl_protocol
- SA.RISKY_CRYPTO ssl_protocol
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- TEMPLATE_INJECTION none
- TEMPORARY_CREDENTIALS_DURATION temporary_credentials_duration
- UNCHECKED_ORIGIN none
- UNLESS_CASE_SENSITIVE_ROUTE_MATCHING express_unless_case_sensitive_route_matching
- UNRESTRICTED_MESSAGE_TARGET none
- UNSAFE_BUFFER_METHOD unsafe_buffer_method
- UNSAFE_DESERIALIZATION none
- URL_MANIPULATION none
- WEAK_URL_SANITIZATION hostname_regular_expression
- WEAK_URL_SANITIZATION regular_expression_anchor
- WEAK_URL_SANITIZATION url_substring
- XML_EXTERNAL_ENTITY entity_expansion
- XML_EXTERNAL_ENTITY external_entities
|
- ANDROID_CAPABILITY_LEAK none
- ANDROID_DEBUG_MODE none
- BAD_CERT_VERIFICATION bad_hostname_verifier
- BAD_CERT_VERIFICATION bad_revocation_check
- BAD_CERT_VERIFICATION bad_ssl_session
- BAD_CERT_VERIFICATION bad_trust_manager
- CONFIG.ANDROID_BACKUPS_ALLOWED android
- EXPOSED_PREFERENCES none
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HEADER_INJECTION none
- IMPLICIT_INTENT none
- INSECURE_COMMUNICATION none
- MISSING_PERMISSION_FOR_BROADCAST none
- PATH_MANIPULATION none
- RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_clipboard
- SENSITIVE_DATA_LEAK cleartext_storage_in_content_provider
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_intent
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_access
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_read
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_write
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_access
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_read
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_write
- UNSAFE_DESERIALIZATION none
- URL_MANIPULATION bad_content_uri
- URL_MANIPULATION bad_intent_uri
- URL_MANIPULATION bad_web_uri
- XML_EXTERNAL_ENTITY entity_expansion
- XML_EXTERNAL_ENTITY external_entities
- XML_EXTERNAL_ENTITY unrestricted_dtds
|
- ALLOC_FREE_MISMATCH none
- ATOMICITY none
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK nested_memory_access
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK sensitive_data_comparison
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_execution_data_leak
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_uninitialized_use
- BAD_FREE address
- BAD_FREE alloca
- BAD_FREE array
- BAD_FREE first_field_address
- BAD_FREE function_pointer
- BAD_FREE none
- CHAR_IO none
- CHROOT none
- CTOR_DTOR_LEAK none
- DELETE_ARRAY non_array_delete
- DELETE_ARRAY none
- DELETE_ARRAY object
- DELETE_ARRAY scalar
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- INCOMPATIBLE_CAST float_vs_integral
- INCOMPATIBLE_CAST none
- LOCK double_lock
- LOCK missing_unlock
- LOCK none
- MISRA_CAST bitwise_op_bad_cast
- MISRA_CAST bitwise_op_no_cast
- MISRA_CAST float_complex_conversion
- MISRA_CAST float_narrowing_conversion
- MISRA_CAST float_non_constant_arg_conversion
- MISRA_CAST float_non_constant_conversion
- MISRA_CAST float_non_constant_rtn_conversion
- MISRA_CAST float_to_integer_cast
- MISRA_CAST float_to_integer_conversion
- MISRA_CAST float_widening_cast
- MISRA_CAST integer_complex_conversion
- MISRA_CAST integer_narrowing_conversion
- MISRA_CAST integer_non_constant_arg_conversion
- MISRA_CAST integer_non_constant_conversion
- MISRA_CAST integer_non_constant_rtn_conversion
- MISRA_CAST integer_signedness_changing_cast
- MISRA_CAST integer_signedness_changing_conversion
- MISRA_CAST integer_to_float_cast
- MISRA_CAST integer_to_float_conversion
- MISRA_CAST integer_widening_cast
- MISRA_CAST none
- MISSING_ASSIGN none
- MISSING_ASSIGN uncalled
- MISSING_COPY none
- MISSING_COPY uncalled
- MISSING_LOCK none
- NO_EFFECT bad_memset_fill_value
- NO_EFFECT bad_memset_truncated_fill
- NO_EFFECT bad_memset_zero_size
- NO_EFFECT incomplete_delete
- NO_EFFECT self_assign
- ORDER_REVERSAL none
- PATH_MANIPULATION none
- RESOURCE_LEAK exceptional_path
- RESOURCE_LEAK fds_handles
- RESOURCE_LEAK none
- RETURN_LOCAL escape_local_addr_to_fields_or_globals
- RETURN_LOCAL none
- RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SIGN_EXTENSION none
- SLEEP none
- SQLI none
- STACK_USE none
- TAINTED_SCALAR allocation
- UNCAUGHT_EXCEPT none
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- UNINIT array_index_read
- UNINIT array_index_write
- UNINIT none
- UNINIT pointer_deref_read
- UNINIT pointer_deref_write
- UNINIT_CTOR none
- UNINIT_CTOR pointer
- URL_MANIPULATION none
- USE_AFTER_FREE deref_read_after_free
- USE_AFTER_FREE deref_write_after_free
- USE_AFTER_FREE double_close
- USE_AFTER_FREE double_free
- USE_AFTER_FREE none
- USE_AFTER_FREE use_after_close
- VIRTUAL_DTOR empty_dtor
- VIRTUAL_DTOR none
- WEAK_GUARD dns
- WEAK_GUARD dns_sensitive_op
- WEAK_GUARD http_referer
- WEAK_GUARD http_referer_sensitive_op
- WEAK_GUARD ip_address
- WEAK_GUARD ip_address_sensitive_op
- WEAK_GUARD none
- WEAK_GUARD os_login
- WEAK_GUARD os_login_sensitive_op
- WEAK_GUARD principal_name
- WEAK_GUARD principal_name_sensitive_op
- WRAPPER_ESCAPE COM_deref_read_after_free
- WRAPPER_ESCAPE COM_deref_write_after_free
- WRAPPER_ESCAPE COM_use_after_free
- WRAPPER_ESCAPE deref_read_after_free
- WRAPPER_ESCAPE deref_write_after_free
- WRAPPER_ESCAPE none
- XPATH_INJECTION none
|
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HEADER_INJECTION none
- MISSING_AUTHZ none
- NOSQL_QUERY_INJECTION none
- NO_EFFECT self_assign
- OPEN_REDIRECT none
- PATH_MANIPULATION none
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- UNSAFE_DESERIALIZATION none
- UNSAFE_REFLECTION none
- XML_EXTERNAL_ENTITY external_entities
|
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- MISSING_AUTHZ none
- NOSQL_QUERY_INJECTION none
- OPEN_REDIRECT none
- PATH_MANIPULATION none
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- UNSAFE_DESERIALIZATION none
- XML_EXTERNAL_ENTITY external_entities
|
- BAD_CERT_VERIFICATION ssl_verification_bypass_hi
- COOKIE_SERIALIZER_CONFIG unsafe_cookie_serialization_med
- DYNAMIC_OBJECT_ATTRIBUTES attr_protected_used_med
- DYNAMIC_OBJECT_ATTRIBUTES cve_2013_0276_hi
- DYNAMIC_OBJECT_ATTRIBUTES dangerous_attr_accessible_hi
- DYNAMIC_OBJECT_ATTRIBUTES dangerous_attr_accessible_low
- DYNAMIC_OBJECT_ATTRIBUTES dangerous_attr_accessible_med
- DYNAMIC_OBJECT_ATTRIBUTES dangerous_permit_key_hi
- DYNAMIC_OBJECT_ATTRIBUTES dangerous_permit_key_med
- DYNAMIC_OBJECT_ATTRIBUTES mass_assign_call_hi
- DYNAMIC_OBJECT_ATTRIBUTES mass_assign_call_low
- DYNAMIC_OBJECT_ATTRIBUTES mass_assign_call_med
- DYNAMIC_OBJECT_ATTRIBUTES mass_assign_permit_all_hi
- DYNAMIC_OBJECT_ATTRIBUTES mass_assign_permit_all_med
- DYNAMIC_OBJECT_ATTRIBUTES mass_assign_without_protection_hi
- DYNAMIC_OBJECT_ATTRIBUTES mass_assign_without_protection_med
- DYNAMIC_OBJECT_ATTRIBUTES no_attr_accessible_hi
- HARDCODED_CREDENTIALS secret_in_source_med
- INSECURE_COOKIE missing_httponly_low
- INSECURE_DIRECT_OBJECT_REFERENCE unscoped_find_low
- NO_EFFECT self_assign
- OPEN_REDIRECT open_redirect_hi
- OPEN_REDIRECT open_redirect_low
- PATH_MANIPULATION dynamic_render_path_hi
- PATH_MANIPULATION dynamic_render_path_low
- PATH_MANIPULATION dynamic_render_path_med
- PATH_MANIPULATION dynamic_render_path_rce_hi
- PATH_MANIPULATION file_access_hi
- PATH_MANIPULATION file_access_low
- PATH_MANIPULATION file_access_med
- RAILS_DEFAULT_ROUTES all_default_routes_hi
- RAILS_DEFAULT_ROUTES controller_default_routes_med
- RAILS_DEFAULT_ROUTES cve_2014_0130_hi
- RAILS_DEFAULT_ROUTES cve_2014_0130_med
- RAILS_DEVISE_CONFIG devise_lock_strategy_low
- RAILS_DEVISE_CONFIG devise_password_length_max_low
- RAILS_DEVISE_CONFIG devise_password_length_max_med
- RAILS_DEVISE_CONFIG devise_password_length_min_low
- RAILS_DEVISE_CONFIG devise_password_length_min_med
- RAILS_DEVISE_CONFIG devise_reset_timeout_hi
- RAILS_MISSING_FILTER_ACTION missing_action_filter_low
- REGEX_INJECTION regex_dos_hi
- REGEX_INJECTION regex_dos_low
- REGEX_INJECTION regex_dos_med
- RESOURCE_LEAK unsafe_symbol_creation_low
- REVERSE_TABNABBING reverse_tabnabbing_low
- RUBY_VULNERABLE_LIBRARY cve_2011_2929_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_3424_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_3424_low
- RUBY_VULNERABLE_LIBRARY cve_2013_0156_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_0269_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_0269_low
- RUBY_VULNERABLE_LIBRARY cve_2013_0269_med
- RUBY_VULNERABLE_LIBRARY cve_2013_0277_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_0277_med
- RUBY_VULNERABLE_LIBRARY cve_2013_0333_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_1854_med
- RUBY_VULNERABLE_LIBRARY cve_2013_6414_med
- RUBY_VULNERABLE_LIBRARY cve_2014_0082_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_7829_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_3227_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7576_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_7581_med
- RUBY_VULNERABLE_LIBRARY cve_2016_0751_med
- RUBY_VULNERABLE_LIBRARY cve_2018_3760_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_3760_low
- SCRIPT_CODE_INJECTION code_eval_hi
- SCRIPT_CODE_INJECTION code_eval_low
- SENSITIVE_DATA_LEAK detailed_exceptions_hi
- SENSITIVE_DATA_LEAK detailed_exceptions_med
- SENSITIVE_DATA_LEAK local_request_config_hi
- SESSION_MANIPULATION session_key_manipulation_hi
- SESSION_MANIPULATION session_key_manipulation_med
- SQLI sql_injection_dynamic_finder_med
- STRICT_TRANSPORT_SECURITY force_ssl_disabled_med
- UNSAFE_BASIC_AUTH basic_auth_password_hi
- UNSAFE_BASIC_AUTH basic_auth_timing_attack_low
- UNSAFE_BASIC_AUTH basic_auth_usage_low
- UNSAFE_DESERIALIZATION unsafe_deserialize_hi
- UNSAFE_DESERIALIZATION unsafe_deserialize_med
- UNSAFE_REFLECTION dangerous_send_hi
- UNSAFE_REFLECTION unsafe_constantize_hi
- UNSAFE_REFLECTION unsafe_constantize_med
- UNSAFE_SESSION_SETTING http_cookies_hi
- UNSAFE_SESSION_SETTING session_secret_hi
|
|
- BAD_CERT_VERIFICATION bad_trust_manager
- BAD_CERT_VERIFICATION none
- CONFIG.ATS_INSECURE none
- CUSTOM_KEYBOARD_DATA_LEAK none
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- INSECURE_COMMUNICATION none
- INSECURE_MULTIPEER_CONNECTION none
- PATH_MANIPULATION none
- REGEX_INJECTION none
- RISKY_CRYPTO ssl_protocol
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- WEAK_BIOMETRIC_AUTH none
- XML_EXTERNAL_ENTITY external_entities
- XPATH_INJECTION none
|
- ANGULAR_EXPRESSION_INJECTION none
- AWS_SSL_DISABLED aws_ssl_disabled
- AWS_VALIDATION_DISABLED aws_credentials_validation
- AWS_VALIDATION_DISABLED aws_parameters_validation
- BAD_CERT_VERIFICATION bad_cert_verification
- BAD_CERT_VERIFICATION certificate_validation_disabled
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_fields
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_filesize
- CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
- CONFIG.CORDOVA_EXCESSIVE_LOGGING cordova
- CONFIG.ENABLED_DEBUG_MODE debug_mode_enabled
- CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
- CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
- CONFIG.JSONWEBTOKEN_NON_EXPIRING_TOKEN jwt_non_expiring_token
- CONFIG.MYSQL_SSL_VERIFY_DISABLED mysql_ssl_verify_disabled
- CONFIG.REQUEST_STRICTSSL_DISABLED request_strictssl_disabled
- CONFIG.SEQUELIZE_ENABLED_LOGGING sequelize_logging_enabled
- CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
- CONFIG.SOCKETIO_MAXHTTPBUFFERSIZE_SET_TOO_LARGE socketio_max_buffer_size
- CONFIG.SOCKETIO_ORIGINS_ACCEPT_ALL socketio_all_origins
- CONFIG.UNSAFE_SESSION_TIMEOUT client_sessions_unsafe_session_timeout
- CONFIG.UNSAFE_SESSION_TIMEOUT connect_mongo_session_timeout_too_long
- CONFIG.UNSAFE_SESSION_TIMEOUT connect_redis_session_timeout_too_long
- CONFIG.UNSAFE_SESSION_TIMEOUT google_cloud_connect_datastore_unsafe_session_timeout
- CONFIG.VUE_ROUTER_PARAMS_EXPOSED_TO_PROPS vuerouter_exposed_params
- CORS_MISCONFIGURATION cors_configured_globally
- CORS_MISCONFIGURATION cors_origin_string
- CORS_MISCONFIGURATION cors_with_credentials_all_origin
- CORS_MISCONFIGURATION cors_with_credentials_http_origin
- CORS_MISCONFIGURATION cors_with_credentials_null_origin
- CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
- CORS_MISCONFIGURATION_AUDIT cors_expose_sensitive_header
- CORS_MISCONFIGURATION_AUDIT cors_headers_allowed
- CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
- CORS_MISCONFIGURATION_AUDIT cors_origin_string
- CORS_MISCONFIGURATION_AUDIT cors_preflight_age_too_long
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_all_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_http_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_null_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
- DNS_PREFETCHING helmet_dns_prefetching
- EXPRESS_SESSION_UNSAFE_MEMORYSTORE express_session_unsafe_memorystore
- EXPRESS_WINSTON_SENSITIVE_LOGGING error_logger
- EXPRESS_WINSTON_SENSITIVE_LOGGING meta_data
- EXPRESS_WINSTON_SENSITIVE_LOGGING request_logger
- EXPRESS_X_POWERED_BY_ENABLED x_powered_by_http_header
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_fields
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_filesize
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_use_temp_files
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_max_age
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_report_uri
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_set_if
- INSECURE_ACL insecure_acl
- INSECURE_COMMUNICATION insecure_connection
- INSECURE_COOKIE client_sessions_express_session
- INSECURE_COOKIE hapi_server_session
- INSECURE_REFERRER_POLICY insecure_referrer_policy
- INSUFFICIENT_LOGGING logging_obligation
- INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_aws
- INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_google
- JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_exipration
- JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_not_before
- LOCALSTORAGE_WRITE none
- MISSING_AUTHZ none
- MISSING_IFRAME_SANDBOX none
- MULTER_MISCONFIGURATION multer_applied_globally
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_count
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
- MULTER_MISCONFIGURATION multer_misconfiguration_of_limits
- MULTER_MISCONFIGURATION multer_misconfiguration_of_storage
- NOSQL_QUERY_INJECTION none
- NO_EFFECT self_assign
- OPEN_REDIRECT none
- PATH_MANIPULATION none
- REGEX_INJECTION none
- REVERSE_TABNABBING react_target_blank
- RISKY_CRYPTO ssl_protocol
- SA.RISKY_CRYPTO ssl_protocol
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- TEMPLATE_INJECTION none
- TEMPORARY_CREDENTIALS_DURATION temporary_credentials_duration
- UNCHECKED_ORIGIN none
- UNLESS_CASE_SENSITIVE_ROUTE_MATCHING express_unless_case_sensitive_route_matching
- UNRESTRICTED_MESSAGE_TARGET none
- UNSAFE_BUFFER_METHOD unsafe_buffer_method
- UNSAFE_DESERIALIZATION none
- URL_MANIPULATION none
- WEAK_URL_SANITIZATION hostname_regular_expression
- WEAK_URL_SANITIZATION regular_expression_anchor
- WEAK_URL_SANITIZATION url_substring
- XML_EXTERNAL_ENTITY entity_expansion
- XML_EXTERNAL_ENTITY external_entities
|
- ASPNET_MVC_VERSION_HEADER none
- CONFIG.DYNAMIC_DATA_HTML_COMMENT none
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HEADER_INJECTION none
- LOCK_EVASION none
- MISSING_AUTHZ none
- OPEN_REDIRECT none
- PATH_MANIPULATION none
- REGEX_INJECTION none
- RESOURCE_LEAK channel
- RESOURCE_LEAK database
- RESOURCE_LEAK exceptional_path
- RESOURCE_LEAK none
- RESOURCE_LEAK socket
- RESOURCE_LEAK stream
- RISKY_CRYPTO ssl_protocol
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
- UNLOGGED_SECURITY_EXCEPTION unlogged_security_exception
- UNRESTRICTED_DISPATCH none
- UNSAFE_DESERIALIZATION none
- UNSAFE_NAMED_QUERY none
- XML_EXTERNAL_ENTITY entity_expansion
- XML_EXTERNAL_ENTITY external_entities
- XML_EXTERNAL_ENTITY unrestricted_dtds
- XPATH_INJECTION none
|
| 665 Improper Initialization |
|
- NO_EFFECT bad_memset_fill_value
- NO_EFFECT bad_memset_zero_size
- NO_EFFECT self_assign
- PW.BRANCH_PAST_INITIALIZATION none
- TAINTED_SCALAR allocation
- UNINIT array_index_read
- UNINIT array_index_write
- UNINIT none
- UNINIT pointer_deref_read
- UNINIT pointer_deref_write
- UNINIT_CTOR none
- UNINIT_CTOR pointer
|
- NO_EFFECT bad_memset_fill_value
- NO_EFFECT bad_memset_zero_size
- NO_EFFECT self_assign
- PW.BRANCH_PAST_INITIALIZATION none
- TAINTED_SCALAR allocation
- UNINIT array_index_read
- UNINIT array_index_write
- UNINIT none
- UNINIT pointer_deref_read
- UNINIT pointer_deref_write
- UNINIT_CTOR none
- UNINIT_CTOR pointer
|
|
|
- EXPRESS_SESSION_UNSAFE_MEMORYSTORE express_session_unsafe_memorystore
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_count
- MULTER_MISCONFIGURATION multer_misconfiguration_of_limits
- NO_EFFECT self_assign
|
|
- NO_EFFECT bad_memset_fill_value
- NO_EFFECT bad_memset_zero_size
- NO_EFFECT self_assign
- TAINTED_SCALAR allocation
- UNINIT array_index_read
- UNINIT array_index_write
- UNINIT none
- UNINIT pointer_deref_read
- UNINIT pointer_deref_write
- UNINIT_CTOR none
- UNINIT_CTOR pointer
|
|
|
|
|
|
- EXPRESS_SESSION_UNSAFE_MEMORYSTORE express_session_unsafe_memorystore
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_count
- MULTER_MISCONFIGURATION multer_misconfiguration_of_limits
- NO_EFFECT self_assign
|
|
| 666 Operation on Resource in Wrong Phase of Lifetime |
|
- COM.BAD_FREE none
- COM.BSTR.ALLOC double_free
- COM.BSTR.ALLOC free_uninit
- COM.BSTR.ALLOC none
- COM.BSTR.ALLOC use_after_free
- COM.BSTR.ALLOC use_uninit
- MISSING_ASSIGN none
- MISSING_ASSIGN uncalled
- MISSING_COPY none
- MISSING_COPY uncalled
- PW.RETURN_PTR_TO_LOCAL_TEMP none
- RETURN_LOCAL escape_local_addr_to_fields_or_globals
- RETURN_LOCAL none
- USE_AFTER_FREE deref_read_after_free
- USE_AFTER_FREE deref_write_after_free
- USE_AFTER_FREE double_close
- USE_AFTER_FREE double_free
- USE_AFTER_FREE none
- USE_AFTER_FREE use_after_close
- WRAPPER_ESCAPE COM_deref_read_after_free
- WRAPPER_ESCAPE COM_deref_write_after_free
- WRAPPER_ESCAPE COM_use_after_free
- WRAPPER_ESCAPE deref_read_after_free
- WRAPPER_ESCAPE deref_write_after_free
- WRAPPER_ESCAPE none
|
- MISSING_ASSIGN none
- MISSING_ASSIGN uncalled
- MISSING_COPY none
- MISSING_COPY uncalled
- PW.RETURN_PTR_TO_LOCAL_TEMP none
- RETURN_LOCAL escape_local_addr_to_fields_or_globals
- RETURN_LOCAL none
- USE_AFTER_FREE deref_read_after_free
- USE_AFTER_FREE deref_write_after_free
- USE_AFTER_FREE double_close
- USE_AFTER_FREE double_free
- USE_AFTER_FREE none
- USE_AFTER_FREE use_after_close
- WRAPPER_ESCAPE COM_deref_read_after_free
- WRAPPER_ESCAPE COM_deref_write_after_free
- WRAPPER_ESCAPE COM_use_after_free
- WRAPPER_ESCAPE deref_read_after_free
- WRAPPER_ESCAPE deref_write_after_free
- WRAPPER_ESCAPE none
|
|
- CONFIG.UNSAFE_SESSION_TIMEOUT none
- USE_AFTER_FREE none
|
- CONFIG.JSONWEBTOKEN_NON_EXPIRING_TOKEN jwt_non_expiring_token
- CONFIG.UNSAFE_SESSION_TIMEOUT client_sessions_unsafe_session_timeout
- CONFIG.UNSAFE_SESSION_TIMEOUT connect_mongo_session_timeout_too_long
- CONFIG.UNSAFE_SESSION_TIMEOUT connect_redis_session_timeout_too_long
- CONFIG.UNSAFE_SESSION_TIMEOUT google_cloud_connect_datastore_unsafe_session_timeout
- CORS_MISCONFIGURATION_AUDIT cors_preflight_age_too_long
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_max_age
- INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_aws
- INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_google
- JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_exipration
- JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_not_before
- TEMPORARY_CREDENTIALS_DURATION temporary_credentials_duration
|
|
- MISSING_ASSIGN none
- MISSING_ASSIGN uncalled
- MISSING_COPY none
- MISSING_COPY uncalled
- RETURN_LOCAL escape_local_addr_to_fields_or_globals
- RETURN_LOCAL none
- USE_AFTER_FREE deref_read_after_free
- USE_AFTER_FREE deref_write_after_free
- USE_AFTER_FREE double_close
- USE_AFTER_FREE double_free
- USE_AFTER_FREE none
- USE_AFTER_FREE use_after_close
- WRAPPER_ESCAPE COM_deref_read_after_free
- WRAPPER_ESCAPE COM_deref_write_after_free
- WRAPPER_ESCAPE COM_use_after_free
- WRAPPER_ESCAPE deref_read_after_free
- WRAPPER_ESCAPE deref_write_after_free
- WRAPPER_ESCAPE none
|
|
|
|
|
|
- CONFIG.JSONWEBTOKEN_NON_EXPIRING_TOKEN jwt_non_expiring_token
- CONFIG.UNSAFE_SESSION_TIMEOUT client_sessions_unsafe_session_timeout
- CONFIG.UNSAFE_SESSION_TIMEOUT connect_mongo_session_timeout_too_long
- CONFIG.UNSAFE_SESSION_TIMEOUT connect_redis_session_timeout_too_long
- CONFIG.UNSAFE_SESSION_TIMEOUT google_cloud_connect_datastore_unsafe_session_timeout
- CORS_MISCONFIGURATION_AUDIT cors_preflight_age_too_long
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_max_age
- INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_aws
- INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_google
- JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_exipration
- JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_not_before
- TEMPORARY_CREDENTIALS_DURATION temporary_credentials_duration
|
|
| 667 Improper Locking |
|
- LOCK double_lock
- LOCK missing_unlock
- LOCK none
- ORDER_REVERSAL none
- SLEEP none
|
- LOCK double_lock
- LOCK missing_unlock
- LOCK none
- ORDER_REVERSAL none
- SLEEP none
|
- LOCK double_lock
- LOCK missing_unlock
- LOCK none
- LOCK_INVERSION none
- SLEEP none
|
- DC.DEADLOCK none
- FB.DC_DOUBLECHECK none
- FB.DC_PARTIALLY_CONSTRUCTED none
- LOCK_INVERSION none
|
|
|
- LOCK double_lock
- LOCK missing_unlock
- LOCK none
- ORDER_REVERSAL none
- SLEEP none
|
|
|
|
|
|
|
|
| 668 Exposure of Resource to Wrong Sphere |
- ASPNET_MVC_VERSION_HEADER none
- CONFIG.ASPNET_VERSION_HEADER none
- CONFIG.CONNECTION_STRING_PASSWORD none
- CONFIG.COOKIES_MISSING_HTTPONLY none
- CONFIG.DYNAMIC_DATA_HTML_COMMENT none
- CONFIG.ENABLED_DEBUG_MODE none
- CONFIG.ENABLED_TRACE_MODE none
- INSECURE_COOKIE dotnet
- PATH_MANIPULATION none
- RESOURCE_LEAK socket
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- UNRESTRICTED_DISPATCH none
|
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK nested_memory_access
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK sensitive_data_comparison
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_execution_data_leak
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_uninitialized_use
- AUTOSAR C++14 A15-3-3 none
- MISRA C++-2008 Rule 15-3-2 none
- PATH_MANIPULATION none
- SECURE_TEMP none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNCAUGHT_EXCEPT none
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
|
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK nested_memory_access
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK sensitive_data_comparison
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_execution_data_leak
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_uninitialized_use
- AUTOSAR C++14 A15-3-3 none
- MISRA C++-2008 Rule 15-3-2 none
- PATH_MANIPULATION none
- SECURE_TEMP none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNCAUGHT_EXCEPT none
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
|
- PATH_MANIPULATION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
|
- ANDROID_DEBUG_MODE none
- CONFIG.ANDROID_BACKUPS_ALLOWED android
- CONFIG.DWR_DEBUG_MODE none
- CONFIG.DYNAMIC_DATA_HTML_COMMENT none
- CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
- CONFIG.JAVAEE_MISSING_HTTPONLY none
- CONFIG.SPRING_BOOT_SENSITIVE_LOGGING spring_boot_logging
- CONFIG.SPRING_BOOT_SSL_DISABLED spring_boot_ssl_disabled
- CONFIG.SPRING_SECURITY_DEBUG_MODE spring_debug_mode_enabled
- CONFIG.SPRING_SECURITY_EXPOSED_SESSIONID session_id_in_url
- CONFIG.SPRING_SECURITY_LOGIN_OVER_HTTP spring_security_login_over_http
- CONFIG.SPRING_SECURITY_UNSAFE_AUTHENTICATION_FILTER authentication_filter
- CONFIG.STRUTS2_CONFIG_BROWSER_PLUGIN none
- CORS_MISCONFIGURATION_AUDIT cors_expose_sensitive_header
- CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
- DISABLED_ENCRYPTION text_encryptor
- EXPOSED_PREFERENCES none
- FB.EI_EXPOSE_REP none
- FB.EI_EXPOSE_REP2 none
- FB.FI_PUBLIC_SHOULD_BE_PROTECTED none
- FB.MS_CANNOT_BE_FINAL none
- FB.PT_ABSOLUTE_PATH_TRAVERSAL none
- FB.PT_RELATIVE_PATH_TRAVERSAL none
- IMPLICIT_INTENT none
- INSECURE_COMMUNICATION insecure_communication
- INSECURE_COMMUNICATION none
- INSECURE_COMMUNICATION unencrypted_connection
- INSECURE_REMEMBER_ME_COOKIE remember_me_cookie
- JSP_DYNAMIC_INCLUDE none
- MISSING_PERMISSION_FOR_BROADCAST none
- PATH_MANIPULATION none
- RESOURCE_LEAK socket
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_clipboard
- SENSITIVE_DATA_LEAK cleartext_storage_in_content_provider
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_intent
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_access
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_read
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_write
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_access
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_read
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_write
- UNRESTRICTED_DISPATCH none
- UNSAFE_JNI none
- VERBOSE_ERROR_REPORTING exception_information
- VERBOSE_ERROR_REPORTING stack_trace
|
- AWS_SSL_DISABLED aws_ssl_disabled
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
- CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
- CONFIG.ENABLED_DEBUG_MODE debug_mode_enabled
- CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
- CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
- CONFIG.MYSQL_SSL_VERIFY_DISABLED mysql_ssl_verify_disabled
- CONFIG.SEQUELIZE_ENABLED_LOGGING sequelize_logging_enabled
- CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
- CONFIG.VUE_ROUTER_PARAMS_EXPOSED_TO_PROPS vuerouter_exposed_params
- CORS_MISCONFIGURATION cors_configured_globally
- CORS_MISCONFIGURATION cors_origin_string
- CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
- CORS_MISCONFIGURATION_AUDIT cors_expose_sensitive_header
- CORS_MISCONFIGURATION_AUDIT cors_origin_string
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
- DNS_PREFETCHING helmet_dns_prefetching
- EXPRESS_WINSTON_SENSITIVE_LOGGING error_logger
- EXPRESS_WINSTON_SENSITIVE_LOGGING meta_data
- EXPRESS_WINSTON_SENSITIVE_LOGGING request_logger
- EXPRESS_X_POWERED_BY_ENABLED x_powered_by_http_header
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_report_uri
- INSECURE_ACL insecure_acl
- INSECURE_COMMUNICATION insecure_connection
- INSECURE_COOKIE client_sessions_express_session
- INSECURE_COOKIE hapi_server_session
- INSECURE_REFERRER_POLICY insecure_referrer_policy
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
- PATH_MANIPULATION none
- REVERSE_TABNABBING react_target_blank
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNRESTRICTED_MESSAGE_TARGET none
- UNSAFE_BUFFER_METHOD unsafe_buffer_method
|
- ANDROID_DEBUG_MODE none
- CONFIG.ANDROID_BACKUPS_ALLOWED android
- EXPOSED_PREFERENCES none
- IMPLICIT_INTENT none
- INSECURE_COMMUNICATION none
- MISSING_PERMISSION_FOR_BROADCAST none
- PATH_MANIPULATION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_clipboard
- SENSITIVE_DATA_LEAK cleartext_storage_in_content_provider
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_intent
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_access
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_read
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_write
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_access
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_read
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_write
|
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK nested_memory_access
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK sensitive_data_comparison
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_execution_data_leak
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_uninitialized_use
- PATH_MANIPULATION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNCAUGHT_EXCEPT none
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
|
- PATH_MANIPULATION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
|
- PATH_MANIPULATION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
|
- INSECURE_COOKIE missing_httponly_low
- PATH_MANIPULATION dynamic_render_path_hi
- PATH_MANIPULATION dynamic_render_path_low
- PATH_MANIPULATION dynamic_render_path_med
- PATH_MANIPULATION dynamic_render_path_rce_hi
- PATH_MANIPULATION file_access_hi
- PATH_MANIPULATION file_access_low
- PATH_MANIPULATION file_access_med
- RUBY_VULNERABLE_LIBRARY cve_2011_2929_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_7829_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_3760_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_3760_low
- SENSITIVE_DATA_LEAK detailed_exceptions_hi
- SENSITIVE_DATA_LEAK detailed_exceptions_med
- SENSITIVE_DATA_LEAK local_request_config_hi
- SESSION_MANIPULATION session_key_manipulation_hi
- SESSION_MANIPULATION session_key_manipulation_med
- STRICT_TRANSPORT_SECURITY force_ssl_disabled_med
- UNSAFE_SESSION_SETTING http_cookies_hi
|
|
- CONFIG.ATS_INSECURE none
- INSECURE_COMMUNICATION none
- INSECURE_MULTIPEER_CONNECTION none
- PATH_MANIPULATION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
|
- AWS_SSL_DISABLED aws_ssl_disabled
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
- CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
- CONFIG.ENABLED_DEBUG_MODE debug_mode_enabled
- CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
- CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
- CONFIG.MYSQL_SSL_VERIFY_DISABLED mysql_ssl_verify_disabled
- CONFIG.SEQUELIZE_ENABLED_LOGGING sequelize_logging_enabled
- CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
- CONFIG.VUE_ROUTER_PARAMS_EXPOSED_TO_PROPS vuerouter_exposed_params
- CORS_MISCONFIGURATION cors_configured_globally
- CORS_MISCONFIGURATION cors_origin_string
- CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
- CORS_MISCONFIGURATION_AUDIT cors_expose_sensitive_header
- CORS_MISCONFIGURATION_AUDIT cors_origin_string
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
- DNS_PREFETCHING helmet_dns_prefetching
- EXPRESS_WINSTON_SENSITIVE_LOGGING error_logger
- EXPRESS_WINSTON_SENSITIVE_LOGGING meta_data
- EXPRESS_WINSTON_SENSITIVE_LOGGING request_logger
- EXPRESS_X_POWERED_BY_ENABLED x_powered_by_http_header
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_report_uri
- INSECURE_ACL insecure_acl
- INSECURE_COMMUNICATION insecure_connection
- INSECURE_COOKIE client_sessions_express_session
- INSECURE_COOKIE hapi_server_session
- INSECURE_REFERRER_POLICY insecure_referrer_policy
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
- PATH_MANIPULATION none
- REVERSE_TABNABBING react_target_blank
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNRESTRICTED_MESSAGE_TARGET none
- UNSAFE_BUFFER_METHOD unsafe_buffer_method
|
- ASPNET_MVC_VERSION_HEADER none
- CONFIG.DYNAMIC_DATA_HTML_COMMENT none
- PATH_MANIPULATION none
- RESOURCE_LEAK socket
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNRESTRICTED_DISPATCH none
|
| 669 Incorrect Resource Transfer Between Spheres |
- XML_EXTERNAL_ENTITY unrestricted_dtds
|
|
|
|
- JAVA_CODE_INJECTION none
- XML_EXTERNAL_ENTITY unrestricted_dtds
|
- CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
- MISSING_IFRAME_SANDBOX none
|
- XML_EXTERNAL_ENTITY unrestricted_dtds
|
|
|
|
- SENSITIVE_DATA_LEAK detailed_exceptions_hi
- SENSITIVE_DATA_LEAK detailed_exceptions_med
|
|
- CUSTOM_KEYBOARD_DATA_LEAK none
|
- CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
- MISSING_IFRAME_SANDBOX none
|
- XML_EXTERNAL_ENTITY unrestricted_dtds
|
| 670 Always-Incorrect Control Flow Implementation |
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT missing_parentheses
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- NESTING_INDENT_MISMATCH bad_indentation
- NESTING_INDENT_MISMATCH none
- STRAY_SEMICOLON none
|
- BAD_COMPARE misuse_of_not
- BAD_COMPARE string_lit_comparison
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT missing_parentheses
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- LOCK lock_assert
- MISSING_BREAK none
- NESTING_INDENT_MISMATCH bad_indentation
- NESTING_INDENT_MISMATCH none
- NO_EFFECT extra_comma
- NO_EFFECT no_effect_test
- PW.ASSIGN_WHERE_COMPARE_MEANT none
- SIZEOF_MISMATCH missing_parentheses
- STRAY_SEMICOLON none
|
- BAD_COMPARE misuse_of_not
- BAD_COMPARE string_lit_comparison
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT missing_parentheses
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- LOCK lock_assert
- MISSING_BREAK none
- NESTING_INDENT_MISMATCH bad_indentation
- NESTING_INDENT_MISMATCH none
- NO_EFFECT extra_comma
- NO_EFFECT no_effect_test
- PW.ASSIGN_WHERE_COMPARE_MEANT none
- SIZEOF_MISMATCH missing_parentheses
- STRAY_SEMICOLON none
|
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT missing_parentheses
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- LOCK lock_assert
|
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT missing_parentheses
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- FB.ES_COMPARING_PARAMETER_STRING_WITH_EQ none
- FB.ES_COMPARING_STRINGS_WITH_EQ none
- FB.QBA_QUESTIONABLE_BOOLEAN_ASSIGNMENT none
- FB.SF_DEAD_STORE_DUE_TO_SWITCH_FALLTHROUGH none
- FB.SF_DEAD_STORE_DUE_TO_SWITCH_FALLTHROUGH_TO_THROW none
- FB.SF_SWITCH_FALLTHROUGH none
- MISSING_BREAK none
- NESTING_INDENT_MISMATCH bad_indentation
- NESTING_INDENT_MISMATCH none
- STRAY_SEMICOLON none
|
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT missing_parentheses
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- MISSING_BREAK none
- NESTING_INDENT_MISMATCH bad_indentation
- NESTING_INDENT_MISMATCH none
- STRAY_SEMICOLON none
|
|
- BAD_COMPARE misuse_of_not
- BAD_COMPARE string_lit_comparison
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT missing_parentheses
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- LOCK lock_assert
- MISSING_BREAK none
- NESTING_INDENT_MISMATCH bad_indentation
- NESTING_INDENT_MISMATCH none
- NO_EFFECT extra_comma
- NO_EFFECT no_effect_test
- SIZEOF_MISMATCH missing_parentheses
- STRAY_SEMICOLON none
|
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT missing_parentheses
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- MISSING_BREAK none
- NESTING_INDENT_MISMATCH bad_indentation
- NESTING_INDENT_MISMATCH none
- STRAY_SEMICOLON none
|
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT missing_parentheses
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
|
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT missing_parentheses
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
|
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT missing_parentheses
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- NESTING_INDENT_MISMATCH bad_indentation
- NESTING_INDENT_MISMATCH none
|
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
|
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT missing_parentheses
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- MISSING_BREAK none
- NESTING_INDENT_MISMATCH bad_indentation
- NESTING_INDENT_MISMATCH none
- STRAY_SEMICOLON none
|
|
| 671 Lack of Administrator Control over Security |
- CONFIG.CONNECTION_STRING_PASSWORD none
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
|
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
|
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
|
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
|
- CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
- CONFIG.SPRING_SECURITY_HARDCODED_CREDENTIALS none
- CONFIG.SPRING_SECURITY_REMEMBER_ME_HARDCODED_KEY none
- FB.DMI_CONSTANT_DB_PASSWORD none
- FB.DMI_EMPTY_DB_PASSWORD none
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
|
- CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
- CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
|
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
|
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
|
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
|
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
|
- HARDCODED_CREDENTIALS secret_in_source_med
- UNSAFE_BASIC_AUTH basic_auth_password_hi
- UNSAFE_SESSION_SETTING session_secret_hi
|
|
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
|
- CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
- CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
|
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
|
| 672 Operation on a Resource after Expiration or Release |
|
- COM.BAD_FREE none
- COM.BSTR.ALLOC double_free
- COM.BSTR.ALLOC free_uninit
- COM.BSTR.ALLOC none
- COM.BSTR.ALLOC use_after_free
- COM.BSTR.ALLOC use_uninit
- MISSING_ASSIGN none
- MISSING_ASSIGN uncalled
- MISSING_COPY none
- MISSING_COPY uncalled
- PW.RETURN_PTR_TO_LOCAL_TEMP none
- RETURN_LOCAL escape_local_addr_to_fields_or_globals
- RETURN_LOCAL none
- USE_AFTER_FREE deref_read_after_free
- USE_AFTER_FREE deref_write_after_free
- USE_AFTER_FREE double_close
- USE_AFTER_FREE double_free
- USE_AFTER_FREE none
- USE_AFTER_FREE use_after_close
- WRAPPER_ESCAPE COM_deref_read_after_free
- WRAPPER_ESCAPE COM_deref_write_after_free
- WRAPPER_ESCAPE COM_use_after_free
- WRAPPER_ESCAPE deref_read_after_free
- WRAPPER_ESCAPE deref_write_after_free
- WRAPPER_ESCAPE none
|
- MISSING_ASSIGN none
- MISSING_ASSIGN uncalled
- MISSING_COPY none
- MISSING_COPY uncalled
- PW.RETURN_PTR_TO_LOCAL_TEMP none
- RETURN_LOCAL escape_local_addr_to_fields_or_globals
- RETURN_LOCAL none
- USE_AFTER_FREE deref_read_after_free
- USE_AFTER_FREE deref_write_after_free
- USE_AFTER_FREE double_close
- USE_AFTER_FREE double_free
- USE_AFTER_FREE none
- USE_AFTER_FREE use_after_close
- WRAPPER_ESCAPE COM_deref_read_after_free
- WRAPPER_ESCAPE COM_deref_write_after_free
- WRAPPER_ESCAPE COM_use_after_free
- WRAPPER_ESCAPE deref_read_after_free
- WRAPPER_ESCAPE deref_write_after_free
- WRAPPER_ESCAPE none
|
|
- CONFIG.UNSAFE_SESSION_TIMEOUT none
- USE_AFTER_FREE none
|
- CONFIG.JSONWEBTOKEN_NON_EXPIRING_TOKEN jwt_non_expiring_token
- CONFIG.UNSAFE_SESSION_TIMEOUT client_sessions_unsafe_session_timeout
- CONFIG.UNSAFE_SESSION_TIMEOUT connect_mongo_session_timeout_too_long
- CONFIG.UNSAFE_SESSION_TIMEOUT connect_redis_session_timeout_too_long
- CONFIG.UNSAFE_SESSION_TIMEOUT google_cloud_connect_datastore_unsafe_session_timeout
- CORS_MISCONFIGURATION_AUDIT cors_preflight_age_too_long
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_max_age
- INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_aws
- INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_google
- JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_exipration
- JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_not_before
- TEMPORARY_CREDENTIALS_DURATION temporary_credentials_duration
|
|
- MISSING_ASSIGN none
- MISSING_ASSIGN uncalled
- MISSING_COPY none
- MISSING_COPY uncalled
- RETURN_LOCAL escape_local_addr_to_fields_or_globals
- RETURN_LOCAL none
- USE_AFTER_FREE deref_read_after_free
- USE_AFTER_FREE deref_write_after_free
- USE_AFTER_FREE double_close
- USE_AFTER_FREE double_free
- USE_AFTER_FREE none
- USE_AFTER_FREE use_after_close
- WRAPPER_ESCAPE COM_deref_read_after_free
- WRAPPER_ESCAPE COM_deref_write_after_free
- WRAPPER_ESCAPE COM_use_after_free
- WRAPPER_ESCAPE deref_read_after_free
- WRAPPER_ESCAPE deref_write_after_free
- WRAPPER_ESCAPE none
|
|
|
|
|
|
- CONFIG.JSONWEBTOKEN_NON_EXPIRING_TOKEN jwt_non_expiring_token
- CONFIG.UNSAFE_SESSION_TIMEOUT client_sessions_unsafe_session_timeout
- CONFIG.UNSAFE_SESSION_TIMEOUT connect_mongo_session_timeout_too_long
- CONFIG.UNSAFE_SESSION_TIMEOUT connect_redis_session_timeout_too_long
- CONFIG.UNSAFE_SESSION_TIMEOUT google_cloud_connect_datastore_unsafe_session_timeout
- CORS_MISCONFIGURATION_AUDIT cors_preflight_age_too_long
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_max_age
- INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_aws
- INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_google
- JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_exipration
- JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_not_before
- TEMPORARY_CREDENTIALS_DURATION temporary_credentials_duration
|
|
| 673 External Influence of Sphere Definition |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 674 Uncontrolled Recursion |
- XML_EXTERNAL_ENTITY entity_expansion
- XML_EXTERNAL_ENTITY unrestricted_dtds
|
|
|
- XML_EXTERNAL_ENTITY entity_expansion
|
- FB.IL_INFINITE_RECURSIVE_LOOP none
- XML_EXTERNAL_ENTITY entity_expansion
- XML_EXTERNAL_ENTITY unrestricted_dtds
|
- XML_EXTERNAL_ENTITY entity_expansion
|
- XML_EXTERNAL_ENTITY entity_expansion
- XML_EXTERNAL_ENTITY unrestricted_dtds
|
|
|
|
|
|
|
- XML_EXTERNAL_ENTITY entity_expansion
|
- XML_EXTERNAL_ENTITY entity_expansion
- XML_EXTERNAL_ENTITY unrestricted_dtds
|
| 675 Duplicate Operations on Resource |
|
- COM.BSTR.ALLOC double_free
- LOCK double_lock
- USE_AFTER_FREE double_free
|
- LOCK double_lock
- USE_AFTER_FREE double_free
|
|
|
|
|
- LOCK double_lock
- USE_AFTER_FREE double_free
|
|
|
|
|
|
|
|
| 676 Use of Potentially Dangerous Function |
|
- DC.PREDICTABLE_KEY_PASSWORD none
- DC.STREAM_BUFFER none
- DC.STRING_BUFFER none
- DC.WEAK_CRYPTO none
- SECURE_CODING none
|
- DC.PREDICTABLE_KEY_PASSWORD none
- DC.STREAM_BUFFER none
- DC.STRING_BUFFER none
- DC.WEAK_CRYPTO none
- SECURE_CODING none
|
|
|
|
|
- DC.PREDICTABLE_KEY_PASSWORD none
- DC.STREAM_BUFFER none
- DC.STRING_BUFFER none
- DC.WEAK_CRYPTO none
- SECURE_CODING none
|
|
|
|
|
|
|
|
| 677 Weakness Base Elements |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 678 Composites |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 679 DEPRECATED: Chain Elements |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 680 Integer Overflow to Buffer Overflow |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 681 Incorrect Conversion between Numeric Types |
|
- CHAR_IO none
- MISRA_CAST bitwise_op_bad_cast
- MISRA_CAST bitwise_op_no_cast
- MISRA_CAST float_complex_conversion
- MISRA_CAST float_narrowing_conversion
- MISRA_CAST float_non_constant_arg_conversion
- MISRA_CAST float_non_constant_conversion
- MISRA_CAST float_non_constant_rtn_conversion
- MISRA_CAST float_to_integer_cast
- MISRA_CAST float_to_integer_conversion
- MISRA_CAST float_widening_cast
- MISRA_CAST integer_complex_conversion
- MISRA_CAST integer_narrowing_conversion
- MISRA_CAST integer_non_constant_arg_conversion
- MISRA_CAST integer_non_constant_conversion
- MISRA_CAST integer_non_constant_rtn_conversion
- MISRA_CAST integer_signedness_changing_cast
- MISRA_CAST integer_signedness_changing_conversion
- MISRA_CAST integer_to_float_cast
- MISRA_CAST integer_to_float_conversion
- MISRA_CAST integer_widening_cast
- MISRA_CAST none
- NO_EFFECT bad_memset_truncated_fill
- SIGN_EXTENSION none
- Y2K38_SAFETY declaration_with_small_time_t
- Y2K38_SAFETY truncation_of_time_t
|
- CHAR_IO none
- MISRA_CAST bitwise_op_bad_cast
- MISRA_CAST bitwise_op_no_cast
- MISRA_CAST float_complex_conversion
- MISRA_CAST float_narrowing_conversion
- MISRA_CAST float_non_constant_arg_conversion
- MISRA_CAST float_non_constant_conversion
- MISRA_CAST float_non_constant_rtn_conversion
- MISRA_CAST float_to_integer_cast
- MISRA_CAST float_to_integer_conversion
- MISRA_CAST float_widening_cast
- MISRA_CAST integer_complex_conversion
- MISRA_CAST integer_narrowing_conversion
- MISRA_CAST integer_non_constant_arg_conversion
- MISRA_CAST integer_non_constant_conversion
- MISRA_CAST integer_non_constant_rtn_conversion
- MISRA_CAST integer_signedness_changing_cast
- MISRA_CAST integer_signedness_changing_conversion
- MISRA_CAST integer_to_float_cast
- MISRA_CAST integer_to_float_conversion
- MISRA_CAST integer_widening_cast
- MISRA_CAST none
- NO_EFFECT bad_memset_truncated_fill
- SIGN_EXTENSION none
|
|
- FB.BX_BOXING_IMMEDIATELY_UNBOXED_TO_PERFORM_COERCION none
- FB.ICAST_BAD_SHIFT_AMOUNT none
- FB.ICAST_IDIV_CAST_TO_DOUBLE none
- FB.ICAST_INTEGER_MULTIPLY_CAST_TO_LONG none
- FB.ICAST_INT_2_LONG_AS_INSTANT none
- FB.ICAST_INT_CAST_TO_DOUBLE_PASSED_TO_CEIL none
- FB.ICAST_INT_CAST_TO_FLOAT_PASSED_TO_ROUND none
- FB.ICAST_QUESTIONABLE_UNSIGNED_RIGHT_SHIFT none
|
|
|
- CHAR_IO none
- MISRA_CAST bitwise_op_bad_cast
- MISRA_CAST bitwise_op_no_cast
- MISRA_CAST float_complex_conversion
- MISRA_CAST float_narrowing_conversion
- MISRA_CAST float_non_constant_arg_conversion
- MISRA_CAST float_non_constant_conversion
- MISRA_CAST float_non_constant_rtn_conversion
- MISRA_CAST float_to_integer_cast
- MISRA_CAST float_to_integer_conversion
- MISRA_CAST float_widening_cast
- MISRA_CAST integer_complex_conversion
- MISRA_CAST integer_narrowing_conversion
- MISRA_CAST integer_non_constant_arg_conversion
- MISRA_CAST integer_non_constant_conversion
- MISRA_CAST integer_non_constant_rtn_conversion
- MISRA_CAST integer_signedness_changing_cast
- MISRA_CAST integer_signedness_changing_conversion
- MISRA_CAST integer_to_float_cast
- MISRA_CAST integer_to_float_conversion
- MISRA_CAST integer_widening_cast
- MISRA_CAST none
- NO_EFFECT bad_memset_truncated_fill
- SIGN_EXTENSION none
|
|
|
|
|
|
|
|
| 682 Incorrect Calculation |
- DIVIDE_BY_ZERO float_divisor
- DIVIDE_BY_ZERO none
- OVERFLOW_BEFORE_WIDEN none
|
- BAD_ALLOC_STRLEN none
- BAD_SIZEOF none
- BAD_SIZEOF sizeof_ptr_expr
- COM.BSTR.CONV none
- DIVIDE_BY_ZERO float_divisor
- DIVIDE_BY_ZERO none
- INTEGER_OVERFLOW array_index_read
- INTEGER_OVERFLOW array_index_write
- INTEGER_OVERFLOW const_overflow
- INTEGER_OVERFLOW critical_argument
- INTEGER_OVERFLOW none
- INTEGER_OVERFLOW pointer_deref_read
- INTEGER_OVERFLOW pointer_deref_write
- INTEGER_OVERFLOW return_value_error
- OVERFLOW_BEFORE_WIDEN none
- PW.DIVIDE_BY_ZERO none
- PW.INTEGER_OVERFLOW none
- PW.INTEGER_TOO_LARGE none
- PW.SHIFT_COUNT_TOO_LARGE none
- SIZECHECK ampersand_in_size
- SIZECHECK improper_new
- SIZECHECK incorrect_multiplication
- SIZECHECK likely_overflow
- SIZECHECK none
- SIZEOF_MISMATCH sizeof_punning
- TAINTED_SCALAR divisor
|
- BAD_ALLOC_STRLEN none
- BAD_SIZEOF none
- BAD_SIZEOF sizeof_ptr_expr
- DIVIDE_BY_ZERO float_divisor
- DIVIDE_BY_ZERO none
- INTEGER_OVERFLOW array_index_read
- INTEGER_OVERFLOW array_index_write
- INTEGER_OVERFLOW const_overflow
- INTEGER_OVERFLOW critical_argument
- INTEGER_OVERFLOW none
- INTEGER_OVERFLOW pointer_deref_read
- INTEGER_OVERFLOW pointer_deref_write
- INTEGER_OVERFLOW return_value_error
- OVERFLOW_BEFORE_WIDEN none
- PW.DIVIDE_BY_ZERO none
- PW.INTEGER_OVERFLOW none
- PW.INTEGER_TOO_LARGE none
- PW.SHIFT_COUNT_TOO_LARGE none
- SIZECHECK ampersand_in_size
- SIZECHECK improper_new
- SIZECHECK incorrect_multiplication
- SIZECHECK likely_overflow
- SIZECHECK none
- SIZEOF_MISMATCH sizeof_punning
- TAINTED_SCALAR divisor
|
- DIVIDE_BY_ZERO float_divisor
- DIVIDE_BY_ZERO none
|
- DIVIDE_BY_ZERO float_divisor
- DIVIDE_BY_ZERO none
- FB.BX_BOXING_IMMEDIATELY_UNBOXED_TO_PERFORM_COERCION none
- FB.ICAST_BAD_SHIFT_AMOUNT none
- FB.ICAST_IDIV_CAST_TO_DOUBLE none
- FB.ICAST_INTEGER_MULTIPLY_CAST_TO_LONG none
- FB.ICAST_INT_2_LONG_AS_INSTANT none
- FB.ICAST_INT_CAST_TO_DOUBLE_PASSED_TO_CEIL none
- FB.ICAST_INT_CAST_TO_FLOAT_PASSED_TO_ROUND none
- FB.ICAST_QUESTIONABLE_UNSIGNED_RIGHT_SHIFT none
- OVERFLOW_BEFORE_WIDEN none
|
|
|
- BAD_ALLOC_STRLEN none
- BAD_SIZEOF none
- BAD_SIZEOF sizeof_ptr_expr
- DIVIDE_BY_ZERO float_divisor
- DIVIDE_BY_ZERO none
- INTEGER_OVERFLOW array_index_read
- INTEGER_OVERFLOW array_index_write
- INTEGER_OVERFLOW const_overflow
- INTEGER_OVERFLOW critical_argument
- INTEGER_OVERFLOW none
- INTEGER_OVERFLOW pointer_deref_read
- INTEGER_OVERFLOW pointer_deref_write
- INTEGER_OVERFLOW return_value_error
- OVERFLOW_BEFORE_WIDEN none
- SIZECHECK ampersand_in_size
- SIZECHECK improper_new
- SIZECHECK incorrect_multiplication
- SIZECHECK likely_overflow
- SIZECHECK none
- SIZEOF_MISMATCH sizeof_punning
- TAINTED_SCALAR divisor
|
|
|
- DIVIDE_BY_ZERO divide_by_zero_low
- DIVIDE_BY_ZERO divide_by_zero_med
|
- OVERFLOW_BEFORE_WIDEN none
|
|
|
- DIVIDE_BY_ZERO float_divisor
- DIVIDE_BY_ZERO none
|
| 683 Function Call With Incorrect Order of Arguments |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 684 Incorrect Provision of Specified Functionality |
|
|
|
|
- FB.DMI_ANNOTATION_IS_NOT_VISIBLE_TO_REFLECTION none
- FB.DMI_ARGUMENTS_WRONG_ORDER none
- FB.DMI_BAD_MONTH none
- FB.DMI_BIGDECIMAL_CONSTRUCTED_FROM_DOUBLE none
- FB.DMI_BLOCKING_METHODS_ON_URL none
- FB.DMI_CALLING_NEXT_FROM_HASNEXT none
- FB.DMI_COLLECTIONS_SHOULD_NOT_CONTAIN_THEMSELVES none
- FB.DMI_COLLECTION_OF_URLS none
- FB.DMI_DOH none
- FB.DMI_ENTRY_SETS_MAY_REUSE_ENTRY_OBJECTS none
- FB.DMI_FUTILE_ATTEMPT_TO_CHANGE_MAXPOOL_SIZE_OF_SCHEDULED_THREAD none
- FB.DMI_HARDCODED_ABSOLUTE_FILENAME none
- FB.DMI_INVOKING_HASHCODE_ON_ARRAY none
- FB.DMI_INVOKING_TOSTRING_ON_ANONYMOUS_ARRAY none
- FB.DMI_INVOKING_TOSTRING_ON_ARRAY none
- FB.DMI_LONG_BITS_TO_DOUBLE_INVOKED_ON_INT none
- FB.DMI_NONSERIALIZABLE_OBJECT_WRITTEN none
- FB.DMI_RANDOM_USED_ONLY_ONCE none
- FB.DMI_SCHEDULED_THREAD_POOL_EXECUTOR_WITH_ZERO_CORE_THREADS none
- FB.DMI_THREAD_PASSED_WHERE_RUNNABLE_EXPECTED none
- FB.DMI_UNSUPPORTED_METHOD none
- FB.DMI_USELESS_SUBSTRING none
- FB.DMI_USING_REMOVEALL_TO_CLEAR_COLLECTION none
- FB.DMI_VACUOUS_CALL_TO_EASYMOCK_METHOD none
- FB.DMI_VACUOUS_SELF_COLLECTION_CALL none
- FB.RV_01_TO_INT none
- FB.RV_ABSOLUTE_VALUE_OF_HASHCODE none
- FB.RV_ABSOLUTE_VALUE_OF_RANDOM_INT none
- FB.RV_CHECK_COMPARETO_FOR_SPECIFIC_RETURN_VALUE none
- FB.RV_CHECK_FOR_POSITIVE_INDEXOF none
- FB.RV_DONT_JUST_NULL_CHECK_READLINE none
- FB.RV_EXCEPTION_NOT_THROWN none
- FB.RV_NEGATING_RESULT_OF_COMPARETO none
- FB.RV_REM_OF_HASHCODE none
- FB.RV_REM_OF_RANDOM_INT none
- FB.RV_RETURN_VALUE_IGNORED none
- FB.RV_RETURN_VALUE_IGNORED2 none
- FB.RV_RETURN_VALUE_IGNORED_INFERRED none
- FB.RV_RETURN_VALUE_IGNORED_NO_SIDE_EFFECT none
- FB.RV_RETURN_VALUE_OF_PUTIFABSENT_IGNORED none
|
|
|
|
|
|
|
|
|
|
|
| 685 Function Call With Incorrect Number of Arguments |
|
- PRINTF_ARGS extra_printf_arg
- PRINTF_ARGS missing_printf_arg
- PW.TOO_FEW_PRINTF_ARGS none
- PW.TOO_MANY_PRINTF_ARGS none
|
- PRINTF_ARGS extra_printf_arg
- PRINTF_ARGS missing_printf_arg
- PW.TOO_FEW_PRINTF_ARGS none
- PW.TOO_MANY_PRINTF_ARGS none
|
|
|
|
|
- PRINTF_ARGS extra_printf_arg
- PRINTF_ARGS missing_printf_arg
|
|
|
|
|
|
|
|
| 686 Function Call With Incorrect Argument Type |
|
- PRINTF_ARGS invalid_type_printf_arg
|
- PRINTF_ARGS invalid_type_printf_arg
|
|
|
|
|
- PRINTF_ARGS invalid_type_printf_arg
|
|
|
|
|
|
|
|
| 687 Function Call With Incorrectly Specified Argument Value |
|
- NEGATIVE_RETURNS critical_argument
|
- NEGATIVE_RETURNS critical_argument
|
|
|
|
|
- NEGATIVE_RETURNS critical_argument
|
|
|
|
|
|
|
|
| 688 Function Call With Incorrect Variable or Reference as Argument |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 689 Permission Race Condition During Resource Copy |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 690 Unchecked Return Value to NULL Pointer Dereference |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 691 Insufficient Control Flow Management |
- BAD_LOCK_OBJECT boxed_lock
- BAD_LOCK_OBJECT interned_string_lock
- BAD_LOCK_OBJECT none
- BAD_LOCK_OBJECT single_thread_lock
- BAD_LOCK_OBJECT unsafe_assign_to_locked_field
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT missing_parentheses
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- GUARDED_BY_VIOLATION none
- INFINITE_LOOP no_escape
- INFINITE_LOOP none
- LOCK_EVASION none
- LOCK_INVERSION none
- NESTING_INDENT_MISMATCH bad_indentation
- NESTING_INDENT_MISMATCH none
- NON_STATIC_GUARDING_STATIC none
- NOSQL_QUERY_INJECTION none
- REGEX_INJECTION none
- SCRIPT_CODE_INJECTION none
- STRAY_SEMICOLON none
- UNKNOWN_LANGUAGE_INJECTION none
- VOLATILE_ATOMICITY compare
- VOLATILE_ATOMICITY none
- VOLATILE_ATOMICITY semantic
- VOLATILE_ATOMICITY threshold
- XML_EXTERNAL_ENTITY entity_expansion
- XML_EXTERNAL_ENTITY unrestricted_dtds
- XPATH_INJECTION none
|
- ATOMICITY none
- BAD_COMPARE misuse_of_not
- BAD_COMPARE string_lit_comparison
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT missing_parentheses
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- INFINITE_LOOP no_escape
- INFINITE_LOOP none
- LOCK double_lock
- LOCK lock_assert
- LOCK missing_unlock
- LOCK none
- MISSING_BREAK none
- MISSING_LOCK none
- NESTING_INDENT_MISMATCH bad_indentation
- NESTING_INDENT_MISMATCH none
- NO_EFFECT extra_comma
- NO_EFFECT no_effect_test
- ORDER_REVERSAL none
- PW.ASSIGN_WHERE_COMPARE_MEANT none
- SIZEOF_MISMATCH missing_parentheses
- SLEEP none
- STRAY_SEMICOLON none
- TOCTOU none
- UNCAUGHT_EXCEPT none
- XPATH_INJECTION none
|
- ATOMICITY none
- BAD_COMPARE misuse_of_not
- BAD_COMPARE string_lit_comparison
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT missing_parentheses
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- INFINITE_LOOP no_escape
- INFINITE_LOOP none
- LOCK double_lock
- LOCK lock_assert
- LOCK missing_unlock
- LOCK none
- MISSING_BREAK none
- MISSING_LOCK none
- NESTING_INDENT_MISMATCH bad_indentation
- NESTING_INDENT_MISMATCH none
- NO_EFFECT extra_comma
- NO_EFFECT no_effect_test
- ORDER_REVERSAL none
- PW.ASSIGN_WHERE_COMPARE_MEANT none
- SIZEOF_MISMATCH missing_parentheses
- SLEEP none
- STRAY_SEMICOLON none
- TOCTOU none
- UNCAUGHT_EXCEPT none
- XPATH_INJECTION none
|
- ATOMICITY none
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT missing_parentheses
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- GUARDED_BY_VIOLATION none
- INFINITE_LOOP no_escape
- INFINITE_LOOP none
- LOCK double_lock
- LOCK lock_assert
- LOCK missing_unlock
- LOCK none
- LOCK_INVERSION none
- NOSQL_QUERY_INJECTION none
- SLEEP none
- TEMPLATE_INJECTION none
- XML_EXTERNAL_ENTITY entity_expansion
|
- ATOMICITY none
- BAD_LOCK_OBJECT boxed_lock
- BAD_LOCK_OBJECT interned_string_lock
- BAD_LOCK_OBJECT none
- BAD_LOCK_OBJECT single_thread_lock
- BAD_LOCK_OBJECT unsafe_assign_to_locked_field
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT missing_parentheses
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- DC.DEADLOCK none
- FB.DC_DOUBLECHECK none
- FB.DC_PARTIALLY_CONSTRUCTED none
- FB.DM_EXIT none
- FB.ES_COMPARING_PARAMETER_STRING_WITH_EQ none
- FB.ES_COMPARING_STRINGS_WITH_EQ none
- FB.IL_INFINITE_RECURSIVE_LOOP none
- FB.IS2_INCONSISTENT_SYNC none
- FB.IS_FIELD_NOT_GUARDED none
- FB.IS_INCONSISTENT_SYNC none
- FB.LI_LAZY_INIT_STATIC none
- FB.LI_LAZY_INIT_UPDATE_STATIC none
- FB.QBA_QUESTIONABLE_BOOLEAN_ASSIGNMENT none
- FB.REC_CATCH_EXCEPTION none
- FB.RU_INVOKE_RUN none
- FB.SF_DEAD_STORE_DUE_TO_SWITCH_FALLTHROUGH none
- FB.SF_DEAD_STORE_DUE_TO_SWITCH_FALLTHROUGH_TO_THROW none
- FB.SF_SWITCH_FALLTHROUGH none
- FB.STCAL_INVOKE_ON_STATIC_CALENDAR_INSTANCE none
- FB.STCAL_INVOKE_ON_STATIC_DATE_FORMAT_INSTANCE none
- FB.STCAL_STATIC_CALENDAR_INSTANCE none
- FB.STCAL_STATIC_SIMPLE_DATE_FORMAT_INSTANCE none
- GUARDED_BY_VIOLATION none
- GUARDED_BY_VIOLATION unlocked_read
- GUARDED_BY_VIOLATION unlocked_write
- INFINITE_LOOP no_escape
- INFINITE_LOOP none
- JAVA_CODE_INJECTION none
- JCR_INJECTION none
- JSP_DYNAMIC_INCLUDE none
- LOCK_EVASION none
- LOCK_INVERSION none
- MISSING_BREAK none
- NESTING_INDENT_MISMATCH bad_indentation
- NESTING_INDENT_MISMATCH none
- NON_STATIC_GUARDING_STATIC none
- NOSQL_QUERY_INJECTION none
- OGNL_INJECTION none
- REGEX_INJECTION none
- SCRIPT_CODE_INJECTION none
- SERVLET_ATOMICITY attribute_init_race
- SERVLET_ATOMICITY none
- SERVLET_ATOMICITY violation_on_session_object
- SINGLETON_RACE none
- STRAY_SEMICOLON none
- UNKNOWN_LANGUAGE_INJECTION none
- VOLATILE_ATOMICITY compare
- VOLATILE_ATOMICITY none
- VOLATILE_ATOMICITY semantic
- VOLATILE_ATOMICITY threshold
- XML_EXTERNAL_ENTITY entity_expansion
- XML_EXTERNAL_ENTITY unrestricted_dtds
- XPATH_INJECTION none
|
- ANGULAR_EXPRESSION_INJECTION none
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT missing_parentheses
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- MISSING_BREAK none
- NESTING_INDENT_MISMATCH bad_indentation
- NESTING_INDENT_MISMATCH none
- NOSQL_QUERY_INJECTION none
- REGEX_INJECTION none
- SCRIPT_CODE_INJECTION none
- STRAY_SEMICOLON none
- TEMPLATE_INJECTION none
- XML_EXTERNAL_ENTITY entity_expansion
|
- XML_EXTERNAL_ENTITY entity_expansion
- XML_EXTERNAL_ENTITY unrestricted_dtds
|
- ATOMICITY none
- BAD_COMPARE misuse_of_not
- BAD_COMPARE string_lit_comparison
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT missing_parentheses
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- INFINITE_LOOP no_escape
- INFINITE_LOOP none
- LOCK double_lock
- LOCK lock_assert
- LOCK missing_unlock
- LOCK none
- MISSING_BREAK none
- MISSING_LOCK none
- NESTING_INDENT_MISMATCH bad_indentation
- NESTING_INDENT_MISMATCH none
- NO_EFFECT extra_comma
- NO_EFFECT no_effect_test
- ORDER_REVERSAL none
- SIZEOF_MISMATCH missing_parentheses
- SLEEP none
- STRAY_SEMICOLON none
- TOCTOU none
- UNCAUGHT_EXCEPT none
- XPATH_INJECTION none
|
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT missing_parentheses
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- MISSING_BREAK none
- NESTING_INDENT_MISMATCH bad_indentation
- NESTING_INDENT_MISMATCH none
- NOSQL_QUERY_INJECTION none
- SCRIPT_CODE_INJECTION none
- STRAY_SEMICOLON none
|
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT missing_parentheses
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- NOSQL_QUERY_INJECTION none
- SCRIPT_CODE_INJECTION none
|
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT missing_parentheses
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- PATH_MANIPULATION dynamic_render_path_rce_hi
- RAILS_DEVISE_CONFIG devise_lock_strategy_low
- REGEX_INJECTION regex_dos_hi
- REGEX_INJECTION regex_dos_low
- REGEX_INJECTION regex_dos_med
- SCRIPT_CODE_INJECTION code_eval_hi
- SCRIPT_CODE_INJECTION code_eval_low
|
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT missing_parentheses
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- NESTING_INDENT_MISMATCH bad_indentation
- NESTING_INDENT_MISMATCH none
|
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- REGEX_INJECTION none
- SCRIPT_CODE_INJECTION none
- XPATH_INJECTION none
|
- ANGULAR_EXPRESSION_INJECTION none
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT missing_parentheses
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- MISSING_BREAK none
- NESTING_INDENT_MISMATCH bad_indentation
- NESTING_INDENT_MISMATCH none
- NOSQL_QUERY_INJECTION none
- REGEX_INJECTION none
- SCRIPT_CODE_INJECTION none
- STRAY_SEMICOLON none
- TEMPLATE_INJECTION none
- XML_EXTERNAL_ENTITY entity_expansion
|
- INFINITE_LOOP no_escape
- INFINITE_LOOP none
- LOCK_EVASION none
- REGEX_INJECTION none
- SCRIPT_CODE_INJECTION none
- XML_EXTERNAL_ENTITY entity_expansion
- XML_EXTERNAL_ENTITY unrestricted_dtds
- XPATH_INJECTION none
|
| 692 Incomplete Denylist to Cross-Site Scripting |
|
|
|
|
- CONFIG.SPRING_SECURITY_DEPRECATED_XSS_HEADER deprecated_xss_header
- XSS none
- XSS stored_xss
|
- ANGULAR_SCE_DISABLED angular_sce_disabled
- DOM_XSS none
- REACT_DANGEROUS_INNERHTML react_set_unsafe_html
- VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
- XSS none
|
|
|
|
|
- XSS cross_site_scripting_hi
- XSS cross_site_scripting_inline_hi
- XSS cross_site_scripting_inline_med
- XSS cross_site_scripting_low
- XSS cross_site_scripting_med
- XSS cve_2011_0446_hi
- XSS cve_2012_3464_med
- XSS cve_2016_6316_hi
- XSS cve_2016_6316_med
- XSS unquoted_attribute_hi
- XSS unquoted_attribute_low
- XSS unquoted_attribute_med
- XSS xss_content_tag_hi
- XSS xss_content_tag_med
- XSS xss_link_to_hi
- XSS xss_link_to_href_hi
- XSS xss_link_to_href_low
- XSS xss_link_to_med
- XSS xss_to_json_hi
- XSS xss_to_json_med
|
|
|
- ANGULAR_SCE_DISABLED angular_sce_disabled
- DOM_XSS none
- REACT_DANGEROUS_INNERHTML react_set_unsafe_html
- VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
- XSS none
|
|
| 693 Protection Mechanism Failure |
- CONFIG.CONNECTION_STRING_PASSWORD none
- CONFIG.DEAD_AUTHORIZATION_RULE dead_allow_rule
- CONFIG.DEAD_AUTHORIZATION_RULE dead_deny_rule
- CSRF database_update
- CSRF filesystem_modification
- CSRF none
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HEADER_INJECTION none
- INSECURE_COOKIE dotnet
- LDAP_INJECTION none
- LDAP_NOT_CONSTANT none
- LOG_INJECTION none
- MISSING_AUTHZ none
- NOSQL_QUERY_INJECTION none
- OPEN_REDIRECT none
- OS_CMD_INJECTION command_argument
- OS_CMD_INJECTION executable_file
- OS_CMD_INJECTION none
- OVERFLOW_BEFORE_WIDEN none
- PATH_MANIPULATION none
- REGEX_INJECTION none
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- UNKNOWN_LANGUAGE_INJECTION none
- UNLOGGED_SECURITY_EXCEPTION unlogged_security_exception
- UNRESTRICTED_DISPATCH none
- UNSAFE_NAMED_QUERY none
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
- XML_INJECTION none
- XPATH_INJECTION none
- XSS none
- XSS stored_xss
|
- ARRAY_VS_SINGLETON none
- BAD_ALLOC_ARITHMETIC none
- BUFFER_SIZE fixed_size_dest
- BUFFER_SIZE likely_overflow
- BUFFER_SIZE no_null_terminator
- BUFFER_SIZE no_null_terminator_warn
- BUFFER_SIZE none
- BUFFER_SIZE overflow
- BUFFER_SIZE overlapping_buffer
- COM.BAD_FREE none
- COM.BSTR.ALLOC double_free
- COM.BSTR.ALLOC free_uninit
- COM.BSTR.ALLOC none
- COM.BSTR.ALLOC use_after_free
- COM.BSTR.ALLOC use_uninit
- COM.BSTR.CONV none
- FORMAT_STRING_INJECTION none
- FORMAT_STRING_INJECTION paranoid
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HEADER_INJECTION none
- INCOMPATIBLE_CAST overrun
- INTEGER_OVERFLOW array_index_read
- INTEGER_OVERFLOW array_index_write
- INTEGER_OVERFLOW const_overflow
- INTEGER_OVERFLOW critical_argument
- INTEGER_OVERFLOW none
- INTEGER_OVERFLOW pointer_deref_read
- INTEGER_OVERFLOW pointer_deref_write
- INTEGER_OVERFLOW return_value_error
- INVALIDATE_ITERATOR none
- MISMATCHED_ITERATOR none
- MISMATCHED_ITERATOR splice_iterator_mismatch
- MISSING_ASSIGN none
- MISSING_ASSIGN uncalled
- MISSING_COPY none
- MISSING_COPY uncalled
- NEGATIVE_RETURNS array_index_read
- NEGATIVE_RETURNS array_index_write
- NEGATIVE_RETURNS loop_bound
- OS_CMD_INJECTION none
- OVERFLOW_BEFORE_WIDEN none
- OVERRUN illegal_address
- OVERRUN none
- OVERRUN read
- OVERRUN strlen
- OVERRUN write
- PATH_MANIPULATION none
- PW.INTEGER_OVERFLOW none
- PW.INTEGER_TOO_LARGE none
- PW.NON_CONST_PRINTF_FORMAT_STRING none
- PW.SHIFT_COUNT_TOO_LARGE none
- READLINK none
- REVERSE_NEGATIVE array_index_read
- REVERSE_NEGATIVE array_index_write
- REVERSE_NEGATIVE critical_argument
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SIZECHECK likely_overflow
- SIZECHECK no_null_terminator
- SQLI none
- STRING_NULL none
- STRING_OVERFLOW fixed_size_dest
- STRING_OVERFLOW likely_overflow
- STRING_OVERFLOW none
- STRING_SIZE none
- TAINTED_SCALAR allocation
- TAINTED_SCALAR array_index_read
- TAINTED_SCALAR array_index_write
- TAINTED_SCALAR critical_argument
- TAINTED_SCALAR divisor
- TAINTED_SCALAR loop_bound
- TAINTED_SCALAR none
- TAINTED_SCALAR pointer_deref_read
- TAINTED_SCALAR pointer_deref_write
- TAINTED_STRING none
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- URL_MANIPULATION none
- USER_POINTER none
- USE_AFTER_FREE deref_read_after_free
- USE_AFTER_FREE deref_write_after_free
- USE_AFTER_FREE double_free
- USE_AFTER_FREE none
- WEAK_GUARD dns
- WEAK_GUARD dns_sensitive_op
- WEAK_GUARD http_referer
- WEAK_GUARD http_referer_sensitive_op
- WEAK_GUARD ip_address
- WEAK_GUARD ip_address_sensitive_op
- WEAK_GUARD none
- WEAK_GUARD os_login
- WEAK_GUARD os_login_sensitive_op
- WEAK_GUARD principal_name
- WEAK_GUARD principal_name_sensitive_op
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
- WRAPPER_ESCAPE COM_deref_read_after_free
- WRAPPER_ESCAPE COM_deref_write_after_free
- WRAPPER_ESCAPE COM_use_after_free
- WRAPPER_ESCAPE deref_read_after_free
- WRAPPER_ESCAPE deref_write_after_free
- WRAPPER_ESCAPE none
- XPATH_INJECTION none
|
- ARRAY_VS_SINGLETON none
- BAD_ALLOC_ARITHMETIC none
- BUFFER_SIZE fixed_size_dest
- BUFFER_SIZE likely_overflow
- BUFFER_SIZE no_null_terminator
- BUFFER_SIZE no_null_terminator_warn
- BUFFER_SIZE none
- BUFFER_SIZE overflow
- BUFFER_SIZE overlapping_buffer
- FORMAT_STRING_INJECTION none
- FORMAT_STRING_INJECTION paranoid
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HEADER_INJECTION none
- INCOMPATIBLE_CAST overrun
- INTEGER_OVERFLOW array_index_read
- INTEGER_OVERFLOW array_index_write
- INTEGER_OVERFLOW const_overflow
- INTEGER_OVERFLOW critical_argument
- INTEGER_OVERFLOW none
- INTEGER_OVERFLOW pointer_deref_read
- INTEGER_OVERFLOW pointer_deref_write
- INTEGER_OVERFLOW return_value_error
- INVALIDATE_ITERATOR none
- MISMATCHED_ITERATOR none
- MISMATCHED_ITERATOR splice_iterator_mismatch
- MISSING_ASSIGN none
- MISSING_ASSIGN uncalled
- MISSING_COPY none
- MISSING_COPY uncalled
- NEGATIVE_RETURNS array_index_read
- NEGATIVE_RETURNS array_index_write
- NEGATIVE_RETURNS loop_bound
- OS_CMD_INJECTION none
- OVERFLOW_BEFORE_WIDEN none
- OVERRUN illegal_address
- OVERRUN none
- OVERRUN read
- OVERRUN strlen
- OVERRUN write
- PATH_MANIPULATION none
- PW.INTEGER_OVERFLOW none
- PW.INTEGER_TOO_LARGE none
- PW.NON_CONST_PRINTF_FORMAT_STRING none
- PW.SHIFT_COUNT_TOO_LARGE none
- READLINK none
- REVERSE_NEGATIVE array_index_read
- REVERSE_NEGATIVE array_index_write
- REVERSE_NEGATIVE critical_argument
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SIZECHECK likely_overflow
- SIZECHECK no_null_terminator
- SQLI none
- STRING_NULL none
- STRING_OVERFLOW fixed_size_dest
- STRING_OVERFLOW likely_overflow
- STRING_OVERFLOW none
- STRING_SIZE none
- TAINTED_SCALAR allocation
- TAINTED_SCALAR array_index_read
- TAINTED_SCALAR array_index_write
- TAINTED_SCALAR critical_argument
- TAINTED_SCALAR divisor
- TAINTED_SCALAR loop_bound
- TAINTED_SCALAR none
- TAINTED_SCALAR pointer_deref_read
- TAINTED_SCALAR pointer_deref_write
- TAINTED_STRING none
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- URL_MANIPULATION none
- USER_POINTER none
- USE_AFTER_FREE deref_read_after_free
- USE_AFTER_FREE deref_write_after_free
- USE_AFTER_FREE double_free
- USE_AFTER_FREE none
- WEAK_GUARD dns
- WEAK_GUARD dns_sensitive_op
- WEAK_GUARD http_referer
- WEAK_GUARD http_referer_sensitive_op
- WEAK_GUARD ip_address
- WEAK_GUARD ip_address_sensitive_op
- WEAK_GUARD none
- WEAK_GUARD os_login
- WEAK_GUARD os_login_sensitive_op
- WEAK_GUARD principal_name
- WEAK_GUARD principal_name_sensitive_op
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
- WRAPPER_ESCAPE COM_deref_read_after_free
- WRAPPER_ESCAPE COM_deref_write_after_free
- WRAPPER_ESCAPE COM_use_after_free
- WRAPPER_ESCAPE deref_read_after_free
- WRAPPER_ESCAPE deref_write_after_free
- WRAPPER_ESCAPE none
- XPATH_INJECTION none
|
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HEADER_INJECTION none
- INSUFFICIENT_LOGGING logging_obligation
- NOSQL_QUERY_INJECTION none
- OPEN_REDIRECT none
- OS_CMD_INJECTION command_as_one_string
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
- TEMPLATE_INJECTION none
- URL_MANIPULATION none
- XSS none
|
- ANDROID_CAPABILITY_LEAK none
- ANDROID_WEBVIEW_FILEACCESS android_webview_file_access
- BAD_CERT_VERIFICATION bad_hostname_verifier
- BAD_CERT_VERIFICATION bad_revocation_check
- BAD_CERT_VERIFICATION bad_ssl_session
- BAD_CERT_VERIFICATION bad_trust_manager
- CONFIG.DWR_DEBUG_MODE none
- CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
- CONFIG.JAVAEE_MISSING_SERVLET_MAPPING javaee
- CONFIG.MISSING_JSF2_SECURITY_CONSTRAINT none
- CONFIG.MYBATIS_MAPPER_SQLI none
- CONFIG.SPRING_BOOT_SSL_DISABLED spring_boot_certificate_validation_skipped
- CONFIG.SPRING_BOOT_SSL_DISABLED spring_boot_ssl_disabled
- CONFIG.SPRING_SECURITY_CSRF_PROTECTION_DISABLED spring_security
- CONFIG.SPRING_SECURITY_DEPRECATED_XSS_HEADER deprecated_xss_header
- CONFIG.SPRING_SECURITY_DISABLE_AUTH_TAGS none
- CONFIG.SPRING_SECURITY_HARDCODED_CREDENTIALS none
- CONFIG.SPRING_SECURITY_LOGIN_OVER_HTTP spring_security_login_over_http
- CONFIG.SPRING_SECURITY_REMEMBER_ME_HARDCODED_KEY none
- CONFIG.SPRING_SECURITY_SESSION_FIXATION none
- CONFIG.SPRING_SECURITY_SESSION_FIXATION spring_security_source_code
- CONFIG.SPRING_SECURITY_WEAK_PASSWORD_HASH weak_encoding_for_password
- CONFIG.STRUTS2_CONFIG_BROWSER_PLUGIN none
- CONFIG.STRUTS2_DYNAMIC_METHOD_INVOCATION none
- CONFIG.STRUTS2_ENABLED_DEV_MODE none
- CONFIG.UNSAFE_SESSION_TIMEOUT none
- CORS_MISCONFIGURATION cors_with_credentials_http_origin
- CORS_MISCONFIGURATION cors_with_credentials_null_origin
- CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
- CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
- CSRF database_update
- CSRF filesystem_modification
- CSRF none
- DISABLED_ENCRYPTION text_encryptor
- EL_INJECTION none
- FB.DMI_CONSTANT_DB_PASSWORD none
- FB.DMI_EMPTY_DB_PASSWORD none
- FB.HRS_REQUEST_PARAMETER_TO_COOKIE none
- FB.HRS_REQUEST_PARAMETER_TO_HTTP_HEADER none
- FB.PT_ABSOLUTE_PATH_TRAVERSAL none
- FB.PT_RELATIVE_PATH_TRAVERSAL none
- FB.SQL_NONCONSTANT_STRING_PASSED_TO_EXECUTE none
- FB.SQL_PREPARED_STATEMENT_GENERATED_FROM_NONCONSTANT_STRING none
- FB.XSS_REQUEST_PARAMETER_TO_JSP_WRITER none
- FB.XSS_REQUEST_PARAMETER_TO_SEND_ERROR none
- FB.XSS_REQUEST_PARAMETER_TO_SERVLET_WRITER none
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HEADER_INJECTION none
- IMPLICIT_INTENT none
- INSECURE_COMMUNICATION insecure_communication
- INSECURE_COMMUNICATION none
- INSECURE_COMMUNICATION unencrypted_connection
- INSECURE_COOKIE java
- INSECURE_HTTP_FIREWALL spring_security
- INSECURE_REMEMBER_ME_COOKIE remember_me_cookie
- INVALIDATE_ITERATOR map_put
- INVALIDATE_ITERATOR none
- JAVA_CODE_INJECTION none
- JCR_INJECTION none
- JSP_DYNAMIC_INCLUDE none
- JSP_SQL_INJECTION none
- LDAP_INJECTION none
- LDAP_NOT_CONSTANT none
- LOG_INJECTION none
- MISSING_AUTHZ none
- MISSING_HEADER_VALIDATION missing_header_validation
- MISSING_PERMISSION_FOR_BROADCAST none
- MISSING_PERMISSION_ON_EXPORTED_COMPONENT none
- NOSQL_QUERY_INJECTION none
- OGNL_INJECTION none
- OPEN_REDIRECT none
- OS_CMD_INJECTION command_as_array_of_args
- OS_CMD_INJECTION command_as_one_string
- OS_CMD_INJECTION none
- OVERFLOW_BEFORE_WIDEN none
- PATH_MANIPULATION none
- REGEX_INJECTION none
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_intent
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SESSION_FIXATION none
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- UNKNOWN_LANGUAGE_INJECTION none
- UNLOGGED_SECURITY_EXCEPTION unlogged_security_exception
- UNRESTRICTED_DISPATCH none
- UNSAFE_JNI none
- UNSAFE_NAMED_QUERY none
- UNSAFE_REFLECTION none
- URL_MANIPULATION bad_content_uri
- URL_MANIPULATION bad_intent_uri
- URL_MANIPULATION bad_web_uri
- WEAK_GUARD dns
- WEAK_GUARD dns_sensitive_op
- WEAK_GUARD http_referer
- WEAK_GUARD http_referer_sensitive_op
- WEAK_GUARD ip_address
- WEAK_GUARD ip_address_sensitive_op
- WEAK_GUARD none
- WEAK_GUARD os_login
- WEAK_GUARD os_login_sensitive_op
- WEAK_GUARD principal_name
- WEAK_GUARD principal_name_sensitive_op
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
- XML_INJECTION none
- XPATH_INJECTION none
- XSS none
- XSS stored_xss
|
- ANGULAR_BYPASS_SECURITY none
- ANGULAR_ELEMENT_REFERENCE none
- ANGULAR_EXPRESSION_INJECTION none
- ANGULAR_SCE_DISABLED angular_sce_disabled
- AWS_SSL_DISABLED aws_ssl_disabled
- AWS_VALIDATION_DISABLED aws_credentials_validation
- AWS_VALIDATION_DISABLED aws_parameters_validation
- BAD_CERT_VERIFICATION bad_cert_verification
- BAD_CERT_VERIFICATION certificate_validation_disabled
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
- CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
- CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_intent_whitelist
- CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_navigation_whitelist
- CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_network_request_whitelist
- CONFIG.CSURF_IGNORE_METHODS csurf_ignore_methods
- CONFIG.HANA_XS_PREVENT_XSRF_DISABLED none
- CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
- CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
- CONFIG.MYSQL_SSL_VERIFY_DISABLED mysql_ssl_verify_disabled
- CONFIG.REQUEST_STRICTSSL_DISABLED request_strictssl_disabled
- CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
- CONFIG.UNSAFE_SESSION_TIMEOUT client_sessions_unsafe_session_timeout
- CONFIG.UNSAFE_SESSION_TIMEOUT connect_mongo_session_timeout_too_long
- CONFIG.UNSAFE_SESSION_TIMEOUT connect_redis_session_timeout_too_long
- CONFIG.UNSAFE_SESSION_TIMEOUT google_cloud_connect_datastore_unsafe_session_timeout
- COOKIE_INJECTION none
- CORS_MISCONFIGURATION cors_with_credentials_all_origin
- CORS_MISCONFIGURATION cors_with_credentials_http_origin
- CORS_MISCONFIGURATION cors_with_credentials_null_origin
- CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
- CORS_MISCONFIGURATION_AUDIT cors_headers_allowed
- CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
- CORS_MISCONFIGURATION_AUDIT cors_preflight_age_too_long
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_all_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_http_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_null_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
- CSRF database_update
- CSRF filesystem_modification
- CSRF none
- CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_cookie_name
- CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_no_validation
- CSRF_MISCONFIGURATION_HAPI_CRUMB insecure_cookie
- CSRF_MISCONFIGURATION_HAPI_CRUMB insufficient_token_entropy
- CSS_INJECTION none
- DOM_XSS none
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HEADER_INJECTION none
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_max_age
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_report_uri
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_set_if
- INSECURE_ACL insecure_acl
- INSECURE_COMMUNICATION insecure_connection
- INSECURE_COOKIE client_sessions_express_session
- INSECURE_COOKIE hapi_server_session
- INSECURE_SALT hardcoded
- INSUFFICIENT_LOGGING logging_obligation
- INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_aws
- INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_google
- JSONWEBTOKEN_UNTRUSTED_DECODE jwt_untrusted_decode
- LOCALSTORAGE_MANIPULATION none
- MISSING_AUTHZ none
- MULTER_MISCONFIGURATION multer_applied_globally
- MULTER_MISCONFIGURATION multer_custom_file_filter
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
- NOSQL_QUERY_INJECTION none
- OPEN_REDIRECT none
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- REACT_DANGEROUS_INNERHTML react_set_unsafe_html
- REGEX_INJECTION none
- REVERSE_TABNABBING react_target_blank
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO insecure_cipher
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SA.RISKY_CRYPTO ssl_protocol
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SESSIONSTORAGE_MANIPULATION none
- SQLI none
- SQLI nosink
- SQLI sink
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
- TEMPLATE_INJECTION none
- TEMPORARY_CREDENTIALS_DURATION temporary_credentials_duration
- UNCHECKED_ORIGIN none
- UNLESS_CASE_SENSITIVE_ROUTE_MATCHING express_unless_case_sensitive_route_matching
- URL_MANIPULATION none
- VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
- WEAK_URL_SANITIZATION hostname_regular_expression
- WEAK_URL_SANITIZATION regular_expression_anchor
- WEAK_URL_SANITIZATION url_substring
- XSS none
|
- ANDROID_CAPABILITY_LEAK none
- BAD_CERT_VERIFICATION bad_hostname_verifier
- BAD_CERT_VERIFICATION bad_revocation_check
- BAD_CERT_VERIFICATION bad_ssl_session
- BAD_CERT_VERIFICATION bad_trust_manager
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HEADER_INJECTION none
- IMPLICIT_INTENT none
- INSECURE_COMMUNICATION none
- MISSING_PERMISSION_FOR_BROADCAST none
- OS_CMD_INJECTION command_as_array_of_args
- OS_CMD_INJECTION command_as_one_string
- PATH_MANIPULATION none
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_intent
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- URL_MANIPULATION bad_content_uri
- URL_MANIPULATION bad_intent_uri
- URL_MANIPULATION bad_web_uri
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
|
- ARRAY_VS_SINGLETON none
- BAD_ALLOC_ARITHMETIC none
- BUFFER_SIZE fixed_size_dest
- BUFFER_SIZE likely_overflow
- BUFFER_SIZE no_null_terminator
- BUFFER_SIZE no_null_terminator_warn
- BUFFER_SIZE none
- BUFFER_SIZE overflow
- BUFFER_SIZE overlapping_buffer
- FORMAT_STRING_INJECTION none
- FORMAT_STRING_INJECTION paranoid
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HEADER_INJECTION none
- INCOMPATIBLE_CAST overrun
- INTEGER_OVERFLOW array_index_read
- INTEGER_OVERFLOW array_index_write
- INTEGER_OVERFLOW const_overflow
- INTEGER_OVERFLOW critical_argument
- INTEGER_OVERFLOW none
- INTEGER_OVERFLOW pointer_deref_read
- INTEGER_OVERFLOW pointer_deref_write
- INTEGER_OVERFLOW return_value_error
- INVALIDATE_ITERATOR none
- MISMATCHED_ITERATOR none
- MISMATCHED_ITERATOR splice_iterator_mismatch
- MISSING_ASSIGN none
- MISSING_ASSIGN uncalled
- MISSING_COPY none
- MISSING_COPY uncalled
- NEGATIVE_RETURNS array_index_read
- NEGATIVE_RETURNS array_index_write
- NEGATIVE_RETURNS loop_bound
- OS_CMD_INJECTION none
- OVERFLOW_BEFORE_WIDEN none
- OVERRUN illegal_address
- OVERRUN none
- OVERRUN read
- OVERRUN strlen
- OVERRUN write
- PATH_MANIPULATION none
- READLINK none
- REVERSE_NEGATIVE array_index_read
- REVERSE_NEGATIVE array_index_write
- REVERSE_NEGATIVE critical_argument
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SIZECHECK likely_overflow
- SIZECHECK no_null_terminator
- SQLI none
- STRING_NULL none
- STRING_OVERFLOW fixed_size_dest
- STRING_OVERFLOW likely_overflow
- STRING_OVERFLOW none
- STRING_SIZE none
- TAINTED_SCALAR allocation
- TAINTED_SCALAR array_index_read
- TAINTED_SCALAR array_index_write
- TAINTED_SCALAR critical_argument
- TAINTED_SCALAR divisor
- TAINTED_SCALAR loop_bound
- TAINTED_SCALAR none
- TAINTED_SCALAR pointer_deref_read
- TAINTED_SCALAR pointer_deref_write
- TAINTED_STRING none
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- URL_MANIPULATION none
- USER_POINTER none
- USE_AFTER_FREE deref_read_after_free
- USE_AFTER_FREE deref_write_after_free
- USE_AFTER_FREE double_free
- USE_AFTER_FREE none
- WEAK_GUARD dns
- WEAK_GUARD dns_sensitive_op
- WEAK_GUARD http_referer
- WEAK_GUARD http_referer_sensitive_op
- WEAK_GUARD ip_address
- WEAK_GUARD ip_address_sensitive_op
- WEAK_GUARD none
- WEAK_GUARD os_login
- WEAK_GUARD os_login_sensitive_op
- WEAK_GUARD principal_name
- WEAK_GUARD principal_name_sensitive_op
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
- WRAPPER_ESCAPE COM_deref_read_after_free
- WRAPPER_ESCAPE COM_deref_write_after_free
- WRAPPER_ESCAPE COM_use_after_free
- WRAPPER_ESCAPE deref_read_after_free
- WRAPPER_ESCAPE deref_write_after_free
- WRAPPER_ESCAPE none
- XPATH_INJECTION none
|
- CONFIG.SYMFONY_CSRF_PROTECTION_DISABLED none
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HEADER_INJECTION none
- MISSING_AUTHZ none
- NOSQL_QUERY_INJECTION none
- OPEN_REDIRECT none
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- SYMFONY_EL_INJECTION none
- UNSAFE_REFLECTION none
- XSS none
|
- CSRF database_update
- CSRF none
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- MISSING_AUTHZ none
- NOSQL_QUERY_INJECTION none
- OPEN_REDIRECT none
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- XSS none
|
- BAD_CERT_VERIFICATION ssl_verification_bypass_hi
- BLACKLIST_FOR_AUTHN auth_blacklist_med
- BLACKLIST_FOR_AUTHN csrf_blacklist_med
- CSRF csrf_not_protected_by_raising_exception_med
- CSRF csrf_protection_disabled_hi
- CSRF csrf_protection_missing_hi
- CSRF cve_2011_0447_hi
- DYNAMIC_OBJECT_ATTRIBUTES cve_2013_0276_hi
- DYNAMIC_OBJECT_ATTRIBUTES dangerous_attr_accessible_hi
- DYNAMIC_OBJECT_ATTRIBUTES dangerous_attr_accessible_low
- DYNAMIC_OBJECT_ATTRIBUTES dangerous_attr_accessible_med
- DYNAMIC_OBJECT_ATTRIBUTES dangerous_permit_key_hi
- DYNAMIC_OBJECT_ATTRIBUTES dangerous_permit_key_med
- HARDCODED_CREDENTIALS secret_in_source_med
- INSECURE_COOKIE cookie_missing_secure_flag_low
- INSECURE_COOKIE missing_httponly_low
- INSECURE_DIRECT_OBJECT_REFERENCE unscoped_find_low
- OPEN_REDIRECT open_redirect_hi
- OPEN_REDIRECT open_redirect_low
- OS_CMD_INJECTION command_injection_hi
- OS_CMD_INJECTION command_injection_med
- PATH_MANIPULATION dynamic_render_path_hi
- PATH_MANIPULATION dynamic_render_path_low
- PATH_MANIPULATION dynamic_render_path_med
- PATH_MANIPULATION dynamic_render_path_rce_hi
- PATH_MANIPULATION file_access_hi
- PATH_MANIPULATION file_access_low
- PATH_MANIPULATION file_access_med
- RAILS_DEFAULT_ROUTES all_default_routes_hi
- RAILS_DEFAULT_ROUTES controller_default_routes_med
- RAILS_DEVISE_CONFIG devise_encryptor_hi
- RAILS_DEVISE_CONFIG devise_lock_strategy_low
- RAILS_DEVISE_CONFIG devise_password_length_max_low
- RAILS_DEVISE_CONFIG devise_password_length_max_med
- RAILS_DEVISE_CONFIG devise_password_length_min_low
- RAILS_DEVISE_CONFIG devise_password_length_min_med
- RAILS_DEVISE_CONFIG devise_reset_timeout_hi
- RAILS_MISSING_FILTER_ACTION missing_action_filter_low
- REGEX_INJECTION regex_dos_hi
- REGEX_INJECTION regex_dos_low
- REGEX_INJECTION regex_dos_med
- REVERSE_TABNABBING reverse_tabnabbing_low
- RUBY_VULNERABLE_LIBRARY cve_2010_3933_hi
- RUBY_VULNERABLE_LIBRARY cve_2011_2929_hi
- RUBY_VULNERABLE_LIBRARY cve_2011_2930_med
- RUBY_VULNERABLE_LIBRARY cve_2011_2931_hi
- RUBY_VULNERABLE_LIBRARY cve_2011_2932_hi
- RUBY_VULNERABLE_LIBRARY cve_2011_3186_med
- RUBY_VULNERABLE_LIBRARY cve_2012_2660_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_2661_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_2695_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_3463_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_3465_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_5664_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_0155_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_1855_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_1857_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_4491_med
- RUBY_VULNERABLE_LIBRARY cve_2013_6416_call_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_6416_med
- RUBY_VULNERABLE_LIBRARY cve_2013_6417_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_0080_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_0081_call_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_0081_med
- RUBY_VULNERABLE_LIBRARY cve_2014_3482_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_3483_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_low
- RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_med
- RUBY_VULNERABLE_LIBRARY cve_2014_3514_med
- RUBY_VULNERABLE_LIBRARY cve_2014_7829_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_3226_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_3226_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7576_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_7577_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7578_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_7578_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7579_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_7579_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7580_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_7580_med
- RUBY_VULNERABLE_LIBRARY cve_2016_6317_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_3741_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_3741_med
- RUBY_VULNERABLE_LIBRARY cve_2018_3760_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_3760_low
- RUBY_VULNERABLE_LIBRARY cve_2018_8048_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_8048_med
- RUBY_VULNERABLE_LIBRARY safe_buffer_vuln_med
- RUBY_VULNERABLE_LIBRARY select_options_vuln_low
- RUBY_VULNERABLE_LIBRARY select_options_vuln_med
- RUBY_VULNERABLE_LIBRARY translate_vuln_hi
- RUBY_VULNERABLE_LIBRARY translate_vuln_med
- SCRIPT_CODE_INJECTION code_eval_hi
- SCRIPT_CODE_INJECTION code_eval_low
- SQLI sql_injection_calculate_hi
- SQLI sql_injection_calculate_low
- SQLI sql_injection_calculate_med
- SQLI sql_injection_connection_hi
- SQLI sql_injection_connection_low
- SQLI sql_injection_connection_med
- SQLI sql_injection_delete_hi
- SQLI sql_injection_delete_low
- SQLI sql_injection_delete_med
- SQLI sql_injection_dynamic_finder_med
- SQLI sql_injection_exists_hi
- SQLI sql_injection_find_by_hi
- SQLI sql_injection_find_hi
- SQLI sql_injection_find_low
- SQLI sql_injection_find_med
- SQLI sql_injection_from_hi
- SQLI sql_injection_from_low
- SQLI sql_injection_from_med
- SQLI sql_injection_group_low
- SQLI sql_injection_group_med
- SQLI sql_injection_having_low
- SQLI sql_injection_having_med
- SQLI sql_injection_hi
- SQLI sql_injection_interp_hi
- SQLI sql_injection_interp_low
- SQLI sql_injection_interp_med
- SQLI sql_injection_joins_hi
- SQLI sql_injection_joins_low
- SQLI sql_injection_joins_med
- SQLI sql_injection_limit_offset_hi
- SQLI sql_injection_limit_offset_low
- SQLI sql_injection_low
- SQLI sql_injection_med
- SQLI sql_injection_not_low
- SQLI sql_injection_order_hi
- SQLI sql_injection_order_low
- SQLI sql_injection_order_med
- SQLI sql_injection_pluck_hi
- SQLI sql_injection_pluck_low
- SQLI sql_injection_pluck_med
- SQLI sql_injection_reorder_hi
- SQLI sql_injection_reorder_low
- SQLI sql_injection_reorder_med
- SQLI sql_injection_select_hi
- SQLI sql_injection_select_med
- SQLI sql_injection_where_hi
- SQLI sql_injection_where_low
- SQLI sql_injection_where_med
- STRICT_TRANSPORT_SECURITY force_ssl_disabled_med
- UNESCAPED_HTML unescaped_output_low
- UNSAFE_BASIC_AUTH basic_auth_password_hi
- UNSAFE_BASIC_AUTH basic_auth_timing_attack_low
- UNSAFE_BASIC_AUTH basic_auth_usage_low
- UNSAFE_REFLECTION dangerous_send_hi
- UNSAFE_REFLECTION unsafe_constantize_hi
- UNSAFE_REFLECTION unsafe_constantize_med
- UNSAFE_SESSION_SETTING http_cookies_hi
- UNSAFE_SESSION_SETTING secure_cookies_hi
- UNSAFE_SESSION_SETTING session_secret_hi
- WEAK_PASSWORD_HASH weak_hash_digest_hi
- WEAK_PASSWORD_HASH weak_hash_digest_med
- WEAK_PASSWORD_HASH weak_hash_hmac_med
- XSS cross_site_scripting_hi
- XSS cross_site_scripting_inline_hi
- XSS cross_site_scripting_inline_med
- XSS cross_site_scripting_low
- XSS cross_site_scripting_med
- XSS cve_2011_0446_hi
- XSS cve_2012_3464_med
- XSS cve_2016_6316_hi
- XSS cve_2016_6316_med
- XSS unquoted_attribute_hi
- XSS unquoted_attribute_low
- XSS unquoted_attribute_med
- XSS xss_content_tag_hi
- XSS xss_content_tag_med
- XSS xss_link_to_hi
- XSS xss_link_to_href_hi
- XSS xss_link_to_href_low
- XSS xss_link_to_med
- XSS xss_to_json_hi
- XSS xss_to_json_med
|
- OVERFLOW_BEFORE_WIDEN none
|
- BAD_CERT_VERIFICATION bad_trust_manager
- BAD_CERT_VERIFICATION none
- CONFIG.ATS_INSECURE none
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- INSECURE_COMMUNICATION none
- INSECURE_MULTIPEER_CONNECTION none
- PATH_MANIPULATION none
- REGEX_INJECTION none
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- WEAK_BIOMETRIC_AUTH none
- XPATH_INJECTION none
|
- ANGULAR_BYPASS_SECURITY none
- ANGULAR_ELEMENT_REFERENCE none
- ANGULAR_EXPRESSION_INJECTION none
- ANGULAR_SCE_DISABLED angular_sce_disabled
- AWS_SSL_DISABLED aws_ssl_disabled
- AWS_VALIDATION_DISABLED aws_credentials_validation
- AWS_VALIDATION_DISABLED aws_parameters_validation
- BAD_CERT_VERIFICATION bad_cert_verification
- BAD_CERT_VERIFICATION certificate_validation_disabled
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
- CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
- CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_intent_whitelist
- CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_navigation_whitelist
- CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_network_request_whitelist
- CONFIG.CSURF_IGNORE_METHODS csurf_ignore_methods
- CONFIG.HANA_XS_PREVENT_XSRF_DISABLED none
- CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
- CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
- CONFIG.MYSQL_SSL_VERIFY_DISABLED mysql_ssl_verify_disabled
- CONFIG.REQUEST_STRICTSSL_DISABLED request_strictssl_disabled
- CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
- CONFIG.UNSAFE_SESSION_TIMEOUT client_sessions_unsafe_session_timeout
- CONFIG.UNSAFE_SESSION_TIMEOUT connect_mongo_session_timeout_too_long
- CONFIG.UNSAFE_SESSION_TIMEOUT connect_redis_session_timeout_too_long
- CONFIG.UNSAFE_SESSION_TIMEOUT google_cloud_connect_datastore_unsafe_session_timeout
- COOKIE_INJECTION none
- CORS_MISCONFIGURATION cors_with_credentials_all_origin
- CORS_MISCONFIGURATION cors_with_credentials_http_origin
- CORS_MISCONFIGURATION cors_with_credentials_null_origin
- CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
- CORS_MISCONFIGURATION_AUDIT cors_headers_allowed
- CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
- CORS_MISCONFIGURATION_AUDIT cors_preflight_age_too_long
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_all_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_http_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_null_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
- CSRF database_update
- CSRF filesystem_modification
- CSRF none
- CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_cookie_name
- CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_no_validation
- CSRF_MISCONFIGURATION_HAPI_CRUMB insecure_cookie
- CSRF_MISCONFIGURATION_HAPI_CRUMB insufficient_token_entropy
- CSS_INJECTION none
- DOM_XSS none
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HEADER_INJECTION none
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_max_age
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_report_uri
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_set_if
- INSECURE_ACL insecure_acl
- INSECURE_COMMUNICATION insecure_connection
- INSECURE_COOKIE client_sessions_express_session
- INSECURE_COOKIE hapi_server_session
- INSECURE_SALT hardcoded
- INSUFFICIENT_LOGGING logging_obligation
- INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_aws
- INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_google
- JSONWEBTOKEN_UNTRUSTED_DECODE jwt_untrusted_decode
- LOCALSTORAGE_MANIPULATION none
- MISSING_AUTHZ none
- MULTER_MISCONFIGURATION multer_applied_globally
- MULTER_MISCONFIGURATION multer_custom_file_filter
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
- NOSQL_QUERY_INJECTION none
- OPEN_REDIRECT none
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- REACT_DANGEROUS_INNERHTML react_set_unsafe_html
- REGEX_INJECTION none
- REVERSE_TABNABBING react_target_blank
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO insecure_cipher
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SA.RISKY_CRYPTO ssl_protocol
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SESSIONSTORAGE_MANIPULATION none
- SQLI none
- SQLI nosink
- SQLI sink
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
- TEMPLATE_INJECTION none
- TEMPORARY_CREDENTIALS_DURATION temporary_credentials_duration
- UNCHECKED_ORIGIN none
- UNLESS_CASE_SENSITIVE_ROUTE_MATCHING express_unless_case_sensitive_route_matching
- URL_MANIPULATION none
- VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
- WEAK_URL_SANITIZATION hostname_regular_expression
- WEAK_URL_SANITIZATION regular_expression_anchor
- WEAK_URL_SANITIZATION url_substring
- XSS none
|
- CSRF database_update
- CSRF filesystem_modification
- CSRF none
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HEADER_INJECTION none
- LDAP_INJECTION none
- LDAP_NOT_CONSTANT none
- LOG_INJECTION none
- MISSING_AUTHZ none
- OPEN_REDIRECT none
- OS_CMD_INJECTION command_argument
- OS_CMD_INJECTION executable_file
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- REGEX_INJECTION none
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
- UNLOGGED_SECURITY_EXCEPTION unlogged_security_exception
- UNRESTRICTED_DISPATCH none
- UNSAFE_NAMED_QUERY none
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
- XML_INJECTION none
- XPATH_INJECTION none
- XSS none
- XSS stored_xss
|
| 694 Use of Multiple Resources with Duplicate Identifier |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 695 Use of Low-Level Functionality |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 696 Incorrect Behavior Order |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 697 Incorrect Comparison |
|
- BAD_COMPARE string_lit_comparison
|
- BAD_COMPARE string_lit_comparison
|
|
- CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
- FB.EQ_ABSTRACT_SELF none
- FB.EQ_ALWAYS_FALSE none
- FB.EQ_ALWAYS_TRUE none
- FB.EQ_CHECK_FOR_OPERAND_NOT_COMPATIBLE_WITH_THIS none
- FB.EQ_COMPARETO_USE_OBJECT_EQUALS none
- FB.EQ_COMPARING_CLASS_NAMES none
- FB.EQ_DOESNT_OVERRIDE_EQUALS none
- FB.EQ_DONT_DEFINE_EQUALS_FOR_ENUM none
- FB.EQ_GETCLASS_AND_CLASS_CONSTANT none
- FB.EQ_OTHER_NO_OBJECT none
- FB.EQ_OTHER_USE_OBJECT none
- FB.EQ_OVERRIDING_EQUALS_NOT_SYMMETRIC none
- FB.EQ_SELF_NO_OBJECT none
- FB.EQ_SELF_USE_OBJECT none
- FB.EQ_UNUSUAL none
- FB.ES_COMPARING_PARAMETER_STRING_WITH_EQ none
- FB.ES_COMPARING_STRINGS_WITH_EQ none
- FB.RE_BAD_SYNTAX_FOR_REGULAR_EXPRESSION none
- FB.RE_CANT_USE_FILE_SEPARATOR_AS_REGULAR_EXPRESSION none
- FB.RE_POSSIBLE_UNINTENDED_PATTERN none
- HIBERNATE_BAD_HASHCODE bad_equals
- INSECURE_HTTP_FIREWALL spring_security
- INSECURE_REMEMBER_ME_COOKIE remember_me_cookie
- REGEX_CONFUSION none
|
- CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_intent_whitelist
- CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_navigation_whitelist
- CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_network_request_whitelist
- CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
- INSECURE_COOKIE client_sessions_express_session
- INSECURE_COOKIE hapi_server_session
- WEAK_URL_SANITIZATION hostname_regular_expression
- WEAK_URL_SANITIZATION regular_expression_anchor
|
|
- BAD_COMPARE string_lit_comparison
|
|
|
- BLACKLIST_FOR_AUTHN auth_blacklist_med
- BLACKLIST_FOR_AUTHN csrf_blacklist_med
- DYNAMIC_OBJECT_ATTRIBUTES dangerous_attr_accessible_hi
- DYNAMIC_OBJECT_ATTRIBUTES dangerous_attr_accessible_low
- DYNAMIC_OBJECT_ATTRIBUTES dangerous_attr_accessible_med
- DYNAMIC_OBJECT_ATTRIBUTES dangerous_permit_key_hi
- DYNAMIC_OBJECT_ATTRIBUTES dangerous_permit_key_med
- REGEX_MISSING_ANCHOR validation_regex_hi
|
|
|
- CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_intent_whitelist
- CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_navigation_whitelist
- CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_network_request_whitelist
- CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
- INSECURE_COOKIE client_sessions_express_session
- INSECURE_COOKIE hapi_server_session
- WEAK_URL_SANITIZATION hostname_regular_expression
- WEAK_URL_SANITIZATION regular_expression_anchor
|
|
| 698 Execution After Redirect (EAR) |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 699 Software Development |
- ASPNET_MVC_VERSION_HEADER none
- BAD_EQ referential
- BAD_EQ_TYPES none
- BAD_LOCK_OBJECT boxed_lock
- BAD_LOCK_OBJECT interned_string_lock
- BAD_LOCK_OBJECT none
- BAD_LOCK_OBJECT single_thread_lock
- BAD_LOCK_OBJECT unsafe_assign_to_locked_field
- CALL_SUPER none
- CONFIG.ASPNET_VERSION_HEADER none
- CONFIG.ASP_VIEWSTATE_MAC none
- CONFIG.CONNECTION_STRING_PASSWORD none
- CONFIG.COOKIES_MISSING_HTTPONLY none
- CONFIG.DEAD_AUTHORIZATION_RULE dead_allow_rule
- CONFIG.DEAD_AUTHORIZATION_RULE dead_deny_rule
- CONFIG.DYNAMIC_DATA_HTML_COMMENT none
- CONFIG.ENABLED_DEBUG_MODE none
- CONFIG.ENABLED_TRACE_MODE none
- CONFIG.MISSING_CUSTOM_ERROR_PAGE none
- CONSTANT_EXPRESSION_RESULT bit_and_with_zero
- CONSTANT_EXPRESSION_RESULT extra_high_bits
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT missing_parentheses
- CONSTANT_EXPRESSION_RESULT none
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT result_independent_of_operands
- CONSTANT_EXPRESSION_RESULT same_on_both_sides
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- CSRF database_update
- CSRF filesystem_modification
- CSRF none
- DEADCODE dead_case_in_switch
- DEADCODE dead_default_in_switch
- DEADCODE effectively_constant
- DEADCODE none
- DEADCODE redundant_test
- DIVIDE_BY_ZERO float_divisor
- DIVIDE_BY_ZERO none
- FORWARD_NULL deref_constant_null
- FORWARD_NULL deref_constant_zero
- FORWARD_NULL dynamic_cast
- FORWARD_NULL none
- FORWARD_NULL null_from_as
- FORWARD_NULL throws_on_null
- GUARDED_BY_VIOLATION none
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HEADER_INJECTION none
- IDENTICAL_BRANCHES case
- IDENTICAL_BRANCHES chain
- IDENTICAL_BRANCHES if
- IDENTICAL_BRANCHES ternary
- INFINITE_LOOP no_escape
- INFINITE_LOOP none
- INSECURE_COOKIE dotnet
- INSECURE_RANDOM insecure_random_used
- INSECURE_RANDOM insecure_random_value
- LDAP_INJECTION none
- LDAP_NOT_CONSTANT none
- LOCK_EVASION none
- LOCK_INVERSION none
- LOG_INJECTION none
- MISSING_AUTHZ none
- MISSING_RESTORE likely
- MISSING_RESTORE none
- MISSING_RESTORE possible
- MISSING_THROW none
- NESTING_INDENT_MISMATCH bad_indentation
- NESTING_INDENT_MISMATCH none
- NON_STATIC_GUARDING_STATIC none
- NOSQL_QUERY_INJECTION none
- NULL_RETURNS none
- NULL_RETURNS unimpl
- OPEN_REDIRECT none
- OS_CMD_INJECTION command_argument
- OS_CMD_INJECTION executable_file
- OS_CMD_INJECTION none
- OVERFLOW_BEFORE_WIDEN none
- PATH_MANIPULATION none
- REGEX_INJECTION none
- RESOURCE_LEAK channel
- RESOURCE_LEAK database
- RESOURCE_LEAK exceptional_path
- RESOURCE_LEAK none
- RESOURCE_LEAK socket
- RESOURCE_LEAK stream
- REVERSE_INULL none
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
- STRAY_SEMICOLON none
- SWAPPED_ARGUMENTS none
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- UNKNOWN_LANGUAGE_INJECTION none
- UNLOGGED_SECURITY_EXCEPTION unlogged_security_exception
- UNREACHABLE none
- UNRESTRICTED_DISPATCH none
- UNSAFE_DESERIALIZATION none
- UNSAFE_NAMED_QUERY none
- UNUSED_VALUE adjacent
- UNUSED_VALUE none
- USELESS_CALL none
- VOLATILE_ATOMICITY compare
- VOLATILE_ATOMICITY none
- VOLATILE_ATOMICITY semantic
- VOLATILE_ATOMICITY threshold
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
- XML_EXTERNAL_ENTITY entity_expansion
- XML_EXTERNAL_ENTITY external_entities
- XML_EXTERNAL_ENTITY unrestricted_dtds
- XML_INJECTION none
- XPATH_INJECTION none
- XSS none
- XSS stored_xss
|
- ALLOC_FREE_MISMATCH none
- ARRAY_VS_SINGLETON none
- ATOMICITY none
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK nested_memory_access
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK sensitive_data_comparison
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_execution_data_leak
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_uninitialized_use
- AUTOSAR C++14 A15-3-3 none
- AUTOSAR C++14 M0-1-1 none
- BAD_ALLOC_ARITHMETIC none
- BAD_ALLOC_STRLEN none
- BAD_COMPARE comparator_misuse
- BAD_COMPARE misuse_of_not
- BAD_COMPARE none
- BAD_COMPARE string_lit_comparison
- BAD_FREE address
- BAD_FREE alloca
- BAD_FREE array
- BAD_FREE first_field_address
- BAD_FREE function_pointer
- BAD_FREE none
- BAD_SIZEOF none
- BAD_SIZEOF sizeof_ptr_expr
- BUFFER_SIZE fixed_size_dest
- BUFFER_SIZE likely_overflow
- BUFFER_SIZE no_null_terminator
- BUFFER_SIZE no_null_terminator_warn
- BUFFER_SIZE none
- BUFFER_SIZE overflow
- BUFFER_SIZE overlapping_buffer
- CHAR_IO none
- CHECKED_RETURN library_function
- CHECKED_RETURN none
- CHECKED_RETURN returns_error_info
- CHECKED_RETURN short_read
- CHECKED_RETURN unchecked_arg
- CHECKED_RETURN user_required
- CHROOT none
- COM.ADDROF_LEAK none
- COM.BAD_FREE none
- COM.BSTR.ALLOC double_free
- COM.BSTR.ALLOC free_uninit
- COM.BSTR.ALLOC leak
- COM.BSTR.ALLOC none
- COM.BSTR.ALLOC use_after_free
- COM.BSTR.ALLOC use_uninit
- COM.BSTR.CONV none
- CONSTANT_EXPRESSION_RESULT bit_and_with_zero
- CONSTANT_EXPRESSION_RESULT extra_high_bits
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT missing_parentheses
- CONSTANT_EXPRESSION_RESULT none
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT pointless_string_compare
- CONSTANT_EXPRESSION_RESULT result_independent_of_operands
- CONSTANT_EXPRESSION_RESULT same_on_both_sides
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- CTOR_DTOR_LEAK none
- DC.PREDICTABLE_KEY_PASSWORD none
- DC.STREAM_BUFFER none
- DC.STRING_BUFFER none
- DC.WEAK_CRYPTO none
- DEADCODE dead_case_in_switch
- DEADCODE dead_default_in_switch
- DEADCODE effectively_constant
- DEADCODE none
- DEADCODE redundant_test
- DELETE_ARRAY non_array_delete
- DELETE_ARRAY none
- DELETE_ARRAY object
- DELETE_ARRAY scalar
- DELETE_VOID none
- DIVIDE_BY_ZERO float_divisor
- DIVIDE_BY_ZERO none
- EVALUATION_ORDER none
- FLOATING_POINT_EQUALITY none
- FORMAT_STRING_INJECTION none
- FORMAT_STRING_INJECTION paranoid
- FORWARD_NULL deref_constant_null
- FORWARD_NULL dynamic_cast
- FORWARD_NULL none
- FORWARD_NULL throws_on_null
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HEADER_INJECTION none
- IDENTICAL_BRANCHES case
- IDENTICAL_BRANCHES chain
- IDENTICAL_BRANCHES if
- IDENTICAL_BRANCHES ternary
- INCOMPATIBLE_CAST endianness
- INCOMPATIBLE_CAST float_vs_integral
- INCOMPATIBLE_CAST none
- INCOMPATIBLE_CAST overrun
- INFINITE_LOOP no_escape
- INFINITE_LOOP none
- INTEGER_OVERFLOW array_index_read
- INTEGER_OVERFLOW array_index_write
- INTEGER_OVERFLOW const_overflow
- INTEGER_OVERFLOW critical_argument
- INTEGER_OVERFLOW none
- INTEGER_OVERFLOW pointer_deref_read
- INTEGER_OVERFLOW pointer_deref_write
- INTEGER_OVERFLOW return_value_error
- INVALIDATE_ITERATOR none
- LOCK double_lock
- LOCK lock_assert
- LOCK missing_unlock
- LOCK none
- MISMATCHED_ITERATOR none
- MISMATCHED_ITERATOR splice_iterator_mismatch
- MISRA C++-2008 Rule 0-1-1 none
- MISRA C++-2008 Rule 15-3-2 none
- MISRA C-2004 Rule 8.7 none
- MISRA_CAST bitwise_op_bad_cast
- MISRA_CAST bitwise_op_no_cast
- MISRA_CAST float_complex_conversion
- MISRA_CAST float_narrowing_conversion
- MISRA_CAST float_non_constant_arg_conversion
- MISRA_CAST float_non_constant_conversion
- MISRA_CAST float_non_constant_rtn_conversion
- MISRA_CAST float_to_integer_cast
- MISRA_CAST float_to_integer_conversion
- MISRA_CAST float_widening_cast
- MISRA_CAST integer_complex_conversion
- MISRA_CAST integer_narrowing_conversion
- MISRA_CAST integer_non_constant_arg_conversion
- MISRA_CAST integer_non_constant_conversion
- MISRA_CAST integer_non_constant_rtn_conversion
- MISRA_CAST integer_signedness_changing_cast
- MISRA_CAST integer_signedness_changing_conversion
- MISRA_CAST integer_to_float_cast
- MISRA_CAST integer_to_float_conversion
- MISRA_CAST integer_widening_cast
- MISRA_CAST none
- MISSING_ASSIGN none
- MISSING_ASSIGN uncalled
- MISSING_BREAK none
- MISSING_COPY none
- MISSING_COPY uncalled
- MISSING_LOCK none
- MISSING_RESTORE likely
- MISSING_RESTORE none
- MISSING_RESTORE possible
- NEGATIVE_RETURNS array_index_read
- NEGATIVE_RETURNS array_index_write
- NEGATIVE_RETURNS critical_argument
- NEGATIVE_RETURNS loop_bound
- NEGATIVE_RETURNS none
- NESTING_INDENT_MISMATCH bad_indentation
- NESTING_INDENT_MISMATCH none
- NO_EFFECT bad_memset_fill_value
- NO_EFFECT bad_memset_truncated_fill
- NO_EFFECT bad_memset_zero_size
- NO_EFFECT extra_comma
- NO_EFFECT incomplete_delete
- NO_EFFECT no_effect_deref
- NO_EFFECT no_effect_test
- NO_EFFECT self_assign
- NO_EFFECT unsigned_compare
- NO_EFFECT unsigned_compare_macros
- NO_EFFECT unsigned_enums
- NO_EFFECT useless_continue
- NULL_RETURNS none
- NULL_RETURNS unimpl
- OPEN_ARGS none
- ORDER_REVERSAL none
- OS_CMD_INJECTION none
- OVERFLOW_BEFORE_WIDEN none
- OVERRUN illegal_address
- OVERRUN none
- OVERRUN read
- OVERRUN strlen
- OVERRUN write
- PATH_MANIPULATION none
- PRINTF_ARGS extra_printf_arg
- PRINTF_ARGS invalid_printf_format_string
- PRINTF_ARGS invalid_type_printf_arg
- PRINTF_ARGS missing_printf_arg
- PW.ASSIGN_WHERE_COMPARE_MEANT none
- PW.BAD_CAST none
- PW.BAD_PRINTF_FORMAT_STRING none
- PW.BRANCH_PAST_INITIALIZATION none
- PW.CONVERSION_TO_POINTER_LOSES_BITS none
- PW.DIVIDE_BY_ZERO none
- PW.INTEGER_OVERFLOW none
- PW.INTEGER_TOO_LARGE none
- PW.NON_CONST_PRINTF_FORMAT_STRING none
- PW.RETURN_PTR_TO_LOCAL_TEMP none
- PW.SHIFT_COUNT_TOO_LARGE none
- PW.TOO_FEW_PRINTF_ARGS none
- PW.TOO_MANY_PRINTF_ARGS none
- PW.UNSIGNED_COMPARE_WITH_NEGATIVE none
- READLINK none
- RESOURCE_LEAK exceptional_path
- RESOURCE_LEAK fds_handles
- RESOURCE_LEAK none
- RETURN_LOCAL escape_local_addr_to_fields_or_globals
- RETURN_LOCAL none
- REVERSE_INULL none
- REVERSE_NEGATIVE array_index_read
- REVERSE_NEGATIVE array_index_write
- REVERSE_NEGATIVE critical_argument
- REVERSE_NEGATIVE none
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SECURE_CODING none
- SECURE_TEMP none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SIGN_EXTENSION none
- SIZECHECK ampersand_in_size
- SIZECHECK improper_new
- SIZECHECK incorrect_multiplication
- SIZECHECK likely_overflow
- SIZECHECK no_null_terminator
- SIZECHECK none
- SIZEOF_MISMATCH extra_sizeof
- SIZEOF_MISMATCH missing_parentheses
- SIZEOF_MISMATCH none
- SIZEOF_MISMATCH sizeof_punning
- SIZEOF_MISMATCH wrong_size_value
- SIZEOF_MISMATCH wrong_sizeof
- SLEEP none
- SQLI none
- STACK_USE none
- STRAY_SEMICOLON none
- STRING_NULL none
- STRING_OVERFLOW fixed_size_dest
- STRING_OVERFLOW likely_overflow
- STRING_OVERFLOW none
- STRING_SIZE none
- SWAPPED_ARGUMENTS none
- TAINTED_SCALAR allocation
- TAINTED_SCALAR array_index_read
- TAINTED_SCALAR array_index_write
- TAINTED_SCALAR critical_argument
- TAINTED_SCALAR divisor
- TAINTED_SCALAR loop_bound
- TAINTED_SCALAR none
- TAINTED_SCALAR pointer_deref_read
- TAINTED_SCALAR pointer_deref_write
- TAINTED_STRING none
- TOCTOU none
- UNCAUGHT_EXCEPT none
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- UNINIT array_index_read
- UNINIT array_index_write
- UNINIT none
- UNINIT pointer_deref_read
- UNINIT pointer_deref_write
- UNINIT_CTOR none
- UNINIT_CTOR pointer
- UNREACHABLE none
- UNUSED_VALUE adjacent
- UNUSED_VALUE none
- URL_MANIPULATION none
- USELESS_CALL none
- USER_POINTER none
- USE_AFTER_FREE deref_read_after_free
- USE_AFTER_FREE deref_write_after_free
- USE_AFTER_FREE double_close
- USE_AFTER_FREE double_free
- USE_AFTER_FREE none
- USE_AFTER_FREE use_after_close
- VARARGS none
- VIRTUAL_DTOR empty_dtor
- VIRTUAL_DTOR none
- WEAK_GUARD dns
- WEAK_GUARD dns_sensitive_op
- WEAK_GUARD http_referer
- WEAK_GUARD http_referer_sensitive_op
- WEAK_GUARD ip_address
- WEAK_GUARD ip_address_sensitive_op
- WEAK_GUARD none
- WEAK_GUARD os_login
- WEAK_GUARD os_login_sensitive_op
- WEAK_GUARD principal_name
- WEAK_GUARD principal_name_sensitive_op
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
- WRAPPER_ESCAPE COM_deref_read_after_free
- WRAPPER_ESCAPE COM_deref_write_after_free
- WRAPPER_ESCAPE COM_use_after_free
- WRAPPER_ESCAPE deref_read_after_free
- WRAPPER_ESCAPE deref_write_after_free
- WRAPPER_ESCAPE none
- XPATH_INJECTION none
- Y2K38_SAFETY declaration_with_small_time_t
- Y2K38_SAFETY truncation_of_time_t
|
- ALLOC_FREE_MISMATCH none
- ARRAY_VS_SINGLETON none
- ATOMICITY none
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK nested_memory_access
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK sensitive_data_comparison
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_execution_data_leak
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_uninitialized_use
- AUTOSAR C++14 A15-3-3 none
- AUTOSAR C++14 M0-1-1 none
- BAD_ALLOC_ARITHMETIC none
- BAD_ALLOC_STRLEN none
- BAD_COMPARE comparator_misuse
- BAD_COMPARE misuse_of_not
- BAD_COMPARE none
- BAD_COMPARE string_lit_comparison
- BAD_FREE address
- BAD_FREE alloca
- BAD_FREE array
- BAD_FREE first_field_address
- BAD_FREE function_pointer
- BAD_FREE none
- BAD_SIZEOF none
- BAD_SIZEOF sizeof_ptr_expr
- BUFFER_SIZE fixed_size_dest
- BUFFER_SIZE likely_overflow
- BUFFER_SIZE no_null_terminator
- BUFFER_SIZE no_null_terminator_warn
- BUFFER_SIZE none
- BUFFER_SIZE overflow
- BUFFER_SIZE overlapping_buffer
- CHAR_IO none
- CHECKED_RETURN library_function
- CHECKED_RETURN none
- CHECKED_RETURN returns_error_info
- CHECKED_RETURN short_read
- CHECKED_RETURN unchecked_arg
- CHECKED_RETURN user_required
- CHROOT none
- CONSTANT_EXPRESSION_RESULT bit_and_with_zero
- CONSTANT_EXPRESSION_RESULT extra_high_bits
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT missing_parentheses
- CONSTANT_EXPRESSION_RESULT none
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT pointless_string_compare
- CONSTANT_EXPRESSION_RESULT result_independent_of_operands
- CONSTANT_EXPRESSION_RESULT same_on_both_sides
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- CTOR_DTOR_LEAK none
- DC.PREDICTABLE_KEY_PASSWORD none
- DC.STREAM_BUFFER none
- DC.STRING_BUFFER none
- DC.WEAK_CRYPTO none
- DEADCODE dead_case_in_switch
- DEADCODE dead_default_in_switch
- DEADCODE effectively_constant
- DEADCODE none
- DEADCODE redundant_test
- DELETE_ARRAY non_array_delete
- DELETE_ARRAY none
- DELETE_ARRAY object
- DELETE_ARRAY scalar
- DELETE_VOID none
- DIVIDE_BY_ZERO float_divisor
- DIVIDE_BY_ZERO none
- EVALUATION_ORDER none
- FORMAT_STRING_INJECTION none
- FORMAT_STRING_INJECTION paranoid
- FORWARD_NULL deref_constant_null
- FORWARD_NULL dynamic_cast
- FORWARD_NULL none
- FORWARD_NULL throws_on_null
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HEADER_INJECTION none
- IDENTICAL_BRANCHES case
- IDENTICAL_BRANCHES chain
- IDENTICAL_BRANCHES if
- IDENTICAL_BRANCHES ternary
- INCOMPATIBLE_CAST endianness
- INCOMPATIBLE_CAST float_vs_integral
- INCOMPATIBLE_CAST none
- INCOMPATIBLE_CAST overrun
- INFINITE_LOOP no_escape
- INFINITE_LOOP none
- INTEGER_OVERFLOW array_index_read
- INTEGER_OVERFLOW array_index_write
- INTEGER_OVERFLOW const_overflow
- INTEGER_OVERFLOW critical_argument
- INTEGER_OVERFLOW none
- INTEGER_OVERFLOW pointer_deref_read
- INTEGER_OVERFLOW pointer_deref_write
- INTEGER_OVERFLOW return_value_error
- INVALIDATE_ITERATOR none
- LOCK double_lock
- LOCK lock_assert
- LOCK missing_unlock
- LOCK none
- MISMATCHED_ITERATOR none
- MISMATCHED_ITERATOR splice_iterator_mismatch
- MISRA C++-2008 Rule 0-1-1 none
- MISRA C++-2008 Rule 15-3-2 none
- MISRA C-2004 Rule 8.7 none
- MISRA_CAST bitwise_op_bad_cast
- MISRA_CAST bitwise_op_no_cast
- MISRA_CAST float_complex_conversion
- MISRA_CAST float_narrowing_conversion
- MISRA_CAST float_non_constant_arg_conversion
- MISRA_CAST float_non_constant_conversion
- MISRA_CAST float_non_constant_rtn_conversion
- MISRA_CAST float_to_integer_cast
- MISRA_CAST float_to_integer_conversion
- MISRA_CAST float_widening_cast
- MISRA_CAST integer_complex_conversion
- MISRA_CAST integer_narrowing_conversion
- MISRA_CAST integer_non_constant_arg_conversion
- MISRA_CAST integer_non_constant_conversion
- MISRA_CAST integer_non_constant_rtn_conversion
- MISRA_CAST integer_signedness_changing_cast
- MISRA_CAST integer_signedness_changing_conversion
- MISRA_CAST integer_to_float_cast
- MISRA_CAST integer_to_float_conversion
- MISRA_CAST integer_widening_cast
- MISRA_CAST none
- MISSING_ASSIGN none
- MISSING_ASSIGN uncalled
- MISSING_BREAK none
- MISSING_COPY none
- MISSING_COPY uncalled
- MISSING_LOCK none
- MISSING_RESTORE likely
- MISSING_RESTORE none
- MISSING_RESTORE possible
- NEGATIVE_RETURNS array_index_read
- NEGATIVE_RETURNS array_index_write
- NEGATIVE_RETURNS critical_argument
- NEGATIVE_RETURNS loop_bound
- NEGATIVE_RETURNS none
- NESTING_INDENT_MISMATCH bad_indentation
- NESTING_INDENT_MISMATCH none
- NO_EFFECT bad_memset_fill_value
- NO_EFFECT bad_memset_truncated_fill
- NO_EFFECT bad_memset_zero_size
- NO_EFFECT extra_comma
- NO_EFFECT incomplete_delete
- NO_EFFECT no_effect_deref
- NO_EFFECT no_effect_test
- NO_EFFECT self_assign
- NO_EFFECT unsigned_compare
- NO_EFFECT unsigned_compare_macros
- NO_EFFECT unsigned_enums
- NO_EFFECT useless_continue
- NULL_RETURNS none
- NULL_RETURNS unimpl
- OPEN_ARGS none
- ORDER_REVERSAL none
- OS_CMD_INJECTION none
- OVERFLOW_BEFORE_WIDEN none
- OVERRUN illegal_address
- OVERRUN none
- OVERRUN read
- OVERRUN strlen
- OVERRUN write
- PATH_MANIPULATION none
- PRINTF_ARGS extra_printf_arg
- PRINTF_ARGS invalid_printf_format_string
- PRINTF_ARGS invalid_type_printf_arg
- PRINTF_ARGS missing_printf_arg
- PW.ASSIGN_WHERE_COMPARE_MEANT none
- PW.BAD_CAST none
- PW.BAD_PRINTF_FORMAT_STRING none
- PW.BRANCH_PAST_INITIALIZATION none
- PW.CONVERSION_TO_POINTER_LOSES_BITS none
- PW.DIVIDE_BY_ZERO none
- PW.INTEGER_OVERFLOW none
- PW.INTEGER_TOO_LARGE none
- PW.NON_CONST_PRINTF_FORMAT_STRING none
- PW.RETURN_PTR_TO_LOCAL_TEMP none
- PW.SHIFT_COUNT_TOO_LARGE none
- PW.TOO_FEW_PRINTF_ARGS none
- PW.TOO_MANY_PRINTF_ARGS none
- PW.UNSIGNED_COMPARE_WITH_NEGATIVE none
- READLINK none
- RESOURCE_LEAK exceptional_path
- RESOURCE_LEAK fds_handles
- RESOURCE_LEAK none
- RETURN_LOCAL escape_local_addr_to_fields_or_globals
- RETURN_LOCAL none
- REVERSE_INULL none
- REVERSE_NEGATIVE array_index_read
- REVERSE_NEGATIVE array_index_write
- REVERSE_NEGATIVE critical_argument
- REVERSE_NEGATIVE none
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SECURE_CODING none
- SECURE_TEMP none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SIGN_EXTENSION none
- SIZECHECK ampersand_in_size
- SIZECHECK improper_new
- SIZECHECK incorrect_multiplication
- SIZECHECK likely_overflow
- SIZECHECK no_null_terminator
- SIZECHECK none
- SIZEOF_MISMATCH extra_sizeof
- SIZEOF_MISMATCH missing_parentheses
- SIZEOF_MISMATCH none
- SIZEOF_MISMATCH sizeof_punning
- SIZEOF_MISMATCH wrong_size_value
- SIZEOF_MISMATCH wrong_sizeof
- SLEEP none
- SQLI none
- STACK_USE none
- STRAY_SEMICOLON none
- STRING_NULL none
- STRING_OVERFLOW fixed_size_dest
- STRING_OVERFLOW likely_overflow
- STRING_OVERFLOW none
- STRING_SIZE none
- SWAPPED_ARGUMENTS none
- TAINTED_SCALAR allocation
- TAINTED_SCALAR array_index_read
- TAINTED_SCALAR array_index_write
- TAINTED_SCALAR critical_argument
- TAINTED_SCALAR divisor
- TAINTED_SCALAR loop_bound
- TAINTED_SCALAR none
- TAINTED_SCALAR pointer_deref_read
- TAINTED_SCALAR pointer_deref_write
- TAINTED_STRING none
- TOCTOU none
- UNCAUGHT_EXCEPT none
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- UNINIT array_index_read
- UNINIT array_index_write
- UNINIT none
- UNINIT pointer_deref_read
- UNINIT pointer_deref_write
- UNINIT_CTOR none
- UNINIT_CTOR pointer
- UNREACHABLE none
- UNUSED_VALUE adjacent
- UNUSED_VALUE none
- URL_MANIPULATION none
- USELESS_CALL none
- USER_POINTER none
- USE_AFTER_FREE deref_read_after_free
- USE_AFTER_FREE deref_write_after_free
- USE_AFTER_FREE double_close
- USE_AFTER_FREE double_free
- USE_AFTER_FREE none
- USE_AFTER_FREE use_after_close
- VARARGS none
- VIRTUAL_DTOR empty_dtor
- VIRTUAL_DTOR none
- WEAK_GUARD dns
- WEAK_GUARD dns_sensitive_op
- WEAK_GUARD http_referer
- WEAK_GUARD http_referer_sensitive_op
- WEAK_GUARD ip_address
- WEAK_GUARD ip_address_sensitive_op
- WEAK_GUARD none
- WEAK_GUARD os_login
- WEAK_GUARD os_login_sensitive_op
- WEAK_GUARD principal_name
- WEAK_GUARD principal_name_sensitive_op
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
- WRAPPER_ESCAPE COM_deref_read_after_free
- WRAPPER_ESCAPE COM_deref_write_after_free
- WRAPPER_ESCAPE COM_use_after_free
- WRAPPER_ESCAPE deref_read_after_free
- WRAPPER_ESCAPE deref_write_after_free
- WRAPPER_ESCAPE none
- XPATH_INJECTION none
|
- ATOMICITY none
- CHECKED_RETURN none
- CHECKED_RETURN unchecked_arg
- CONSTANT_EXPRESSION_RESULT bit_and_with_zero
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT missing_parentheses
- CONSTANT_EXPRESSION_RESULT none
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT result_independent_of_operands
- CONSTANT_EXPRESSION_RESULT same_on_both_sides
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- DEADCODE dead_case_in_switch
- DEADCODE dead_default_in_switch
- DEADCODE effectively_constant
- DEADCODE none
- DEADCODE redundant_test
- DISTRUSTED_DATA_DESERIALIZATION none
- DIVIDE_BY_ZERO float_divisor
- DIVIDE_BY_ZERO none
- FORWARD_NULL deref_constant_null
- FORWARD_NULL none
- GUARDED_BY_VIOLATION none
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HEADER_INJECTION none
- IDENTICAL_BRANCHES case
- IDENTICAL_BRANCHES chain
- IDENTICAL_BRANCHES if
- IDENTICAL_BRANCHES ternary
- INFINITE_LOOP no_escape
- INFINITE_LOOP none
- INSUFFICIENT_LOGGING logging_obligation
- LOCK double_lock
- LOCK lock_assert
- LOCK missing_unlock
- LOCK none
- LOCK_INVERSION none
- NOSQL_QUERY_INJECTION none
- NULL_RETURNS none
- NULL_RETURNS unimpl
- OPEN_REDIRECT none
- OS_CMD_INJECTION command_as_one_string
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- REVERSE_INULL none
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SLEEP none
- SQLI none
- SQLI nosink
- SQLI sink
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
- TEMPLATE_INJECTION none
- UNUSED_VALUE adjacent
- UNUSED_VALUE none
- URL_MANIPULATION none
- XML_EXTERNAL_ENTITY entity_expansion
- XML_EXTERNAL_ENTITY external_entities
- XSS none
|
- ANDROID_CAPABILITY_LEAK none
- ANDROID_DEBUG_MODE none
- ANDROID_WEBVIEW_FILEACCESS android_webview_file_access
- ATOMICITY none
- ATTRIBUTE_NAME_CONFLICT jsp_tag
- BAD_CERT_VERIFICATION bad_hostname_verifier
- BAD_CERT_VERIFICATION bad_revocation_check
- BAD_CERT_VERIFICATION bad_ssl_session
- BAD_CERT_VERIFICATION bad_trust_manager
- BAD_LOCK_OBJECT boxed_lock
- BAD_LOCK_OBJECT interned_string_lock
- BAD_LOCK_OBJECT none
- BAD_LOCK_OBJECT single_thread_lock
- BAD_LOCK_OBJECT unsafe_assign_to_locked_field
- CALL_SUPER clone
- CALL_SUPER finalize
- CALL_SUPER none
- CHECKED_RETURN library_function
- CHECKED_RETURN none
- CHECKED_RETURN short_read
- CHECKED_RETURN user_required
- CONFIG.ANDROID_BACKUPS_ALLOWED android
- CONFIG.DUPLICATE_SERVLET_DEFINITION none
- CONFIG.DWR_DEBUG_MODE none
- CONFIG.DYNAMIC_DATA_HTML_COMMENT none
- CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
- CONFIG.HTTP_VERB_TAMPERING none
- CONFIG.JAVAEE_MISSING_HTTPONLY none
- CONFIG.JAVAEE_MISSING_SERVLET_MAPPING javaee
- CONFIG.MISSING_GLOBAL_EXCEPTION_HANDLER none
- CONFIG.MISSING_JSF2_SECURITY_CONSTRAINT none
- CONFIG.MYBATIS_MAPPER_SQLI none
- CONFIG.SPRING_BOOT_SENSITIVE_LOGGING spring_boot_logging
- CONFIG.SPRING_BOOT_SSL_DISABLED spring_boot_certificate_validation_skipped
- CONFIG.SPRING_BOOT_SSL_DISABLED spring_boot_ssl_disabled
- CONFIG.SPRING_SECURITY_CSRF_PROTECTION_DISABLED spring_security
- CONFIG.SPRING_SECURITY_DEBUG_MODE spring_debug_mode_enabled
- CONFIG.SPRING_SECURITY_DEPRECATED_XSS_HEADER deprecated_xss_header
- CONFIG.SPRING_SECURITY_DISABLE_AUTH_TAGS none
- CONFIG.SPRING_SECURITY_EXPOSED_SESSIONID session_id_in_url
- CONFIG.SPRING_SECURITY_HARDCODED_CREDENTIALS none
- CONFIG.SPRING_SECURITY_LOGIN_OVER_HTTP spring_security_login_over_http
- CONFIG.SPRING_SECURITY_REMEMBER_ME_HARDCODED_KEY none
- CONFIG.SPRING_SECURITY_SESSION_FIXATION none
- CONFIG.SPRING_SECURITY_SESSION_FIXATION spring_security_source_code
- CONFIG.SPRING_SECURITY_UNSAFE_AUTHENTICATION_FILTER authentication_filter
- CONFIG.SPRING_SECURITY_WEAK_PASSWORD_HASH weak_encoding_for_password
- CONFIG.STRUTS2_CONFIG_BROWSER_PLUGIN none
- CONFIG.STRUTS2_DYNAMIC_METHOD_INVOCATION none
- CONFIG.STRUTS2_ENABLED_DEV_MODE none
- CONFIG.UNSAFE_SESSION_TIMEOUT none
- CONSTANT_EXPRESSION_RESULT bit_and_with_zero
- CONSTANT_EXPRESSION_RESULT extra_high_bits
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT missing_parentheses
- CONSTANT_EXPRESSION_RESULT none
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT result_independent_of_operands
- CONSTANT_EXPRESSION_RESULT same_on_both_sides
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- CORS_MISCONFIGURATION cors_with_credentials_http_origin
- CORS_MISCONFIGURATION cors_with_credentials_null_origin
- CORS_MISCONFIGURATION_AUDIT cors_expose_sensitive_header
- CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
- CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
- CSRF database_update
- CSRF filesystem_modification
- CSRF none
- DC.DANGEROUS none
- DC.DEADLOCK none
- DEADCODE dead_case_in_switch
- DEADCODE dead_default_in_switch
- DEADCODE effectively_constant
- DEADCODE none
- DEADCODE redundant_test
- DISABLED_ENCRYPTION text_encryptor
- DIVIDE_BY_ZERO float_divisor
- DIVIDE_BY_ZERO none
- EL_INJECTION none
- EXPOSED_PREFERENCES none
- FB.BC_IMPOSSIBLE_CAST none
- FB.BC_IMPOSSIBLE_DOWNCAST none
- FB.BC_IMPOSSIBLE_DOWNCAST_OF_TOARRAY none
- FB.BC_IMPOSSIBLE_INSTANCEOF none
- FB.BC_NULL_INSTANCEOF none
- FB.BC_VACUOUS_INSTANCEOF none
- FB.BX_BOXING_IMMEDIATELY_UNBOXED_TO_PERFORM_COERCION none
- FB.CN_IDIOM none
- FB.CN_IDIOM_NO_SUPER_CALL none
- FB.CN_IMPLEMENTS_CLONE_BUT_NOT_CLONEABLE none
- FB.DC_DOUBLECHECK none
- FB.DC_PARTIALLY_CONSTRUCTED none
- FB.DE_MIGHT_DROP none
- FB.DE_MIGHT_IGNORE none
- FB.DLS_DEAD_LOCAL_INCREMENT_IN_RETURN none
- FB.DLS_DEAD_LOCAL_STORE none
- FB.DLS_DEAD_LOCAL_STORE_IN_RETURN none
- FB.DLS_DEAD_LOCAL_STORE_OF_NULL none
- FB.DLS_DEAD_LOCAL_STORE_SHADOWS_FIELD none
- FB.DLS_DEAD_STORE_OF_CLASS_LITERAL none
- FB.DLS_OVERWRITTEN_INCREMENT none
- FB.DMI_ANNOTATION_IS_NOT_VISIBLE_TO_REFLECTION none
- FB.DMI_ARGUMENTS_WRONG_ORDER none
- FB.DMI_BAD_MONTH none
- FB.DMI_BIGDECIMAL_CONSTRUCTED_FROM_DOUBLE none
- FB.DMI_BLOCKING_METHODS_ON_URL none
- FB.DMI_CALLING_NEXT_FROM_HASNEXT none
- FB.DMI_COLLECTIONS_SHOULD_NOT_CONTAIN_THEMSELVES none
- FB.DMI_COLLECTION_OF_URLS none
- FB.DMI_CONSTANT_DB_PASSWORD none
- FB.DMI_DOH none
- FB.DMI_EMPTY_DB_PASSWORD none
- FB.DMI_ENTRY_SETS_MAY_REUSE_ENTRY_OBJECTS none
- FB.DMI_FUTILE_ATTEMPT_TO_CHANGE_MAXPOOL_SIZE_OF_SCHEDULED_THREAD none
- FB.DMI_HARDCODED_ABSOLUTE_FILENAME none
- FB.DMI_INVOKING_HASHCODE_ON_ARRAY none
- FB.DMI_INVOKING_TOSTRING_ON_ANONYMOUS_ARRAY none
- FB.DMI_INVOKING_TOSTRING_ON_ARRAY none
- FB.DMI_LONG_BITS_TO_DOUBLE_INVOKED_ON_INT none
- FB.DMI_NONSERIALIZABLE_OBJECT_WRITTEN none
- FB.DMI_RANDOM_USED_ONLY_ONCE none
- FB.DMI_SCHEDULED_THREAD_POOL_EXECUTOR_WITH_ZERO_CORE_THREADS none
- FB.DMI_THREAD_PASSED_WHERE_RUNNABLE_EXPECTED none
- FB.DMI_UNSUPPORTED_METHOD none
- FB.DMI_USELESS_SUBSTRING none
- FB.DMI_USING_REMOVEALL_TO_CLEAR_COLLECTION none
- FB.DMI_VACUOUS_CALL_TO_EASYMOCK_METHOD none
- FB.DMI_VACUOUS_SELF_COLLECTION_CALL none
- FB.DM_EXIT none
- FB.EI_EXPOSE_REP none
- FB.EI_EXPOSE_REP2 none
- FB.EQ_ABSTRACT_SELF none
- FB.EQ_ALWAYS_FALSE none
- FB.EQ_ALWAYS_TRUE none
- FB.EQ_CHECK_FOR_OPERAND_NOT_COMPATIBLE_WITH_THIS none
- FB.EQ_COMPARETO_USE_OBJECT_EQUALS none
- FB.EQ_COMPARING_CLASS_NAMES none
- FB.EQ_DOESNT_OVERRIDE_EQUALS none
- FB.EQ_DONT_DEFINE_EQUALS_FOR_ENUM none
- FB.EQ_GETCLASS_AND_CLASS_CONSTANT none
- FB.EQ_OTHER_NO_OBJECT none
- FB.EQ_OTHER_USE_OBJECT none
- FB.EQ_OVERRIDING_EQUALS_NOT_SYMMETRIC none
- FB.EQ_SELF_NO_OBJECT none
- FB.EQ_SELF_USE_OBJECT none
- FB.EQ_UNUSUAL none
- FB.ESYNC_EMPTY_SYNC none
- FB.ES_COMPARING_PARAMETER_STRING_WITH_EQ none
- FB.ES_COMPARING_STRINGS_WITH_EQ none
- FB.FI_EMPTY none
- FB.FI_EXPLICIT_INVOCATION none
- FB.FI_FINALIZER_NULLS_FIELDS none
- FB.FI_FINALIZER_ONLY_NULLS_FIELDS none
- FB.FI_MISSING_SUPER_CALL none
- FB.FI_NULLIFY_SUPER none
- FB.FI_PUBLIC_SHOULD_BE_PROTECTED none
- FB.FI_USELESS none
- FB.HRS_REQUEST_PARAMETER_TO_COOKIE none
- FB.HRS_REQUEST_PARAMETER_TO_HTTP_HEADER none
- FB.ICAST_BAD_SHIFT_AMOUNT none
- FB.ICAST_IDIV_CAST_TO_DOUBLE none
- FB.ICAST_INTEGER_MULTIPLY_CAST_TO_LONG none
- FB.ICAST_INT_2_LONG_AS_INSTANT none
- FB.ICAST_INT_CAST_TO_DOUBLE_PASSED_TO_CEIL none
- FB.ICAST_INT_CAST_TO_FLOAT_PASSED_TO_ROUND none
- FB.ICAST_QUESTIONABLE_UNSIGNED_RIGHT_SHIFT none
- FB.IL_INFINITE_RECURSIVE_LOOP none
- FB.IP_PARAMETER_IS_DEAD_BUT_OVERWRITTEN none
- FB.IS2_INCONSISTENT_SYNC none
- FB.IS_FIELD_NOT_GUARDED none
- FB.IS_INCONSISTENT_SYNC none
- FB.J2EE_STORE_OF_NON_SERIALIZABLE_OBJECT_INTO_SESSION none
- FB.LI_LAZY_INIT_STATIC none
- FB.LI_LAZY_INIT_UPDATE_STATIC none
- FB.MS_CANNOT_BE_FINAL none
- FB.NP_ALWAYS_NULL none
- FB.NP_ALWAYS_NULL_EXCEPTION none
- FB.NP_ARGUMENT_MIGHT_BE_NULL none
- FB.NP_BOOLEAN_RETURN_NULL none
- FB.NP_CLONE_COULD_RETURN_NULL none
- FB.NP_CLOSING_NULL none
- FB.NP_DEREFERENCE_OF_READLINE_VALUE none
- FB.NP_DOES_NOT_HANDLE_NULL none
- FB.NP_EQUALS_SHOULD_HANDLE_NULL_ARGUMENT none
- FB.NP_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR none
- FB.NP_GUARANTEED_DEREF none
- FB.NP_GUARANTEED_DEREF_ON_EXCEPTION_PATH none
- FB.NP_IMMEDIATE_DEREFERENCE_OF_READLINE none
- FB.NP_LOAD_OF_KNOWN_NULL_VALUE none
- FB.NP_METHOD_PARAMETER_RELAXING_ANNOTATION none
- FB.NP_METHOD_PARAMETER_TIGHTENS_ANNOTATION none
- FB.NP_METHOD_RETURN_RELAXING_ANNOTATION none
- FB.NP_NONNULL_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR none
- FB.NP_NONNULL_PARAM_VIOLATION none
- FB.NP_NONNULL_RETURN_VIOLATION none
- FB.NP_NULL_INSTANCEOF none
- FB.NP_NULL_ON_SOME_PATH none
- FB.NP_NULL_ON_SOME_PATH_EXCEPTION none
- FB.NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE none
- FB.NP_NULL_ON_SOME_PATH_MIGHT_BE_INFEASIBLE none
- FB.NP_NULL_PARAM_DEREF none
- FB.NP_NULL_PARAM_DEREF_ALL_TARGETS_DANGEROUS none
- FB.NP_NULL_PARAM_DEREF_NONVIRTUAL none
- FB.NP_OPTIONAL_RETURN_NULL none
- FB.NP_PARAMETER_MUST_BE_NONNULL_BUT_MARKED_AS_NULLABLE none
- FB.NP_STORE_INTO_NONNULL_FIELD none
- FB.NP_SYNC_AND_NULL_CHECK_FIELD none
- FB.NP_TOSTRING_COULD_RETURN_NULL none
- FB.NP_UNWRITTEN_FIELD none
- FB.NP_UNWRITTEN_PUBLIC_OR_PROTECTED_FIELD none
- FB.PT_ABSOLUTE_PATH_TRAVERSAL none
- FB.PT_RELATIVE_PATH_TRAVERSAL none
- FB.QBA_QUESTIONABLE_BOOLEAN_ASSIGNMENT none
- FB.RCN_REDUNDANT_COMPARISON_OF_NULL_AND_NONNULL_VALUE none
- FB.RCN_REDUNDANT_COMPARISON_TWO_NULL_VALUES none
- FB.RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE none
- FB.RCN_REDUNDANT_NULLCHECK_OF_NULL_VALUE none
- FB.RCN_REDUNDANT_NULLCHECK_WOULD_HAVE_BEEN_A_NPE none
- FB.REC_CATCH_EXCEPTION none
- FB.RE_BAD_SYNTAX_FOR_REGULAR_EXPRESSION none
- FB.RE_CANT_USE_FILE_SEPARATOR_AS_REGULAR_EXPRESSION none
- FB.RE_POSSIBLE_UNINTENDED_PATTERN none
- FB.RU_INVOKE_RUN none
- FB.RV_01_TO_INT none
- FB.RV_ABSOLUTE_VALUE_OF_HASHCODE none
- FB.RV_ABSOLUTE_VALUE_OF_RANDOM_INT none
- FB.RV_CHECK_COMPARETO_FOR_SPECIFIC_RETURN_VALUE none
- FB.RV_CHECK_FOR_POSITIVE_INDEXOF none
- FB.RV_DONT_JUST_NULL_CHECK_READLINE none
- FB.RV_EXCEPTION_NOT_THROWN none
- FB.RV_NEGATING_RESULT_OF_COMPARETO none
- FB.RV_REM_OF_HASHCODE none
- FB.RV_REM_OF_RANDOM_INT none
- FB.RV_RETURN_VALUE_IGNORED none
- FB.RV_RETURN_VALUE_IGNORED2 none
- FB.RV_RETURN_VALUE_IGNORED_BAD_PRACTICE none
- FB.RV_RETURN_VALUE_IGNORED_INFERRED none
- FB.RV_RETURN_VALUE_IGNORED_NO_SIDE_EFFECT none
- FB.RV_RETURN_VALUE_OF_PUTIFABSENT_IGNORED none
- FB.SF_DEAD_STORE_DUE_TO_SWITCH_FALLTHROUGH none
- FB.SF_DEAD_STORE_DUE_TO_SWITCH_FALLTHROUGH_TO_THROW none
- FB.SF_SWITCH_FALLTHROUGH none
- FB.SQL_NONCONSTANT_STRING_PASSED_TO_EXECUTE none
- FB.SQL_PREPARED_STATEMENT_GENERATED_FROM_NONCONSTANT_STRING none
- FB.STCAL_INVOKE_ON_STATIC_CALENDAR_INSTANCE none
- FB.STCAL_INVOKE_ON_STATIC_DATE_FORMAT_INSTANCE none
- FB.STCAL_STATIC_CALENDAR_INSTANCE none
- FB.STCAL_STATIC_SIMPLE_DATE_FORMAT_INSTANCE none
- FB.XSS_REQUEST_PARAMETER_TO_JSP_WRITER none
- FB.XSS_REQUEST_PARAMETER_TO_SEND_ERROR none
- FB.XSS_REQUEST_PARAMETER_TO_SERVLET_WRITER none
- FORWARD_NULL deref_constant_null
- FORWARD_NULL deref_constant_zero
- FORWARD_NULL needs_null_check
- FORWARD_NULL none
- GUARDED_BY_VIOLATION none
- GUARDED_BY_VIOLATION unlocked_read
- GUARDED_BY_VIOLATION unlocked_write
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HEADER_INJECTION none
- HIBERNATE_BAD_HASHCODE bad_equals
- IDENTICAL_BRANCHES case
- IDENTICAL_BRANCHES chain
- IDENTICAL_BRANCHES if
- IDENTICAL_BRANCHES ternary
- IMPLICIT_INTENT none
- INFINITE_LOOP no_escape
- INFINITE_LOOP none
- INSECURE_COMMUNICATION insecure_communication
- INSECURE_COMMUNICATION none
- INSECURE_COMMUNICATION unencrypted_connection
- INSECURE_COOKIE java
- INSECURE_HTTP_FIREWALL spring_security
- INSECURE_RANDOM insecure_random_used
- INSECURE_RANDOM insecure_random_value
- INSECURE_REMEMBER_ME_COOKIE remember_me_cookie
- INVALIDATE_ITERATOR map_put
- INVALIDATE_ITERATOR none
- JAVA_CODE_INJECTION none
- JCR_INJECTION none
- JSP_DYNAMIC_INCLUDE none
- JSP_SQL_INJECTION none
- LDAP_INJECTION none
- LDAP_NOT_CONSTANT none
- LOCK_EVASION none
- LOCK_INVERSION none
- LOG_INJECTION none
- MISSING_AUTHZ none
- MISSING_BREAK none
- MISSING_HEADER_VALIDATION missing_header_validation
- MISSING_PERMISSION_FOR_BROADCAST none
- MISSING_PERMISSION_ON_EXPORTED_COMPONENT none
- MISSING_RESTORE likely
- MISSING_RESTORE none
- MISSING_RESTORE possible
- MISSING_THROW none
- MOBILE_ID_MISUSE none
- NESTING_INDENT_MISMATCH bad_indentation
- NESTING_INDENT_MISMATCH none
- NON_STATIC_GUARDING_STATIC none
- NOSQL_QUERY_INJECTION none
- NULL_RETURNS none
- NULL_RETURNS unimpl
- OGNL_INJECTION none
- OPEN_REDIRECT none
- ORM_LOAD_NULL_CHECK none
- OS_CMD_INJECTION command_as_array_of_args
- OS_CMD_INJECTION command_as_one_string
- OS_CMD_INJECTION none
- OVERFLOW_BEFORE_WIDEN none
- PATH_MANIPULATION none
- PREDICTABLE_RANDOM_SEED random_seed
- PREDICTABLE_RANDOM_SEED secure_random_seed_const
- PREDICTABLE_RANDOM_SEED secure_random_seed_sys_time
- REGEX_CONFUSION none
- REGEX_INJECTION none
- RESOURCE_LEAK exceptional_path
- RESOURCE_LEAK none
- RESOURCE_LEAK socket
- RESOURCE_LEAK stream
- REVERSE_INULL none
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_clipboard
- SENSITIVE_DATA_LEAK cleartext_storage_in_content_provider
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_intent
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SERVLET_ATOMICITY attribute_init_race
- SERVLET_ATOMICITY none
- SERVLET_ATOMICITY violation_on_session_object
- SESSION_FIXATION none
- SINGLETON_RACE none
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
- STRAY_SEMICOLON none
- SWAPPED_ARGUMENTS none
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
- TRUST_BOUNDARY_VIOLATION none
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- UNKNOWN_LANGUAGE_INJECTION none
- UNLIMITED_CONCURRENT_SESSIONS unlimited_concurrent_sessions
- UNLOGGED_SECURITY_EXCEPTION unlogged_security_exception
- UNREACHABLE none
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_access
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_read
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_write
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_access
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_read
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_write
- UNRESTRICTED_DISPATCH none
- UNSAFE_DESERIALIZATION none
- UNSAFE_JNI none
- UNSAFE_NAMED_QUERY none
- UNSAFE_REFLECTION none
- UNUSED_VALUE adjacent
- UNUSED_VALUE none
- URL_MANIPULATION bad_content_uri
- URL_MANIPULATION bad_intent_uri
- URL_MANIPULATION bad_web_uri
- USELESS_CALL none
- USE_AFTER_FREE none
- VERBOSE_ERROR_REPORTING exception_information
- VERBOSE_ERROR_REPORTING stack_trace
- VOLATILE_ATOMICITY compare
- VOLATILE_ATOMICITY none
- VOLATILE_ATOMICITY semantic
- VOLATILE_ATOMICITY threshold
- WEAK_GUARD dns
- WEAK_GUARD dns_sensitive_op
- WEAK_GUARD http_referer
- WEAK_GUARD http_referer_sensitive_op
- WEAK_GUARD ip_address
- WEAK_GUARD ip_address_sensitive_op
- WEAK_GUARD none
- WEAK_GUARD os_login
- WEAK_GUARD os_login_sensitive_op
- WEAK_GUARD principal_name
- WEAK_GUARD principal_name_sensitive_op
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
- XML_EXTERNAL_ENTITY entity_expansion
- XML_EXTERNAL_ENTITY external_entities
- XML_EXTERNAL_ENTITY unrestricted_dtds
- XML_INJECTION none
- XPATH_INJECTION none
- XSS none
- XSS stored_xss
|
- ANGULAR_BYPASS_SECURITY none
- ANGULAR_ELEMENT_REFERENCE none
- ANGULAR_EXPRESSION_INJECTION none
- ANGULAR_SCE_DISABLED angular_sce_disabled
- AWS_SSL_DISABLED aws_ssl_disabled
- AWS_VALIDATION_DISABLED aws_credentials_validation
- AWS_VALIDATION_DISABLED aws_parameters_validation
- BAD_CERT_VERIFICATION bad_cert_verification
- BAD_CERT_VERIFICATION certificate_validation_disabled
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_fields
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_filesize
- CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
- CONFIG.CORDOVA_EXCESSIVE_LOGGING cordova
- CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_intent_whitelist
- CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_navigation_whitelist
- CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_network_request_whitelist
- CONFIG.CSURF_IGNORE_METHODS csurf_ignore_methods
- CONFIG.ENABLED_DEBUG_MODE debug_mode_enabled
- CONFIG.HANA_XS_PREVENT_XSRF_DISABLED none
- CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
- CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
- CONFIG.JSONWEBTOKEN_NON_EXPIRING_TOKEN jwt_non_expiring_token
- CONFIG.MISSING_GLOBAL_EXCEPTION_HANDLER winston_exception_handling
- CONFIG.MYSQL_SSL_VERIFY_DISABLED mysql_ssl_verify_disabled
- CONFIG.REQUEST_STRICTSSL_DISABLED request_strictssl_disabled
- CONFIG.SEQUELIZE_ENABLED_LOGGING sequelize_logging_enabled
- CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
- CONFIG.SOCKETIO_MAXHTTPBUFFERSIZE_SET_TOO_LARGE socketio_max_buffer_size
- CONFIG.SOCKETIO_ORIGINS_ACCEPT_ALL socketio_all_origins
- CONFIG.UNSAFE_SESSION_TIMEOUT client_sessions_unsafe_session_timeout
- CONFIG.UNSAFE_SESSION_TIMEOUT connect_mongo_session_timeout_too_long
- CONFIG.UNSAFE_SESSION_TIMEOUT connect_redis_session_timeout_too_long
- CONFIG.UNSAFE_SESSION_TIMEOUT google_cloud_connect_datastore_unsafe_session_timeout
- CONFIG.VUE_ROUTER_PARAMS_EXPOSED_TO_PROPS vuerouter_exposed_params
- CONSTANT_EXPRESSION_RESULT bit_and_with_zero
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT missing_parentheses
- CONSTANT_EXPRESSION_RESULT none
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT result_independent_of_operands
- CONSTANT_EXPRESSION_RESULT same_on_both_sides
- CONSTANT_EXPRESSION_RESULT typeof_misuse
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- COOKIE_INJECTION none
- CORS_MISCONFIGURATION cors_configured_globally
- CORS_MISCONFIGURATION cors_origin_string
- CORS_MISCONFIGURATION cors_with_credentials_all_origin
- CORS_MISCONFIGURATION cors_with_credentials_http_origin
- CORS_MISCONFIGURATION cors_with_credentials_null_origin
- CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
- CORS_MISCONFIGURATION_AUDIT cors_expose_sensitive_header
- CORS_MISCONFIGURATION_AUDIT cors_headers_allowed
- CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
- CORS_MISCONFIGURATION_AUDIT cors_origin_string
- CORS_MISCONFIGURATION_AUDIT cors_preflight_age_too_long
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_all_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_http_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_null_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
- CSRF database_update
- CSRF filesystem_modification
- CSRF none
- CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_cookie_name
- CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_no_validation
- CSRF_MISCONFIGURATION_HAPI_CRUMB insecure_cookie
- CSRF_MISCONFIGURATION_HAPI_CRUMB insufficient_token_entropy
- CSS_INJECTION none
- DEADCODE none
- DEADCODE redundant_test
- DNS_PREFETCHING helmet_dns_prefetching
- DOM_XSS none
- EXPLICIT_THIS_EXPECTED none
- EXPRESS_SESSION_UNSAFE_MEMORYSTORE express_session_unsafe_memorystore
- EXPRESS_WINSTON_SENSITIVE_LOGGING error_logger
- EXPRESS_WINSTON_SENSITIVE_LOGGING meta_data
- EXPRESS_WINSTON_SENSITIVE_LOGGING request_logger
- EXPRESS_X_POWERED_BY_ENABLED x_powered_by_http_header
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_fields
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_filesize
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_use_temp_files
- FORWARD_NULL bad_null_value_use
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HEADER_INJECTION none
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_max_age
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_report_uri
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_set_if
- IDENTICAL_BRANCHES case
- IDENTICAL_BRANCHES chain
- IDENTICAL_BRANCHES if
- IDENTICAL_BRANCHES ternary
- IDENTIFIER_TYPO none
- INSECURE_ACL insecure_acl
- INSECURE_COMMUNICATION insecure_connection
- INSECURE_COOKIE client_sessions_express_session
- INSECURE_COOKIE hapi_server_session
- INSECURE_RANDOM insecure_random_used
- INSECURE_RANDOM insecure_random_value
- INSECURE_REFERRER_POLICY insecure_referrer_policy
- INSECURE_SALT hardcoded
- INSUFFICIENT_LOGGING logging_obligation
- INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_aws
- INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_google
- JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_exipration
- JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_not_before
- JSONWEBTOKEN_UNTRUSTED_DECODE jwt_untrusted_decode
- LOCALSTORAGE_MANIPULATION none
- LOCALSTORAGE_WRITE none
- MISSING_AUTHZ none
- MISSING_BREAK none
- MISSING_IFRAME_SANDBOX none
- MULTER_MISCONFIGURATION multer_applied_globally
- MULTER_MISCONFIGURATION multer_custom_file_filter
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_count
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
- MULTER_MISCONFIGURATION multer_misconfiguration_of_limits
- MULTER_MISCONFIGURATION multer_misconfiguration_of_storage
- NESTING_INDENT_MISMATCH bad_indentation
- NESTING_INDENT_MISMATCH none
- NOSQL_QUERY_INJECTION none
- NO_EFFECT self_assign
- NULL_RETURNS none
- OPEN_REDIRECT none
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- REACT_DANGEROUS_INNERHTML react_set_unsafe_html
- REGEX_INJECTION none
- REVERSE_INULL none
- REVERSE_TABNABBING react_target_blank
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO insecure_cipher
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SA.RISKY_CRYPTO ssl_protocol
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SESSIONSTORAGE_MANIPULATION none
- SQLI none
- SQLI nosink
- SQLI sink
- STRAY_SEMICOLON none
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
- TEMPLATE_INJECTION none
- TEMPORARY_CREDENTIALS_DURATION temporary_credentials_duration
- UNCHECKED_ORIGIN none
- UNLESS_CASE_SENSITIVE_ROUTE_MATCHING express_unless_case_sensitive_route_matching
- UNREACHABLE none
- UNRESTRICTED_MESSAGE_TARGET none
- UNSAFE_BUFFER_METHOD unsafe_buffer_method
- UNSAFE_DESERIALIZATION none
- URL_MANIPULATION none
- VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
- WEAK_URL_SANITIZATION hostname_regular_expression
- WEAK_URL_SANITIZATION regular_expression_anchor
- WEAK_URL_SANITIZATION url_substring
- XML_EXTERNAL_ENTITY entity_expansion
- XML_EXTERNAL_ENTITY external_entities
- XSS none
|
- ANDROID_CAPABILITY_LEAK none
- ANDROID_DEBUG_MODE none
- BAD_CERT_VERIFICATION bad_hostname_verifier
- BAD_CERT_VERIFICATION bad_revocation_check
- BAD_CERT_VERIFICATION bad_ssl_session
- BAD_CERT_VERIFICATION bad_trust_manager
- CONFIG.ANDROID_BACKUPS_ALLOWED android
- EXPOSED_PREFERENCES none
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HEADER_INJECTION none
- IMPLICIT_INTENT none
- INSECURE_COMMUNICATION none
- INSECURE_RANDOM insecure_random_used
- INSECURE_RANDOM insecure_random_value
- MISSING_PERMISSION_FOR_BROADCAST none
- MOBILE_ID_MISUSE none
- OS_CMD_INJECTION command_as_array_of_args
- OS_CMD_INJECTION command_as_one_string
- PATH_MANIPULATION none
- PREDICTABLE_RANDOM_SEED random_seed
- PREDICTABLE_RANDOM_SEED secure_random_seed_const
- PREDICTABLE_RANDOM_SEED secure_random_seed_sys_time
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_clipboard
- SENSITIVE_DATA_LEAK cleartext_storage_in_content_provider
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_intent
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_access
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_read
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_write
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_access
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_read
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_write
- UNSAFE_DESERIALIZATION none
- URL_MANIPULATION bad_content_uri
- URL_MANIPULATION bad_intent_uri
- URL_MANIPULATION bad_web_uri
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
- XML_EXTERNAL_ENTITY entity_expansion
- XML_EXTERNAL_ENTITY external_entities
- XML_EXTERNAL_ENTITY unrestricted_dtds
|
- ALLOC_FREE_MISMATCH none
- ARRAY_VS_SINGLETON none
- ATOMICITY none
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK nested_memory_access
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK sensitive_data_comparison
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_execution_data_leak
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_uninitialized_use
- BAD_ALLOC_ARITHMETIC none
- BAD_ALLOC_STRLEN none
- BAD_COMPARE comparator_misuse
- BAD_COMPARE misuse_of_not
- BAD_COMPARE none
- BAD_COMPARE string_lit_comparison
- BAD_FREE address
- BAD_FREE alloca
- BAD_FREE array
- BAD_FREE first_field_address
- BAD_FREE function_pointer
- BAD_FREE none
- BAD_SIZEOF none
- BAD_SIZEOF sizeof_ptr_expr
- BUFFER_SIZE fixed_size_dest
- BUFFER_SIZE likely_overflow
- BUFFER_SIZE no_null_terminator
- BUFFER_SIZE no_null_terminator_warn
- BUFFER_SIZE none
- BUFFER_SIZE overflow
- BUFFER_SIZE overlapping_buffer
- CHAR_IO none
- CHECKED_RETURN library_function
- CHECKED_RETURN none
- CHECKED_RETURN short_read
- CHECKED_RETURN unchecked_arg
- CHECKED_RETURN user_required
- CHROOT none
- CONSTANT_EXPRESSION_RESULT bit_and_with_zero
- CONSTANT_EXPRESSION_RESULT extra_high_bits
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT missing_parentheses
- CONSTANT_EXPRESSION_RESULT none
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT pointless_string_compare
- CONSTANT_EXPRESSION_RESULT result_independent_of_operands
- CONSTANT_EXPRESSION_RESULT same_on_both_sides
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- CTOR_DTOR_LEAK none
- DC.PREDICTABLE_KEY_PASSWORD none
- DC.STREAM_BUFFER none
- DC.STRING_BUFFER none
- DC.WEAK_CRYPTO none
- DEADCODE dead_case_in_switch
- DEADCODE dead_default_in_switch
- DEADCODE effectively_constant
- DEADCODE none
- DEADCODE redundant_test
- DELETE_ARRAY non_array_delete
- DELETE_ARRAY none
- DELETE_ARRAY object
- DELETE_ARRAY scalar
- DELETE_VOID none
- DIVIDE_BY_ZERO float_divisor
- DIVIDE_BY_ZERO none
- EVALUATION_ORDER none
- FORMAT_STRING_INJECTION none
- FORMAT_STRING_INJECTION paranoid
- FORWARD_NULL deref_constant_null
- FORWARD_NULL dynamic_cast
- FORWARD_NULL none
- FORWARD_NULL throws_on_null
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HEADER_INJECTION none
- IDENTICAL_BRANCHES case
- IDENTICAL_BRANCHES chain
- IDENTICAL_BRANCHES if
- IDENTICAL_BRANCHES ternary
- INCOMPATIBLE_CAST endianness
- INCOMPATIBLE_CAST float_vs_integral
- INCOMPATIBLE_CAST none
- INCOMPATIBLE_CAST overrun
- INFINITE_LOOP no_escape
- INFINITE_LOOP none
- INTEGER_OVERFLOW array_index_read
- INTEGER_OVERFLOW array_index_write
- INTEGER_OVERFLOW const_overflow
- INTEGER_OVERFLOW critical_argument
- INTEGER_OVERFLOW none
- INTEGER_OVERFLOW pointer_deref_read
- INTEGER_OVERFLOW pointer_deref_write
- INTEGER_OVERFLOW return_value_error
- INVALIDATE_ITERATOR none
- LOCK double_lock
- LOCK lock_assert
- LOCK missing_unlock
- LOCK none
- MISMATCHED_ITERATOR none
- MISMATCHED_ITERATOR splice_iterator_mismatch
- MISRA_CAST bitwise_op_bad_cast
- MISRA_CAST bitwise_op_no_cast
- MISRA_CAST float_complex_conversion
- MISRA_CAST float_narrowing_conversion
- MISRA_CAST float_non_constant_arg_conversion
- MISRA_CAST float_non_constant_conversion
- MISRA_CAST float_non_constant_rtn_conversion
- MISRA_CAST float_to_integer_cast
- MISRA_CAST float_to_integer_conversion
- MISRA_CAST float_widening_cast
- MISRA_CAST integer_complex_conversion
- MISRA_CAST integer_narrowing_conversion
- MISRA_CAST integer_non_constant_arg_conversion
- MISRA_CAST integer_non_constant_conversion
- MISRA_CAST integer_non_constant_rtn_conversion
- MISRA_CAST integer_signedness_changing_cast
- MISRA_CAST integer_signedness_changing_conversion
- MISRA_CAST integer_to_float_cast
- MISRA_CAST integer_to_float_conversion
- MISRA_CAST integer_widening_cast
- MISRA_CAST none
- MISSING_ASSIGN none
- MISSING_ASSIGN uncalled
- MISSING_BREAK none
- MISSING_COPY none
- MISSING_COPY uncalled
- MISSING_LOCK none
- MISSING_RESTORE likely
- MISSING_RESTORE none
- MISSING_RESTORE possible
- NEGATIVE_RETURNS array_index_read
- NEGATIVE_RETURNS array_index_write
- NEGATIVE_RETURNS critical_argument
- NEGATIVE_RETURNS loop_bound
- NEGATIVE_RETURNS none
- NESTING_INDENT_MISMATCH bad_indentation
- NESTING_INDENT_MISMATCH none
- NO_EFFECT bad_memset_fill_value
- NO_EFFECT bad_memset_truncated_fill
- NO_EFFECT bad_memset_zero_size
- NO_EFFECT extra_comma
- NO_EFFECT incomplete_delete
- NO_EFFECT no_effect_deref
- NO_EFFECT no_effect_test
- NO_EFFECT self_assign
- NO_EFFECT unsigned_compare
- NO_EFFECT unsigned_compare_macros
- NO_EFFECT unsigned_enums
- NO_EFFECT useless_continue
- NULL_RETURNS none
- NULL_RETURNS unimpl
- OPEN_ARGS none
- ORDER_REVERSAL none
- OS_CMD_INJECTION none
- OVERFLOW_BEFORE_WIDEN none
- OVERRUN illegal_address
- OVERRUN none
- OVERRUN read
- OVERRUN strlen
- OVERRUN write
- PATH_MANIPULATION none
- PRINTF_ARGS extra_printf_arg
- PRINTF_ARGS invalid_printf_format_string
- PRINTF_ARGS invalid_type_printf_arg
- PRINTF_ARGS missing_printf_arg
- READLINK none
- RESOURCE_LEAK exceptional_path
- RESOURCE_LEAK fds_handles
- RESOURCE_LEAK none
- RETURN_LOCAL escape_local_addr_to_fields_or_globals
- RETURN_LOCAL none
- REVERSE_INULL none
- REVERSE_NEGATIVE array_index_read
- REVERSE_NEGATIVE array_index_write
- REVERSE_NEGATIVE critical_argument
- REVERSE_NEGATIVE none
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SECURE_CODING none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SIGN_EXTENSION none
- SIZECHECK ampersand_in_size
- SIZECHECK improper_new
- SIZECHECK incorrect_multiplication
- SIZECHECK likely_overflow
- SIZECHECK no_null_terminator
- SIZECHECK none
- SIZEOF_MISMATCH extra_sizeof
- SIZEOF_MISMATCH missing_parentheses
- SIZEOF_MISMATCH none
- SIZEOF_MISMATCH sizeof_punning
- SIZEOF_MISMATCH wrong_size_value
- SIZEOF_MISMATCH wrong_sizeof
- SLEEP none
- SQLI none
- STACK_USE none
- STRAY_SEMICOLON none
- STRING_NULL none
- STRING_OVERFLOW fixed_size_dest
- STRING_OVERFLOW likely_overflow
- STRING_OVERFLOW none
- STRING_SIZE none
- SWAPPED_ARGUMENTS none
- TAINTED_SCALAR allocation
- TAINTED_SCALAR array_index_read
- TAINTED_SCALAR array_index_write
- TAINTED_SCALAR critical_argument
- TAINTED_SCALAR divisor
- TAINTED_SCALAR loop_bound
- TAINTED_SCALAR none
- TAINTED_SCALAR pointer_deref_read
- TAINTED_SCALAR pointer_deref_write
- TAINTED_STRING none
- TOCTOU none
- UNCAUGHT_EXCEPT none
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- UNINIT array_index_read
- UNINIT array_index_write
- UNINIT none
- UNINIT pointer_deref_read
- UNINIT pointer_deref_write
- UNINIT_CTOR none
- UNINIT_CTOR pointer
- UNREACHABLE none
- UNUSED_VALUE adjacent
- UNUSED_VALUE none
- URL_MANIPULATION none
- USELESS_CALL none
- USER_POINTER none
- USE_AFTER_FREE deref_read_after_free
- USE_AFTER_FREE deref_write_after_free
- USE_AFTER_FREE double_close
- USE_AFTER_FREE double_free
- USE_AFTER_FREE none
- USE_AFTER_FREE use_after_close
- VARARGS none
- VIRTUAL_DTOR empty_dtor
- VIRTUAL_DTOR none
- WEAK_GUARD dns
- WEAK_GUARD dns_sensitive_op
- WEAK_GUARD http_referer
- WEAK_GUARD http_referer_sensitive_op
- WEAK_GUARD ip_address
- WEAK_GUARD ip_address_sensitive_op
- WEAK_GUARD none
- WEAK_GUARD os_login
- WEAK_GUARD os_login_sensitive_op
- WEAK_GUARD principal_name
- WEAK_GUARD principal_name_sensitive_op
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
- WRAPPER_ESCAPE COM_deref_read_after_free
- WRAPPER_ESCAPE COM_deref_write_after_free
- WRAPPER_ESCAPE COM_use_after_free
- WRAPPER_ESCAPE deref_read_after_free
- WRAPPER_ESCAPE deref_write_after_free
- WRAPPER_ESCAPE none
- XPATH_INJECTION none
|
- CONFIG.SYMFONY_CSRF_PROTECTION_DISABLED none
- CONSTANT_EXPRESSION_RESULT bit_and_with_zero
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT missing_parentheses
- CONSTANT_EXPRESSION_RESULT none
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT result_independent_of_operands
- CONSTANT_EXPRESSION_RESULT same_on_both_sides
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- DEADCODE none
- DEADCODE redundant_test
- FORWARD_NULL bad_null_value_use
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HEADER_INJECTION none
- IDENTICAL_BRANCHES case
- IDENTICAL_BRANCHES chain
- IDENTICAL_BRANCHES if
- IDENTICAL_BRANCHES ternary
- IDENTIFIER_TYPO none
- MISSING_AUTHZ none
- MISSING_BREAK none
- NESTING_INDENT_MISMATCH bad_indentation
- NESTING_INDENT_MISMATCH none
- NOSQL_QUERY_INJECTION none
- NO_EFFECT self_assign
- OPEN_REDIRECT none
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- STRAY_SEMICOLON none
- SYMFONY_EL_INJECTION none
- UNREACHABLE none
- UNSAFE_DESERIALIZATION none
- UNSAFE_REFLECTION none
- XML_EXTERNAL_ENTITY external_entities
- XSS none
|
- CONSTANT_EXPRESSION_RESULT bit_and_with_zero
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT missing_parentheses
- CONSTANT_EXPRESSION_RESULT none
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT result_independent_of_operands
- CONSTANT_EXPRESSION_RESULT same_on_both_sides
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- CSRF database_update
- CSRF none
- DEADCODE none
- DEADCODE redundant_test
- FORWARD_NULL bad_null_value_use
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- IDENTICAL_BRANCHES chain
- IDENTICAL_BRANCHES if
- IDENTICAL_BRANCHES ternary
- IDENTIFIER_TYPO none
- MISSING_AUTHZ none
- NOSQL_QUERY_INJECTION none
- OPEN_REDIRECT none
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- REVERSE_INULL none
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- UNREACHABLE none
- UNSAFE_DESERIALIZATION none
- XML_EXTERNAL_ENTITY external_entities
- XSS none
|
- BAD_CERT_VERIFICATION ssl_verification_bypass_hi
- BLACKLIST_FOR_AUTHN auth_blacklist_med
- BLACKLIST_FOR_AUTHN csrf_blacklist_med
- CONSTANT_EXPRESSION_RESULT bit_and_with_zero
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT missing_parentheses
- CONSTANT_EXPRESSION_RESULT none
- CONSTANT_EXPRESSION_RESULT number_as_truth_value
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT result_independent_of_operands
- CONSTANT_EXPRESSION_RESULT same_on_both_sides
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- COOKIE_SERIALIZER_CONFIG unsafe_cookie_serialization_med
- CSRF csrf_not_protected_by_raising_exception_med
- CSRF csrf_protection_disabled_hi
- CSRF csrf_protection_missing_hi
- CSRF cve_2011_0447_hi
- DEADCODE none
- DEADCODE redundant_test
- DIVIDE_BY_ZERO divide_by_zero_low
- DIVIDE_BY_ZERO divide_by_zero_med
- DYNAMIC_OBJECT_ATTRIBUTES attr_protected_used_med
- DYNAMIC_OBJECT_ATTRIBUTES cve_2013_0276_hi
- DYNAMIC_OBJECT_ATTRIBUTES dangerous_attr_accessible_hi
- DYNAMIC_OBJECT_ATTRIBUTES dangerous_attr_accessible_low
- DYNAMIC_OBJECT_ATTRIBUTES dangerous_attr_accessible_med
- DYNAMIC_OBJECT_ATTRIBUTES dangerous_permit_key_hi
- DYNAMIC_OBJECT_ATTRIBUTES dangerous_permit_key_med
- DYNAMIC_OBJECT_ATTRIBUTES mass_assign_call_hi
- DYNAMIC_OBJECT_ATTRIBUTES mass_assign_call_low
- DYNAMIC_OBJECT_ATTRIBUTES mass_assign_call_med
- DYNAMIC_OBJECT_ATTRIBUTES mass_assign_permit_all_hi
- DYNAMIC_OBJECT_ATTRIBUTES mass_assign_permit_all_med
- DYNAMIC_OBJECT_ATTRIBUTES mass_assign_without_protection_hi
- DYNAMIC_OBJECT_ATTRIBUTES mass_assign_without_protection_med
- DYNAMIC_OBJECT_ATTRIBUTES no_attr_accessible_hi
- FORWARD_NULL bad_null_value_use
- HARDCODED_CREDENTIALS secret_in_source_med
- IDENTICAL_BRANCHES chain
- IDENTICAL_BRANCHES if
- IDENTICAL_BRANCHES ternary
- IDENTIFIER_TYPO none
- INSECURE_COOKIE cookie_missing_secure_flag_low
- INSECURE_COOKIE missing_httponly_low
- INSECURE_DIRECT_OBJECT_REFERENCE unscoped_find_low
- NO_EFFECT self_assign
- OPEN_REDIRECT open_redirect_hi
- OPEN_REDIRECT open_redirect_low
- OS_CMD_INJECTION command_injection_hi
- OS_CMD_INJECTION command_injection_med
- PATH_MANIPULATION dynamic_render_path_hi
- PATH_MANIPULATION dynamic_render_path_low
- PATH_MANIPULATION dynamic_render_path_med
- PATH_MANIPULATION dynamic_render_path_rce_hi
- PATH_MANIPULATION file_access_hi
- PATH_MANIPULATION file_access_low
- PATH_MANIPULATION file_access_med
- RAILS_DEFAULT_ROUTES all_default_routes_hi
- RAILS_DEFAULT_ROUTES controller_default_routes_med
- RAILS_DEFAULT_ROUTES cve_2014_0130_hi
- RAILS_DEFAULT_ROUTES cve_2014_0130_med
- RAILS_DEVISE_CONFIG devise_encryptor_hi
- RAILS_DEVISE_CONFIG devise_lock_strategy_low
- RAILS_DEVISE_CONFIG devise_password_length_max_low
- RAILS_DEVISE_CONFIG devise_password_length_max_med
- RAILS_DEVISE_CONFIG devise_password_length_min_low
- RAILS_DEVISE_CONFIG devise_password_length_min_med
- RAILS_DEVISE_CONFIG devise_reset_timeout_hi
- RAILS_MISSING_FILTER_ACTION missing_action_filter_low
- REGEX_INJECTION regex_dos_hi
- REGEX_INJECTION regex_dos_low
- REGEX_INJECTION regex_dos_med
- REGEX_MISSING_ANCHOR validation_regex_hi
- RESOURCE_LEAK unsafe_symbol_creation_low
- REVERSE_INULL none
- REVERSE_TABNABBING reverse_tabnabbing_low
- RUBY_VULNERABLE_LIBRARY cve_2010_3933_hi
- RUBY_VULNERABLE_LIBRARY cve_2011_2929_hi
- RUBY_VULNERABLE_LIBRARY cve_2011_2930_med
- RUBY_VULNERABLE_LIBRARY cve_2011_2931_hi
- RUBY_VULNERABLE_LIBRARY cve_2011_2932_hi
- RUBY_VULNERABLE_LIBRARY cve_2011_3186_med
- RUBY_VULNERABLE_LIBRARY cve_2012_2660_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_2661_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_2695_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_3424_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_3424_low
- RUBY_VULNERABLE_LIBRARY cve_2012_3463_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_3465_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_5664_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_0155_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_0156_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_0269_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_0269_low
- RUBY_VULNERABLE_LIBRARY cve_2013_0269_med
- RUBY_VULNERABLE_LIBRARY cve_2013_0277_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_0277_med
- RUBY_VULNERABLE_LIBRARY cve_2013_0333_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_1854_med
- RUBY_VULNERABLE_LIBRARY cve_2013_1855_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_1857_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_4491_med
- RUBY_VULNERABLE_LIBRARY cve_2013_6414_med
- RUBY_VULNERABLE_LIBRARY cve_2013_6416_call_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_6416_med
- RUBY_VULNERABLE_LIBRARY cve_2013_6417_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_0080_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_0081_call_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_0081_med
- RUBY_VULNERABLE_LIBRARY cve_2014_0082_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_3482_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_3483_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_low
- RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_med
- RUBY_VULNERABLE_LIBRARY cve_2014_3514_med
- RUBY_VULNERABLE_LIBRARY cve_2014_7829_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_3226_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_3226_med
- RUBY_VULNERABLE_LIBRARY cve_2015_3227_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7576_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_7577_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7578_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_7578_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7579_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_7579_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7580_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_7580_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7581_med
- RUBY_VULNERABLE_LIBRARY cve_2016_0751_med
- RUBY_VULNERABLE_LIBRARY cve_2016_6317_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_3741_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_3741_med
- RUBY_VULNERABLE_LIBRARY cve_2018_3760_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_3760_low
- RUBY_VULNERABLE_LIBRARY cve_2018_8048_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_8048_med
- RUBY_VULNERABLE_LIBRARY safe_buffer_vuln_med
- RUBY_VULNERABLE_LIBRARY select_options_vuln_low
- RUBY_VULNERABLE_LIBRARY select_options_vuln_med
- RUBY_VULNERABLE_LIBRARY translate_vuln_hi
- RUBY_VULNERABLE_LIBRARY translate_vuln_med
- SCRIPT_CODE_INJECTION code_eval_hi
- SCRIPT_CODE_INJECTION code_eval_low
- SENSITIVE_DATA_LEAK detailed_exceptions_hi
- SENSITIVE_DATA_LEAK detailed_exceptions_med
- SENSITIVE_DATA_LEAK local_request_config_hi
- SESSION_MANIPULATION session_key_manipulation_hi
- SESSION_MANIPULATION session_key_manipulation_med
- SQLI sql_injection_calculate_hi
- SQLI sql_injection_calculate_low
- SQLI sql_injection_calculate_med
- SQLI sql_injection_connection_hi
- SQLI sql_injection_connection_low
- SQLI sql_injection_connection_med
- SQLI sql_injection_delete_hi
- SQLI sql_injection_delete_low
- SQLI sql_injection_delete_med
- SQLI sql_injection_dynamic_finder_med
- SQLI sql_injection_exists_hi
- SQLI sql_injection_find_by_hi
- SQLI sql_injection_find_hi
- SQLI sql_injection_find_low
- SQLI sql_injection_find_med
- SQLI sql_injection_from_hi
- SQLI sql_injection_from_low
- SQLI sql_injection_from_med
- SQLI sql_injection_group_low
- SQLI sql_injection_group_med
- SQLI sql_injection_having_low
- SQLI sql_injection_having_med
- SQLI sql_injection_hi
- SQLI sql_injection_interp_hi
- SQLI sql_injection_interp_low
- SQLI sql_injection_interp_med
- SQLI sql_injection_joins_hi
- SQLI sql_injection_joins_low
- SQLI sql_injection_joins_med
- SQLI sql_injection_limit_offset_hi
- SQLI sql_injection_limit_offset_low
- SQLI sql_injection_low
- SQLI sql_injection_med
- SQLI sql_injection_not_low
- SQLI sql_injection_order_hi
- SQLI sql_injection_order_low
- SQLI sql_injection_order_med
- SQLI sql_injection_pluck_hi
- SQLI sql_injection_pluck_low
- SQLI sql_injection_pluck_med
- SQLI sql_injection_reorder_hi
- SQLI sql_injection_reorder_low
- SQLI sql_injection_reorder_med
- SQLI sql_injection_select_hi
- SQLI sql_injection_select_med
- SQLI sql_injection_where_hi
- SQLI sql_injection_where_low
- SQLI sql_injection_where_med
- STRICT_TRANSPORT_SECURITY force_ssl_disabled_med
- UNESCAPED_HTML unescaped_output_low
- UNREACHABLE none
- UNSAFE_BASIC_AUTH basic_auth_password_hi
- UNSAFE_BASIC_AUTH basic_auth_timing_attack_low
- UNSAFE_BASIC_AUTH basic_auth_usage_low
- UNSAFE_DESERIALIZATION unsafe_deserialize_hi
- UNSAFE_DESERIALIZATION unsafe_deserialize_med
- UNSAFE_REFLECTION dangerous_send_hi
- UNSAFE_REFLECTION unsafe_constantize_hi
- UNSAFE_REFLECTION unsafe_constantize_med
- UNSAFE_SESSION_SETTING http_cookies_hi
- UNSAFE_SESSION_SETTING secure_cookies_hi
- UNSAFE_SESSION_SETTING session_secret_hi
- WEAK_PASSWORD_HASH weak_hash_digest_hi
- WEAK_PASSWORD_HASH weak_hash_digest_med
- WEAK_PASSWORD_HASH weak_hash_hmac_med
- XSS cross_site_scripting_hi
- XSS cross_site_scripting_inline_hi
- XSS cross_site_scripting_inline_med
- XSS cross_site_scripting_low
- XSS cross_site_scripting_med
- XSS cve_2011_0446_hi
- XSS cve_2012_3464_med
- XSS cve_2016_6316_hi
- XSS cve_2016_6316_med
- XSS unquoted_attribute_hi
- XSS unquoted_attribute_low
- XSS unquoted_attribute_med
- XSS xss_content_tag_hi
- XSS xss_content_tag_med
- XSS xss_link_to_hi
- XSS xss_link_to_href_hi
- XSS xss_link_to_href_low
- XSS xss_link_to_med
- XSS xss_to_json_hi
- XSS xss_to_json_med
|
- CONSTANT_EXPRESSION_RESULT bit_and_with_zero
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT missing_parentheses
- CONSTANT_EXPRESSION_RESULT none
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT result_independent_of_operands
- CONSTANT_EXPRESSION_RESULT same_on_both_sides
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- DEADCODE dead_case_in_switch
- DEADCODE dead_default_in_switch
- DEADCODE effectively_constant
- DEADCODE none
- DEADCODE redundant_test
- FORWARD_NULL deref_constant_null
- FORWARD_NULL none
- IDENTICAL_BRANCHES case
- IDENTICAL_BRANCHES chain
- IDENTICAL_BRANCHES if
- IDENTICAL_BRANCHES ternary
- NESTING_INDENT_MISMATCH bad_indentation
- NESTING_INDENT_MISMATCH none
- NO_EFFECT self_assign
- OVERFLOW_BEFORE_WIDEN none
- REVERSE_INULL none
- UNREACHABLE none
|
- BAD_CERT_VERIFICATION bad_trust_manager
- BAD_CERT_VERIFICATION none
- CONFIG.ATS_INSECURE none
- CONSTANT_EXPRESSION_RESULT bit_and_with_zero
- CONSTANT_EXPRESSION_RESULT none
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT result_independent_of_operands
- CONSTANT_EXPRESSION_RESULT same_on_both_sides
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- CUSTOM_KEYBOARD_DATA_LEAK none
- DEADCODE dead_case_in_switch
- DEADCODE dead_default_in_switch
- DEADCODE effectively_constant
- DEADCODE none
- DEADCODE redundant_test
- FORWARD_NULL deref_constant_null
- FORWARD_NULL none
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- IDENTICAL_BRANCHES case
- IDENTICAL_BRANCHES chain
- IDENTICAL_BRANCHES if
- IDENTICAL_BRANCHES ternary
- INSECURE_COMMUNICATION none
- INSECURE_MULTIPEER_CONNECTION none
- PATH_MANIPULATION none
- REGEX_INJECTION none
- REVERSE_INULL none
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- UNEXPECTED_CONTROL_FLOW ignored_exception_to_optional
- WEAK_BIOMETRIC_AUTH none
- XML_EXTERNAL_ENTITY external_entities
- XPATH_INJECTION none
|
- ANGULAR_BYPASS_SECURITY none
- ANGULAR_ELEMENT_REFERENCE none
- ANGULAR_EXPRESSION_INJECTION none
- ANGULAR_SCE_DISABLED angular_sce_disabled
- AWS_SSL_DISABLED aws_ssl_disabled
- AWS_VALIDATION_DISABLED aws_credentials_validation
- AWS_VALIDATION_DISABLED aws_parameters_validation
- BAD_CERT_VERIFICATION bad_cert_verification
- BAD_CERT_VERIFICATION certificate_validation_disabled
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_fields
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_filesize
- CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
- CONFIG.CORDOVA_EXCESSIVE_LOGGING cordova
- CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_intent_whitelist
- CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_navigation_whitelist
- CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_network_request_whitelist
- CONFIG.CSURF_IGNORE_METHODS csurf_ignore_methods
- CONFIG.ENABLED_DEBUG_MODE debug_mode_enabled
- CONFIG.HANA_XS_PREVENT_XSRF_DISABLED none
- CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
- CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
- CONFIG.JSONWEBTOKEN_NON_EXPIRING_TOKEN jwt_non_expiring_token
- CONFIG.MISSING_GLOBAL_EXCEPTION_HANDLER winston_exception_handling
- CONFIG.MYSQL_SSL_VERIFY_DISABLED mysql_ssl_verify_disabled
- CONFIG.REQUEST_STRICTSSL_DISABLED request_strictssl_disabled
- CONFIG.SEQUELIZE_ENABLED_LOGGING sequelize_logging_enabled
- CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
- CONFIG.SOCKETIO_MAXHTTPBUFFERSIZE_SET_TOO_LARGE socketio_max_buffer_size
- CONFIG.SOCKETIO_ORIGINS_ACCEPT_ALL socketio_all_origins
- CONFIG.UNSAFE_SESSION_TIMEOUT client_sessions_unsafe_session_timeout
- CONFIG.UNSAFE_SESSION_TIMEOUT connect_mongo_session_timeout_too_long
- CONFIG.UNSAFE_SESSION_TIMEOUT connect_redis_session_timeout_too_long
- CONFIG.UNSAFE_SESSION_TIMEOUT google_cloud_connect_datastore_unsafe_session_timeout
- CONFIG.VUE_ROUTER_PARAMS_EXPOSED_TO_PROPS vuerouter_exposed_params
- CONSTANT_EXPRESSION_RESULT bit_and_with_zero
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT missing_parentheses
- CONSTANT_EXPRESSION_RESULT none
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT result_independent_of_operands
- CONSTANT_EXPRESSION_RESULT same_on_both_sides
- CONSTANT_EXPRESSION_RESULT typeof_misuse
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- COOKIE_INJECTION none
- CORS_MISCONFIGURATION cors_configured_globally
- CORS_MISCONFIGURATION cors_origin_string
- CORS_MISCONFIGURATION cors_with_credentials_all_origin
- CORS_MISCONFIGURATION cors_with_credentials_http_origin
- CORS_MISCONFIGURATION cors_with_credentials_null_origin
- CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
- CORS_MISCONFIGURATION_AUDIT cors_expose_sensitive_header
- CORS_MISCONFIGURATION_AUDIT cors_headers_allowed
- CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
- CORS_MISCONFIGURATION_AUDIT cors_origin_string
- CORS_MISCONFIGURATION_AUDIT cors_preflight_age_too_long
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_all_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_http_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_null_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
- CSRF database_update
- CSRF filesystem_modification
- CSRF none
- CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_cookie_name
- CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_no_validation
- CSRF_MISCONFIGURATION_HAPI_CRUMB insecure_cookie
- CSRF_MISCONFIGURATION_HAPI_CRUMB insufficient_token_entropy
- CSS_INJECTION none
- DEADCODE none
- DEADCODE redundant_test
- DNS_PREFETCHING helmet_dns_prefetching
- DOM_XSS none
- EXPLICIT_THIS_EXPECTED none
- EXPRESS_SESSION_UNSAFE_MEMORYSTORE express_session_unsafe_memorystore
- EXPRESS_WINSTON_SENSITIVE_LOGGING error_logger
- EXPRESS_WINSTON_SENSITIVE_LOGGING meta_data
- EXPRESS_WINSTON_SENSITIVE_LOGGING request_logger
- EXPRESS_X_POWERED_BY_ENABLED x_powered_by_http_header
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_fields
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_filesize
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_use_temp_files
- FORWARD_NULL bad_null_value_use
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HEADER_INJECTION none
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_max_age
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_report_uri
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_set_if
- IDENTICAL_BRANCHES case
- IDENTICAL_BRANCHES chain
- IDENTICAL_BRANCHES if
- IDENTICAL_BRANCHES ternary
- IDENTIFIER_TYPO none
- INSECURE_ACL insecure_acl
- INSECURE_COMMUNICATION insecure_connection
- INSECURE_COOKIE client_sessions_express_session
- INSECURE_COOKIE hapi_server_session
- INSECURE_RANDOM insecure_random_used
- INSECURE_RANDOM insecure_random_value
- INSECURE_REFERRER_POLICY insecure_referrer_policy
- INSECURE_SALT hardcoded
- INSUFFICIENT_LOGGING logging_obligation
- INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_aws
- INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_google
- JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_exipration
- JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_not_before
- JSONWEBTOKEN_UNTRUSTED_DECODE jwt_untrusted_decode
- LOCALSTORAGE_MANIPULATION none
- LOCALSTORAGE_WRITE none
- MISSING_AUTHZ none
- MISSING_BREAK none
- MISSING_IFRAME_SANDBOX none
- MULTER_MISCONFIGURATION multer_applied_globally
- MULTER_MISCONFIGURATION multer_custom_file_filter
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_count
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
- MULTER_MISCONFIGURATION multer_misconfiguration_of_limits
- MULTER_MISCONFIGURATION multer_misconfiguration_of_storage
- NESTING_INDENT_MISMATCH bad_indentation
- NESTING_INDENT_MISMATCH none
- NOSQL_QUERY_INJECTION none
- NO_EFFECT self_assign
- NULL_RETURNS none
- OPEN_REDIRECT none
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- REACT_DANGEROUS_INNERHTML react_set_unsafe_html
- REGEX_INJECTION none
- REVERSE_INULL none
- REVERSE_TABNABBING react_target_blank
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO insecure_cipher
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SA.RISKY_CRYPTO ssl_protocol
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SESSIONSTORAGE_MANIPULATION none
- SQLI none
- SQLI nosink
- SQLI sink
- STRAY_SEMICOLON none
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
- TEMPLATE_INJECTION none
- TEMPORARY_CREDENTIALS_DURATION temporary_credentials_duration
- UNCHECKED_ORIGIN none
- UNLESS_CASE_SENSITIVE_ROUTE_MATCHING express_unless_case_sensitive_route_matching
- UNREACHABLE none
- UNRESTRICTED_MESSAGE_TARGET none
- UNSAFE_BUFFER_METHOD unsafe_buffer_method
- UNSAFE_DESERIALIZATION none
- URL_MANIPULATION none
- VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
- WEAK_URL_SANITIZATION hostname_regular_expression
- WEAK_URL_SANITIZATION regular_expression_anchor
- WEAK_URL_SANITIZATION url_substring
- XML_EXTERNAL_ENTITY entity_expansion
- XML_EXTERNAL_ENTITY external_entities
- XSS none
|
- ASPNET_MVC_VERSION_HEADER none
- CALL_SUPER none
- CONFIG.DYNAMIC_DATA_HTML_COMMENT none
- CONFIG.MISSING_CUSTOM_ERROR_PAGE none
- CSRF database_update
- CSRF filesystem_modification
- CSRF none
- DEADCODE dead_case_in_switch
- DEADCODE dead_default_in_switch
- DEADCODE effectively_constant
- DEADCODE none
- DEADCODE redundant_test
- DIVIDE_BY_ZERO float_divisor
- DIVIDE_BY_ZERO none
- FORWARD_NULL deref_constant_null
- FORWARD_NULL deref_constant_zero
- FORWARD_NULL dynamic_cast
- FORWARD_NULL none
- FORWARD_NULL null_from_as
- FORWARD_NULL throws_on_null
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HEADER_INJECTION none
- IDENTICAL_BRANCHES case
- IDENTICAL_BRANCHES chain
- IDENTICAL_BRANCHES if
- IDENTICAL_BRANCHES ternary
- INFINITE_LOOP no_escape
- INFINITE_LOOP none
- INSECURE_RANDOM insecure_random_used
- INSECURE_RANDOM insecure_random_value
- LDAP_INJECTION none
- LDAP_NOT_CONSTANT none
- LOCK_EVASION none
- LOG_INJECTION none
- MISSING_AUTHZ none
- NULL_RETURNS none
- OPEN_REDIRECT none
- OS_CMD_INJECTION command_argument
- OS_CMD_INJECTION executable_file
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- REGEX_INJECTION none
- RESOURCE_LEAK channel
- RESOURCE_LEAK database
- RESOURCE_LEAK exceptional_path
- RESOURCE_LEAK none
- RESOURCE_LEAK socket
- RESOURCE_LEAK stream
- REVERSE_INULL none
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
- SWAPPED_ARGUMENTS none
- UNLOGGED_SECURITY_EXCEPTION unlogged_security_exception
- UNREACHABLE none
- UNRESTRICTED_DISPATCH none
- UNSAFE_DESERIALIZATION none
- UNSAFE_NAMED_QUERY none
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
- XML_EXTERNAL_ENTITY entity_expansion
- XML_EXTERNAL_ENTITY external_entities
- XML_EXTERNAL_ENTITY unrestricted_dtds
- XML_INJECTION none
- XPATH_INJECTION none
- XSS none
- XSS stored_xss
|
| 700 Seven Pernicious Kingdoms |
- ASPNET_MVC_VERSION_HEADER none
- BAD_EQ referential
- BAD_EQ_TYPES none
- BAD_LOCK_OBJECT boxed_lock
- BAD_LOCK_OBJECT interned_string_lock
- BAD_LOCK_OBJECT none
- BAD_LOCK_OBJECT single_thread_lock
- BAD_LOCK_OBJECT unsafe_assign_to_locked_field
- CALL_SUPER none
- CONFIG.ASPNET_VERSION_HEADER none
- CONFIG.CONNECTION_STRING_PASSWORD none
- CONFIG.COOKIES_MISSING_HTTPONLY none
- CONFIG.DEAD_AUTHORIZATION_RULE dead_allow_rule
- CONFIG.DEAD_AUTHORIZATION_RULE dead_deny_rule
- CONFIG.DYNAMIC_DATA_HTML_COMMENT none
- CONFIG.ENABLED_DEBUG_MODE none
- CONFIG.ENABLED_TRACE_MODE none
- CONFIG.MISSING_CUSTOM_ERROR_PAGE none
- CONSTANT_EXPRESSION_RESULT bit_and_with_zero
- CONSTANT_EXPRESSION_RESULT extra_high_bits
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT missing_parentheses
- CONSTANT_EXPRESSION_RESULT none
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT result_independent_of_operands
- CONSTANT_EXPRESSION_RESULT same_on_both_sides
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- COPY_PASTE_ERROR none
- CSRF database_update
- CSRF filesystem_modification
- CSRF none
- DEADCODE dead_case_in_switch
- DEADCODE dead_default_in_switch
- DEADCODE effectively_constant
- DEADCODE none
- DEADCODE redundant_test
- FORWARD_NULL deref_constant_null
- FORWARD_NULL deref_constant_zero
- FORWARD_NULL dynamic_cast
- FORWARD_NULL none
- FORWARD_NULL null_from_as
- FORWARD_NULL throws_on_null
- GUARDED_BY_VIOLATION none
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HEADER_INJECTION none
- IDENTICAL_BRANCHES case
- IDENTICAL_BRANCHES chain
- IDENTICAL_BRANCHES if
- IDENTICAL_BRANCHES ternary
- INSECURE_COOKIE dotnet
- INSECURE_RANDOM insecure_random_used
- INSECURE_RANDOM insecure_random_value
- LDAP_INJECTION none
- LDAP_NOT_CONSTANT none
- LOCK_EVASION none
- LOCK_INVERSION none
- LOG_INJECTION none
- MISSING_AUTHZ none
- MISSING_RESTORE likely
- MISSING_RESTORE none
- MISSING_RESTORE possible
- MISSING_THROW none
- NESTING_INDENT_MISMATCH bad_indentation
- NESTING_INDENT_MISMATCH none
- NON_STATIC_GUARDING_STATIC none
- NOSQL_QUERY_INJECTION none
- NULL_RETURNS none
- NULL_RETURNS unimpl
- OPEN_REDIRECT none
- OS_CMD_INJECTION command_argument
- OS_CMD_INJECTION executable_file
- OS_CMD_INJECTION none
- OVERFLOW_BEFORE_WIDEN none
- PATH_MANIPULATION none
- PROPERTY_MIXUP none
- REGEX_INJECTION none
- RESOURCE_LEAK channel
- RESOURCE_LEAK database
- RESOURCE_LEAK exceptional_path
- RESOURCE_LEAK none
- RESOURCE_LEAK socket
- RESOURCE_LEAK stream
- REVERSE_INULL none
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
- SWAPPED_ARGUMENTS none
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- UNEXPECTED_CONTROL_FLOW continue_in_do_while_false
- UNKNOWN_LANGUAGE_INJECTION none
- UNLOGGED_SECURITY_EXCEPTION unlogged_security_exception
- UNREACHABLE none
- UNRESTRICTED_DISPATCH none
- UNSAFE_DESERIALIZATION none
- UNSAFE_NAMED_QUERY none
- UNUSED_VALUE adjacent
- UNUSED_VALUE none
- VOLATILE_ATOMICITY compare
- VOLATILE_ATOMICITY none
- VOLATILE_ATOMICITY semantic
- VOLATILE_ATOMICITY threshold
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
- XML_EXTERNAL_ENTITY entity_expansion
- XML_EXTERNAL_ENTITY external_entities
- XML_EXTERNAL_ENTITY unrestricted_dtds
- XML_INJECTION none
- XPATH_INJECTION none
- XSS none
- XSS stored_xss
|
- ALLOC_FREE_MISMATCH none
- ARRAY_VS_SINGLETON none
- ATOMICITY none
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK nested_memory_access
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK sensitive_data_comparison
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_execution_data_leak
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_uninitialized_use
- AUTOSAR C++14 A15-3-3 none
- BAD_ALLOC_ARITHMETIC none
- BAD_COMPARE comparator_misuse
- BAD_COMPARE misuse_of_not
- BAD_COMPARE none
- BAD_COMPARE string_lit_comparison
- BAD_FREE address
- BAD_FREE alloca
- BAD_FREE array
- BAD_FREE first_field_address
- BAD_FREE function_pointer
- BAD_FREE none
- BUFFER_SIZE fixed_size_dest
- BUFFER_SIZE likely_overflow
- BUFFER_SIZE no_null_terminator
- BUFFER_SIZE no_null_terminator_warn
- BUFFER_SIZE none
- BUFFER_SIZE overflow
- BUFFER_SIZE overlapping_buffer
- CHAR_IO none
- CHECKED_RETURN library_function
- CHECKED_RETURN none
- CHECKED_RETURN returns_error_info
- CHECKED_RETURN short_read
- CHECKED_RETURN unchecked_arg
- CHECKED_RETURN user_required
- CHROOT none
- COM.ADDROF_LEAK none
- COM.BAD_FREE none
- COM.BSTR.ALLOC double_free
- COM.BSTR.ALLOC free_uninit
- COM.BSTR.ALLOC leak
- COM.BSTR.ALLOC none
- COM.BSTR.ALLOC use_after_free
- COM.BSTR.ALLOC use_uninit
- COM.BSTR.CONV none
- CONSTANT_EXPRESSION_RESULT bit_and_with_zero
- CONSTANT_EXPRESSION_RESULT extra_high_bits
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT missing_parentheses
- CONSTANT_EXPRESSION_RESULT none
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT pointless_string_compare
- CONSTANT_EXPRESSION_RESULT result_independent_of_operands
- CONSTANT_EXPRESSION_RESULT same_on_both_sides
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- COPY_PASTE_ERROR none
- CTOR_DTOR_LEAK none
- DC.PREDICTABLE_KEY_PASSWORD none
- DC.STREAM_BUFFER none
- DC.STRING_BUFFER none
- DC.WEAK_CRYPTO none
- DEADCODE dead_case_in_switch
- DEADCODE dead_default_in_switch
- DEADCODE effectively_constant
- DEADCODE none
- DEADCODE redundant_test
- DELETE_ARRAY non_array_delete
- DELETE_ARRAY none
- DELETE_ARRAY object
- DELETE_ARRAY scalar
- ENUM_AS_BOOLEAN none
- FORMAT_STRING_INJECTION none
- FORMAT_STRING_INJECTION paranoid
- FORWARD_NULL deref_constant_null
- FORWARD_NULL dynamic_cast
- FORWARD_NULL none
- FORWARD_NULL throws_on_null
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HEADER_INJECTION none
- IDENTICAL_BRANCHES case
- IDENTICAL_BRANCHES chain
- IDENTICAL_BRANCHES if
- IDENTICAL_BRANCHES ternary
- INCOMPATIBLE_CAST endianness
- INCOMPATIBLE_CAST float_vs_integral
- INCOMPATIBLE_CAST none
- INCOMPATIBLE_CAST overrun
- INTEGER_OVERFLOW array_index_read
- INTEGER_OVERFLOW array_index_write
- INTEGER_OVERFLOW const_overflow
- INTEGER_OVERFLOW critical_argument
- INTEGER_OVERFLOW none
- INTEGER_OVERFLOW pointer_deref_read
- INTEGER_OVERFLOW pointer_deref_write
- INTEGER_OVERFLOW return_value_error
- INVALIDATE_ITERATOR none
- LOCK double_lock
- LOCK lock_assert
- LOCK missing_unlock
- LOCK none
- MISMATCHED_ITERATOR mismatched_comparison
- MISMATCHED_ITERATOR none
- MISMATCHED_ITERATOR splice_iterator_mismatch
- MISRA C++-2008 Rule 15-3-2 none
- MISRA_CAST bitwise_op_bad_cast
- MISRA_CAST bitwise_op_no_cast
- MISRA_CAST float_complex_conversion
- MISRA_CAST float_narrowing_conversion
- MISRA_CAST float_non_constant_arg_conversion
- MISRA_CAST float_non_constant_conversion
- MISRA_CAST float_non_constant_rtn_conversion
- MISRA_CAST float_to_integer_cast
- MISRA_CAST float_to_integer_conversion
- MISRA_CAST float_widening_cast
- MISRA_CAST integer_complex_conversion
- MISRA_CAST integer_narrowing_conversion
- MISRA_CAST integer_non_constant_arg_conversion
- MISRA_CAST integer_non_constant_conversion
- MISRA_CAST integer_non_constant_rtn_conversion
- MISRA_CAST integer_signedness_changing_cast
- MISRA_CAST integer_signedness_changing_conversion
- MISRA_CAST integer_to_float_cast
- MISRA_CAST integer_to_float_conversion
- MISRA_CAST integer_widening_cast
- MISRA_CAST none
- MISSING_ASSIGN none
- MISSING_ASSIGN uncalled
- MISSING_BREAK none
- MISSING_COPY none
- MISSING_COPY uncalled
- MISSING_LOCK none
- MISSING_RESTORE likely
- MISSING_RESTORE none
- MISSING_RESTORE possible
- MIXED_ENUMS inferred
- MIXED_ENUMS none
- NEGATIVE_RETURNS array_index_read
- NEGATIVE_RETURNS array_index_write
- NEGATIVE_RETURNS critical_argument
- NEGATIVE_RETURNS loop_bound
- NEGATIVE_RETURNS none
- NESTING_INDENT_MISMATCH bad_indentation
- NESTING_INDENT_MISMATCH none
- NO_EFFECT array_null
- NO_EFFECT bad_memset_fill_value
- NO_EFFECT bad_memset_truncated_fill
- NO_EFFECT bad_memset_zero_size
- NO_EFFECT extra_comma
- NO_EFFECT incomplete_delete
- NO_EFFECT no_effect_deref
- NO_EFFECT no_effect_test
- NO_EFFECT self_assign
- NO_EFFECT static_through_instance
- NO_EFFECT unsigned_compare
- NO_EFFECT unsigned_compare_macros
- NO_EFFECT unsigned_enums
- NO_EFFECT useless_continue
- NULL_RETURNS none
- NULL_RETURNS unimpl
- OPEN_ARGS none
- ORDER_REVERSAL none
- OS_CMD_INJECTION none
- OVERFLOW_BEFORE_WIDEN none
- OVERRUN illegal_address
- OVERRUN none
- OVERRUN read
- OVERRUN strlen
- OVERRUN write
- PASS_BY_VALUE none
- PATH_MANIPULATION none
- PRINTF_ARGS extra_printf_arg
- PRINTF_ARGS invalid_printf_format_string
- PRINTF_ARGS invalid_type_printf_arg
- PRINTF_ARGS missing_printf_arg
- PW.* none
- PW.ASSIGN_WHERE_COMPARE_MEANT none
- PW.BAD_CAST none
- PW.BAD_PRINTF_FORMAT_STRING none
- PW.BRANCH_PAST_INITIALIZATION none
- PW.CONVERSION_TO_POINTER_LOSES_BITS none
- PW.INTEGER_OVERFLOW none
- PW.INTEGER_TOO_LARGE none
- PW.NON_CONST_PRINTF_FORMAT_STRING none
- PW.RETURN_PTR_TO_LOCAL_TEMP none
- PW.SHIFT_COUNT_TOO_LARGE none
- PW.TOO_FEW_PRINTF_ARGS none
- PW.TOO_MANY_PRINTF_ARGS none
- PW.UNSIGNED_COMPARE_WITH_NEGATIVE none
- READLINK none
- RESOURCE_LEAK exceptional_path
- RESOURCE_LEAK fds_handles
- RESOURCE_LEAK none
- RETURN_LOCAL escape_local_addr_to_fields_or_globals
- RETURN_LOCAL none
- REVERSE_INULL none
- REVERSE_NEGATIVE array_index_read
- REVERSE_NEGATIVE array_index_write
- REVERSE_NEGATIVE critical_argument
- REVERSE_NEGATIVE none
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SECURE_CODING none
- SECURE_TEMP none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SIGN_EXTENSION none
- SIZECHECK likely_overflow
- SIZECHECK no_null_terminator
- SIZEOF_MISMATCH extra_sizeof
- SIZEOF_MISMATCH missing_parentheses
- SIZEOF_MISMATCH none
- SIZEOF_MISMATCH sizeof_punning
- SIZEOF_MISMATCH wrong_size_value
- SIZEOF_MISMATCH wrong_sizeof
- SLEEP none
- SQLI none
- STACK_USE none
- STRING_NULL none
- STRING_OVERFLOW fixed_size_dest
- STRING_OVERFLOW likely_overflow
- STRING_OVERFLOW none
- STRING_SIZE none
- SWAPPED_ARGUMENTS none
- TAINTED_SCALAR allocation
- TAINTED_SCALAR array_index_read
- TAINTED_SCALAR array_index_write
- TAINTED_SCALAR critical_argument
- TAINTED_SCALAR divisor
- TAINTED_SCALAR loop_bound
- TAINTED_SCALAR none
- TAINTED_SCALAR pointer_deref_read
- TAINTED_SCALAR pointer_deref_write
- TAINTED_STRING none
- TOCTOU none
- UNCAUGHT_EXCEPT none
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- UNEXPECTED_CONTROL_FLOW continue_in_do_while_false
- UNINIT array_index_read
- UNINIT array_index_write
- UNINIT none
- UNINIT pointer_deref_read
- UNINIT pointer_deref_write
- UNINIT_CTOR none
- UNINIT_CTOR pointer
- UNREACHABLE none
- UNUSED_VALUE adjacent
- UNUSED_VALUE none
- URL_MANIPULATION none
- USER_POINTER none
- USE_AFTER_FREE deref_read_after_free
- USE_AFTER_FREE deref_write_after_free
- USE_AFTER_FREE double_close
- USE_AFTER_FREE double_free
- USE_AFTER_FREE none
- USE_AFTER_FREE use_after_close
- VARARGS none
- VIRTUAL_DTOR empty_dtor
- VIRTUAL_DTOR none
- WEAK_GUARD dns
- WEAK_GUARD dns_sensitive_op
- WEAK_GUARD http_referer
- WEAK_GUARD http_referer_sensitive_op
- WEAK_GUARD ip_address
- WEAK_GUARD ip_address_sensitive_op
- WEAK_GUARD none
- WEAK_GUARD os_login
- WEAK_GUARD os_login_sensitive_op
- WEAK_GUARD principal_name
- WEAK_GUARD principal_name_sensitive_op
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
- WRAPPER_ESCAPE COM_deref_read_after_free
- WRAPPER_ESCAPE COM_deref_write_after_free
- WRAPPER_ESCAPE COM_use_after_free
- WRAPPER_ESCAPE deref_read_after_free
- WRAPPER_ESCAPE deref_write_after_free
- WRAPPER_ESCAPE none
- XPATH_INJECTION none
- Y2K38_SAFETY declaration_with_small_time_t
- Y2K38_SAFETY truncation_of_time_t
|
- ALLOC_FREE_MISMATCH none
- ARRAY_VS_SINGLETON none
- ATOMICITY none
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK nested_memory_access
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK sensitive_data_comparison
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_execution_data_leak
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_uninitialized_use
- AUTOSAR C++14 A15-3-3 none
- BAD_ALLOC_ARITHMETIC none
- BAD_COMPARE comparator_misuse
- BAD_COMPARE misuse_of_not
- BAD_COMPARE none
- BAD_COMPARE string_lit_comparison
- BAD_FREE address
- BAD_FREE alloca
- BAD_FREE array
- BAD_FREE first_field_address
- BAD_FREE function_pointer
- BAD_FREE none
- BUFFER_SIZE fixed_size_dest
- BUFFER_SIZE likely_overflow
- BUFFER_SIZE no_null_terminator
- BUFFER_SIZE no_null_terminator_warn
- BUFFER_SIZE none
- BUFFER_SIZE overflow
- BUFFER_SIZE overlapping_buffer
- CHAR_IO none
- CHECKED_RETURN library_function
- CHECKED_RETURN none
- CHECKED_RETURN returns_error_info
- CHECKED_RETURN short_read
- CHECKED_RETURN unchecked_arg
- CHECKED_RETURN user_required
- CHROOT none
- CONSTANT_EXPRESSION_RESULT bit_and_with_zero
- CONSTANT_EXPRESSION_RESULT extra_high_bits
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT missing_parentheses
- CONSTANT_EXPRESSION_RESULT none
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT pointless_string_compare
- CONSTANT_EXPRESSION_RESULT result_independent_of_operands
- CONSTANT_EXPRESSION_RESULT same_on_both_sides
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- COPY_PASTE_ERROR none
- CTOR_DTOR_LEAK none
- DC.PREDICTABLE_KEY_PASSWORD none
- DC.STREAM_BUFFER none
- DC.STRING_BUFFER none
- DC.WEAK_CRYPTO none
- DEADCODE dead_case_in_switch
- DEADCODE dead_default_in_switch
- DEADCODE effectively_constant
- DEADCODE none
- DEADCODE redundant_test
- DELETE_ARRAY non_array_delete
- DELETE_ARRAY none
- DELETE_ARRAY object
- DELETE_ARRAY scalar
- ENUM_AS_BOOLEAN none
- FORMAT_STRING_INJECTION none
- FORMAT_STRING_INJECTION paranoid
- FORWARD_NULL deref_constant_null
- FORWARD_NULL dynamic_cast
- FORWARD_NULL none
- FORWARD_NULL throws_on_null
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HEADER_INJECTION none
- IDENTICAL_BRANCHES case
- IDENTICAL_BRANCHES chain
- IDENTICAL_BRANCHES if
- IDENTICAL_BRANCHES ternary
- INCOMPATIBLE_CAST endianness
- INCOMPATIBLE_CAST float_vs_integral
- INCOMPATIBLE_CAST none
- INCOMPATIBLE_CAST overrun
- INTEGER_OVERFLOW array_index_read
- INTEGER_OVERFLOW array_index_write
- INTEGER_OVERFLOW const_overflow
- INTEGER_OVERFLOW critical_argument
- INTEGER_OVERFLOW none
- INTEGER_OVERFLOW pointer_deref_read
- INTEGER_OVERFLOW pointer_deref_write
- INTEGER_OVERFLOW return_value_error
- INVALIDATE_ITERATOR none
- LOCK double_lock
- LOCK lock_assert
- LOCK missing_unlock
- LOCK none
- MISMATCHED_ITERATOR mismatched_comparison
- MISMATCHED_ITERATOR none
- MISMATCHED_ITERATOR splice_iterator_mismatch
- MISRA C++-2008 Rule 15-3-2 none
- MISRA_CAST bitwise_op_bad_cast
- MISRA_CAST bitwise_op_no_cast
- MISRA_CAST float_complex_conversion
- MISRA_CAST float_narrowing_conversion
- MISRA_CAST float_non_constant_arg_conversion
- MISRA_CAST float_non_constant_conversion
- MISRA_CAST float_non_constant_rtn_conversion
- MISRA_CAST float_to_integer_cast
- MISRA_CAST float_to_integer_conversion
- MISRA_CAST float_widening_cast
- MISRA_CAST integer_complex_conversion
- MISRA_CAST integer_narrowing_conversion
- MISRA_CAST integer_non_constant_arg_conversion
- MISRA_CAST integer_non_constant_conversion
- MISRA_CAST integer_non_constant_rtn_conversion
- MISRA_CAST integer_signedness_changing_cast
- MISRA_CAST integer_signedness_changing_conversion
- MISRA_CAST integer_to_float_cast
- MISRA_CAST integer_to_float_conversion
- MISRA_CAST integer_widening_cast
- MISRA_CAST none
- MISSING_ASSIGN none
- MISSING_ASSIGN uncalled
- MISSING_BREAK none
- MISSING_COPY none
- MISSING_COPY uncalled
- MISSING_LOCK none
- MISSING_RESTORE likely
- MISSING_RESTORE none
- MISSING_RESTORE possible
- MIXED_ENUMS inferred
- MIXED_ENUMS none
- NEGATIVE_RETURNS array_index_read
- NEGATIVE_RETURNS array_index_write
- NEGATIVE_RETURNS critical_argument
- NEGATIVE_RETURNS loop_bound
- NEGATIVE_RETURNS none
- NESTING_INDENT_MISMATCH bad_indentation
- NESTING_INDENT_MISMATCH none
- NO_EFFECT array_null
- NO_EFFECT bad_memset_fill_value
- NO_EFFECT bad_memset_truncated_fill
- NO_EFFECT bad_memset_zero_size
- NO_EFFECT extra_comma
- NO_EFFECT incomplete_delete
- NO_EFFECT no_effect_deref
- NO_EFFECT no_effect_test
- NO_EFFECT self_assign
- NO_EFFECT static_through_instance
- NO_EFFECT unsigned_compare
- NO_EFFECT unsigned_compare_macros
- NO_EFFECT unsigned_enums
- NO_EFFECT useless_continue
- NULL_RETURNS none
- NULL_RETURNS unimpl
- OPEN_ARGS none
- ORDER_REVERSAL none
- OS_CMD_INJECTION none
- OVERFLOW_BEFORE_WIDEN none
- OVERRUN illegal_address
- OVERRUN none
- OVERRUN read
- OVERRUN strlen
- OVERRUN write
- PASS_BY_VALUE none
- PATH_MANIPULATION none
- PRINTF_ARGS extra_printf_arg
- PRINTF_ARGS invalid_printf_format_string
- PRINTF_ARGS invalid_type_printf_arg
- PRINTF_ARGS missing_printf_arg
- PW.* none
- PW.ASSIGN_WHERE_COMPARE_MEANT none
- PW.BAD_CAST none
- PW.BAD_PRINTF_FORMAT_STRING none
- PW.BRANCH_PAST_INITIALIZATION none
- PW.CONVERSION_TO_POINTER_LOSES_BITS none
- PW.INTEGER_OVERFLOW none
- PW.INTEGER_TOO_LARGE none
- PW.NON_CONST_PRINTF_FORMAT_STRING none
- PW.RETURN_PTR_TO_LOCAL_TEMP none
- PW.SHIFT_COUNT_TOO_LARGE none
- PW.TOO_FEW_PRINTF_ARGS none
- PW.TOO_MANY_PRINTF_ARGS none
- PW.UNSIGNED_COMPARE_WITH_NEGATIVE none
- READLINK none
- RESOURCE_LEAK exceptional_path
- RESOURCE_LEAK fds_handles
- RESOURCE_LEAK none
- RETURN_LOCAL escape_local_addr_to_fields_or_globals
- RETURN_LOCAL none
- REVERSE_INULL none
- REVERSE_NEGATIVE array_index_read
- REVERSE_NEGATIVE array_index_write
- REVERSE_NEGATIVE critical_argument
- REVERSE_NEGATIVE none
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SECURE_CODING none
- SECURE_TEMP none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SIGN_EXTENSION none
- SIZECHECK likely_overflow
- SIZECHECK no_null_terminator
- SIZEOF_MISMATCH extra_sizeof
- SIZEOF_MISMATCH missing_parentheses
- SIZEOF_MISMATCH none
- SIZEOF_MISMATCH sizeof_punning
- SIZEOF_MISMATCH wrong_size_value
- SIZEOF_MISMATCH wrong_sizeof
- SLEEP none
- SQLI none
- STACK_USE none
- STRING_NULL none
- STRING_OVERFLOW fixed_size_dest
- STRING_OVERFLOW likely_overflow
- STRING_OVERFLOW none
- STRING_SIZE none
- SWAPPED_ARGUMENTS none
- TAINTED_SCALAR allocation
- TAINTED_SCALAR array_index_read
- TAINTED_SCALAR array_index_write
- TAINTED_SCALAR critical_argument
- TAINTED_SCALAR divisor
- TAINTED_SCALAR loop_bound
- TAINTED_SCALAR none
- TAINTED_SCALAR pointer_deref_read
- TAINTED_SCALAR pointer_deref_write
- TAINTED_STRING none
- TOCTOU none
- UNCAUGHT_EXCEPT none
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- UNEXPECTED_CONTROL_FLOW continue_in_do_while_false
- UNINIT array_index_read
- UNINIT array_index_write
- UNINIT none
- UNINIT pointer_deref_read
- UNINIT pointer_deref_write
- UNINIT_CTOR none
- UNINIT_CTOR pointer
- UNREACHABLE none
- UNUSED_VALUE adjacent
- UNUSED_VALUE none
- URL_MANIPULATION none
- USER_POINTER none
- USE_AFTER_FREE deref_read_after_free
- USE_AFTER_FREE deref_write_after_free
- USE_AFTER_FREE double_close
- USE_AFTER_FREE double_free
- USE_AFTER_FREE none
- USE_AFTER_FREE use_after_close
- VARARGS none
- VIRTUAL_DTOR empty_dtor
- VIRTUAL_DTOR none
- WEAK_GUARD dns
- WEAK_GUARD dns_sensitive_op
- WEAK_GUARD http_referer
- WEAK_GUARD http_referer_sensitive_op
- WEAK_GUARD ip_address
- WEAK_GUARD ip_address_sensitive_op
- WEAK_GUARD none
- WEAK_GUARD os_login
- WEAK_GUARD os_login_sensitive_op
- WEAK_GUARD principal_name
- WEAK_GUARD principal_name_sensitive_op
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
- WRAPPER_ESCAPE COM_deref_read_after_free
- WRAPPER_ESCAPE COM_deref_write_after_free
- WRAPPER_ESCAPE COM_use_after_free
- WRAPPER_ESCAPE deref_read_after_free
- WRAPPER_ESCAPE deref_write_after_free
- WRAPPER_ESCAPE none
- XPATH_INJECTION none
|
- ATOMICITY none
- CHECKED_RETURN none
- CHECKED_RETURN unchecked_arg
- CONSTANT_EXPRESSION_RESULT bit_and_with_zero
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT missing_parentheses
- CONSTANT_EXPRESSION_RESULT none
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT result_independent_of_operands
- CONSTANT_EXPRESSION_RESULT same_on_both_sides
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- COPY_PASTE_ERROR none
- DEADCODE dead_case_in_switch
- DEADCODE dead_default_in_switch
- DEADCODE effectively_constant
- DEADCODE none
- DEADCODE redundant_test
- DISTRUSTED_DATA_DESERIALIZATION none
- FORWARD_NULL deref_constant_null
- FORWARD_NULL none
- GUARDED_BY_VIOLATION none
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HEADER_INJECTION none
- IDENTICAL_BRANCHES case
- IDENTICAL_BRANCHES chain
- IDENTICAL_BRANCHES if
- IDENTICAL_BRANCHES ternary
- INSUFFICIENT_LOGGING logging_obligation
- LOCK double_lock
- LOCK lock_assert
- LOCK missing_unlock
- LOCK none
- LOCK_INVERSION none
- NOSQL_QUERY_INJECTION none
- NULL_RETURNS none
- NULL_RETURNS unimpl
- OPEN_REDIRECT none
- OS_CMD_INJECTION command_as_one_string
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- REVERSE_INULL none
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SLEEP none
- SQLI none
- SQLI nosink
- SQLI sink
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
- TEMPLATE_INJECTION none
- UNUSED_VALUE adjacent
- UNUSED_VALUE none
- URL_MANIPULATION none
- XML_EXTERNAL_ENTITY entity_expansion
- XML_EXTERNAL_ENTITY external_entities
- XSS none
|
- ANDROID_CAPABILITY_LEAK none
- ANDROID_DEBUG_MODE none
- ANDROID_WEBVIEW_FILEACCESS android_webview_file_access
- ATOMICITY none
- ATTRIBUTE_NAME_CONFLICT jsp_tag
- BAD_CERT_VERIFICATION bad_hostname_verifier
- BAD_CERT_VERIFICATION bad_revocation_check
- BAD_CERT_VERIFICATION bad_ssl_session
- BAD_CERT_VERIFICATION bad_trust_manager
- BAD_LOCK_OBJECT boxed_lock
- BAD_LOCK_OBJECT interned_string_lock
- BAD_LOCK_OBJECT none
- BAD_LOCK_OBJECT single_thread_lock
- BAD_LOCK_OBJECT unsafe_assign_to_locked_field
- CALL_SUPER clone
- CALL_SUPER finalize
- CALL_SUPER none
- CHECKED_RETURN library_function
- CHECKED_RETURN none
- CHECKED_RETURN short_read
- CHECKED_RETURN user_required
- CONFIG.ANDROID_BACKUPS_ALLOWED android
- CONFIG.DWR_DEBUG_MODE none
- CONFIG.DYNAMIC_DATA_HTML_COMMENT none
- CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
- CONFIG.HTTP_VERB_TAMPERING none
- CONFIG.JAVAEE_MISSING_HTTPONLY none
- CONFIG.JAVAEE_MISSING_SERVLET_MAPPING javaee
- CONFIG.MISSING_GLOBAL_EXCEPTION_HANDLER none
- CONFIG.MISSING_JSF2_SECURITY_CONSTRAINT none
- CONFIG.MYBATIS_MAPPER_SQLI none
- CONFIG.SPRING_BOOT_SENSITIVE_LOGGING spring_boot_logging
- CONFIG.SPRING_BOOT_SSL_DISABLED spring_boot_certificate_validation_skipped
- CONFIG.SPRING_BOOT_SSL_DISABLED spring_boot_ssl_disabled
- CONFIG.SPRING_SECURITY_CSRF_PROTECTION_DISABLED spring_security
- CONFIG.SPRING_SECURITY_DEBUG_MODE spring_debug_mode_enabled
- CONFIG.SPRING_SECURITY_DEPRECATED_XSS_HEADER deprecated_xss_header
- CONFIG.SPRING_SECURITY_DISABLE_AUTH_TAGS none
- CONFIG.SPRING_SECURITY_EXPOSED_SESSIONID session_id_in_url
- CONFIG.SPRING_SECURITY_HARDCODED_CREDENTIALS none
- CONFIG.SPRING_SECURITY_LOGIN_OVER_HTTP spring_security_login_over_http
- CONFIG.SPRING_SECURITY_REMEMBER_ME_HARDCODED_KEY none
- CONFIG.SPRING_SECURITY_SESSION_FIXATION none
- CONFIG.SPRING_SECURITY_SESSION_FIXATION spring_security_source_code
- CONFIG.SPRING_SECURITY_UNSAFE_AUTHENTICATION_FILTER authentication_filter
- CONFIG.SPRING_SECURITY_WEAK_PASSWORD_HASH weak_encoding_for_password
- CONFIG.STRUTS2_CONFIG_BROWSER_PLUGIN none
- CONFIG.STRUTS2_DYNAMIC_METHOD_INVOCATION none
- CONFIG.STRUTS2_ENABLED_DEV_MODE none
- CONFIG.UNSAFE_SESSION_TIMEOUT none
- CONSTANT_EXPRESSION_RESULT bit_and_with_zero
- CONSTANT_EXPRESSION_RESULT extra_high_bits
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT missing_parentheses
- CONSTANT_EXPRESSION_RESULT none
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT result_independent_of_operands
- CONSTANT_EXPRESSION_RESULT same_on_both_sides
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- COPY_PASTE_ERROR none
- CORS_MISCONFIGURATION cors_with_credentials_http_origin
- CORS_MISCONFIGURATION cors_with_credentials_null_origin
- CORS_MISCONFIGURATION_AUDIT cors_expose_sensitive_header
- CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
- CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
- CSRF database_update
- CSRF filesystem_modification
- CSRF none
- DC.DANGEROUS none
- DC.DEADLOCK none
- DEADCODE dead_case_in_switch
- DEADCODE dead_default_in_switch
- DEADCODE effectively_constant
- DEADCODE none
- DEADCODE redundant_test
- DISABLED_ENCRYPTION text_encryptor
- EL_INJECTION none
- EXPOSED_PREFERENCES none
- FB.AM_CREATES_EMPTY_JAR_FILE_ENTRY none
- FB.AM_CREATES_EMPTY_ZIP_FILE_ENTRY none
- FB.BC_IMPOSSIBLE_CAST none
- FB.BC_IMPOSSIBLE_DOWNCAST none
- FB.BC_IMPOSSIBLE_DOWNCAST_OF_TOARRAY none
- FB.BC_IMPOSSIBLE_INSTANCEOF none
- FB.BC_NULL_INSTANCEOF none
- FB.BC_VACUOUS_INSTANCEOF none
- FB.BX_BOXING_IMMEDIATELY_UNBOXED_TO_PERFORM_COERCION none
- FB.CN_IDIOM none
- FB.CN_IDIOM_NO_SUPER_CALL none
- FB.CN_IMPLEMENTS_CLONE_BUT_NOT_CLONEABLE none
- FB.DC_DOUBLECHECK none
- FB.DC_PARTIALLY_CONSTRUCTED none
- FB.DE_MIGHT_DROP none
- FB.DE_MIGHT_IGNORE none
- FB.DLS_DEAD_LOCAL_INCREMENT_IN_RETURN none
- FB.DLS_DEAD_LOCAL_STORE none
- FB.DLS_DEAD_LOCAL_STORE_IN_RETURN none
- FB.DLS_DEAD_LOCAL_STORE_OF_NULL none
- FB.DLS_DEAD_LOCAL_STORE_SHADOWS_FIELD none
- FB.DLS_DEAD_STORE_OF_CLASS_LITERAL none
- FB.DLS_OVERWRITTEN_INCREMENT none
- FB.DMI_ANNOTATION_IS_NOT_VISIBLE_TO_REFLECTION none
- FB.DMI_ARGUMENTS_WRONG_ORDER none
- FB.DMI_BAD_MONTH none
- FB.DMI_BIGDECIMAL_CONSTRUCTED_FROM_DOUBLE none
- FB.DMI_BLOCKING_METHODS_ON_URL none
- FB.DMI_CALLING_NEXT_FROM_HASNEXT none
- FB.DMI_COLLECTIONS_SHOULD_NOT_CONTAIN_THEMSELVES none
- FB.DMI_COLLECTION_OF_URLS none
- FB.DMI_CONSTANT_DB_PASSWORD none
- FB.DMI_DOH none
- FB.DMI_EMPTY_DB_PASSWORD none
- FB.DMI_ENTRY_SETS_MAY_REUSE_ENTRY_OBJECTS none
- FB.DMI_FUTILE_ATTEMPT_TO_CHANGE_MAXPOOL_SIZE_OF_SCHEDULED_THREAD none
- FB.DMI_HARDCODED_ABSOLUTE_FILENAME none
- FB.DMI_INVOKING_HASHCODE_ON_ARRAY none
- FB.DMI_INVOKING_TOSTRING_ON_ANONYMOUS_ARRAY none
- FB.DMI_INVOKING_TOSTRING_ON_ARRAY none
- FB.DMI_LONG_BITS_TO_DOUBLE_INVOKED_ON_INT none
- FB.DMI_NONSERIALIZABLE_OBJECT_WRITTEN none
- FB.DMI_RANDOM_USED_ONLY_ONCE none
- FB.DMI_SCHEDULED_THREAD_POOL_EXECUTOR_WITH_ZERO_CORE_THREADS none
- FB.DMI_THREAD_PASSED_WHERE_RUNNABLE_EXPECTED none
- FB.DMI_UNSUPPORTED_METHOD none
- FB.DMI_USELESS_SUBSTRING none
- FB.DMI_USING_REMOVEALL_TO_CLEAR_COLLECTION none
- FB.DMI_VACUOUS_CALL_TO_EASYMOCK_METHOD none
- FB.DMI_VACUOUS_SELF_COLLECTION_CALL none
- FB.DM_EXIT none
- FB.EI_EXPOSE_REP none
- FB.EI_EXPOSE_REP2 none
- FB.EQ_ABSTRACT_SELF none
- FB.EQ_ALWAYS_FALSE none
- FB.EQ_ALWAYS_TRUE none
- FB.EQ_CHECK_FOR_OPERAND_NOT_COMPATIBLE_WITH_THIS none
- FB.EQ_COMPARETO_USE_OBJECT_EQUALS none
- FB.EQ_COMPARING_CLASS_NAMES none
- FB.EQ_DOESNT_OVERRIDE_EQUALS none
- FB.EQ_DONT_DEFINE_EQUALS_FOR_ENUM none
- FB.EQ_GETCLASS_AND_CLASS_CONSTANT none
- FB.EQ_OTHER_NO_OBJECT none
- FB.EQ_OTHER_USE_OBJECT none
- FB.EQ_OVERRIDING_EQUALS_NOT_SYMMETRIC none
- FB.EQ_SELF_NO_OBJECT none
- FB.EQ_SELF_USE_OBJECT none
- FB.EQ_UNUSUAL none
- FB.ESYNC_EMPTY_SYNC none
- FB.ES_COMPARING_PARAMETER_STRING_WITH_EQ none
- FB.ES_COMPARING_STRINGS_WITH_EQ none
- FB.FI_EMPTY none
- FB.FI_EXPLICIT_INVOCATION none
- FB.FI_FINALIZER_NULLS_FIELDS none
- FB.FI_FINALIZER_ONLY_NULLS_FIELDS none
- FB.FI_MISSING_SUPER_CALL none
- FB.FI_NULLIFY_SUPER none
- FB.FI_PUBLIC_SHOULD_BE_PROTECTED none
- FB.FI_USELESS none
- FB.HRS_REQUEST_PARAMETER_TO_COOKIE none
- FB.HRS_REQUEST_PARAMETER_TO_HTTP_HEADER none
- FB.ICAST_BAD_SHIFT_AMOUNT none
- FB.ICAST_IDIV_CAST_TO_DOUBLE none
- FB.ICAST_INTEGER_MULTIPLY_CAST_TO_LONG none
- FB.ICAST_INT_2_LONG_AS_INSTANT none
- FB.ICAST_INT_CAST_TO_DOUBLE_PASSED_TO_CEIL none
- FB.ICAST_INT_CAST_TO_FLOAT_PASSED_TO_ROUND none
- FB.ICAST_QUESTIONABLE_UNSIGNED_RIGHT_SHIFT none
- FB.IL_INFINITE_RECURSIVE_LOOP none
- FB.IP_PARAMETER_IS_DEAD_BUT_OVERWRITTEN none
- FB.IS2_INCONSISTENT_SYNC none
- FB.IS_FIELD_NOT_GUARDED none
- FB.IS_INCONSISTENT_SYNC none
- FB.J2EE_STORE_OF_NON_SERIALIZABLE_OBJECT_INTO_SESSION none
- FB.LI_LAZY_INIT_STATIC none
- FB.LI_LAZY_INIT_UPDATE_STATIC none
- FB.MS_CANNOT_BE_FINAL none
- FB.NP_ALWAYS_NULL none
- FB.NP_ALWAYS_NULL_EXCEPTION none
- FB.NP_ARGUMENT_MIGHT_BE_NULL none
- FB.NP_BOOLEAN_RETURN_NULL none
- FB.NP_CLONE_COULD_RETURN_NULL none
- FB.NP_CLOSING_NULL none
- FB.NP_DEREFERENCE_OF_READLINE_VALUE none
- FB.NP_DOES_NOT_HANDLE_NULL none
- FB.NP_EQUALS_SHOULD_HANDLE_NULL_ARGUMENT none
- FB.NP_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR none
- FB.NP_GUARANTEED_DEREF none
- FB.NP_GUARANTEED_DEREF_ON_EXCEPTION_PATH none
- FB.NP_IMMEDIATE_DEREFERENCE_OF_READLINE none
- FB.NP_LOAD_OF_KNOWN_NULL_VALUE none
- FB.NP_METHOD_PARAMETER_RELAXING_ANNOTATION none
- FB.NP_METHOD_PARAMETER_TIGHTENS_ANNOTATION none
- FB.NP_METHOD_RETURN_RELAXING_ANNOTATION none
- FB.NP_NONNULL_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR none
- FB.NP_NONNULL_PARAM_VIOLATION none
- FB.NP_NONNULL_RETURN_VIOLATION none
- FB.NP_NULL_INSTANCEOF none
- FB.NP_NULL_ON_SOME_PATH none
- FB.NP_NULL_ON_SOME_PATH_EXCEPTION none
- FB.NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE none
- FB.NP_NULL_ON_SOME_PATH_MIGHT_BE_INFEASIBLE none
- FB.NP_NULL_PARAM_DEREF none
- FB.NP_NULL_PARAM_DEREF_ALL_TARGETS_DANGEROUS none
- FB.NP_NULL_PARAM_DEREF_NONVIRTUAL none
- FB.NP_OPTIONAL_RETURN_NULL none
- FB.NP_PARAMETER_MUST_BE_NONNULL_BUT_MARKED_AS_NULLABLE none
- FB.NP_STORE_INTO_NONNULL_FIELD none
- FB.NP_SYNC_AND_NULL_CHECK_FIELD none
- FB.NP_TOSTRING_COULD_RETURN_NULL none
- FB.NP_UNWRITTEN_FIELD none
- FB.NP_UNWRITTEN_PUBLIC_OR_PROTECTED_FIELD none
- FB.PT_ABSOLUTE_PATH_TRAVERSAL none
- FB.PT_RELATIVE_PATH_TRAVERSAL none
- FB.QBA_QUESTIONABLE_BOOLEAN_ASSIGNMENT none
- FB.RCN_REDUNDANT_COMPARISON_OF_NULL_AND_NONNULL_VALUE none
- FB.RCN_REDUNDANT_COMPARISON_TWO_NULL_VALUES none
- FB.RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE none
- FB.RCN_REDUNDANT_NULLCHECK_OF_NULL_VALUE none
- FB.RCN_REDUNDANT_NULLCHECK_WOULD_HAVE_BEEN_A_NPE none
- FB.REC_CATCH_EXCEPTION none
- FB.RU_INVOKE_RUN none
- FB.RV_01_TO_INT none
- FB.RV_ABSOLUTE_VALUE_OF_HASHCODE none
- FB.RV_ABSOLUTE_VALUE_OF_RANDOM_INT none
- FB.RV_CHECK_COMPARETO_FOR_SPECIFIC_RETURN_VALUE none
- FB.RV_CHECK_FOR_POSITIVE_INDEXOF none
- FB.RV_DONT_JUST_NULL_CHECK_READLINE none
- FB.RV_EXCEPTION_NOT_THROWN none
- FB.RV_NEGATING_RESULT_OF_COMPARETO none
- FB.RV_REM_OF_HASHCODE none
- FB.RV_REM_OF_RANDOM_INT none
- FB.RV_RETURN_VALUE_IGNORED none
- FB.RV_RETURN_VALUE_IGNORED2 none
- FB.RV_RETURN_VALUE_IGNORED_BAD_PRACTICE none
- FB.RV_RETURN_VALUE_IGNORED_INFERRED none
- FB.RV_RETURN_VALUE_IGNORED_NO_SIDE_EFFECT none
- FB.RV_RETURN_VALUE_OF_PUTIFABSENT_IGNORED none
- FB.SF_DEAD_STORE_DUE_TO_SWITCH_FALLTHROUGH none
- FB.SF_DEAD_STORE_DUE_TO_SWITCH_FALLTHROUGH_TO_THROW none
- FB.SF_SWITCH_FALLTHROUGH none
- FB.SQL_NONCONSTANT_STRING_PASSED_TO_EXECUTE none
- FB.SQL_PREPARED_STATEMENT_GENERATED_FROM_NONCONSTANT_STRING none
- FB.STCAL_INVOKE_ON_STATIC_CALENDAR_INSTANCE none
- FB.STCAL_INVOKE_ON_STATIC_DATE_FORMAT_INSTANCE none
- FB.STCAL_STATIC_CALENDAR_INSTANCE none
- FB.STCAL_STATIC_SIMPLE_DATE_FORMAT_INSTANCE none
- FB.XSS_REQUEST_PARAMETER_TO_JSP_WRITER none
- FB.XSS_REQUEST_PARAMETER_TO_SEND_ERROR none
- FB.XSS_REQUEST_PARAMETER_TO_SERVLET_WRITER none
- FORWARD_NULL deref_constant_null
- FORWARD_NULL deref_constant_zero
- FORWARD_NULL needs_null_check
- FORWARD_NULL none
- GUARDED_BY_VIOLATION none
- GUARDED_BY_VIOLATION unlocked_read
- GUARDED_BY_VIOLATION unlocked_write
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HEADER_INJECTION none
- HIBERNATE_BAD_HASHCODE bad_equals
- IDENTICAL_BRANCHES case
- IDENTICAL_BRANCHES chain
- IDENTICAL_BRANCHES if
- IDENTICAL_BRANCHES ternary
- IMPLICIT_INTENT none
- INSECURE_COMMUNICATION insecure_communication
- INSECURE_COMMUNICATION none
- INSECURE_COMMUNICATION unencrypted_connection
- INSECURE_COOKIE java
- INSECURE_HTTP_FIREWALL spring_security
- INSECURE_RANDOM insecure_random_used
- INSECURE_RANDOM insecure_random_value
- INSECURE_REMEMBER_ME_COOKIE remember_me_cookie
- INVALIDATE_ITERATOR map_put
- INVALIDATE_ITERATOR none
- JAVA_CODE_INJECTION none
- JCR_INJECTION none
- JSP_DYNAMIC_INCLUDE none
- JSP_SQL_INJECTION none
- LDAP_INJECTION none
- LDAP_NOT_CONSTANT none
- LOCK_EVASION none
- LOCK_INVERSION none
- LOG_INJECTION none
- MISSING_AUTHZ none
- MISSING_BREAK none
- MISSING_HEADER_VALIDATION missing_header_validation
- MISSING_PERMISSION_FOR_BROADCAST none
- MISSING_PERMISSION_ON_EXPORTED_COMPONENT none
- MISSING_RESTORE likely
- MISSING_RESTORE none
- MISSING_RESTORE possible
- MISSING_THROW none
- MOBILE_ID_MISUSE none
- NESTING_INDENT_MISMATCH bad_indentation
- NESTING_INDENT_MISMATCH none
- NON_STATIC_GUARDING_STATIC none
- NOSQL_QUERY_INJECTION none
- NULL_RETURNS none
- NULL_RETURNS unimpl
- OGNL_INJECTION none
- OPEN_REDIRECT none
- ORM_LOAD_NULL_CHECK none
- OS_CMD_INJECTION command_as_array_of_args
- OS_CMD_INJECTION command_as_one_string
- OS_CMD_INJECTION none
- OVERFLOW_BEFORE_WIDEN none
- PATH_MANIPULATION none
- PREDICTABLE_RANDOM_SEED random_seed
- PREDICTABLE_RANDOM_SEED secure_random_seed_const
- PREDICTABLE_RANDOM_SEED secure_random_seed_sys_time
- PROPERTY_MIXUP none
- REGEX_INJECTION none
- RESOURCE_LEAK exceptional_path
- RESOURCE_LEAK none
- RESOURCE_LEAK socket
- RESOURCE_LEAK stream
- REVERSE_INULL none
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_clipboard
- SENSITIVE_DATA_LEAK cleartext_storage_in_content_provider
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_intent
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SERVLET_ATOMICITY attribute_init_race
- SERVLET_ATOMICITY none
- SERVLET_ATOMICITY violation_on_session_object
- SESSION_FIXATION none
- SINGLETON_RACE none
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
- SWAPPED_ARGUMENTS none
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
- TRUST_BOUNDARY_VIOLATION none
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- UNEXPECTED_CONTROL_FLOW continue_in_do_while_false
- UNKNOWN_LANGUAGE_INJECTION none
- UNLIMITED_CONCURRENT_SESSIONS unlimited_concurrent_sessions
- UNLOGGED_SECURITY_EXCEPTION unlogged_security_exception
- UNREACHABLE none
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_access
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_read
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_write
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_access
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_read
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_write
- UNRESTRICTED_DISPATCH none
- UNSAFE_DESERIALIZATION none
- UNSAFE_JNI none
- UNSAFE_NAMED_QUERY none
- UNSAFE_REFLECTION none
- UNUSED_VALUE adjacent
- UNUSED_VALUE none
- URL_MANIPULATION bad_content_uri
- URL_MANIPULATION bad_intent_uri
- URL_MANIPULATION bad_web_uri
- USE_AFTER_FREE none
- VERBOSE_ERROR_REPORTING exception_information
- VERBOSE_ERROR_REPORTING stack_trace
- VOLATILE_ATOMICITY compare
- VOLATILE_ATOMICITY none
- VOLATILE_ATOMICITY semantic
- VOLATILE_ATOMICITY threshold
- WEAK_GUARD dns
- WEAK_GUARD dns_sensitive_op
- WEAK_GUARD http_referer
- WEAK_GUARD http_referer_sensitive_op
- WEAK_GUARD ip_address
- WEAK_GUARD ip_address_sensitive_op
- WEAK_GUARD none
- WEAK_GUARD os_login
- WEAK_GUARD os_login_sensitive_op
- WEAK_GUARD principal_name
- WEAK_GUARD principal_name_sensitive_op
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
- XML_EXTERNAL_ENTITY entity_expansion
- XML_EXTERNAL_ENTITY external_entities
- XML_EXTERNAL_ENTITY unrestricted_dtds
- XML_INJECTION none
- XPATH_INJECTION none
- XSS none
- XSS stored_xss
|
- ANGULAR_BYPASS_SECURITY none
- ANGULAR_ELEMENT_REFERENCE none
- ANGULAR_EXPRESSION_INJECTION none
- ANGULAR_SCE_DISABLED angular_sce_disabled
- AWS_SSL_DISABLED aws_ssl_disabled
- AWS_VALIDATION_DISABLED aws_credentials_validation
- AWS_VALIDATION_DISABLED aws_parameters_validation
- BAD_CERT_VERIFICATION bad_cert_verification
- BAD_CERT_VERIFICATION certificate_validation_disabled
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_fields
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_filesize
- CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
- CONFIG.CORDOVA_EXCESSIVE_LOGGING cordova
- CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_intent_whitelist
- CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_navigation_whitelist
- CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_network_request_whitelist
- CONFIG.CSURF_IGNORE_METHODS csurf_ignore_methods
- CONFIG.ENABLED_DEBUG_MODE debug_mode_enabled
- CONFIG.HANA_XS_PREVENT_XSRF_DISABLED none
- CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
- CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
- CONFIG.JSONWEBTOKEN_NON_EXPIRING_TOKEN jwt_non_expiring_token
- CONFIG.MISSING_GLOBAL_EXCEPTION_HANDLER winston_exception_handling
- CONFIG.MYSQL_SSL_VERIFY_DISABLED mysql_ssl_verify_disabled
- CONFIG.REQUEST_STRICTSSL_DISABLED request_strictssl_disabled
- CONFIG.SEQUELIZE_ENABLED_LOGGING sequelize_logging_enabled
- CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
- CONFIG.SOCKETIO_MAXHTTPBUFFERSIZE_SET_TOO_LARGE socketio_max_buffer_size
- CONFIG.SOCKETIO_ORIGINS_ACCEPT_ALL socketio_all_origins
- CONFIG.UNSAFE_SESSION_TIMEOUT client_sessions_unsafe_session_timeout
- CONFIG.UNSAFE_SESSION_TIMEOUT connect_mongo_session_timeout_too_long
- CONFIG.UNSAFE_SESSION_TIMEOUT connect_redis_session_timeout_too_long
- CONFIG.UNSAFE_SESSION_TIMEOUT google_cloud_connect_datastore_unsafe_session_timeout
- CONFIG.VUE_ROUTER_PARAMS_EXPOSED_TO_PROPS vuerouter_exposed_params
- CONSTANT_EXPRESSION_RESULT bit_and_with_zero
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT missing_parentheses
- CONSTANT_EXPRESSION_RESULT none
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT result_independent_of_operands
- CONSTANT_EXPRESSION_RESULT same_on_both_sides
- CONSTANT_EXPRESSION_RESULT typeof_misuse
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- COOKIE_INJECTION none
- COPY_PASTE_ERROR none
- CORS_MISCONFIGURATION cors_configured_globally
- CORS_MISCONFIGURATION cors_origin_string
- CORS_MISCONFIGURATION cors_with_credentials_all_origin
- CORS_MISCONFIGURATION cors_with_credentials_http_origin
- CORS_MISCONFIGURATION cors_with_credentials_null_origin
- CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
- CORS_MISCONFIGURATION_AUDIT cors_expose_sensitive_header
- CORS_MISCONFIGURATION_AUDIT cors_headers_allowed
- CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
- CORS_MISCONFIGURATION_AUDIT cors_origin_string
- CORS_MISCONFIGURATION_AUDIT cors_preflight_age_too_long
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_all_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_http_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_null_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
- CSRF database_update
- CSRF filesystem_modification
- CSRF none
- CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_cookie_name
- CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_no_validation
- CSRF_MISCONFIGURATION_HAPI_CRUMB insecure_cookie
- CSRF_MISCONFIGURATION_HAPI_CRUMB insufficient_token_entropy
- CSS_INJECTION none
- DEADCODE none
- DEADCODE redundant_test
- DNS_PREFETCHING helmet_dns_prefetching
- DOM_XSS none
- EXPLICIT_THIS_EXPECTED none
- EXPRESS_SESSION_UNSAFE_MEMORYSTORE express_session_unsafe_memorystore
- EXPRESS_WINSTON_SENSITIVE_LOGGING error_logger
- EXPRESS_WINSTON_SENSITIVE_LOGGING meta_data
- EXPRESS_WINSTON_SENSITIVE_LOGGING request_logger
- EXPRESS_X_POWERED_BY_ENABLED x_powered_by_http_header
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_fields
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_filesize
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_use_temp_files
- FORWARD_NULL bad_null_value_use
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HEADER_INJECTION none
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_max_age
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_report_uri
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_set_if
- IDENTICAL_BRANCHES case
- IDENTICAL_BRANCHES chain
- IDENTICAL_BRANCHES if
- IDENTICAL_BRANCHES ternary
- IDENTIFIER_TYPO none
- INSECURE_ACL insecure_acl
- INSECURE_COMMUNICATION insecure_connection
- INSECURE_COOKIE client_sessions_express_session
- INSECURE_COOKIE hapi_server_session
- INSECURE_RANDOM insecure_random_used
- INSECURE_RANDOM insecure_random_value
- INSECURE_REFERRER_POLICY insecure_referrer_policy
- INSECURE_SALT hardcoded
- INSUFFICIENT_LOGGING logging_obligation
- INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_aws
- INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_google
- JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_exipration
- JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_not_before
- JSONWEBTOKEN_UNTRUSTED_DECODE jwt_untrusted_decode
- LOCALSTORAGE_MANIPULATION none
- LOCALSTORAGE_WRITE none
- MISSING_AUTHZ none
- MISSING_BREAK none
- MISSING_IFRAME_SANDBOX none
- MULTER_MISCONFIGURATION multer_applied_globally
- MULTER_MISCONFIGURATION multer_custom_file_filter
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_count
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
- MULTER_MISCONFIGURATION multer_misconfiguration_of_limits
- MULTER_MISCONFIGURATION multer_misconfiguration_of_storage
- NESTING_INDENT_MISMATCH bad_indentation
- NESTING_INDENT_MISMATCH none
- NOSQL_QUERY_INJECTION none
- NO_EFFECT none
- NO_EFFECT self_assign
- NULL_RETURNS none
- OPEN_REDIRECT none
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- REACT_DANGEROUS_INNERHTML react_set_unsafe_html
- REGEX_INJECTION none
- REVERSE_INULL none
- REVERSE_TABNABBING react_target_blank
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO insecure_cipher
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SA.RISKY_CRYPTO ssl_protocol
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SESSIONSTORAGE_MANIPULATION none
- SQLI none
- SQLI nosink
- SQLI sink
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
- TEMPLATE_INJECTION none
- TEMPORARY_CREDENTIALS_DURATION temporary_credentials_duration
- UNCHECKED_ORIGIN none
- UNEXPECTED_CONTROL_FLOW continue_in_do_while_false
- UNLESS_CASE_SENSITIVE_ROUTE_MATCHING express_unless_case_sensitive_route_matching
- UNREACHABLE none
- UNRESTRICTED_MESSAGE_TARGET none
- UNSAFE_BUFFER_METHOD unsafe_buffer_method
- UNSAFE_DESERIALIZATION none
- URL_MANIPULATION none
- VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
- WEAK_URL_SANITIZATION hostname_regular_expression
- WEAK_URL_SANITIZATION regular_expression_anchor
- WEAK_URL_SANITIZATION url_substring
- XML_EXTERNAL_ENTITY entity_expansion
- XML_EXTERNAL_ENTITY external_entities
- XSS none
|
- ANDROID_CAPABILITY_LEAK none
- ANDROID_DEBUG_MODE none
- BAD_CERT_VERIFICATION bad_hostname_verifier
- BAD_CERT_VERIFICATION bad_revocation_check
- BAD_CERT_VERIFICATION bad_ssl_session
- BAD_CERT_VERIFICATION bad_trust_manager
- CONFIG.ANDROID_BACKUPS_ALLOWED android
- EXPOSED_PREFERENCES none
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HEADER_INJECTION none
- IMPLICIT_INTENT none
- INSECURE_COMMUNICATION none
- INSECURE_RANDOM insecure_random_used
- INSECURE_RANDOM insecure_random_value
- MISSING_PERMISSION_FOR_BROADCAST none
- MOBILE_ID_MISUSE none
- OS_CMD_INJECTION command_as_array_of_args
- OS_CMD_INJECTION command_as_one_string
- PATH_MANIPULATION none
- PREDICTABLE_RANDOM_SEED random_seed
- PREDICTABLE_RANDOM_SEED secure_random_seed_const
- PREDICTABLE_RANDOM_SEED secure_random_seed_sys_time
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_clipboard
- SENSITIVE_DATA_LEAK cleartext_storage_in_content_provider
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_intent
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_access
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_read
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_write
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_access
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_read
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_write
- UNSAFE_DESERIALIZATION none
- URL_MANIPULATION bad_content_uri
- URL_MANIPULATION bad_intent_uri
- URL_MANIPULATION bad_web_uri
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
- XML_EXTERNAL_ENTITY entity_expansion
- XML_EXTERNAL_ENTITY external_entities
- XML_EXTERNAL_ENTITY unrestricted_dtds
|
- ALLOC_FREE_MISMATCH none
- ARRAY_VS_SINGLETON none
- ATOMICITY none
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK nested_memory_access
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK sensitive_data_comparison
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_execution_data_leak
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_uninitialized_use
- BAD_ALLOC_ARITHMETIC none
- BAD_COMPARE comparator_misuse
- BAD_COMPARE misuse_of_not
- BAD_COMPARE none
- BAD_COMPARE string_lit_comparison
- BAD_FREE address
- BAD_FREE alloca
- BAD_FREE array
- BAD_FREE first_field_address
- BAD_FREE function_pointer
- BAD_FREE none
- BUFFER_SIZE fixed_size_dest
- BUFFER_SIZE likely_overflow
- BUFFER_SIZE no_null_terminator
- BUFFER_SIZE no_null_terminator_warn
- BUFFER_SIZE none
- BUFFER_SIZE overflow
- BUFFER_SIZE overlapping_buffer
- CHAR_IO none
- CHECKED_RETURN library_function
- CHECKED_RETURN none
- CHECKED_RETURN short_read
- CHECKED_RETURN unchecked_arg
- CHECKED_RETURN user_required
- CHROOT none
- CONSTANT_EXPRESSION_RESULT bit_and_with_zero
- CONSTANT_EXPRESSION_RESULT extra_high_bits
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT missing_parentheses
- CONSTANT_EXPRESSION_RESULT none
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT pointless_string_compare
- CONSTANT_EXPRESSION_RESULT result_independent_of_operands
- CONSTANT_EXPRESSION_RESULT same_on_both_sides
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- COPY_PASTE_ERROR none
- CTOR_DTOR_LEAK none
- DC.PREDICTABLE_KEY_PASSWORD none
- DC.STREAM_BUFFER none
- DC.STRING_BUFFER none
- DC.WEAK_CRYPTO none
- DEADCODE dead_case_in_switch
- DEADCODE dead_default_in_switch
- DEADCODE effectively_constant
- DEADCODE none
- DEADCODE redundant_test
- DELETE_ARRAY non_array_delete
- DELETE_ARRAY none
- DELETE_ARRAY object
- DELETE_ARRAY scalar
- ENUM_AS_BOOLEAN none
- FORMAT_STRING_INJECTION none
- FORMAT_STRING_INJECTION paranoid
- FORWARD_NULL deref_constant_null
- FORWARD_NULL dynamic_cast
- FORWARD_NULL none
- FORWARD_NULL throws_on_null
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HEADER_INJECTION none
- IDENTICAL_BRANCHES case
- IDENTICAL_BRANCHES chain
- IDENTICAL_BRANCHES if
- IDENTICAL_BRANCHES ternary
- INCOMPATIBLE_CAST endianness
- INCOMPATIBLE_CAST float_vs_integral
- INCOMPATIBLE_CAST none
- INCOMPATIBLE_CAST overrun
- INTEGER_OVERFLOW array_index_read
- INTEGER_OVERFLOW array_index_write
- INTEGER_OVERFLOW const_overflow
- INTEGER_OVERFLOW critical_argument
- INTEGER_OVERFLOW none
- INTEGER_OVERFLOW pointer_deref_read
- INTEGER_OVERFLOW pointer_deref_write
- INTEGER_OVERFLOW return_value_error
- INVALIDATE_ITERATOR none
- LOCK double_lock
- LOCK lock_assert
- LOCK missing_unlock
- LOCK none
- MISMATCHED_ITERATOR mismatched_comparison
- MISMATCHED_ITERATOR none
- MISMATCHED_ITERATOR splice_iterator_mismatch
- MISRA_CAST bitwise_op_bad_cast
- MISRA_CAST bitwise_op_no_cast
- MISRA_CAST float_complex_conversion
- MISRA_CAST float_narrowing_conversion
- MISRA_CAST float_non_constant_arg_conversion
- MISRA_CAST float_non_constant_conversion
- MISRA_CAST float_non_constant_rtn_conversion
- MISRA_CAST float_to_integer_cast
- MISRA_CAST float_to_integer_conversion
- MISRA_CAST float_widening_cast
- MISRA_CAST integer_complex_conversion
- MISRA_CAST integer_narrowing_conversion
- MISRA_CAST integer_non_constant_arg_conversion
- MISRA_CAST integer_non_constant_conversion
- MISRA_CAST integer_non_constant_rtn_conversion
- MISRA_CAST integer_signedness_changing_cast
- MISRA_CAST integer_signedness_changing_conversion
- MISRA_CAST integer_to_float_cast
- MISRA_CAST integer_to_float_conversion
- MISRA_CAST integer_widening_cast
- MISRA_CAST none
- MISSING_ASSIGN none
- MISSING_ASSIGN uncalled
- MISSING_BREAK none
- MISSING_COPY none
- MISSING_COPY uncalled
- MISSING_LOCK none
- MISSING_RESTORE likely
- MISSING_RESTORE none
- MISSING_RESTORE possible
- MIXED_ENUMS inferred
- MIXED_ENUMS none
- NEGATIVE_RETURNS array_index_read
- NEGATIVE_RETURNS array_index_write
- NEGATIVE_RETURNS critical_argument
- NEGATIVE_RETURNS loop_bound
- NEGATIVE_RETURNS none
- NESTING_INDENT_MISMATCH bad_indentation
- NESTING_INDENT_MISMATCH none
- NO_EFFECT array_null
- NO_EFFECT bad_memset_fill_value
- NO_EFFECT bad_memset_truncated_fill
- NO_EFFECT bad_memset_zero_size
- NO_EFFECT extra_comma
- NO_EFFECT incomplete_delete
- NO_EFFECT no_effect_deref
- NO_EFFECT no_effect_test
- NO_EFFECT self_assign
- NO_EFFECT static_through_instance
- NO_EFFECT unsigned_compare
- NO_EFFECT unsigned_compare_macros
- NO_EFFECT unsigned_enums
- NO_EFFECT useless_continue
- NULL_RETURNS none
- NULL_RETURNS unimpl
- OPEN_ARGS none
- ORDER_REVERSAL none
- OS_CMD_INJECTION none
- OVERFLOW_BEFORE_WIDEN none
- OVERRUN illegal_address
- OVERRUN none
- OVERRUN read
- OVERRUN strlen
- OVERRUN write
- PASS_BY_VALUE none
- PATH_MANIPULATION none
- PRINTF_ARGS extra_printf_arg
- PRINTF_ARGS invalid_printf_format_string
- PRINTF_ARGS invalid_type_printf_arg
- PRINTF_ARGS missing_printf_arg
- READLINK none
- RESOURCE_LEAK exceptional_path
- RESOURCE_LEAK fds_handles
- RESOURCE_LEAK none
- RETURN_LOCAL escape_local_addr_to_fields_or_globals
- RETURN_LOCAL none
- REVERSE_INULL none
- REVERSE_NEGATIVE array_index_read
- REVERSE_NEGATIVE array_index_write
- REVERSE_NEGATIVE critical_argument
- REVERSE_NEGATIVE none
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SECURE_CODING none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SIGN_EXTENSION none
- SIZECHECK likely_overflow
- SIZECHECK no_null_terminator
- SIZEOF_MISMATCH extra_sizeof
- SIZEOF_MISMATCH missing_parentheses
- SIZEOF_MISMATCH none
- SIZEOF_MISMATCH sizeof_punning
- SIZEOF_MISMATCH wrong_size_value
- SIZEOF_MISMATCH wrong_sizeof
- SLEEP none
- SQLI none
- STACK_USE none
- STRING_NULL none
- STRING_OVERFLOW fixed_size_dest
- STRING_OVERFLOW likely_overflow
- STRING_OVERFLOW none
- STRING_SIZE none
- SWAPPED_ARGUMENTS none
- TAINTED_SCALAR allocation
- TAINTED_SCALAR array_index_read
- TAINTED_SCALAR array_index_write
- TAINTED_SCALAR critical_argument
- TAINTED_SCALAR divisor
- TAINTED_SCALAR loop_bound
- TAINTED_SCALAR none
- TAINTED_SCALAR pointer_deref_read
- TAINTED_SCALAR pointer_deref_write
- TAINTED_STRING none
- TOCTOU none
- UNCAUGHT_EXCEPT none
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- UNEXPECTED_CONTROL_FLOW continue_in_do_while_false
- UNINIT array_index_read
- UNINIT array_index_write
- UNINIT none
- UNINIT pointer_deref_read
- UNINIT pointer_deref_write
- UNINIT_CTOR none
- UNINIT_CTOR pointer
- UNREACHABLE none
- UNUSED_VALUE adjacent
- UNUSED_VALUE none
- URL_MANIPULATION none
- USER_POINTER none
- USE_AFTER_FREE deref_read_after_free
- USE_AFTER_FREE deref_write_after_free
- USE_AFTER_FREE double_close
- USE_AFTER_FREE double_free
- USE_AFTER_FREE none
- USE_AFTER_FREE use_after_close
- VARARGS none
- VIRTUAL_DTOR empty_dtor
- VIRTUAL_DTOR none
- WEAK_GUARD dns
- WEAK_GUARD dns_sensitive_op
- WEAK_GUARD http_referer
- WEAK_GUARD http_referer_sensitive_op
- WEAK_GUARD ip_address
- WEAK_GUARD ip_address_sensitive_op
- WEAK_GUARD none
- WEAK_GUARD os_login
- WEAK_GUARD os_login_sensitive_op
- WEAK_GUARD principal_name
- WEAK_GUARD principal_name_sensitive_op
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
- WRAPPER_ESCAPE COM_deref_read_after_free
- WRAPPER_ESCAPE COM_deref_write_after_free
- WRAPPER_ESCAPE COM_use_after_free
- WRAPPER_ESCAPE deref_read_after_free
- WRAPPER_ESCAPE deref_write_after_free
- WRAPPER_ESCAPE none
- XPATH_INJECTION none
|
- CONFIG.SYMFONY_CSRF_PROTECTION_DISABLED none
- CONSTANT_EXPRESSION_RESULT bit_and_with_zero
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT missing_parentheses
- CONSTANT_EXPRESSION_RESULT none
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT result_independent_of_operands
- CONSTANT_EXPRESSION_RESULT same_on_both_sides
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- COPY_PASTE_ERROR none
- DEADCODE none
- DEADCODE redundant_test
- FORWARD_NULL bad_null_value_use
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HEADER_INJECTION none
- IDENTICAL_BRANCHES case
- IDENTICAL_BRANCHES chain
- IDENTICAL_BRANCHES if
- IDENTICAL_BRANCHES ternary
- IDENTIFIER_TYPO none
- MISSING_AUTHZ none
- MISSING_BREAK none
- NESTING_INDENT_MISMATCH bad_indentation
- NESTING_INDENT_MISMATCH none
- NOSQL_QUERY_INJECTION none
- NO_EFFECT none
- NO_EFFECT self_assign
- OPEN_REDIRECT none
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- SYMFONY_EL_INJECTION none
- UNEXPECTED_CONTROL_FLOW continue_in_do_while_false
- UNREACHABLE none
- UNSAFE_DESERIALIZATION none
- UNSAFE_REFLECTION none
- XML_EXTERNAL_ENTITY external_entities
- XSS none
|
- CONSTANT_EXPRESSION_RESULT bit_and_with_zero
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT missing_parentheses
- CONSTANT_EXPRESSION_RESULT none
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT result_independent_of_operands
- CONSTANT_EXPRESSION_RESULT same_on_both_sides
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- COPY_PASTE_ERROR none
- CSRF database_update
- CSRF none
- DEADCODE none
- DEADCODE redundant_test
- FORWARD_NULL bad_null_value_use
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- IDENTICAL_BRANCHES chain
- IDENTICAL_BRANCHES if
- IDENTICAL_BRANCHES ternary
- IDENTIFIER_TYPO none
- MISSING_AUTHZ none
- NOSQL_QUERY_INJECTION none
- OPEN_REDIRECT none
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- REVERSE_INULL none
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- UNREACHABLE none
- UNSAFE_DESERIALIZATION none
- XML_EXTERNAL_ENTITY external_entities
- XSS none
|
- BAD_CERT_VERIFICATION ssl_verification_bypass_hi
- BLACKLIST_FOR_AUTHN auth_blacklist_med
- BLACKLIST_FOR_AUTHN csrf_blacklist_med
- CONSTANT_EXPRESSION_RESULT bit_and_with_zero
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT missing_parentheses
- CONSTANT_EXPRESSION_RESULT none
- CONSTANT_EXPRESSION_RESULT number_as_truth_value
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT result_independent_of_operands
- CONSTANT_EXPRESSION_RESULT same_on_both_sides
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- COOKIE_SERIALIZER_CONFIG unsafe_cookie_serialization_med
- COPY_PASTE_ERROR none
- CSRF csrf_not_protected_by_raising_exception_med
- CSRF csrf_protection_disabled_hi
- CSRF csrf_protection_missing_hi
- CSRF cve_2011_0447_hi
- DEADCODE none
- DEADCODE redundant_test
- DYNAMIC_OBJECT_ATTRIBUTES attr_protected_used_med
- DYNAMIC_OBJECT_ATTRIBUTES cve_2013_0276_hi
- DYNAMIC_OBJECT_ATTRIBUTES dangerous_attr_accessible_hi
- DYNAMIC_OBJECT_ATTRIBUTES dangerous_attr_accessible_low
- DYNAMIC_OBJECT_ATTRIBUTES dangerous_attr_accessible_med
- DYNAMIC_OBJECT_ATTRIBUTES dangerous_permit_key_hi
- DYNAMIC_OBJECT_ATTRIBUTES dangerous_permit_key_med
- DYNAMIC_OBJECT_ATTRIBUTES mass_assign_call_hi
- DYNAMIC_OBJECT_ATTRIBUTES mass_assign_call_low
- DYNAMIC_OBJECT_ATTRIBUTES mass_assign_call_med
- DYNAMIC_OBJECT_ATTRIBUTES mass_assign_permit_all_hi
- DYNAMIC_OBJECT_ATTRIBUTES mass_assign_permit_all_med
- DYNAMIC_OBJECT_ATTRIBUTES mass_assign_without_protection_hi
- DYNAMIC_OBJECT_ATTRIBUTES mass_assign_without_protection_med
- DYNAMIC_OBJECT_ATTRIBUTES no_attr_accessible_hi
- FORWARD_NULL bad_null_value_use
- HARDCODED_CREDENTIALS secret_in_source_med
- IDENTICAL_BRANCHES chain
- IDENTICAL_BRANCHES if
- IDENTICAL_BRANCHES ternary
- IDENTIFIER_TYPO none
- INSECURE_COOKIE cookie_missing_secure_flag_low
- INSECURE_COOKIE missing_httponly_low
- INSECURE_DIRECT_OBJECT_REFERENCE unscoped_find_low
- NO_EFFECT none
- NO_EFFECT self_assign
- OPEN_REDIRECT open_redirect_hi
- OPEN_REDIRECT open_redirect_low
- OS_CMD_INJECTION command_injection_hi
- OS_CMD_INJECTION command_injection_med
- PARSE_ERROR none
- PATH_MANIPULATION dynamic_render_path_hi
- PATH_MANIPULATION dynamic_render_path_low
- PATH_MANIPULATION dynamic_render_path_med
- PATH_MANIPULATION dynamic_render_path_rce_hi
- PATH_MANIPULATION file_access_hi
- PATH_MANIPULATION file_access_low
- PATH_MANIPULATION file_access_med
- RAILS_DEFAULT_ROUTES all_default_routes_hi
- RAILS_DEFAULT_ROUTES controller_default_routes_med
- RAILS_DEFAULT_ROUTES cve_2014_0130_hi
- RAILS_DEFAULT_ROUTES cve_2014_0130_med
- RAILS_DEVISE_CONFIG devise_encryptor_hi
- RAILS_DEVISE_CONFIG devise_lock_strategy_low
- RAILS_DEVISE_CONFIG devise_password_length_max_low
- RAILS_DEVISE_CONFIG devise_password_length_max_med
- RAILS_DEVISE_CONFIG devise_password_length_min_low
- RAILS_DEVISE_CONFIG devise_password_length_min_med
- RAILS_DEVISE_CONFIG devise_reset_timeout_hi
- RAILS_MISSING_FILTER_ACTION missing_action_filter_low
- REGEX_INJECTION regex_dos_hi
- REGEX_INJECTION regex_dos_low
- REGEX_INJECTION regex_dos_med
- RESOURCE_LEAK unsafe_symbol_creation_low
- REVERSE_INULL none
- REVERSE_TABNABBING reverse_tabnabbing_low
- RUBY_VULNERABLE_LIBRARY cve_2010_3933_hi
- RUBY_VULNERABLE_LIBRARY cve_2011_2929_hi
- RUBY_VULNERABLE_LIBRARY cve_2011_2930_med
- RUBY_VULNERABLE_LIBRARY cve_2011_2931_hi
- RUBY_VULNERABLE_LIBRARY cve_2011_2932_hi
- RUBY_VULNERABLE_LIBRARY cve_2011_3186_med
- RUBY_VULNERABLE_LIBRARY cve_2012_2660_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_2661_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_2695_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_3424_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_3424_low
- RUBY_VULNERABLE_LIBRARY cve_2012_3463_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_3465_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_5664_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_0155_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_0156_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_0269_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_0269_low
- RUBY_VULNERABLE_LIBRARY cve_2013_0269_med
- RUBY_VULNERABLE_LIBRARY cve_2013_0277_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_0277_med
- RUBY_VULNERABLE_LIBRARY cve_2013_0333_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_1854_med
- RUBY_VULNERABLE_LIBRARY cve_2013_1855_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_1857_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_4491_med
- RUBY_VULNERABLE_LIBRARY cve_2013_6414_med
- RUBY_VULNERABLE_LIBRARY cve_2013_6416_call_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_6416_med
- RUBY_VULNERABLE_LIBRARY cve_2013_6417_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_0080_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_0081_call_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_0081_med
- RUBY_VULNERABLE_LIBRARY cve_2014_0082_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_3482_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_3483_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_low
- RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_med
- RUBY_VULNERABLE_LIBRARY cve_2014_3514_med
- RUBY_VULNERABLE_LIBRARY cve_2014_7829_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_3226_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_3226_med
- RUBY_VULNERABLE_LIBRARY cve_2015_3227_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7576_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_7577_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7578_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_7578_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7579_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_7579_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7580_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_7580_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7581_med
- RUBY_VULNERABLE_LIBRARY cve_2016_0751_med
- RUBY_VULNERABLE_LIBRARY cve_2016_6317_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_3741_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_3741_med
- RUBY_VULNERABLE_LIBRARY cve_2018_3760_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_3760_low
- RUBY_VULNERABLE_LIBRARY cve_2018_8048_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_8048_med
- RUBY_VULNERABLE_LIBRARY safe_buffer_vuln_med
- RUBY_VULNERABLE_LIBRARY select_options_vuln_low
- RUBY_VULNERABLE_LIBRARY select_options_vuln_med
- RUBY_VULNERABLE_LIBRARY translate_vuln_hi
- RUBY_VULNERABLE_LIBRARY translate_vuln_med
- SCRIPT_CODE_INJECTION code_eval_hi
- SCRIPT_CODE_INJECTION code_eval_low
- SENSITIVE_DATA_LEAK detailed_exceptions_hi
- SENSITIVE_DATA_LEAK detailed_exceptions_med
- SENSITIVE_DATA_LEAK local_request_config_hi
- SESSION_MANIPULATION session_key_manipulation_hi
- SESSION_MANIPULATION session_key_manipulation_med
- SQLI sql_injection_calculate_hi
- SQLI sql_injection_calculate_low
- SQLI sql_injection_calculate_med
- SQLI sql_injection_connection_hi
- SQLI sql_injection_connection_low
- SQLI sql_injection_connection_med
- SQLI sql_injection_delete_hi
- SQLI sql_injection_delete_low
- SQLI sql_injection_delete_med
- SQLI sql_injection_dynamic_finder_med
- SQLI sql_injection_exists_hi
- SQLI sql_injection_find_by_hi
- SQLI sql_injection_find_hi
- SQLI sql_injection_find_low
- SQLI sql_injection_find_med
- SQLI sql_injection_from_hi
- SQLI sql_injection_from_low
- SQLI sql_injection_from_med
- SQLI sql_injection_group_low
- SQLI sql_injection_group_med
- SQLI sql_injection_having_low
- SQLI sql_injection_having_med
- SQLI sql_injection_hi
- SQLI sql_injection_interp_hi
- SQLI sql_injection_interp_low
- SQLI sql_injection_interp_med
- SQLI sql_injection_joins_hi
- SQLI sql_injection_joins_low
- SQLI sql_injection_joins_med
- SQLI sql_injection_limit_offset_hi
- SQLI sql_injection_limit_offset_low
- SQLI sql_injection_low
- SQLI sql_injection_med
- SQLI sql_injection_not_low
- SQLI sql_injection_order_hi
- SQLI sql_injection_order_low
- SQLI sql_injection_order_med
- SQLI sql_injection_pluck_hi
- SQLI sql_injection_pluck_low
- SQLI sql_injection_pluck_med
- SQLI sql_injection_reorder_hi
- SQLI sql_injection_reorder_low
- SQLI sql_injection_reorder_med
- SQLI sql_injection_select_hi
- SQLI sql_injection_select_med
- SQLI sql_injection_where_hi
- SQLI sql_injection_where_low
- SQLI sql_injection_where_med
- STRICT_TRANSPORT_SECURITY force_ssl_disabled_med
- UNESCAPED_HTML unescaped_output_low
- UNEXPECTED_CONTROL_FLOW continue_in_do_while_false
- UNREACHABLE none
- UNSAFE_BASIC_AUTH basic_auth_password_hi
- UNSAFE_BASIC_AUTH basic_auth_timing_attack_low
- UNSAFE_BASIC_AUTH basic_auth_usage_low
- UNSAFE_DESERIALIZATION unsafe_deserialize_hi
- UNSAFE_DESERIALIZATION unsafe_deserialize_med
- UNSAFE_REFLECTION dangerous_send_hi
- UNSAFE_REFLECTION unsafe_constantize_hi
- UNSAFE_REFLECTION unsafe_constantize_med
- UNSAFE_SESSION_SETTING http_cookies_hi
- UNSAFE_SESSION_SETTING secure_cookies_hi
- UNSAFE_SESSION_SETTING session_secret_hi
- WEAK_PASSWORD_HASH weak_hash_digest_hi
- WEAK_PASSWORD_HASH weak_hash_digest_med
- WEAK_PASSWORD_HASH weak_hash_hmac_med
- XSS cross_site_scripting_hi
- XSS cross_site_scripting_inline_hi
- XSS cross_site_scripting_inline_med
- XSS cross_site_scripting_low
- XSS cross_site_scripting_med
- XSS cve_2011_0446_hi
- XSS cve_2012_3464_med
- XSS cve_2016_6316_hi
- XSS cve_2016_6316_med
- XSS unquoted_attribute_hi
- XSS unquoted_attribute_low
- XSS unquoted_attribute_med
- XSS xss_content_tag_hi
- XSS xss_content_tag_med
- XSS xss_link_to_hi
- XSS xss_link_to_href_hi
- XSS xss_link_to_href_low
- XSS xss_link_to_med
- XSS xss_to_json_hi
- XSS xss_to_json_med
|
- CONSTANT_EXPRESSION_RESULT bit_and_with_zero
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT missing_parentheses
- CONSTANT_EXPRESSION_RESULT none
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT result_independent_of_operands
- CONSTANT_EXPRESSION_RESULT same_on_both_sides
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- COPY_PASTE_ERROR none
- DEADCODE dead_case_in_switch
- DEADCODE dead_default_in_switch
- DEADCODE effectively_constant
- DEADCODE none
- DEADCODE redundant_test
- FORWARD_NULL deref_constant_null
- FORWARD_NULL none
- IDENTICAL_BRANCHES case
- IDENTICAL_BRANCHES chain
- IDENTICAL_BRANCHES if
- IDENTICAL_BRANCHES ternary
- NESTING_INDENT_MISMATCH bad_indentation
- NESTING_INDENT_MISMATCH none
- NO_EFFECT none
- NO_EFFECT self_assign
- OVERFLOW_BEFORE_WIDEN none
- REVERSE_INULL none
- UNREACHABLE none
|
- BAD_CERT_VERIFICATION bad_trust_manager
- BAD_CERT_VERIFICATION none
- CONFIG.ATS_INSECURE none
- CONSTANT_EXPRESSION_RESULT bit_and_with_zero
- CONSTANT_EXPRESSION_RESULT none
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT result_independent_of_operands
- CONSTANT_EXPRESSION_RESULT same_on_both_sides
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- COPY_PASTE_ERROR none
- CUSTOM_KEYBOARD_DATA_LEAK none
- DEADCODE dead_case_in_switch
- DEADCODE dead_default_in_switch
- DEADCODE effectively_constant
- DEADCODE none
- DEADCODE redundant_test
- FORWARD_NULL deref_constant_null
- FORWARD_NULL none
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- IDENTICAL_BRANCHES case
- IDENTICAL_BRANCHES chain
- IDENTICAL_BRANCHES if
- IDENTICAL_BRANCHES ternary
- INSECURE_COMMUNICATION none
- INSECURE_MULTIPEER_CONNECTION none
- PATH_MANIPULATION none
- PROPERTY_MIXUP none
- PW.* none
- REGEX_INJECTION none
- REVERSE_INULL none
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- UNEXPECTED_CONTROL_FLOW continue_in_do_while_false
- UNEXPECTED_CONTROL_FLOW ignored_exception_to_optional
- UNEXPECTED_CONTROL_FLOW useless_defer
- WEAK_BIOMETRIC_AUTH none
- XML_EXTERNAL_ENTITY external_entities
- XPATH_INJECTION none
|
- ANGULAR_BYPASS_SECURITY none
- ANGULAR_ELEMENT_REFERENCE none
- ANGULAR_EXPRESSION_INJECTION none
- ANGULAR_SCE_DISABLED angular_sce_disabled
- AWS_SSL_DISABLED aws_ssl_disabled
- AWS_VALIDATION_DISABLED aws_credentials_validation
- AWS_VALIDATION_DISABLED aws_parameters_validation
- BAD_CERT_VERIFICATION bad_cert_verification
- BAD_CERT_VERIFICATION certificate_validation_disabled
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_fields
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_filesize
- CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
- CONFIG.CORDOVA_EXCESSIVE_LOGGING cordova
- CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_intent_whitelist
- CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_navigation_whitelist
- CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_network_request_whitelist
- CONFIG.CSURF_IGNORE_METHODS csurf_ignore_methods
- CONFIG.ENABLED_DEBUG_MODE debug_mode_enabled
- CONFIG.HANA_XS_PREVENT_XSRF_DISABLED none
- CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
- CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
- CONFIG.JSONWEBTOKEN_NON_EXPIRING_TOKEN jwt_non_expiring_token
- CONFIG.MISSING_GLOBAL_EXCEPTION_HANDLER winston_exception_handling
- CONFIG.MYSQL_SSL_VERIFY_DISABLED mysql_ssl_verify_disabled
- CONFIG.REQUEST_STRICTSSL_DISABLED request_strictssl_disabled
- CONFIG.SEQUELIZE_ENABLED_LOGGING sequelize_logging_enabled
- CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
- CONFIG.SOCKETIO_MAXHTTPBUFFERSIZE_SET_TOO_LARGE socketio_max_buffer_size
- CONFIG.SOCKETIO_ORIGINS_ACCEPT_ALL socketio_all_origins
- CONFIG.UNSAFE_SESSION_TIMEOUT client_sessions_unsafe_session_timeout
- CONFIG.UNSAFE_SESSION_TIMEOUT connect_mongo_session_timeout_too_long
- CONFIG.UNSAFE_SESSION_TIMEOUT connect_redis_session_timeout_too_long
- CONFIG.UNSAFE_SESSION_TIMEOUT google_cloud_connect_datastore_unsafe_session_timeout
- CONFIG.VUE_ROUTER_PARAMS_EXPOSED_TO_PROPS vuerouter_exposed_params
- CONSTANT_EXPRESSION_RESULT bit_and_with_zero
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT missing_parentheses
- CONSTANT_EXPRESSION_RESULT none
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT result_independent_of_operands
- CONSTANT_EXPRESSION_RESULT same_on_both_sides
- CONSTANT_EXPRESSION_RESULT typeof_misuse
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- COOKIE_INJECTION none
- COPY_PASTE_ERROR none
- CORS_MISCONFIGURATION cors_configured_globally
- CORS_MISCONFIGURATION cors_origin_string
- CORS_MISCONFIGURATION cors_with_credentials_all_origin
- CORS_MISCONFIGURATION cors_with_credentials_http_origin
- CORS_MISCONFIGURATION cors_with_credentials_null_origin
- CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
- CORS_MISCONFIGURATION_AUDIT cors_expose_sensitive_header
- CORS_MISCONFIGURATION_AUDIT cors_headers_allowed
- CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
- CORS_MISCONFIGURATION_AUDIT cors_origin_string
- CORS_MISCONFIGURATION_AUDIT cors_preflight_age_too_long
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_all_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_http_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_null_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
- CSRF database_update
- CSRF filesystem_modification
- CSRF none
- CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_cookie_name
- CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_no_validation
- CSRF_MISCONFIGURATION_HAPI_CRUMB insecure_cookie
- CSRF_MISCONFIGURATION_HAPI_CRUMB insufficient_token_entropy
- CSS_INJECTION none
- DEADCODE none
- DEADCODE redundant_test
- DNS_PREFETCHING helmet_dns_prefetching
- DOM_XSS none
- EXPLICIT_THIS_EXPECTED none
- EXPRESS_SESSION_UNSAFE_MEMORYSTORE express_session_unsafe_memorystore
- EXPRESS_WINSTON_SENSITIVE_LOGGING error_logger
- EXPRESS_WINSTON_SENSITIVE_LOGGING meta_data
- EXPRESS_WINSTON_SENSITIVE_LOGGING request_logger
- EXPRESS_X_POWERED_BY_ENABLED x_powered_by_http_header
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_fields
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_filesize
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_use_temp_files
- FORWARD_NULL bad_null_value_use
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HEADER_INJECTION none
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_max_age
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_report_uri
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_set_if
- IDENTICAL_BRANCHES case
- IDENTICAL_BRANCHES chain
- IDENTICAL_BRANCHES if
- IDENTICAL_BRANCHES ternary
- IDENTIFIER_TYPO none
- INSECURE_ACL insecure_acl
- INSECURE_COMMUNICATION insecure_connection
- INSECURE_COOKIE client_sessions_express_session
- INSECURE_COOKIE hapi_server_session
- INSECURE_RANDOM insecure_random_used
- INSECURE_RANDOM insecure_random_value
- INSECURE_REFERRER_POLICY insecure_referrer_policy
- INSECURE_SALT hardcoded
- INSUFFICIENT_LOGGING logging_obligation
- INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_aws
- INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_google
- JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_exipration
- JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_not_before
- JSONWEBTOKEN_UNTRUSTED_DECODE jwt_untrusted_decode
- LOCALSTORAGE_MANIPULATION none
- LOCALSTORAGE_WRITE none
- MISSING_AUTHZ none
- MISSING_BREAK none
- MISSING_IFRAME_SANDBOX none
- MULTER_MISCONFIGURATION multer_applied_globally
- MULTER_MISCONFIGURATION multer_custom_file_filter
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_count
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
- MULTER_MISCONFIGURATION multer_misconfiguration_of_limits
- MULTER_MISCONFIGURATION multer_misconfiguration_of_storage
- NESTING_INDENT_MISMATCH bad_indentation
- NESTING_INDENT_MISMATCH none
- NOSQL_QUERY_INJECTION none
- NO_EFFECT none
- NO_EFFECT self_assign
- NULL_RETURNS none
- OPEN_REDIRECT none
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- REACT_DANGEROUS_INNERHTML react_set_unsafe_html
- REGEX_INJECTION none
- REVERSE_INULL none
- REVERSE_TABNABBING react_target_blank
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO insecure_cipher
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SA.RISKY_CRYPTO ssl_protocol
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SESSIONSTORAGE_MANIPULATION none
- SQLI none
- SQLI nosink
- SQLI sink
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
- TEMPLATE_INJECTION none
- TEMPORARY_CREDENTIALS_DURATION temporary_credentials_duration
- UNCHECKED_ORIGIN none
- UNEXPECTED_CONTROL_FLOW continue_in_do_while_false
- UNLESS_CASE_SENSITIVE_ROUTE_MATCHING express_unless_case_sensitive_route_matching
- UNREACHABLE none
- UNRESTRICTED_MESSAGE_TARGET none
- UNSAFE_BUFFER_METHOD unsafe_buffer_method
- UNSAFE_DESERIALIZATION none
- URL_MANIPULATION none
- VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
- WEAK_URL_SANITIZATION hostname_regular_expression
- WEAK_URL_SANITIZATION regular_expression_anchor
- WEAK_URL_SANITIZATION url_substring
- XML_EXTERNAL_ENTITY entity_expansion
- XML_EXTERNAL_ENTITY external_entities
- XSS none
|
- ASPNET_MVC_VERSION_HEADER none
- CALL_SUPER none
- CONFIG.DYNAMIC_DATA_HTML_COMMENT none
- CONFIG.MISSING_CUSTOM_ERROR_PAGE none
- COPY_PASTE_ERROR none
- CSRF database_update
- CSRF filesystem_modification
- CSRF none
- DEADCODE dead_case_in_switch
- DEADCODE dead_default_in_switch
- DEADCODE effectively_constant
- DEADCODE none
- DEADCODE redundant_test
- FORWARD_NULL deref_constant_null
- FORWARD_NULL deref_constant_zero
- FORWARD_NULL dynamic_cast
- FORWARD_NULL none
- FORWARD_NULL null_from_as
- FORWARD_NULL throws_on_null
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HEADER_INJECTION none
- IDENTICAL_BRANCHES case
- IDENTICAL_BRANCHES chain
- IDENTICAL_BRANCHES if
- IDENTICAL_BRANCHES ternary
- INSECURE_RANDOM insecure_random_used
- INSECURE_RANDOM insecure_random_value
- LDAP_INJECTION none
- LDAP_NOT_CONSTANT none
- LOCK_EVASION none
- LOG_INJECTION none
- MISSING_AUTHZ none
- NULL_RETURNS none
- OPEN_REDIRECT none
- OS_CMD_INJECTION command_argument
- OS_CMD_INJECTION executable_file
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- PROPERTY_MIXUP none
- REGEX_INJECTION none
- RESOURCE_LEAK channel
- RESOURCE_LEAK database
- RESOURCE_LEAK exceptional_path
- RESOURCE_LEAK none
- RESOURCE_LEAK socket
- RESOURCE_LEAK stream
- REVERSE_INULL none
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
- SWAPPED_ARGUMENTS none
- UNEXPECTED_CONTROL_FLOW continue_in_do_while_false
- UNLOGGED_SECURITY_EXCEPTION unlogged_security_exception
- UNREACHABLE none
- UNRESTRICTED_DISPATCH none
- UNSAFE_DESERIALIZATION none
- UNSAFE_NAMED_QUERY none
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
- XML_EXTERNAL_ENTITY entity_expansion
- XML_EXTERNAL_ENTITY external_entities
- XML_EXTERNAL_ENTITY unrestricted_dtds
- XML_INJECTION none
- XPATH_INJECTION none
- XSS none
- XSS stored_xss
|
| 701 Weaknesses Introduced During Design |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 702 Weaknesses Introduced During Implementation |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 703 Improper Check or Handling of Exceptional Conditions |
- CONFIG.MISSING_CUSTOM_ERROR_PAGE none
- MISSING_THROW none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
|
- AUTOSAR C++14 A15-3-3 none
- BAD_COMPARE comparator_misuse
- CHECKED_RETURN library_function
- CHECKED_RETURN none
- CHECKED_RETURN returns_error_info
- CHECKED_RETURN short_read
- CHECKED_RETURN unchecked_arg
- CHECKED_RETURN user_required
- MISRA C++-2008 Rule 15-3-2 none
- NEGATIVE_RETURNS none
- REVERSE_NEGATIVE none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- TAINTED_SCALAR allocation
- TAINTED_SCALAR array_index_read
- TAINTED_SCALAR array_index_write
- TAINTED_SCALAR critical_argument
- TAINTED_SCALAR divisor
- TAINTED_SCALAR loop_bound
- TAINTED_SCALAR none
- TAINTED_SCALAR pointer_deref_read
- TAINTED_SCALAR pointer_deref_write
- UNCAUGHT_EXCEPT none
|
- AUTOSAR C++14 A15-3-3 none
- BAD_COMPARE comparator_misuse
- CHECKED_RETURN library_function
- CHECKED_RETURN none
- CHECKED_RETURN returns_error_info
- CHECKED_RETURN short_read
- CHECKED_RETURN unchecked_arg
- CHECKED_RETURN user_required
- MISRA C++-2008 Rule 15-3-2 none
- NEGATIVE_RETURNS none
- REVERSE_NEGATIVE none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- TAINTED_SCALAR allocation
- TAINTED_SCALAR array_index_read
- TAINTED_SCALAR array_index_write
- TAINTED_SCALAR critical_argument
- TAINTED_SCALAR divisor
- TAINTED_SCALAR loop_bound
- TAINTED_SCALAR none
- TAINTED_SCALAR pointer_deref_read
- TAINTED_SCALAR pointer_deref_write
- UNCAUGHT_EXCEPT none
|
- CHECKED_RETURN none
- CHECKED_RETURN unchecked_arg
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
|
- CHECKED_RETURN library_function
- CHECKED_RETURN none
- CHECKED_RETURN short_read
- CHECKED_RETURN user_required
- CONFIG.MISSING_GLOBAL_EXCEPTION_HANDLER none
- FB.DE_MIGHT_DROP none
- FB.DE_MIGHT_IGNORE none
- FB.REC_CATCH_EXCEPTION none
- FB.RV_RETURN_VALUE_IGNORED_BAD_PRACTICE none
- MISSING_THROW none
- ORM_LOAD_NULL_CHECK none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- VERBOSE_ERROR_REPORTING exception_information
- VERBOSE_ERROR_REPORTING stack_trace
|
- CONFIG.MISSING_GLOBAL_EXCEPTION_HANDLER winston_exception_handling
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
|
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
|
- BAD_COMPARE comparator_misuse
- CHECKED_RETURN library_function
- CHECKED_RETURN none
- CHECKED_RETURN short_read
- CHECKED_RETURN unchecked_arg
- CHECKED_RETURN user_required
- NEGATIVE_RETURNS none
- REVERSE_NEGATIVE none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- TAINTED_SCALAR allocation
- TAINTED_SCALAR array_index_read
- TAINTED_SCALAR array_index_write
- TAINTED_SCALAR critical_argument
- TAINTED_SCALAR divisor
- TAINTED_SCALAR loop_bound
- TAINTED_SCALAR none
- TAINTED_SCALAR pointer_deref_read
- TAINTED_SCALAR pointer_deref_write
- UNCAUGHT_EXCEPT none
|
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
|
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
|
- SENSITIVE_DATA_LEAK detailed_exceptions_hi
- SENSITIVE_DATA_LEAK detailed_exceptions_med
|
|
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- UNEXPECTED_CONTROL_FLOW ignored_exception_to_optional
|
- CONFIG.MISSING_GLOBAL_EXCEPTION_HANDLER winston_exception_handling
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
|
- CONFIG.MISSING_CUSTOM_ERROR_PAGE none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
|
| 704 Incorrect Type Conversion or Cast |
|
- CHAR_IO none
- INCOMPATIBLE_CAST float_vs_integral
- INCOMPATIBLE_CAST none
- MISRA_CAST bitwise_op_bad_cast
- MISRA_CAST bitwise_op_no_cast
- MISRA_CAST float_complex_conversion
- MISRA_CAST float_narrowing_conversion
- MISRA_CAST float_non_constant_arg_conversion
- MISRA_CAST float_non_constant_conversion
- MISRA_CAST float_non_constant_rtn_conversion
- MISRA_CAST float_to_integer_cast
- MISRA_CAST float_to_integer_conversion
- MISRA_CAST float_widening_cast
- MISRA_CAST integer_complex_conversion
- MISRA_CAST integer_narrowing_conversion
- MISRA_CAST integer_non_constant_arg_conversion
- MISRA_CAST integer_non_constant_conversion
- MISRA_CAST integer_non_constant_rtn_conversion
- MISRA_CAST integer_signedness_changing_cast
- MISRA_CAST integer_signedness_changing_conversion
- MISRA_CAST integer_to_float_cast
- MISRA_CAST integer_to_float_conversion
- MISRA_CAST integer_widening_cast
- MISRA_CAST none
- NO_EFFECT bad_memset_truncated_fill
- PW.BAD_CAST none
- PW.CONVERSION_TO_POINTER_LOSES_BITS none
- SIGN_EXTENSION none
- Y2K38_SAFETY declaration_with_small_time_t
- Y2K38_SAFETY truncation_of_time_t
|
- CHAR_IO none
- INCOMPATIBLE_CAST float_vs_integral
- INCOMPATIBLE_CAST none
- MISRA_CAST bitwise_op_bad_cast
- MISRA_CAST bitwise_op_no_cast
- MISRA_CAST float_complex_conversion
- MISRA_CAST float_narrowing_conversion
- MISRA_CAST float_non_constant_arg_conversion
- MISRA_CAST float_non_constant_conversion
- MISRA_CAST float_non_constant_rtn_conversion
- MISRA_CAST float_to_integer_cast
- MISRA_CAST float_to_integer_conversion
- MISRA_CAST float_widening_cast
- MISRA_CAST integer_complex_conversion
- MISRA_CAST integer_narrowing_conversion
- MISRA_CAST integer_non_constant_arg_conversion
- MISRA_CAST integer_non_constant_conversion
- MISRA_CAST integer_non_constant_rtn_conversion
- MISRA_CAST integer_signedness_changing_cast
- MISRA_CAST integer_signedness_changing_conversion
- MISRA_CAST integer_to_float_cast
- MISRA_CAST integer_to_float_conversion
- MISRA_CAST integer_widening_cast
- MISRA_CAST none
- NO_EFFECT bad_memset_truncated_fill
- PW.BAD_CAST none
- PW.CONVERSION_TO_POINTER_LOSES_BITS none
- SIGN_EXTENSION none
|
|
- FB.BX_BOXING_IMMEDIATELY_UNBOXED_TO_PERFORM_COERCION none
- FB.ICAST_BAD_SHIFT_AMOUNT none
- FB.ICAST_IDIV_CAST_TO_DOUBLE none
- FB.ICAST_INTEGER_MULTIPLY_CAST_TO_LONG none
- FB.ICAST_INT_2_LONG_AS_INSTANT none
- FB.ICAST_INT_CAST_TO_DOUBLE_PASSED_TO_CEIL none
- FB.ICAST_INT_CAST_TO_FLOAT_PASSED_TO_ROUND none
- FB.ICAST_QUESTIONABLE_UNSIGNED_RIGHT_SHIFT none
|
|
|
- CHAR_IO none
- INCOMPATIBLE_CAST float_vs_integral
- INCOMPATIBLE_CAST none
- MISRA_CAST bitwise_op_bad_cast
- MISRA_CAST bitwise_op_no_cast
- MISRA_CAST float_complex_conversion
- MISRA_CAST float_narrowing_conversion
- MISRA_CAST float_non_constant_arg_conversion
- MISRA_CAST float_non_constant_conversion
- MISRA_CAST float_non_constant_rtn_conversion
- MISRA_CAST float_to_integer_cast
- MISRA_CAST float_to_integer_conversion
- MISRA_CAST float_widening_cast
- MISRA_CAST integer_complex_conversion
- MISRA_CAST integer_narrowing_conversion
- MISRA_CAST integer_non_constant_arg_conversion
- MISRA_CAST integer_non_constant_conversion
- MISRA_CAST integer_non_constant_rtn_conversion
- MISRA_CAST integer_signedness_changing_cast
- MISRA_CAST integer_signedness_changing_conversion
- MISRA_CAST integer_to_float_cast
- MISRA_CAST integer_to_float_conversion
- MISRA_CAST integer_widening_cast
- MISRA_CAST none
- NO_EFFECT bad_memset_truncated_fill
- SIGN_EXTENSION none
|
|
|
- SQLI sql_injection_dynamic_finder_med
|
|
|
|
|
| 705 Incorrect Control Flow Scoping |
|
|
|
|
- FB.DM_EXIT none
- FB.REC_CATCH_EXCEPTION none
|
|
|
|
|
|
|
|
|
|
|
| 706 Use of Incorrectly-Resolved Name or Reference |
- PATH_MANIPULATION none
- XML_EXTERNAL_ENTITY unrestricted_dtds
|
|
|
|
- FB.PT_ABSOLUTE_PATH_TRAVERSAL none
- FB.PT_RELATIVE_PATH_TRAVERSAL none
- JSP_DYNAMIC_INCLUDE none
- PATH_MANIPULATION none
- XML_EXTERNAL_ENTITY unrestricted_dtds
|
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
- PATH_MANIPULATION none
|
- PATH_MANIPULATION none
- XML_EXTERNAL_ENTITY unrestricted_dtds
|
|
|
|
- PATH_MANIPULATION dynamic_render_path_hi
- PATH_MANIPULATION dynamic_render_path_low
- PATH_MANIPULATION dynamic_render_path_med
- PATH_MANIPULATION dynamic_render_path_rce_hi
- PATH_MANIPULATION file_access_hi
- PATH_MANIPULATION file_access_low
- PATH_MANIPULATION file_access_med
- RUBY_VULNERABLE_LIBRARY cve_2011_2929_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_3760_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_3760_low
|
|
|
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
- PATH_MANIPULATION none
|
- PATH_MANIPULATION none
- XML_EXTERNAL_ENTITY unrestricted_dtds
|
| 707 Improper Neutralization |
- HEADER_INJECTION none
- LDAP_INJECTION none
- LDAP_NOT_CONSTANT none
- LOG_INJECTION none
- NOSQL_QUERY_INJECTION none
- OS_CMD_INJECTION command_argument
- OS_CMD_INJECTION executable_file
- OS_CMD_INJECTION none
- REGEX_INJECTION none
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
- UNKNOWN_LANGUAGE_INJECTION none
- XML_INJECTION none
- XPATH_INJECTION none
- XSS none
- XSS stored_xss
|
- BUFFER_SIZE no_null_terminator
- BUFFER_SIZE no_null_terminator_warn
- FORMAT_STRING_INJECTION none
- FORMAT_STRING_INJECTION paranoid
- HEADER_INJECTION none
- OS_CMD_INJECTION none
- PW.NON_CONST_PRINTF_FORMAT_STRING none
- READLINK none
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SIZECHECK no_null_terminator
- SQLI none
- STRING_NULL none
- TAINTED_SCALAR allocation
- TAINTED_SCALAR array_index_read
- TAINTED_SCALAR array_index_write
- TAINTED_SCALAR critical_argument
- TAINTED_SCALAR divisor
- TAINTED_SCALAR loop_bound
- TAINTED_SCALAR none
- TAINTED_SCALAR pointer_deref_read
- TAINTED_SCALAR pointer_deref_write
- URL_MANIPULATION none
- XPATH_INJECTION none
|
- BUFFER_SIZE no_null_terminator
- BUFFER_SIZE no_null_terminator_warn
- FORMAT_STRING_INJECTION none
- FORMAT_STRING_INJECTION paranoid
- HEADER_INJECTION none
- OS_CMD_INJECTION none
- PW.NON_CONST_PRINTF_FORMAT_STRING none
- READLINK none
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SIZECHECK no_null_terminator
- SQLI none
- STRING_NULL none
- TAINTED_SCALAR allocation
- TAINTED_SCALAR array_index_read
- TAINTED_SCALAR array_index_write
- TAINTED_SCALAR critical_argument
- TAINTED_SCALAR divisor
- TAINTED_SCALAR loop_bound
- TAINTED_SCALAR none
- TAINTED_SCALAR pointer_deref_read
- TAINTED_SCALAR pointer_deref_write
- URL_MANIPULATION none
- XPATH_INJECTION none
|
- HEADER_INJECTION none
- NOSQL_QUERY_INJECTION none
- OS_CMD_INJECTION command_as_one_string
- OS_CMD_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SQLI none
- SQLI nosink
- SQLI sink
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
- TEMPLATE_INJECTION none
- URL_MANIPULATION none
- XSS none
|
- CONFIG.MYBATIS_MAPPER_SQLI none
- CONFIG.SPRING_SECURITY_DEPRECATED_XSS_HEADER deprecated_xss_header
- EL_INJECTION none
- FB.HRS_REQUEST_PARAMETER_TO_COOKIE none
- FB.HRS_REQUEST_PARAMETER_TO_HTTP_HEADER none
- FB.SQL_NONCONSTANT_STRING_PASSED_TO_EXECUTE none
- FB.SQL_PREPARED_STATEMENT_GENERATED_FROM_NONCONSTANT_STRING none
- FB.XSS_REQUEST_PARAMETER_TO_JSP_WRITER none
- FB.XSS_REQUEST_PARAMETER_TO_SEND_ERROR none
- FB.XSS_REQUEST_PARAMETER_TO_SERVLET_WRITER none
- HEADER_INJECTION none
- JAVA_CODE_INJECTION none
- JCR_INJECTION none
- JSP_DYNAMIC_INCLUDE none
- JSP_SQL_INJECTION none
- LDAP_INJECTION none
- LDAP_NOT_CONSTANT none
- LOG_INJECTION none
- MISSING_HEADER_VALIDATION missing_header_validation
- NOSQL_QUERY_INJECTION none
- OGNL_INJECTION none
- OS_CMD_INJECTION command_as_array_of_args
- OS_CMD_INJECTION command_as_one_string
- OS_CMD_INJECTION none
- REGEX_INJECTION none
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
- UNKNOWN_LANGUAGE_INJECTION none
- URL_MANIPULATION bad_content_uri
- URL_MANIPULATION bad_intent_uri
- URL_MANIPULATION bad_web_uri
- XML_INJECTION none
- XPATH_INJECTION none
- XSS none
- XSS stored_xss
|
- ANGULAR_BYPASS_SECURITY none
- ANGULAR_ELEMENT_REFERENCE none
- ANGULAR_EXPRESSION_INJECTION none
- ANGULAR_SCE_DISABLED angular_sce_disabled
- CSS_INJECTION none
- DOM_XSS none
- HEADER_INJECTION none
- LOCALSTORAGE_MANIPULATION none
- NOSQL_QUERY_INJECTION none
- OS_CMD_INJECTION none
- REACT_DANGEROUS_INNERHTML react_set_unsafe_html
- REGEX_INJECTION none
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SESSIONSTORAGE_MANIPULATION none
- SQLI none
- SQLI nosink
- SQLI sink
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
- TEMPLATE_INJECTION none
- URL_MANIPULATION none
- VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
- XSS none
|
- HEADER_INJECTION none
- OS_CMD_INJECTION command_as_array_of_args
- OS_CMD_INJECTION command_as_one_string
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SQLI none
- SQLI nosink
- SQLI sink
- URL_MANIPULATION bad_content_uri
- URL_MANIPULATION bad_intent_uri
- URL_MANIPULATION bad_web_uri
|
- BUFFER_SIZE no_null_terminator
- BUFFER_SIZE no_null_terminator_warn
- FORMAT_STRING_INJECTION none
- FORMAT_STRING_INJECTION paranoid
- HEADER_INJECTION none
- OS_CMD_INJECTION none
- READLINK none
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SIZECHECK no_null_terminator
- SQLI none
- STRING_NULL none
- TAINTED_SCALAR allocation
- TAINTED_SCALAR array_index_read
- TAINTED_SCALAR array_index_write
- TAINTED_SCALAR critical_argument
- TAINTED_SCALAR divisor
- TAINTED_SCALAR loop_bound
- TAINTED_SCALAR none
- TAINTED_SCALAR pointer_deref_read
- TAINTED_SCALAR pointer_deref_write
- URL_MANIPULATION none
- XPATH_INJECTION none
|
- HEADER_INJECTION none
- NOSQL_QUERY_INJECTION none
- OS_CMD_INJECTION none
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SQLI none
- SQLI nosink
- SQLI sink
- SYMFONY_EL_INJECTION none
- XSS none
|
- NOSQL_QUERY_INJECTION none
- OS_CMD_INJECTION none
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SQLI none
- SQLI nosink
- SQLI sink
- XSS none
|
- DYNAMIC_OBJECT_ATTRIBUTES cve_2013_0276_hi
- OS_CMD_INJECTION command_injection_hi
- OS_CMD_INJECTION command_injection_med
- PATH_MANIPULATION dynamic_render_path_rce_hi
- REGEX_INJECTION regex_dos_hi
- REGEX_INJECTION regex_dos_low
- REGEX_INJECTION regex_dos_med
- RUBY_VULNERABLE_LIBRARY cve_2010_3933_hi
- RUBY_VULNERABLE_LIBRARY cve_2011_2930_med
- RUBY_VULNERABLE_LIBRARY cve_2011_2931_hi
- RUBY_VULNERABLE_LIBRARY cve_2011_2932_hi
- RUBY_VULNERABLE_LIBRARY cve_2011_3186_med
- RUBY_VULNERABLE_LIBRARY cve_2012_2660_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_2661_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_2695_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_3463_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_3465_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_5664_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_0155_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_1855_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_1857_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_4491_med
- RUBY_VULNERABLE_LIBRARY cve_2013_6416_call_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_6416_med
- RUBY_VULNERABLE_LIBRARY cve_2013_6417_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_0080_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_0081_call_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_0081_med
- RUBY_VULNERABLE_LIBRARY cve_2014_3482_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_3483_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_low
- RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_med
- RUBY_VULNERABLE_LIBRARY cve_2014_3514_med
- RUBY_VULNERABLE_LIBRARY cve_2015_3226_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_3226_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7577_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7578_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_7578_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7579_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_7579_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7580_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_7580_med
- RUBY_VULNERABLE_LIBRARY cve_2016_6317_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_3741_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_3741_med
- RUBY_VULNERABLE_LIBRARY cve_2018_8048_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_8048_med
- RUBY_VULNERABLE_LIBRARY safe_buffer_vuln_med
- RUBY_VULNERABLE_LIBRARY select_options_vuln_low
- RUBY_VULNERABLE_LIBRARY select_options_vuln_med
- RUBY_VULNERABLE_LIBRARY translate_vuln_hi
- RUBY_VULNERABLE_LIBRARY translate_vuln_med
- SCRIPT_CODE_INJECTION code_eval_hi
- SCRIPT_CODE_INJECTION code_eval_low
- SQLI sql_injection_calculate_hi
- SQLI sql_injection_calculate_low
- SQLI sql_injection_calculate_med
- SQLI sql_injection_connection_hi
- SQLI sql_injection_connection_low
- SQLI sql_injection_connection_med
- SQLI sql_injection_delete_hi
- SQLI sql_injection_delete_low
- SQLI sql_injection_delete_med
- SQLI sql_injection_dynamic_finder_med
- SQLI sql_injection_exists_hi
- SQLI sql_injection_find_by_hi
- SQLI sql_injection_find_hi
- SQLI sql_injection_find_low
- SQLI sql_injection_find_med
- SQLI sql_injection_from_hi
- SQLI sql_injection_from_low
- SQLI sql_injection_from_med
- SQLI sql_injection_group_low
- SQLI sql_injection_group_med
- SQLI sql_injection_having_low
- SQLI sql_injection_having_med
- SQLI sql_injection_hi
- SQLI sql_injection_interp_hi
- SQLI sql_injection_interp_low
- SQLI sql_injection_interp_med
- SQLI sql_injection_joins_hi
- SQLI sql_injection_joins_low
- SQLI sql_injection_joins_med
- SQLI sql_injection_limit_offset_hi
- SQLI sql_injection_limit_offset_low
- SQLI sql_injection_low
- SQLI sql_injection_med
- SQLI sql_injection_not_low
- SQLI sql_injection_order_hi
- SQLI sql_injection_order_low
- SQLI sql_injection_order_med
- SQLI sql_injection_pluck_hi
- SQLI sql_injection_pluck_low
- SQLI sql_injection_pluck_med
- SQLI sql_injection_reorder_hi
- SQLI sql_injection_reorder_low
- SQLI sql_injection_reorder_med
- SQLI sql_injection_select_hi
- SQLI sql_injection_select_med
- SQLI sql_injection_where_hi
- SQLI sql_injection_where_low
- SQLI sql_injection_where_med
- UNESCAPED_HTML unescaped_output_low
- XSS cross_site_scripting_hi
- XSS cross_site_scripting_inline_hi
- XSS cross_site_scripting_inline_med
- XSS cross_site_scripting_low
- XSS cross_site_scripting_med
- XSS cve_2011_0446_hi
- XSS cve_2012_3464_med
- XSS cve_2016_6316_hi
- XSS cve_2016_6316_med
- XSS unquoted_attribute_hi
- XSS unquoted_attribute_low
- XSS unquoted_attribute_med
- XSS xss_content_tag_hi
- XSS xss_content_tag_med
- XSS xss_link_to_hi
- XSS xss_link_to_href_hi
- XSS xss_link_to_href_low
- XSS xss_link_to_med
- XSS xss_to_json_hi
- XSS xss_to_json_med
|
|
- REGEX_INJECTION none
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SQLI none
- SQLI nosink
- SQLI sink
- XPATH_INJECTION none
|
- ANGULAR_BYPASS_SECURITY none
- ANGULAR_ELEMENT_REFERENCE none
- ANGULAR_EXPRESSION_INJECTION none
- ANGULAR_SCE_DISABLED angular_sce_disabled
- CSS_INJECTION none
- DOM_XSS none
- HEADER_INJECTION none
- LOCALSTORAGE_MANIPULATION none
- NOSQL_QUERY_INJECTION none
- OS_CMD_INJECTION none
- REACT_DANGEROUS_INNERHTML react_set_unsafe_html
- REGEX_INJECTION none
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SESSIONSTORAGE_MANIPULATION none
- SQLI none
- SQLI nosink
- SQLI sink
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
- TEMPLATE_INJECTION none
- URL_MANIPULATION none
- VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
- XSS none
|
- HEADER_INJECTION none
- LDAP_INJECTION none
- LDAP_NOT_CONSTANT none
- LOG_INJECTION none
- OS_CMD_INJECTION command_argument
- OS_CMD_INJECTION executable_file
- OS_CMD_INJECTION none
- REGEX_INJECTION none
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
- XML_INJECTION none
- XPATH_INJECTION none
- XSS none
- XSS stored_xss
|
| 708 Incorrect Ownership Assignment |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 709 Named Chains |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 710 Improper Adherence to Coding Standards |
- BAD_EQ referential
- BAD_EQ_TYPES none
- CALL_SUPER none
- CONFIG.CONNECTION_STRING_PASSWORD none
- CONSTANT_EXPRESSION_RESULT bit_and_with_zero
- CONSTANT_EXPRESSION_RESULT extra_high_bits
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT missing_parentheses
- CONSTANT_EXPRESSION_RESULT none
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT result_independent_of_operands
- CONSTANT_EXPRESSION_RESULT same_on_both_sides
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- COPY_PASTE_ERROR none
- DEADCODE dead_case_in_switch
- DEADCODE dead_default_in_switch
- DEADCODE effectively_constant
- DEADCODE none
- DEADCODE redundant_test
- FORWARD_NULL deref_constant_null
- FORWARD_NULL deref_constant_zero
- FORWARD_NULL dynamic_cast
- FORWARD_NULL none
- FORWARD_NULL null_from_as
- FORWARD_NULL throws_on_null
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- IDENTICAL_BRANCHES case
- IDENTICAL_BRANCHES chain
- IDENTICAL_BRANCHES if
- IDENTICAL_BRANCHES ternary
- LOCK_INVERSION none
- MISSING_RESTORE likely
- MISSING_RESTORE none
- MISSING_RESTORE possible
- NESTING_INDENT_MISMATCH bad_indentation
- NESTING_INDENT_MISMATCH none
- NOSQL_QUERY_INJECTION none
- NULL_RETURNS none
- NULL_RETURNS unimpl
- PROPERTY_MIXUP none
- REGEX_INJECTION none
- RESOURCE_LEAK channel
- RESOURCE_LEAK database
- RESOURCE_LEAK exceptional_path
- RESOURCE_LEAK none
- RESOURCE_LEAK socket
- RESOURCE_LEAK stream
- REVERSE_INULL none
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SWAPPED_ARGUMENTS none
- UNEXPECTED_CONTROL_FLOW continue_in_do_while_false
- UNKNOWN_LANGUAGE_INJECTION none
- UNREACHABLE none
- UNRESTRICTED_DISPATCH none
- UNSAFE_DESERIALIZATION none
- UNSAFE_NAMED_QUERY none
- UNUSED_VALUE adjacent
- UNUSED_VALUE none
- XML_EXTERNAL_ENTITY entity_expansion
- XML_EXTERNAL_ENTITY unrestricted_dtds
- XPATH_INJECTION none
|
- ALLOC_FREE_MISMATCH none
- ASSIGN_NOT_RETURNING_STAR_THIS indirect
- ASSIGN_NOT_RETURNING_STAR_THIS none
- ASSIGN_NOT_RETURNING_STAR_THIS usable_for_chained_assignment
- BAD_COMPARE comparator_misuse
- BAD_COMPARE misuse_of_not
- BAD_COMPARE none
- BAD_COMPARE string_lit_comparison
- BAD_FREE address
- BAD_FREE alloca
- BAD_FREE array
- BAD_FREE first_field_address
- BAD_FREE function_pointer
- BAD_FREE none
- BAD_OVERRIDE none
- CHECKED_RETURN library_function
- CHECKED_RETURN none
- CHECKED_RETURN returns_error_info
- CHECKED_RETURN short_read
- CHECKED_RETURN unchecked_arg
- CHECKED_RETURN user_required
- CHROOT none
- COM.ADDROF_LEAK none
- COM.BAD_FREE none
- COM.BSTR.ALLOC double_free
- COM.BSTR.ALLOC free_uninit
- COM.BSTR.ALLOC leak
- COM.BSTR.ALLOC none
- COM.BSTR.ALLOC use_after_free
- COM.BSTR.ALLOC use_uninit
- CONSTANT_EXPRESSION_RESULT bit_and_with_zero
- CONSTANT_EXPRESSION_RESULT extra_high_bits
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT missing_parentheses
- CONSTANT_EXPRESSION_RESULT none
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT pointless_string_compare
- CONSTANT_EXPRESSION_RESULT result_independent_of_operands
- CONSTANT_EXPRESSION_RESULT same_on_both_sides
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- COPY_PASTE_ERROR none
- CTOR_DTOR_LEAK none
- DC.PREDICTABLE_KEY_PASSWORD none
- DC.STREAM_BUFFER none
- DC.STRING_BUFFER none
- DC.WEAK_CRYPTO none
- DEADCODE dead_case_in_switch
- DEADCODE dead_default_in_switch
- DEADCODE effectively_constant
- DEADCODE none
- DEADCODE redundant_test
- DELETE_ARRAY non_array_delete
- DELETE_ARRAY none
- DELETE_ARRAY object
- DELETE_ARRAY scalar
- DELETE_VOID none
- ENUM_AS_BOOLEAN none
- EVALUATION_ORDER none
- FORWARD_NULL deref_constant_null
- FORWARD_NULL dynamic_cast
- FORWARD_NULL none
- FORWARD_NULL throws_on_null
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HFA none
- IDENTICAL_BRANCHES case
- IDENTICAL_BRANCHES chain
- IDENTICAL_BRANCHES if
- IDENTICAL_BRANCHES ternary
- INCOMPATIBLE_CAST endianness
- INVALIDATE_ITERATOR none
- LOCK double_lock
- LOCK lock_assert
- MISMATCHED_ITERATOR mismatched_comparison
- MISSING_ASSIGN none
- MISSING_ASSIGN uncalled
- MISSING_BREAK none
- MISSING_COPY none
- MISSING_COPY uncalled
- MISSING_RESTORE likely
- MISSING_RESTORE none
- MISSING_RESTORE possible
- MISSING_RETURN multiple_returns
- MISSING_RETURN none
- MIXED_ENUMS inferred
- MIXED_ENUMS none
- NEGATIVE_RETURNS critical_argument
- NESTING_INDENT_MISMATCH bad_indentation
- NESTING_INDENT_MISMATCH none
- NO_EFFECT array_null
- NO_EFFECT bad_memset_zero_size
- NO_EFFECT extra_comma
- NO_EFFECT incomplete_delete
- NO_EFFECT no_effect_deref
- NO_EFFECT no_effect_test
- NO_EFFECT self_assign
- NO_EFFECT static_through_instance
- NO_EFFECT unsigned_compare
- NO_EFFECT unsigned_compare_macros
- NO_EFFECT unsigned_enums
- NO_EFFECT useless_continue
- NULL_RETURNS none
- NULL_RETURNS unimpl
- OPEN_ARGS none
- ORDER_REVERSAL none
- PASS_BY_VALUE none
- PRINTF_ARGS extra_printf_arg
- PRINTF_ARGS invalid_printf_format_string
- PRINTF_ARGS invalid_type_printf_arg
- PRINTF_ARGS missing_printf_arg
- PW.* none
- PW.ASSIGN_WHERE_COMPARE_MEANT none
- PW.BAD_PRINTF_FORMAT_STRING none
- PW.BRANCH_PAST_INITIALIZATION none
- PW.RETURN_PTR_TO_LOCAL_TEMP none
- PW.TOO_FEW_PRINTF_ARGS none
- PW.TOO_MANY_PRINTF_ARGS none
- PW.UNSIGNED_COMPARE_WITH_NEGATIVE none
- RESOURCE_LEAK exceptional_path
- RESOURCE_LEAK fds_handles
- RESOURCE_LEAK none
- RETURN_LOCAL escape_local_addr_to_fields_or_globals
- RETURN_LOCAL none
- REVERSE_INULL none
- SECURE_CODING none
- SELF_ASSIGN none
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SIZEOF_MISMATCH extra_sizeof
- SIZEOF_MISMATCH missing_parentheses
- SIZEOF_MISMATCH none
- SIZEOF_MISMATCH sizeof_punning
- SIZEOF_MISMATCH wrong_size_value
- SIZEOF_MISMATCH wrong_sizeof
- STACK_USE none
- SWAPPED_ARGUMENTS none
- TAINTED_SCALAR allocation
- UNCAUGHT_EXCEPT none
- UNEXPECTED_CONTROL_FLOW continue_in_do_while_false
- UNINIT array_index_read
- UNINIT array_index_write
- UNINIT none
- UNINIT pointer_deref_read
- UNINIT pointer_deref_write
- UNINIT_CTOR none
- UNINIT_CTOR pointer
- UNREACHABLE none
- UNUSED_VALUE adjacent
- UNUSED_VALUE none
- USE_AFTER_FREE deref_read_after_free
- USE_AFTER_FREE deref_write_after_free
- USE_AFTER_FREE double_free
- USE_AFTER_FREE none
- VARARGS none
- VIRTUAL_DTOR empty_dtor
- VIRTUAL_DTOR none
- WEAK_GUARD dns
- WEAK_GUARD dns_sensitive_op
- WRAPPER_ESCAPE COM_deref_read_after_free
- WRAPPER_ESCAPE COM_deref_write_after_free
- WRAPPER_ESCAPE COM_use_after_free
- WRAPPER_ESCAPE deref_read_after_free
- WRAPPER_ESCAPE deref_write_after_free
- WRAPPER_ESCAPE none
- XPATH_INJECTION none
|
- ALLOC_FREE_MISMATCH none
- ASSIGN_NOT_RETURNING_STAR_THIS indirect
- ASSIGN_NOT_RETURNING_STAR_THIS none
- ASSIGN_NOT_RETURNING_STAR_THIS usable_for_chained_assignment
- BAD_COMPARE comparator_misuse
- BAD_COMPARE misuse_of_not
- BAD_COMPARE none
- BAD_COMPARE string_lit_comparison
- BAD_FREE address
- BAD_FREE alloca
- BAD_FREE array
- BAD_FREE first_field_address
- BAD_FREE function_pointer
- BAD_FREE none
- BAD_OVERRIDE none
- CHECKED_RETURN library_function
- CHECKED_RETURN none
- CHECKED_RETURN returns_error_info
- CHECKED_RETURN short_read
- CHECKED_RETURN unchecked_arg
- CHECKED_RETURN user_required
- CHROOT none
- CONSTANT_EXPRESSION_RESULT bit_and_with_zero
- CONSTANT_EXPRESSION_RESULT extra_high_bits
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT missing_parentheses
- CONSTANT_EXPRESSION_RESULT none
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT pointless_string_compare
- CONSTANT_EXPRESSION_RESULT result_independent_of_operands
- CONSTANT_EXPRESSION_RESULT same_on_both_sides
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- COPY_PASTE_ERROR none
- CTOR_DTOR_LEAK none
- DC.PREDICTABLE_KEY_PASSWORD none
- DC.STREAM_BUFFER none
- DC.STRING_BUFFER none
- DC.WEAK_CRYPTO none
- DEADCODE dead_case_in_switch
- DEADCODE dead_default_in_switch
- DEADCODE effectively_constant
- DEADCODE none
- DEADCODE redundant_test
- DELETE_ARRAY non_array_delete
- DELETE_ARRAY none
- DELETE_ARRAY object
- DELETE_ARRAY scalar
- DELETE_VOID none
- ENUM_AS_BOOLEAN none
- EVALUATION_ORDER none
- FORWARD_NULL deref_constant_null
- FORWARD_NULL dynamic_cast
- FORWARD_NULL none
- FORWARD_NULL throws_on_null
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- IDENTICAL_BRANCHES case
- IDENTICAL_BRANCHES chain
- IDENTICAL_BRANCHES if
- IDENTICAL_BRANCHES ternary
- INCOMPATIBLE_CAST endianness
- INVALIDATE_ITERATOR none
- LOCK double_lock
- LOCK lock_assert
- MISMATCHED_ITERATOR mismatched_comparison
- MISSING_ASSIGN none
- MISSING_ASSIGN uncalled
- MISSING_BREAK none
- MISSING_COPY none
- MISSING_COPY uncalled
- MISSING_RESTORE likely
- MISSING_RESTORE none
- MISSING_RESTORE possible
- MISSING_RETURN multiple_returns
- MISSING_RETURN none
- MIXED_ENUMS inferred
- MIXED_ENUMS none
- NEGATIVE_RETURNS critical_argument
- NESTING_INDENT_MISMATCH bad_indentation
- NESTING_INDENT_MISMATCH none
- NO_EFFECT array_null
- NO_EFFECT bad_memset_zero_size
- NO_EFFECT extra_comma
- NO_EFFECT incomplete_delete
- NO_EFFECT no_effect_deref
- NO_EFFECT no_effect_test
- NO_EFFECT self_assign
- NO_EFFECT static_through_instance
- NO_EFFECT unsigned_compare
- NO_EFFECT unsigned_compare_macros
- NO_EFFECT unsigned_enums
- NO_EFFECT useless_continue
- NULL_RETURNS none
- NULL_RETURNS unimpl
- OPEN_ARGS none
- ORDER_REVERSAL none
- PASS_BY_VALUE none
- PRINTF_ARGS extra_printf_arg
- PRINTF_ARGS invalid_printf_format_string
- PRINTF_ARGS invalid_type_printf_arg
- PRINTF_ARGS missing_printf_arg
- PW.* none
- PW.ASSIGN_WHERE_COMPARE_MEANT none
- PW.BAD_PRINTF_FORMAT_STRING none
- PW.BRANCH_PAST_INITIALIZATION none
- PW.RETURN_PTR_TO_LOCAL_TEMP none
- PW.TOO_FEW_PRINTF_ARGS none
- PW.TOO_MANY_PRINTF_ARGS none
- PW.UNSIGNED_COMPARE_WITH_NEGATIVE none
- RESOURCE_LEAK exceptional_path
- RESOURCE_LEAK fds_handles
- RESOURCE_LEAK none
- RETURN_LOCAL escape_local_addr_to_fields_or_globals
- RETURN_LOCAL none
- REVERSE_INULL none
- SECURE_CODING none
- SELF_ASSIGN none
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SIZEOF_MISMATCH extra_sizeof
- SIZEOF_MISMATCH missing_parentheses
- SIZEOF_MISMATCH none
- SIZEOF_MISMATCH sizeof_punning
- SIZEOF_MISMATCH wrong_size_value
- SIZEOF_MISMATCH wrong_sizeof
- STACK_USE none
- SWAPPED_ARGUMENTS none
- TAINTED_SCALAR allocation
- UNCAUGHT_EXCEPT none
- UNEXPECTED_CONTROL_FLOW continue_in_do_while_false
- UNINIT array_index_read
- UNINIT array_index_write
- UNINIT none
- UNINIT pointer_deref_read
- UNINIT pointer_deref_write
- UNINIT_CTOR none
- UNINIT_CTOR pointer
- UNREACHABLE none
- UNUSED_VALUE adjacent
- UNUSED_VALUE none
- USE_AFTER_FREE deref_read_after_free
- USE_AFTER_FREE deref_write_after_free
- USE_AFTER_FREE double_free
- USE_AFTER_FREE none
- VARARGS none
- VIRTUAL_DTOR empty_dtor
- VIRTUAL_DTOR none
- WEAK_GUARD dns
- WEAK_GUARD dns_sensitive_op
- WRAPPER_ESCAPE COM_deref_read_after_free
- WRAPPER_ESCAPE COM_deref_write_after_free
- WRAPPER_ESCAPE COM_use_after_free
- WRAPPER_ESCAPE deref_read_after_free
- WRAPPER_ESCAPE deref_write_after_free
- WRAPPER_ESCAPE none
- XPATH_INJECTION none
|
- CHECKED_RETURN none
- CHECKED_RETURN unchecked_arg
- CONSTANT_EXPRESSION_RESULT bit_and_with_zero
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT missing_parentheses
- CONSTANT_EXPRESSION_RESULT none
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT result_independent_of_operands
- CONSTANT_EXPRESSION_RESULT same_on_both_sides
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- COPY_PASTE_ERROR none
- DEADCODE dead_case_in_switch
- DEADCODE dead_default_in_switch
- DEADCODE effectively_constant
- DEADCODE none
- DEADCODE redundant_test
- DISTRUSTED_DATA_DESERIALIZATION none
- FORWARD_NULL deref_constant_null
- FORWARD_NULL none
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- IDENTICAL_BRANCHES case
- IDENTICAL_BRANCHES chain
- IDENTICAL_BRANCHES if
- IDENTICAL_BRANCHES ternary
- LOCK double_lock
- LOCK lock_assert
- LOCK_INVERSION none
- NOSQL_QUERY_INJECTION none
- NULL_RETURNS none
- NULL_RETURNS unimpl
- REVERSE_INULL none
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- TEMPLATE_INJECTION none
- UNUSED_VALUE adjacent
- UNUSED_VALUE none
- XML_EXTERNAL_ENTITY entity_expansion
|
- ATTRIBUTE_NAME_CONFLICT jsp_tag
- BAD_CERT_VERIFICATION bad_revocation_check
- BAD_CERT_VERIFICATION bad_trust_manager
- CALL_SUPER clone
- CALL_SUPER finalize
- CALL_SUPER none
- CHECKED_RETURN library_function
- CHECKED_RETURN none
- CHECKED_RETURN short_read
- CHECKED_RETURN user_required
- CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
- CONFIG.HTTP_VERB_TAMPERING none
- CONFIG.MISSING_JSF2_SECURITY_CONSTRAINT none
- CONFIG.SPRING_SECURITY_HARDCODED_CREDENTIALS none
- CONFIG.SPRING_SECURITY_REMEMBER_ME_HARDCODED_KEY none
- CONSTANT_EXPRESSION_RESULT bit_and_with_zero
- CONSTANT_EXPRESSION_RESULT extra_high_bits
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT missing_parentheses
- CONSTANT_EXPRESSION_RESULT none
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT result_independent_of_operands
- CONSTANT_EXPRESSION_RESULT same_on_both_sides
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- COPY_PASTE_ERROR none
- DC.DANGEROUS none
- DC.DEADLOCK none
- DEADCODE dead_case_in_switch
- DEADCODE dead_default_in_switch
- DEADCODE effectively_constant
- DEADCODE none
- DEADCODE redundant_test
- FB.AM_CREATES_EMPTY_JAR_FILE_ENTRY none
- FB.AM_CREATES_EMPTY_ZIP_FILE_ENTRY none
- FB.BC_IMPOSSIBLE_CAST none
- FB.BC_IMPOSSIBLE_DOWNCAST none
- FB.BC_IMPOSSIBLE_DOWNCAST_OF_TOARRAY none
- FB.BC_IMPOSSIBLE_INSTANCEOF none
- FB.BC_NULL_INSTANCEOF none
- FB.BC_VACUOUS_INSTANCEOF none
- FB.CN_IDIOM none
- FB.CN_IDIOM_NO_SUPER_CALL none
- FB.CN_IMPLEMENTS_CLONE_BUT_NOT_CLONEABLE none
- FB.DC_DOUBLECHECK none
- FB.DC_PARTIALLY_CONSTRUCTED none
- FB.DLS_DEAD_LOCAL_INCREMENT_IN_RETURN none
- FB.DLS_DEAD_LOCAL_STORE none
- FB.DLS_DEAD_LOCAL_STORE_IN_RETURN none
- FB.DLS_DEAD_LOCAL_STORE_OF_NULL none
- FB.DLS_DEAD_LOCAL_STORE_SHADOWS_FIELD none
- FB.DLS_DEAD_STORE_OF_CLASS_LITERAL none
- FB.DLS_OVERWRITTEN_INCREMENT none
- FB.DMI_ANNOTATION_IS_NOT_VISIBLE_TO_REFLECTION none
- FB.DMI_ARGUMENTS_WRONG_ORDER none
- FB.DMI_BAD_MONTH none
- FB.DMI_BIGDECIMAL_CONSTRUCTED_FROM_DOUBLE none
- FB.DMI_BLOCKING_METHODS_ON_URL none
- FB.DMI_CALLING_NEXT_FROM_HASNEXT none
- FB.DMI_COLLECTIONS_SHOULD_NOT_CONTAIN_THEMSELVES none
- FB.DMI_COLLECTION_OF_URLS none
- FB.DMI_CONSTANT_DB_PASSWORD none
- FB.DMI_DOH none
- FB.DMI_EMPTY_DB_PASSWORD none
- FB.DMI_ENTRY_SETS_MAY_REUSE_ENTRY_OBJECTS none
- FB.DMI_FUTILE_ATTEMPT_TO_CHANGE_MAXPOOL_SIZE_OF_SCHEDULED_THREAD none
- FB.DMI_HARDCODED_ABSOLUTE_FILENAME none
- FB.DMI_INVOKING_HASHCODE_ON_ARRAY none
- FB.DMI_INVOKING_TOSTRING_ON_ANONYMOUS_ARRAY none
- FB.DMI_INVOKING_TOSTRING_ON_ARRAY none
- FB.DMI_LONG_BITS_TO_DOUBLE_INVOKED_ON_INT none
- FB.DMI_NONSERIALIZABLE_OBJECT_WRITTEN none
- FB.DMI_RANDOM_USED_ONLY_ONCE none
- FB.DMI_SCHEDULED_THREAD_POOL_EXECUTOR_WITH_ZERO_CORE_THREADS none
- FB.DMI_THREAD_PASSED_WHERE_RUNNABLE_EXPECTED none
- FB.DMI_UNSUPPORTED_METHOD none
- FB.DMI_USELESS_SUBSTRING none
- FB.DMI_USING_REMOVEALL_TO_CLEAR_COLLECTION none
- FB.DMI_VACUOUS_CALL_TO_EASYMOCK_METHOD none
- FB.DMI_VACUOUS_SELF_COLLECTION_CALL none
- FB.DM_EXIT none
- FB.EQ_ABSTRACT_SELF none
- FB.EQ_ALWAYS_FALSE none
- FB.EQ_ALWAYS_TRUE none
- FB.EQ_CHECK_FOR_OPERAND_NOT_COMPATIBLE_WITH_THIS none
- FB.EQ_COMPARETO_USE_OBJECT_EQUALS none
- FB.EQ_COMPARING_CLASS_NAMES none
- FB.EQ_DOESNT_OVERRIDE_EQUALS none
- FB.EQ_DONT_DEFINE_EQUALS_FOR_ENUM none
- FB.EQ_GETCLASS_AND_CLASS_CONSTANT none
- FB.EQ_OTHER_NO_OBJECT none
- FB.EQ_OTHER_USE_OBJECT none
- FB.EQ_OVERRIDING_EQUALS_NOT_SYMMETRIC none
- FB.EQ_SELF_NO_OBJECT none
- FB.EQ_SELF_USE_OBJECT none
- FB.EQ_UNUSUAL none
- FB.ESYNC_EMPTY_SYNC none
- FB.ES_COMPARING_PARAMETER_STRING_WITH_EQ none
- FB.ES_COMPARING_STRINGS_WITH_EQ none
- FB.FI_EMPTY none
- FB.FI_EXPLICIT_INVOCATION none
- FB.FI_FINALIZER_NULLS_FIELDS none
- FB.FI_FINALIZER_ONLY_NULLS_FIELDS none
- FB.FI_MISSING_SUPER_CALL none
- FB.FI_NULLIFY_SUPER none
- FB.FI_USELESS none
- FB.IP_PARAMETER_IS_DEAD_BUT_OVERWRITTEN none
- FB.J2EE_STORE_OF_NON_SERIALIZABLE_OBJECT_INTO_SESSION none
- FB.NP_ALWAYS_NULL none
- FB.NP_ALWAYS_NULL_EXCEPTION none
- FB.NP_ARGUMENT_MIGHT_BE_NULL none
- FB.NP_BOOLEAN_RETURN_NULL none
- FB.NP_CLONE_COULD_RETURN_NULL none
- FB.NP_CLOSING_NULL none
- FB.NP_DEREFERENCE_OF_READLINE_VALUE none
- FB.NP_DOES_NOT_HANDLE_NULL none
- FB.NP_EQUALS_SHOULD_HANDLE_NULL_ARGUMENT none
- FB.NP_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR none
- FB.NP_GUARANTEED_DEREF none
- FB.NP_GUARANTEED_DEREF_ON_EXCEPTION_PATH none
- FB.NP_IMMEDIATE_DEREFERENCE_OF_READLINE none
- FB.NP_LOAD_OF_KNOWN_NULL_VALUE none
- FB.NP_METHOD_PARAMETER_RELAXING_ANNOTATION none
- FB.NP_METHOD_PARAMETER_TIGHTENS_ANNOTATION none
- FB.NP_METHOD_RETURN_RELAXING_ANNOTATION none
- FB.NP_NONNULL_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR none
- FB.NP_NONNULL_PARAM_VIOLATION none
- FB.NP_NONNULL_RETURN_VIOLATION none
- FB.NP_NULL_INSTANCEOF none
- FB.NP_NULL_ON_SOME_PATH none
- FB.NP_NULL_ON_SOME_PATH_EXCEPTION none
- FB.NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE none
- FB.NP_NULL_ON_SOME_PATH_MIGHT_BE_INFEASIBLE none
- FB.NP_NULL_PARAM_DEREF none
- FB.NP_NULL_PARAM_DEREF_ALL_TARGETS_DANGEROUS none
- FB.NP_NULL_PARAM_DEREF_NONVIRTUAL none
- FB.NP_OPTIONAL_RETURN_NULL none
- FB.NP_PARAMETER_MUST_BE_NONNULL_BUT_MARKED_AS_NULLABLE none
- FB.NP_STORE_INTO_NONNULL_FIELD none
- FB.NP_SYNC_AND_NULL_CHECK_FIELD none
- FB.NP_TOSTRING_COULD_RETURN_NULL none
- FB.NP_UNWRITTEN_FIELD none
- FB.NP_UNWRITTEN_PUBLIC_OR_PROTECTED_FIELD none
- FB.QBA_QUESTIONABLE_BOOLEAN_ASSIGNMENT none
- FB.RCN_REDUNDANT_COMPARISON_OF_NULL_AND_NONNULL_VALUE none
- FB.RCN_REDUNDANT_COMPARISON_TWO_NULL_VALUES none
- FB.RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE none
- FB.RCN_REDUNDANT_NULLCHECK_OF_NULL_VALUE none
- FB.RCN_REDUNDANT_NULLCHECK_WOULD_HAVE_BEEN_A_NPE none
- FB.RV_01_TO_INT none
- FB.RV_ABSOLUTE_VALUE_OF_HASHCODE none
- FB.RV_ABSOLUTE_VALUE_OF_RANDOM_INT none
- FB.RV_CHECK_COMPARETO_FOR_SPECIFIC_RETURN_VALUE none
- FB.RV_CHECK_FOR_POSITIVE_INDEXOF none
- FB.RV_DONT_JUST_NULL_CHECK_READLINE none
- FB.RV_EXCEPTION_NOT_THROWN none
- FB.RV_NEGATING_RESULT_OF_COMPARETO none
- FB.RV_REM_OF_HASHCODE none
- FB.RV_REM_OF_RANDOM_INT none
- FB.RV_RETURN_VALUE_IGNORED none
- FB.RV_RETURN_VALUE_IGNORED2 none
- FB.RV_RETURN_VALUE_IGNORED_BAD_PRACTICE none
- FB.RV_RETURN_VALUE_IGNORED_INFERRED none
- FB.RV_RETURN_VALUE_IGNORED_NO_SIDE_EFFECT none
- FB.RV_RETURN_VALUE_OF_PUTIFABSENT_IGNORED none
- FB.SF_DEAD_STORE_DUE_TO_SWITCH_FALLTHROUGH none
- FB.SF_DEAD_STORE_DUE_TO_SWITCH_FALLTHROUGH_TO_THROW none
- FB.SF_SWITCH_FALLTHROUGH none
- FORWARD_NULL deref_constant_null
- FORWARD_NULL deref_constant_zero
- FORWARD_NULL needs_null_check
- FORWARD_NULL none
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HIBERNATE_BAD_HASHCODE bad_equals
- IDENTICAL_BRANCHES case
- IDENTICAL_BRANCHES chain
- IDENTICAL_BRANCHES if
- IDENTICAL_BRANCHES ternary
- INSECURE_HTTP_FIREWALL spring_security
- INVALIDATE_ITERATOR map_put
- INVALIDATE_ITERATOR none
- JAVA_CODE_INJECTION none
- JCR_INJECTION none
- JSP_DYNAMIC_INCLUDE none
- LOCK_INVERSION none
- MISSING_BREAK none
- MISSING_RESTORE likely
- MISSING_RESTORE none
- MISSING_RESTORE possible
- NESTING_INDENT_MISMATCH bad_indentation
- NESTING_INDENT_MISMATCH none
- NOSQL_QUERY_INJECTION none
- NULL_RETURNS none
- NULL_RETURNS unimpl
- OGNL_INJECTION none
- ORM_LOAD_NULL_CHECK none
- PROPERTY_MIXUP none
- REGEX_INJECTION none
- RESOURCE_LEAK exceptional_path
- RESOURCE_LEAK none
- RESOURCE_LEAK socket
- RESOURCE_LEAK stream
- REVERSE_INULL none
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SWAPPED_ARGUMENTS none
- UNEXPECTED_CONTROL_FLOW continue_in_do_while_false
- UNKNOWN_LANGUAGE_INJECTION none
- UNLIMITED_CONCURRENT_SESSIONS unlimited_concurrent_sessions
- UNREACHABLE none
- UNRESTRICTED_DISPATCH none
- UNSAFE_DESERIALIZATION none
- UNSAFE_JNI none
- UNSAFE_NAMED_QUERY none
- UNSAFE_REFLECTION none
- UNUSED_VALUE adjacent
- UNUSED_VALUE none
- WEAK_GUARD dns
- WEAK_GUARD dns_sensitive_op
- XML_EXTERNAL_ENTITY entity_expansion
- XML_EXTERNAL_ENTITY unrestricted_dtds
- XPATH_INJECTION none
|
- ANGULAR_EXPRESSION_INJECTION none
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_fields
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_filesize
- CONFIG.CORDOVA_EXCESSIVE_LOGGING cordova
- CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
- CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
- CONFIG.SOCKETIO_MAXHTTPBUFFERSIZE_SET_TOO_LARGE socketio_max_buffer_size
- CONFIG.SOCKETIO_ORIGINS_ACCEPT_ALL socketio_all_origins
- CONSTANT_EXPRESSION_RESULT bit_and_with_zero
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT missing_parentheses
- CONSTANT_EXPRESSION_RESULT none
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT result_independent_of_operands
- CONSTANT_EXPRESSION_RESULT same_on_both_sides
- CONSTANT_EXPRESSION_RESULT typeof_misuse
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- COPY_PASTE_ERROR none
- DEADCODE none
- DEADCODE redundant_test
- EXPLICIT_THIS_EXPECTED none
- EXPRESS_SESSION_UNSAFE_MEMORYSTORE express_session_unsafe_memorystore
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_fields
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_filesize
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_use_temp_files
- FORWARD_NULL bad_null_value_use
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- IDENTICAL_BRANCHES case
- IDENTICAL_BRANCHES chain
- IDENTICAL_BRANCHES if
- IDENTICAL_BRANCHES ternary
- IDENTIFIER_TYPO none
- MISSING_BREAK none
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_count
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
- MULTER_MISCONFIGURATION multer_misconfiguration_of_limits
- MULTER_MISCONFIGURATION multer_misconfiguration_of_storage
- NESTING_INDENT_MISMATCH bad_indentation
- NESTING_INDENT_MISMATCH none
- NOSQL_QUERY_INJECTION none
- NO_EFFECT none
- NO_EFFECT self_assign
- NULL_RETURNS none
- REGEX_INJECTION none
- REVERSE_INULL none
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- TEMPLATE_INJECTION none
- UNEXPECTED_CONTROL_FLOW continue_in_do_while_false
- UNREACHABLE none
- UNSAFE_DESERIALIZATION none
- XML_EXTERNAL_ENTITY entity_expansion
|
- BAD_CERT_VERIFICATION bad_revocation_check
- BAD_CERT_VERIFICATION bad_trust_manager
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- UNSAFE_DESERIALIZATION none
- XML_EXTERNAL_ENTITY entity_expansion
- XML_EXTERNAL_ENTITY unrestricted_dtds
|
- ALLOC_FREE_MISMATCH none
- ASSIGN_NOT_RETURNING_STAR_THIS indirect
- ASSIGN_NOT_RETURNING_STAR_THIS none
- ASSIGN_NOT_RETURNING_STAR_THIS usable_for_chained_assignment
- BAD_COMPARE comparator_misuse
- BAD_COMPARE misuse_of_not
- BAD_COMPARE none
- BAD_COMPARE string_lit_comparison
- BAD_FREE address
- BAD_FREE alloca
- BAD_FREE array
- BAD_FREE first_field_address
- BAD_FREE function_pointer
- BAD_FREE none
- BAD_OVERRIDE none
- CHECKED_RETURN library_function
- CHECKED_RETURN none
- CHECKED_RETURN short_read
- CHECKED_RETURN unchecked_arg
- CHECKED_RETURN user_required
- CHROOT none
- CONSTANT_EXPRESSION_RESULT bit_and_with_zero
- CONSTANT_EXPRESSION_RESULT extra_high_bits
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT missing_parentheses
- CONSTANT_EXPRESSION_RESULT none
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT pointless_string_compare
- CONSTANT_EXPRESSION_RESULT result_independent_of_operands
- CONSTANT_EXPRESSION_RESULT same_on_both_sides
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- COPY_PASTE_ERROR none
- CTOR_DTOR_LEAK none
- DC.PREDICTABLE_KEY_PASSWORD none
- DC.STREAM_BUFFER none
- DC.STRING_BUFFER none
- DC.WEAK_CRYPTO none
- DEADCODE dead_case_in_switch
- DEADCODE dead_default_in_switch
- DEADCODE effectively_constant
- DEADCODE none
- DEADCODE redundant_test
- DELETE_ARRAY non_array_delete
- DELETE_ARRAY none
- DELETE_ARRAY object
- DELETE_ARRAY scalar
- DELETE_VOID none
- ENUM_AS_BOOLEAN none
- EVALUATION_ORDER none
- FORWARD_NULL deref_constant_null
- FORWARD_NULL dynamic_cast
- FORWARD_NULL none
- FORWARD_NULL throws_on_null
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- IDENTICAL_BRANCHES case
- IDENTICAL_BRANCHES chain
- IDENTICAL_BRANCHES if
- IDENTICAL_BRANCHES ternary
- INCOMPATIBLE_CAST endianness
- INVALIDATE_ITERATOR none
- LOCK double_lock
- LOCK lock_assert
- MISMATCHED_ITERATOR mismatched_comparison
- MISSING_ASSIGN none
- MISSING_ASSIGN uncalled
- MISSING_BREAK none
- MISSING_COPY none
- MISSING_COPY uncalled
- MISSING_RESTORE likely
- MISSING_RESTORE none
- MISSING_RESTORE possible
- MISSING_RETURN multiple_returns
- MISSING_RETURN none
- MIXED_ENUMS inferred
- MIXED_ENUMS none
- NEGATIVE_RETURNS critical_argument
- NESTING_INDENT_MISMATCH bad_indentation
- NESTING_INDENT_MISMATCH none
- NO_EFFECT array_null
- NO_EFFECT bad_memset_zero_size
- NO_EFFECT extra_comma
- NO_EFFECT incomplete_delete
- NO_EFFECT no_effect_deref
- NO_EFFECT no_effect_test
- NO_EFFECT self_assign
- NO_EFFECT static_through_instance
- NO_EFFECT unsigned_compare
- NO_EFFECT unsigned_compare_macros
- NO_EFFECT unsigned_enums
- NO_EFFECT useless_continue
- NULL_RETURNS none
- NULL_RETURNS unimpl
- OPEN_ARGS none
- ORDER_REVERSAL none
- PASS_BY_VALUE none
- PRINTF_ARGS extra_printf_arg
- PRINTF_ARGS invalid_printf_format_string
- PRINTF_ARGS invalid_type_printf_arg
- PRINTF_ARGS missing_printf_arg
- RESOURCE_LEAK exceptional_path
- RESOURCE_LEAK fds_handles
- RESOURCE_LEAK none
- RETURN_LOCAL escape_local_addr_to_fields_or_globals
- RETURN_LOCAL none
- REVERSE_INULL none
- SECURE_CODING none
- SELF_ASSIGN none
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SIZEOF_MISMATCH extra_sizeof
- SIZEOF_MISMATCH missing_parentheses
- SIZEOF_MISMATCH none
- SIZEOF_MISMATCH sizeof_punning
- SIZEOF_MISMATCH wrong_size_value
- SIZEOF_MISMATCH wrong_sizeof
- STACK_USE none
- SWAPPED_ARGUMENTS none
- TAINTED_SCALAR allocation
- UNCAUGHT_EXCEPT none
- UNEXPECTED_CONTROL_FLOW continue_in_do_while_false
- UNINIT array_index_read
- UNINIT array_index_write
- UNINIT none
- UNINIT pointer_deref_read
- UNINIT pointer_deref_write
- UNINIT_CTOR none
- UNINIT_CTOR pointer
- UNREACHABLE none
- UNUSED_VALUE adjacent
- UNUSED_VALUE none
- USE_AFTER_FREE deref_read_after_free
- USE_AFTER_FREE deref_write_after_free
- USE_AFTER_FREE double_free
- USE_AFTER_FREE none
- VARARGS none
- VIRTUAL_DTOR empty_dtor
- VIRTUAL_DTOR none
- WEAK_GUARD dns
- WEAK_GUARD dns_sensitive_op
- WRAPPER_ESCAPE COM_deref_read_after_free
- WRAPPER_ESCAPE COM_deref_write_after_free
- WRAPPER_ESCAPE COM_use_after_free
- WRAPPER_ESCAPE deref_read_after_free
- WRAPPER_ESCAPE deref_write_after_free
- WRAPPER_ESCAPE none
- XPATH_INJECTION none
|
- CONSTANT_EXPRESSION_RESULT bit_and_with_zero
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT missing_parentheses
- CONSTANT_EXPRESSION_RESULT none
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT result_independent_of_operands
- CONSTANT_EXPRESSION_RESULT same_on_both_sides
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- COPY_PASTE_ERROR none
- DEADCODE none
- DEADCODE redundant_test
- FORWARD_NULL bad_null_value_use
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- IDENTICAL_BRANCHES case
- IDENTICAL_BRANCHES chain
- IDENTICAL_BRANCHES if
- IDENTICAL_BRANCHES ternary
- IDENTIFIER_TYPO none
- MISSING_BREAK none
- NESTING_INDENT_MISMATCH bad_indentation
- NESTING_INDENT_MISMATCH none
- NOSQL_QUERY_INJECTION none
- NO_EFFECT none
- NO_EFFECT self_assign
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- UNEXPECTED_CONTROL_FLOW continue_in_do_while_false
- UNREACHABLE none
- UNSAFE_DESERIALIZATION none
- UNSAFE_REFLECTION none
|
- CONSTANT_EXPRESSION_RESULT bit_and_with_zero
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT missing_parentheses
- CONSTANT_EXPRESSION_RESULT none
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT result_independent_of_operands
- CONSTANT_EXPRESSION_RESULT same_on_both_sides
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- COPY_PASTE_ERROR none
- DEADCODE none
- DEADCODE redundant_test
- FORWARD_NULL bad_null_value_use
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- IDENTICAL_BRANCHES chain
- IDENTICAL_BRANCHES if
- IDENTICAL_BRANCHES ternary
- IDENTIFIER_TYPO none
- NOSQL_QUERY_INJECTION none
- REVERSE_INULL none
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- UNREACHABLE none
- UNSAFE_DESERIALIZATION none
|
- CONSTANT_EXPRESSION_RESULT bit_and_with_zero
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT missing_parentheses
- CONSTANT_EXPRESSION_RESULT none
- CONSTANT_EXPRESSION_RESULT number_as_truth_value
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT result_independent_of_operands
- CONSTANT_EXPRESSION_RESULT same_on_both_sides
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- COOKIE_SERIALIZER_CONFIG unsafe_cookie_serialization_med
- COPY_PASTE_ERROR none
- DEADCODE none
- DEADCODE redundant_test
- DYNAMIC_OBJECT_ATTRIBUTES attr_protected_used_med
- DYNAMIC_OBJECT_ATTRIBUTES cve_2013_0276_hi
- DYNAMIC_OBJECT_ATTRIBUTES dangerous_attr_accessible_hi
- DYNAMIC_OBJECT_ATTRIBUTES dangerous_attr_accessible_low
- DYNAMIC_OBJECT_ATTRIBUTES dangerous_attr_accessible_med
- DYNAMIC_OBJECT_ATTRIBUTES dangerous_permit_key_hi
- DYNAMIC_OBJECT_ATTRIBUTES dangerous_permit_key_med
- DYNAMIC_OBJECT_ATTRIBUTES mass_assign_call_hi
- DYNAMIC_OBJECT_ATTRIBUTES mass_assign_call_low
- DYNAMIC_OBJECT_ATTRIBUTES mass_assign_call_med
- DYNAMIC_OBJECT_ATTRIBUTES mass_assign_permit_all_hi
- DYNAMIC_OBJECT_ATTRIBUTES mass_assign_permit_all_med
- DYNAMIC_OBJECT_ATTRIBUTES mass_assign_without_protection_hi
- DYNAMIC_OBJECT_ATTRIBUTES mass_assign_without_protection_med
- DYNAMIC_OBJECT_ATTRIBUTES no_attr_accessible_hi
- FORWARD_NULL bad_null_value_use
- HARDCODED_CREDENTIALS secret_in_source_med
- IDENTICAL_BRANCHES chain
- IDENTICAL_BRANCHES if
- IDENTICAL_BRANCHES ternary
- IDENTIFIER_TYPO none
- NO_EFFECT none
- NO_EFFECT self_assign
- PARSE_ERROR none
- PATH_MANIPULATION dynamic_render_path_rce_hi
- RAILS_DEFAULT_ROUTES cve_2014_0130_hi
- RAILS_DEFAULT_ROUTES cve_2014_0130_med
- RAILS_DEVISE_CONFIG devise_reset_timeout_hi
- REGEX_INJECTION regex_dos_hi
- REGEX_INJECTION regex_dos_low
- REGEX_INJECTION regex_dos_med
- RESOURCE_LEAK unsafe_symbol_creation_low
- REVERSE_INULL none
- RUBY_VULNERABLE_LIBRARY cve_2012_3424_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_3424_low
- RUBY_VULNERABLE_LIBRARY cve_2013_0156_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_0269_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_0269_low
- RUBY_VULNERABLE_LIBRARY cve_2013_0269_med
- RUBY_VULNERABLE_LIBRARY cve_2013_0277_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_0277_med
- RUBY_VULNERABLE_LIBRARY cve_2013_0333_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_1854_med
- RUBY_VULNERABLE_LIBRARY cve_2013_6414_med
- RUBY_VULNERABLE_LIBRARY cve_2014_0082_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_7829_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_3227_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7581_med
- RUBY_VULNERABLE_LIBRARY cve_2016_0751_med
- SCRIPT_CODE_INJECTION code_eval_hi
- SCRIPT_CODE_INJECTION code_eval_low
- UNEXPECTED_CONTROL_FLOW continue_in_do_while_false
- UNREACHABLE none
- UNSAFE_BASIC_AUTH basic_auth_password_hi
- UNSAFE_DESERIALIZATION unsafe_deserialize_hi
- UNSAFE_DESERIALIZATION unsafe_deserialize_med
- UNSAFE_REFLECTION dangerous_send_hi
- UNSAFE_REFLECTION unsafe_constantize_hi
- UNSAFE_REFLECTION unsafe_constantize_med
- UNSAFE_SESSION_SETTING session_secret_hi
|
- CONSTANT_EXPRESSION_RESULT bit_and_with_zero
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT missing_parentheses
- CONSTANT_EXPRESSION_RESULT none
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT result_independent_of_operands
- CONSTANT_EXPRESSION_RESULT same_on_both_sides
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- COPY_PASTE_ERROR none
- DEADCODE dead_case_in_switch
- DEADCODE dead_default_in_switch
- DEADCODE effectively_constant
- DEADCODE none
- DEADCODE redundant_test
- FORWARD_NULL deref_constant_null
- FORWARD_NULL none
- IDENTICAL_BRANCHES case
- IDENTICAL_BRANCHES chain
- IDENTICAL_BRANCHES if
- IDENTICAL_BRANCHES ternary
- NESTING_INDENT_MISMATCH bad_indentation
- NESTING_INDENT_MISMATCH none
- NO_EFFECT none
- NO_EFFECT self_assign
- REVERSE_INULL none
- UNREACHABLE none
|
- BAD_CERT_VERIFICATION bad_trust_manager
- CONSTANT_EXPRESSION_RESULT bit_and_with_zero
- CONSTANT_EXPRESSION_RESULT none
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT result_independent_of_operands
- CONSTANT_EXPRESSION_RESULT same_on_both_sides
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- COPY_PASTE_ERROR none
- DEADCODE dead_case_in_switch
- DEADCODE dead_default_in_switch
- DEADCODE effectively_constant
- DEADCODE none
- DEADCODE redundant_test
- FORWARD_NULL deref_constant_null
- FORWARD_NULL none
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- IDENTICAL_BRANCHES case
- IDENTICAL_BRANCHES chain
- IDENTICAL_BRANCHES if
- IDENTICAL_BRANCHES ternary
- PROPERTY_MIXUP none
- PW.* none
- REGEX_INJECTION none
- REVERSE_INULL none
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- UNEXPECTED_CONTROL_FLOW continue_in_do_while_false
- UNEXPECTED_CONTROL_FLOW ignored_exception_to_optional
- UNEXPECTED_CONTROL_FLOW useless_defer
- XPATH_INJECTION none
|
- ANGULAR_EXPRESSION_INJECTION none
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_fields
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_filesize
- CONFIG.CORDOVA_EXCESSIVE_LOGGING cordova
- CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
- CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
- CONFIG.SOCKETIO_MAXHTTPBUFFERSIZE_SET_TOO_LARGE socketio_max_buffer_size
- CONFIG.SOCKETIO_ORIGINS_ACCEPT_ALL socketio_all_origins
- CONSTANT_EXPRESSION_RESULT bit_and_with_zero
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT missing_parentheses
- CONSTANT_EXPRESSION_RESULT none
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT result_independent_of_operands
- CONSTANT_EXPRESSION_RESULT same_on_both_sides
- CONSTANT_EXPRESSION_RESULT typeof_misuse
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- COPY_PASTE_ERROR none
- DEADCODE none
- DEADCODE redundant_test
- EXPLICIT_THIS_EXPECTED none
- EXPRESS_SESSION_UNSAFE_MEMORYSTORE express_session_unsafe_memorystore
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_fields
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_filesize
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_use_temp_files
- FORWARD_NULL bad_null_value_use
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- IDENTICAL_BRANCHES case
- IDENTICAL_BRANCHES chain
- IDENTICAL_BRANCHES if
- IDENTICAL_BRANCHES ternary
- IDENTIFIER_TYPO none
- MISSING_BREAK none
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_count
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
- MULTER_MISCONFIGURATION multer_misconfiguration_of_limits
- MULTER_MISCONFIGURATION multer_misconfiguration_of_storage
- NESTING_INDENT_MISMATCH bad_indentation
- NESTING_INDENT_MISMATCH none
- NOSQL_QUERY_INJECTION none
- NO_EFFECT none
- NO_EFFECT self_assign
- NULL_RETURNS none
- REGEX_INJECTION none
- REVERSE_INULL none
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- TEMPLATE_INJECTION none
- UNEXPECTED_CONTROL_FLOW continue_in_do_while_false
- UNREACHABLE none
- UNSAFE_DESERIALIZATION none
- XML_EXTERNAL_ENTITY entity_expansion
|
- CALL_SUPER none
- COPY_PASTE_ERROR none
- DEADCODE dead_case_in_switch
- DEADCODE dead_default_in_switch
- DEADCODE effectively_constant
- DEADCODE none
- DEADCODE redundant_test
- FORWARD_NULL deref_constant_null
- FORWARD_NULL deref_constant_zero
- FORWARD_NULL dynamic_cast
- FORWARD_NULL none
- FORWARD_NULL null_from_as
- FORWARD_NULL throws_on_null
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- IDENTICAL_BRANCHES case
- IDENTICAL_BRANCHES chain
- IDENTICAL_BRANCHES if
- IDENTICAL_BRANCHES ternary
- NULL_RETURNS none
- PROPERTY_MIXUP none
- REGEX_INJECTION none
- RESOURCE_LEAK channel
- RESOURCE_LEAK database
- RESOURCE_LEAK exceptional_path
- RESOURCE_LEAK none
- RESOURCE_LEAK socket
- RESOURCE_LEAK stream
- REVERSE_INULL none
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SWAPPED_ARGUMENTS none
- UNEXPECTED_CONTROL_FLOW continue_in_do_while_false
- UNREACHABLE none
- UNRESTRICTED_DISPATCH none
- UNSAFE_DESERIALIZATION none
- UNSAFE_NAMED_QUERY none
- XML_EXTERNAL_ENTITY entity_expansion
- XML_EXTERNAL_ENTITY unrestricted_dtds
- XPATH_INJECTION none
|
| 711 Weaknesses in OWASP Top Ten (2004) |
- CONFIG.ASPNET_VERSION_HEADER none
- CONFIG.ASP_VIEWSTATE_MAC none
- CONFIG.CONNECTION_STRING_PASSWORD none
- CONFIG.COOKIES_MISSING_HTTPONLY none
- CONFIG.DEAD_AUTHORIZATION_RULE dead_allow_rule
- CONFIG.DEAD_AUTHORIZATION_RULE dead_deny_rule
- CONFIG.DYNAMIC_DATA_HTML_COMMENT none
- CONFIG.ENABLED_DEBUG_MODE none
- CONFIG.ENABLED_TRACE_MODE none
- CONFIG.MISSING_CUSTOM_ERROR_PAGE none
- CSRF database_update
- CSRF filesystem_modification
- CSRF none
- DIVIDE_BY_ZERO float_divisor
- DIVIDE_BY_ZERO none
- FORWARD_NULL deref_constant_null
- FORWARD_NULL deref_constant_zero
- FORWARD_NULL dynamic_cast
- FORWARD_NULL none
- FORWARD_NULL null_from_as
- FORWARD_NULL throws_on_null
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HEADER_INJECTION none
- INSECURE_COOKIE dotnet
- INSECURE_RANDOM insecure_random_used
- INSECURE_RANDOM insecure_random_value
- LDAP_INJECTION none
- LDAP_NOT_CONSTANT none
- LOG_INJECTION none
- MISSING_AUTHZ none
- MISSING_THROW none
- NOSQL_QUERY_INJECTION none
- NULL_RETURNS none
- NULL_RETURNS unimpl
- OPEN_REDIRECT none
- OS_CMD_INJECTION command_argument
- OS_CMD_INJECTION executable_file
- OS_CMD_INJECTION none
- OVERFLOW_BEFORE_WIDEN none
- PATH_MANIPULATION none
- REGEX_INJECTION none
- RESOURCE_LEAK channel
- RESOURCE_LEAK database
- RESOURCE_LEAK exceptional_path
- RESOURCE_LEAK none
- RESOURCE_LEAK socket
- RESOURCE_LEAK stream
- REVERSE_INULL none
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- UNKNOWN_LANGUAGE_INJECTION none
- UNRESTRICTED_DISPATCH none
- UNSAFE_NAMED_QUERY none
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
- XML_EXTERNAL_ENTITY entity_expansion
- XML_EXTERNAL_ENTITY unrestricted_dtds
- XML_INJECTION none
- XPATH_INJECTION none
- XSS none
- XSS stored_xss
|
- ALLOC_FREE_MISMATCH none
- ARRAY_VS_SINGLETON none
- AUTOSAR C++14 A15-3-3 none
- BAD_ALLOC_ARITHMETIC none
- BAD_COMPARE comparator_misuse
- BAD_FREE address
- BAD_FREE alloca
- BAD_FREE array
- BAD_FREE first_field_address
- BAD_FREE function_pointer
- BAD_FREE none
- BUFFER_SIZE fixed_size_dest
- BUFFER_SIZE likely_overflow
- BUFFER_SIZE no_null_terminator
- BUFFER_SIZE no_null_terminator_warn
- BUFFER_SIZE none
- BUFFER_SIZE overflow
- BUFFER_SIZE overlapping_buffer
- CHECKED_RETURN library_function
- CHECKED_RETURN none
- CHECKED_RETURN returns_error_info
- CHECKED_RETURN short_read
- CHECKED_RETURN unchecked_arg
- CHECKED_RETURN user_required
- COM.ADDROF_LEAK none
- COM.BAD_FREE none
- COM.BSTR.ALLOC double_free
- COM.BSTR.ALLOC free_uninit
- COM.BSTR.ALLOC leak
- COM.BSTR.ALLOC none
- COM.BSTR.ALLOC use_after_free
- COM.BSTR.ALLOC use_uninit
- COM.BSTR.CONV none
- CTOR_DTOR_LEAK none
- DELETE_ARRAY non_array_delete
- DELETE_ARRAY none
- DELETE_ARRAY object
- DELETE_ARRAY scalar
- DIVIDE_BY_ZERO float_divisor
- DIVIDE_BY_ZERO none
- FORMAT_STRING_INJECTION none
- FORMAT_STRING_INJECTION paranoid
- FORWARD_NULL deref_constant_null
- FORWARD_NULL dynamic_cast
- FORWARD_NULL none
- FORWARD_NULL throws_on_null
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HEADER_INJECTION none
- INCOMPATIBLE_CAST overrun
- INTEGER_OVERFLOW array_index_read
- INTEGER_OVERFLOW array_index_write
- INTEGER_OVERFLOW const_overflow
- INTEGER_OVERFLOW critical_argument
- INTEGER_OVERFLOW none
- INTEGER_OVERFLOW pointer_deref_read
- INTEGER_OVERFLOW pointer_deref_write
- INTEGER_OVERFLOW return_value_error
- INVALIDATE_ITERATOR none
- LOCK lock_assert
- MISMATCHED_ITERATOR none
- MISMATCHED_ITERATOR splice_iterator_mismatch
- MISRA C++-2008 Rule 15-3-2 none
- MISSING_ASSIGN none
- MISSING_ASSIGN uncalled
- MISSING_COPY none
- MISSING_COPY uncalled
- NEGATIVE_RETURNS array_index_read
- NEGATIVE_RETURNS array_index_write
- NEGATIVE_RETURNS loop_bound
- NEGATIVE_RETURNS none
- NO_EFFECT incomplete_delete
- NULL_RETURNS none
- NULL_RETURNS unimpl
- OS_CMD_INJECTION none
- OVERFLOW_BEFORE_WIDEN none
- OVERRUN illegal_address
- OVERRUN none
- OVERRUN read
- OVERRUN strlen
- OVERRUN write
- PATH_MANIPULATION none
- PW.DIVIDE_BY_ZERO none
- PW.INTEGER_OVERFLOW none
- PW.INTEGER_TOO_LARGE none
- PW.NON_CONST_PRINTF_FORMAT_STRING none
- PW.SHIFT_COUNT_TOO_LARGE none
- READLINK none
- RESOURCE_LEAK exceptional_path
- RESOURCE_LEAK fds_handles
- RESOURCE_LEAK none
- REVERSE_INULL none
- REVERSE_NEGATIVE array_index_read
- REVERSE_NEGATIVE array_index_write
- REVERSE_NEGATIVE critical_argument
- REVERSE_NEGATIVE none
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SIZECHECK likely_overflow
- SIZECHECK no_null_terminator
- SQLI none
- STACK_USE none
- STRING_NULL none
- STRING_OVERFLOW fixed_size_dest
- STRING_OVERFLOW likely_overflow
- STRING_OVERFLOW none
- STRING_SIZE none
- TAINTED_SCALAR allocation
- TAINTED_SCALAR array_index_read
- TAINTED_SCALAR array_index_write
- TAINTED_SCALAR critical_argument
- TAINTED_SCALAR divisor
- TAINTED_SCALAR loop_bound
- TAINTED_SCALAR none
- TAINTED_SCALAR pointer_deref_read
- TAINTED_SCALAR pointer_deref_write
- TAINTED_STRING none
- UNCAUGHT_EXCEPT none
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- URL_MANIPULATION none
- USER_POINTER none
- USE_AFTER_FREE deref_read_after_free
- USE_AFTER_FREE deref_write_after_free
- USE_AFTER_FREE double_free
- USE_AFTER_FREE none
- VIRTUAL_DTOR empty_dtor
- VIRTUAL_DTOR none
- WEAK_GUARD dns
- WEAK_GUARD dns_sensitive_op
- WEAK_GUARD http_referer
- WEAK_GUARD http_referer_sensitive_op
- WEAK_GUARD ip_address
- WEAK_GUARD ip_address_sensitive_op
- WEAK_GUARD none
- WEAK_GUARD os_login
- WEAK_GUARD os_login_sensitive_op
- WEAK_GUARD principal_name
- WEAK_GUARD principal_name_sensitive_op
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
- WRAPPER_ESCAPE COM_deref_read_after_free
- WRAPPER_ESCAPE COM_deref_write_after_free
- WRAPPER_ESCAPE COM_use_after_free
- WRAPPER_ESCAPE deref_read_after_free
- WRAPPER_ESCAPE deref_write_after_free
- WRAPPER_ESCAPE none
- XPATH_INJECTION none
|
- ALLOC_FREE_MISMATCH none
- ARRAY_VS_SINGLETON none
- AUTOSAR C++14 A15-3-3 none
- BAD_ALLOC_ARITHMETIC none
- BAD_COMPARE comparator_misuse
- BAD_FREE address
- BAD_FREE alloca
- BAD_FREE array
- BAD_FREE first_field_address
- BAD_FREE function_pointer
- BAD_FREE none
- BUFFER_SIZE fixed_size_dest
- BUFFER_SIZE likely_overflow
- BUFFER_SIZE no_null_terminator
- BUFFER_SIZE no_null_terminator_warn
- BUFFER_SIZE none
- BUFFER_SIZE overflow
- BUFFER_SIZE overlapping_buffer
- CHECKED_RETURN library_function
- CHECKED_RETURN none
- CHECKED_RETURN returns_error_info
- CHECKED_RETURN short_read
- CHECKED_RETURN unchecked_arg
- CHECKED_RETURN user_required
- CTOR_DTOR_LEAK none
- DELETE_ARRAY non_array_delete
- DELETE_ARRAY none
- DELETE_ARRAY object
- DELETE_ARRAY scalar
- DIVIDE_BY_ZERO float_divisor
- DIVIDE_BY_ZERO none
- FORMAT_STRING_INJECTION none
- FORMAT_STRING_INJECTION paranoid
- FORWARD_NULL deref_constant_null
- FORWARD_NULL dynamic_cast
- FORWARD_NULL none
- FORWARD_NULL throws_on_null
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HEADER_INJECTION none
- INCOMPATIBLE_CAST overrun
- INTEGER_OVERFLOW array_index_read
- INTEGER_OVERFLOW array_index_write
- INTEGER_OVERFLOW const_overflow
- INTEGER_OVERFLOW critical_argument
- INTEGER_OVERFLOW none
- INTEGER_OVERFLOW pointer_deref_read
- INTEGER_OVERFLOW pointer_deref_write
- INTEGER_OVERFLOW return_value_error
- INVALIDATE_ITERATOR none
- LOCK lock_assert
- MISMATCHED_ITERATOR none
- MISMATCHED_ITERATOR splice_iterator_mismatch
- MISRA C++-2008 Rule 15-3-2 none
- MISSING_ASSIGN none
- MISSING_ASSIGN uncalled
- MISSING_COPY none
- MISSING_COPY uncalled
- NEGATIVE_RETURNS array_index_read
- NEGATIVE_RETURNS array_index_write
- NEGATIVE_RETURNS loop_bound
- NEGATIVE_RETURNS none
- NO_EFFECT incomplete_delete
- NULL_RETURNS none
- NULL_RETURNS unimpl
- OS_CMD_INJECTION none
- OVERFLOW_BEFORE_WIDEN none
- OVERRUN illegal_address
- OVERRUN none
- OVERRUN read
- OVERRUN strlen
- OVERRUN write
- PATH_MANIPULATION none
- PW.DIVIDE_BY_ZERO none
- PW.INTEGER_OVERFLOW none
- PW.INTEGER_TOO_LARGE none
- PW.NON_CONST_PRINTF_FORMAT_STRING none
- PW.SHIFT_COUNT_TOO_LARGE none
- READLINK none
- RESOURCE_LEAK exceptional_path
- RESOURCE_LEAK fds_handles
- RESOURCE_LEAK none
- REVERSE_INULL none
- REVERSE_NEGATIVE array_index_read
- REVERSE_NEGATIVE array_index_write
- REVERSE_NEGATIVE critical_argument
- REVERSE_NEGATIVE none
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SIZECHECK likely_overflow
- SIZECHECK no_null_terminator
- SQLI none
- STACK_USE none
- STRING_NULL none
- STRING_OVERFLOW fixed_size_dest
- STRING_OVERFLOW likely_overflow
- STRING_OVERFLOW none
- STRING_SIZE none
- TAINTED_SCALAR allocation
- TAINTED_SCALAR array_index_read
- TAINTED_SCALAR array_index_write
- TAINTED_SCALAR critical_argument
- TAINTED_SCALAR divisor
- TAINTED_SCALAR loop_bound
- TAINTED_SCALAR none
- TAINTED_SCALAR pointer_deref_read
- TAINTED_SCALAR pointer_deref_write
- TAINTED_STRING none
- UNCAUGHT_EXCEPT none
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- URL_MANIPULATION none
- USER_POINTER none
- USE_AFTER_FREE deref_read_after_free
- USE_AFTER_FREE deref_write_after_free
- USE_AFTER_FREE double_free
- USE_AFTER_FREE none
- VIRTUAL_DTOR empty_dtor
- VIRTUAL_DTOR none
- WEAK_GUARD dns
- WEAK_GUARD dns_sensitive_op
- WEAK_GUARD http_referer
- WEAK_GUARD http_referer_sensitive_op
- WEAK_GUARD ip_address
- WEAK_GUARD ip_address_sensitive_op
- WEAK_GUARD none
- WEAK_GUARD os_login
- WEAK_GUARD os_login_sensitive_op
- WEAK_GUARD principal_name
- WEAK_GUARD principal_name_sensitive_op
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
- WRAPPER_ESCAPE COM_deref_read_after_free
- WRAPPER_ESCAPE COM_deref_write_after_free
- WRAPPER_ESCAPE COM_use_after_free
- WRAPPER_ESCAPE deref_read_after_free
- WRAPPER_ESCAPE deref_write_after_free
- WRAPPER_ESCAPE none
- XPATH_INJECTION none
|
- CHECKED_RETURN none
- CHECKED_RETURN unchecked_arg
- DIVIDE_BY_ZERO float_divisor
- DIVIDE_BY_ZERO none
- FORWARD_NULL deref_constant_null
- FORWARD_NULL none
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HEADER_INJECTION none
- LOCK lock_assert
- NOSQL_QUERY_INJECTION none
- NULL_RETURNS none
- NULL_RETURNS unimpl
- OPEN_REDIRECT none
- OS_CMD_INJECTION command_as_one_string
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- REVERSE_INULL none
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
- TEMPLATE_INJECTION none
- URL_MANIPULATION none
- XML_EXTERNAL_ENTITY entity_expansion
- XSS none
|
- ANDROID_CAPABILITY_LEAK none
- ANDROID_DEBUG_MODE none
- ANDROID_WEBVIEW_FILEACCESS android_webview_file_access
- BAD_CERT_VERIFICATION bad_hostname_verifier
- BAD_CERT_VERIFICATION bad_revocation_check
- BAD_CERT_VERIFICATION bad_ssl_session
- BAD_CERT_VERIFICATION bad_trust_manager
- CALL_SUPER finalize
- CHECKED_RETURN library_function
- CHECKED_RETURN none
- CHECKED_RETURN short_read
- CHECKED_RETURN user_required
- CONFIG.ANDROID_BACKUPS_ALLOWED android
- CONFIG.DUPLICATE_SERVLET_DEFINITION none
- CONFIG.DWR_DEBUG_MODE none
- CONFIG.DYNAMIC_DATA_HTML_COMMENT none
- CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
- CONFIG.HTTP_VERB_TAMPERING none
- CONFIG.JAVAEE_MISSING_HTTPONLY none
- CONFIG.JAVAEE_MISSING_SERVLET_MAPPING javaee
- CONFIG.MISSING_GLOBAL_EXCEPTION_HANDLER none
- CONFIG.MISSING_JSF2_SECURITY_CONSTRAINT none
- CONFIG.MYBATIS_MAPPER_SQLI none
- CONFIG.SPRING_BOOT_SENSITIVE_LOGGING spring_boot_logging
- CONFIG.SPRING_BOOT_SSL_DISABLED spring_boot_certificate_validation_skipped
- CONFIG.SPRING_BOOT_SSL_DISABLED spring_boot_ssl_disabled
- CONFIG.SPRING_SECURITY_CSRF_PROTECTION_DISABLED spring_security
- CONFIG.SPRING_SECURITY_DEBUG_MODE spring_debug_mode_enabled
- CONFIG.SPRING_SECURITY_DEPRECATED_XSS_HEADER deprecated_xss_header
- CONFIG.SPRING_SECURITY_DISABLE_AUTH_TAGS none
- CONFIG.SPRING_SECURITY_EXPOSED_SESSIONID session_id_in_url
- CONFIG.SPRING_SECURITY_HARDCODED_CREDENTIALS none
- CONFIG.SPRING_SECURITY_LOGIN_OVER_HTTP spring_security_login_over_http
- CONFIG.SPRING_SECURITY_REMEMBER_ME_HARDCODED_KEY none
- CONFIG.SPRING_SECURITY_SESSION_FIXATION none
- CONFIG.SPRING_SECURITY_SESSION_FIXATION spring_security_source_code
- CONFIG.SPRING_SECURITY_UNSAFE_AUTHENTICATION_FILTER authentication_filter
- CONFIG.SPRING_SECURITY_WEAK_PASSWORD_HASH weak_encoding_for_password
- CONFIG.STRUTS2_CONFIG_BROWSER_PLUGIN none
- CONFIG.STRUTS2_DYNAMIC_METHOD_INVOCATION none
- CONFIG.STRUTS2_ENABLED_DEV_MODE none
- CONFIG.UNSAFE_SESSION_TIMEOUT none
- CORS_MISCONFIGURATION cors_with_credentials_http_origin
- CORS_MISCONFIGURATION cors_with_credentials_null_origin
- CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
- CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
- CSRF database_update
- CSRF filesystem_modification
- CSRF none
- DISABLED_ENCRYPTION text_encryptor
- DIVIDE_BY_ZERO float_divisor
- DIVIDE_BY_ZERO none
- EL_INJECTION none
- FB.BC_NULL_INSTANCEOF none
- FB.DE_MIGHT_DROP none
- FB.DE_MIGHT_IGNORE none
- FB.DMI_CONSTANT_DB_PASSWORD none
- FB.DMI_EMPTY_DB_PASSWORD none
- FB.DM_EXIT none
- FB.HRS_REQUEST_PARAMETER_TO_COOKIE none
- FB.HRS_REQUEST_PARAMETER_TO_HTTP_HEADER none
- FB.IL_INFINITE_RECURSIVE_LOOP none
- FB.NP_ALWAYS_NULL none
- FB.NP_ALWAYS_NULL_EXCEPTION none
- FB.NP_ARGUMENT_MIGHT_BE_NULL none
- FB.NP_BOOLEAN_RETURN_NULL none
- FB.NP_CLONE_COULD_RETURN_NULL none
- FB.NP_CLOSING_NULL none
- FB.NP_DEREFERENCE_OF_READLINE_VALUE none
- FB.NP_DOES_NOT_HANDLE_NULL none
- FB.NP_EQUALS_SHOULD_HANDLE_NULL_ARGUMENT none
- FB.NP_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR none
- FB.NP_GUARANTEED_DEREF none
- FB.NP_GUARANTEED_DEREF_ON_EXCEPTION_PATH none
- FB.NP_IMMEDIATE_DEREFERENCE_OF_READLINE none
- FB.NP_LOAD_OF_KNOWN_NULL_VALUE none
- FB.NP_METHOD_PARAMETER_RELAXING_ANNOTATION none
- FB.NP_METHOD_PARAMETER_TIGHTENS_ANNOTATION none
- FB.NP_METHOD_RETURN_RELAXING_ANNOTATION none
- FB.NP_NONNULL_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR none
- FB.NP_NONNULL_PARAM_VIOLATION none
- FB.NP_NONNULL_RETURN_VIOLATION none
- FB.NP_NULL_INSTANCEOF none
- FB.NP_NULL_ON_SOME_PATH none
- FB.NP_NULL_ON_SOME_PATH_EXCEPTION none
- FB.NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE none
- FB.NP_NULL_ON_SOME_PATH_MIGHT_BE_INFEASIBLE none
- FB.NP_NULL_PARAM_DEREF none
- FB.NP_NULL_PARAM_DEREF_ALL_TARGETS_DANGEROUS none
- FB.NP_NULL_PARAM_DEREF_NONVIRTUAL none
- FB.NP_OPTIONAL_RETURN_NULL none
- FB.NP_PARAMETER_MUST_BE_NONNULL_BUT_MARKED_AS_NULLABLE none
- FB.NP_STORE_INTO_NONNULL_FIELD none
- FB.NP_TOSTRING_COULD_RETURN_NULL none
- FB.NP_UNWRITTEN_FIELD none
- FB.NP_UNWRITTEN_PUBLIC_OR_PROTECTED_FIELD none
- FB.PT_ABSOLUTE_PATH_TRAVERSAL none
- FB.PT_RELATIVE_PATH_TRAVERSAL none
- FB.RCN_REDUNDANT_COMPARISON_OF_NULL_AND_NONNULL_VALUE none
- FB.RCN_REDUNDANT_COMPARISON_TWO_NULL_VALUES none
- FB.RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE none
- FB.RCN_REDUNDANT_NULLCHECK_OF_NULL_VALUE none
- FB.RCN_REDUNDANT_NULLCHECK_WOULD_HAVE_BEEN_A_NPE none
- FB.REC_CATCH_EXCEPTION none
- FB.RV_RETURN_VALUE_IGNORED_BAD_PRACTICE none
- FB.SQL_NONCONSTANT_STRING_PASSED_TO_EXECUTE none
- FB.SQL_PREPARED_STATEMENT_GENERATED_FROM_NONCONSTANT_STRING none
- FB.XSS_REQUEST_PARAMETER_TO_JSP_WRITER none
- FB.XSS_REQUEST_PARAMETER_TO_SEND_ERROR none
- FB.XSS_REQUEST_PARAMETER_TO_SERVLET_WRITER none
- FORWARD_NULL deref_constant_null
- FORWARD_NULL deref_constant_zero
- FORWARD_NULL needs_null_check
- FORWARD_NULL none
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HEADER_INJECTION none
- IMPLICIT_INTENT none
- INSECURE_COMMUNICATION insecure_communication
- INSECURE_COMMUNICATION none
- INSECURE_COMMUNICATION unencrypted_connection
- INSECURE_COOKIE java
- INSECURE_HTTP_FIREWALL spring_security
- INSECURE_RANDOM insecure_random_used
- INSECURE_RANDOM insecure_random_value
- INSECURE_REMEMBER_ME_COOKIE remember_me_cookie
- INVALIDATE_ITERATOR map_put
- INVALIDATE_ITERATOR none
- JAVA_CODE_INJECTION none
- JCR_INJECTION none
- JSP_DYNAMIC_INCLUDE none
- JSP_SQL_INJECTION none
- LDAP_INJECTION none
- LDAP_NOT_CONSTANT none
- LOG_INJECTION none
- MISSING_AUTHZ none
- MISSING_HEADER_VALIDATION missing_header_validation
- MISSING_PERMISSION_FOR_BROADCAST none
- MISSING_PERMISSION_ON_EXPORTED_COMPONENT none
- MISSING_THROW none
- MOBILE_ID_MISUSE none
- NOSQL_QUERY_INJECTION none
- NULL_RETURNS none
- NULL_RETURNS unimpl
- OGNL_INJECTION none
- OPEN_REDIRECT none
- ORM_LOAD_NULL_CHECK none
- OS_CMD_INJECTION command_as_array_of_args
- OS_CMD_INJECTION command_as_one_string
- OS_CMD_INJECTION none
- OVERFLOW_BEFORE_WIDEN none
- PATH_MANIPULATION none
- PREDICTABLE_RANDOM_SEED random_seed
- PREDICTABLE_RANDOM_SEED secure_random_seed_const
- PREDICTABLE_RANDOM_SEED secure_random_seed_sys_time
- REGEX_INJECTION none
- RESOURCE_LEAK exceptional_path
- RESOURCE_LEAK none
- RESOURCE_LEAK socket
- RESOURCE_LEAK stream
- REVERSE_INULL none
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_intent
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SESSION_FIXATION none
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- UNKNOWN_LANGUAGE_INJECTION none
- UNLIMITED_CONCURRENT_SESSIONS unlimited_concurrent_sessions
- UNRESTRICTED_DISPATCH none
- UNSAFE_JNI none
- UNSAFE_NAMED_QUERY none
- UNSAFE_REFLECTION none
- URL_MANIPULATION bad_content_uri
- URL_MANIPULATION bad_intent_uri
- URL_MANIPULATION bad_web_uri
- VERBOSE_ERROR_REPORTING exception_information
- VERBOSE_ERROR_REPORTING stack_trace
- WEAK_GUARD dns
- WEAK_GUARD dns_sensitive_op
- WEAK_GUARD http_referer
- WEAK_GUARD http_referer_sensitive_op
- WEAK_GUARD ip_address
- WEAK_GUARD ip_address_sensitive_op
- WEAK_GUARD none
- WEAK_GUARD os_login
- WEAK_GUARD os_login_sensitive_op
- WEAK_GUARD principal_name
- WEAK_GUARD principal_name_sensitive_op
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
- XML_EXTERNAL_ENTITY entity_expansion
- XML_EXTERNAL_ENTITY unrestricted_dtds
- XML_INJECTION none
- XPATH_INJECTION none
- XSS none
- XSS stored_xss
|
- ANGULAR_BYPASS_SECURITY none
- ANGULAR_ELEMENT_REFERENCE none
- ANGULAR_EXPRESSION_INJECTION none
- ANGULAR_SCE_DISABLED angular_sce_disabled
- AWS_SSL_DISABLED aws_ssl_disabled
- AWS_VALIDATION_DISABLED aws_credentials_validation
- AWS_VALIDATION_DISABLED aws_parameters_validation
- BAD_CERT_VERIFICATION bad_cert_verification
- BAD_CERT_VERIFICATION certificate_validation_disabled
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_fields
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_filesize
- CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
- CONFIG.CORDOVA_EXCESSIVE_LOGGING cordova
- CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_intent_whitelist
- CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_navigation_whitelist
- CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_network_request_whitelist
- CONFIG.CSURF_IGNORE_METHODS csurf_ignore_methods
- CONFIG.ENABLED_DEBUG_MODE debug_mode_enabled
- CONFIG.HANA_XS_PREVENT_XSRF_DISABLED none
- CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
- CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
- CONFIG.JSONWEBTOKEN_NON_EXPIRING_TOKEN jwt_non_expiring_token
- CONFIG.MISSING_GLOBAL_EXCEPTION_HANDLER winston_exception_handling
- CONFIG.MYSQL_SSL_VERIFY_DISABLED mysql_ssl_verify_disabled
- CONFIG.REQUEST_STRICTSSL_DISABLED request_strictssl_disabled
- CONFIG.SEQUELIZE_ENABLED_LOGGING sequelize_logging_enabled
- CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
- CONFIG.SOCKETIO_MAXHTTPBUFFERSIZE_SET_TOO_LARGE socketio_max_buffer_size
- CONFIG.SOCKETIO_ORIGINS_ACCEPT_ALL socketio_all_origins
- CONFIG.UNSAFE_SESSION_TIMEOUT client_sessions_unsafe_session_timeout
- CONFIG.UNSAFE_SESSION_TIMEOUT connect_mongo_session_timeout_too_long
- CONFIG.UNSAFE_SESSION_TIMEOUT connect_redis_session_timeout_too_long
- CONFIG.UNSAFE_SESSION_TIMEOUT google_cloud_connect_datastore_unsafe_session_timeout
- COOKIE_INJECTION none
- CORS_MISCONFIGURATION cors_with_credentials_all_origin
- CORS_MISCONFIGURATION cors_with_credentials_http_origin
- CORS_MISCONFIGURATION cors_with_credentials_null_origin
- CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
- CORS_MISCONFIGURATION_AUDIT cors_headers_allowed
- CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
- CORS_MISCONFIGURATION_AUDIT cors_preflight_age_too_long
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_all_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_http_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_null_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
- CSRF database_update
- CSRF filesystem_modification
- CSRF none
- CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_cookie_name
- CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_no_validation
- CSRF_MISCONFIGURATION_HAPI_CRUMB insecure_cookie
- CSRF_MISCONFIGURATION_HAPI_CRUMB insufficient_token_entropy
- CSS_INJECTION none
- DOM_XSS none
- EXPRESS_SESSION_UNSAFE_MEMORYSTORE express_session_unsafe_memorystore
- EXPRESS_WINSTON_SENSITIVE_LOGGING error_logger
- EXPRESS_WINSTON_SENSITIVE_LOGGING meta_data
- EXPRESS_WINSTON_SENSITIVE_LOGGING request_logger
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_fields
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_filesize
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_use_temp_files
- FORWARD_NULL bad_null_value_use
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HEADER_INJECTION none
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_max_age
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_report_uri
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_set_if
- INSECURE_ACL insecure_acl
- INSECURE_COMMUNICATION insecure_connection
- INSECURE_COOKIE client_sessions_express_session
- INSECURE_COOKIE hapi_server_session
- INSECURE_RANDOM insecure_random_used
- INSECURE_RANDOM insecure_random_value
- INSECURE_SALT hardcoded
- INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_aws
- INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_google
- JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_exipration
- JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_not_before
- JSONWEBTOKEN_UNTRUSTED_DECODE jwt_untrusted_decode
- LOCALSTORAGE_MANIPULATION none
- MISSING_AUTHZ none
- MULTER_MISCONFIGURATION multer_applied_globally
- MULTER_MISCONFIGURATION multer_custom_file_filter
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_count
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
- MULTER_MISCONFIGURATION multer_misconfiguration_of_limits
- MULTER_MISCONFIGURATION multer_misconfiguration_of_storage
- NOSQL_QUERY_INJECTION none
- NULL_RETURNS none
- OPEN_REDIRECT none
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- REACT_DANGEROUS_INNERHTML react_set_unsafe_html
- REGEX_INJECTION none
- REVERSE_INULL none
- REVERSE_TABNABBING react_target_blank
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO insecure_cipher
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SA.RISKY_CRYPTO ssl_protocol
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SESSIONSTORAGE_MANIPULATION none
- SQLI none
- SQLI nosink
- SQLI sink
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
- TEMPLATE_INJECTION none
- TEMPORARY_CREDENTIALS_DURATION temporary_credentials_duration
- UNCHECKED_ORIGIN none
- UNLESS_CASE_SENSITIVE_ROUTE_MATCHING express_unless_case_sensitive_route_matching
- URL_MANIPULATION none
- VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
- WEAK_URL_SANITIZATION hostname_regular_expression
- WEAK_URL_SANITIZATION regular_expression_anchor
- WEAK_URL_SANITIZATION url_substring
- XML_EXTERNAL_ENTITY entity_expansion
- XSS none
|
- ANDROID_CAPABILITY_LEAK none
- ANDROID_DEBUG_MODE none
- BAD_CERT_VERIFICATION bad_hostname_verifier
- BAD_CERT_VERIFICATION bad_revocation_check
- BAD_CERT_VERIFICATION bad_ssl_session
- BAD_CERT_VERIFICATION bad_trust_manager
- CONFIG.ANDROID_BACKUPS_ALLOWED android
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HEADER_INJECTION none
- IMPLICIT_INTENT none
- INSECURE_COMMUNICATION none
- INSECURE_RANDOM insecure_random_used
- INSECURE_RANDOM insecure_random_value
- MISSING_PERMISSION_FOR_BROADCAST none
- MOBILE_ID_MISUSE none
- OS_CMD_INJECTION command_as_array_of_args
- OS_CMD_INJECTION command_as_one_string
- PATH_MANIPULATION none
- PREDICTABLE_RANDOM_SEED random_seed
- PREDICTABLE_RANDOM_SEED secure_random_seed_const
- PREDICTABLE_RANDOM_SEED secure_random_seed_sys_time
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_intent
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- URL_MANIPULATION bad_content_uri
- URL_MANIPULATION bad_intent_uri
- URL_MANIPULATION bad_web_uri
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
- XML_EXTERNAL_ENTITY entity_expansion
- XML_EXTERNAL_ENTITY unrestricted_dtds
|
- ALLOC_FREE_MISMATCH none
- ARRAY_VS_SINGLETON none
- BAD_ALLOC_ARITHMETIC none
- BAD_COMPARE comparator_misuse
- BAD_FREE address
- BAD_FREE alloca
- BAD_FREE array
- BAD_FREE first_field_address
- BAD_FREE function_pointer
- BAD_FREE none
- BUFFER_SIZE fixed_size_dest
- BUFFER_SIZE likely_overflow
- BUFFER_SIZE no_null_terminator
- BUFFER_SIZE no_null_terminator_warn
- BUFFER_SIZE none
- BUFFER_SIZE overflow
- BUFFER_SIZE overlapping_buffer
- CHECKED_RETURN library_function
- CHECKED_RETURN none
- CHECKED_RETURN short_read
- CHECKED_RETURN unchecked_arg
- CHECKED_RETURN user_required
- CTOR_DTOR_LEAK none
- DELETE_ARRAY non_array_delete
- DELETE_ARRAY none
- DELETE_ARRAY object
- DELETE_ARRAY scalar
- DIVIDE_BY_ZERO float_divisor
- DIVIDE_BY_ZERO none
- FORMAT_STRING_INJECTION none
- FORMAT_STRING_INJECTION paranoid
- FORWARD_NULL deref_constant_null
- FORWARD_NULL dynamic_cast
- FORWARD_NULL none
- FORWARD_NULL throws_on_null
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HEADER_INJECTION none
- INCOMPATIBLE_CAST overrun
- INTEGER_OVERFLOW array_index_read
- INTEGER_OVERFLOW array_index_write
- INTEGER_OVERFLOW const_overflow
- INTEGER_OVERFLOW critical_argument
- INTEGER_OVERFLOW none
- INTEGER_OVERFLOW pointer_deref_read
- INTEGER_OVERFLOW pointer_deref_write
- INTEGER_OVERFLOW return_value_error
- INVALIDATE_ITERATOR none
- LOCK lock_assert
- MISMATCHED_ITERATOR none
- MISMATCHED_ITERATOR splice_iterator_mismatch
- MISSING_ASSIGN none
- MISSING_ASSIGN uncalled
- MISSING_COPY none
- MISSING_COPY uncalled
- NEGATIVE_RETURNS array_index_read
- NEGATIVE_RETURNS array_index_write
- NEGATIVE_RETURNS loop_bound
- NEGATIVE_RETURNS none
- NO_EFFECT incomplete_delete
- NULL_RETURNS none
- NULL_RETURNS unimpl
- OS_CMD_INJECTION none
- OVERFLOW_BEFORE_WIDEN none
- OVERRUN illegal_address
- OVERRUN none
- OVERRUN read
- OVERRUN strlen
- OVERRUN write
- PATH_MANIPULATION none
- READLINK none
- RESOURCE_LEAK exceptional_path
- RESOURCE_LEAK fds_handles
- RESOURCE_LEAK none
- REVERSE_INULL none
- REVERSE_NEGATIVE array_index_read
- REVERSE_NEGATIVE array_index_write
- REVERSE_NEGATIVE critical_argument
- REVERSE_NEGATIVE none
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SIZECHECK likely_overflow
- SIZECHECK no_null_terminator
- SQLI none
- STACK_USE none
- STRING_NULL none
- STRING_OVERFLOW fixed_size_dest
- STRING_OVERFLOW likely_overflow
- STRING_OVERFLOW none
- STRING_SIZE none
- TAINTED_SCALAR allocation
- TAINTED_SCALAR array_index_read
- TAINTED_SCALAR array_index_write
- TAINTED_SCALAR critical_argument
- TAINTED_SCALAR divisor
- TAINTED_SCALAR loop_bound
- TAINTED_SCALAR none
- TAINTED_SCALAR pointer_deref_read
- TAINTED_SCALAR pointer_deref_write
- TAINTED_STRING none
- UNCAUGHT_EXCEPT none
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- URL_MANIPULATION none
- USER_POINTER none
- USE_AFTER_FREE deref_read_after_free
- USE_AFTER_FREE deref_write_after_free
- USE_AFTER_FREE double_free
- USE_AFTER_FREE none
- VIRTUAL_DTOR empty_dtor
- VIRTUAL_DTOR none
- WEAK_GUARD dns
- WEAK_GUARD dns_sensitive_op
- WEAK_GUARD http_referer
- WEAK_GUARD http_referer_sensitive_op
- WEAK_GUARD ip_address
- WEAK_GUARD ip_address_sensitive_op
- WEAK_GUARD none
- WEAK_GUARD os_login
- WEAK_GUARD os_login_sensitive_op
- WEAK_GUARD principal_name
- WEAK_GUARD principal_name_sensitive_op
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
- WRAPPER_ESCAPE COM_deref_read_after_free
- WRAPPER_ESCAPE COM_deref_write_after_free
- WRAPPER_ESCAPE COM_use_after_free
- WRAPPER_ESCAPE deref_read_after_free
- WRAPPER_ESCAPE deref_write_after_free
- WRAPPER_ESCAPE none
- XPATH_INJECTION none
|
- CONFIG.SYMFONY_CSRF_PROTECTION_DISABLED none
- FORWARD_NULL bad_null_value_use
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HEADER_INJECTION none
- MISSING_AUTHZ none
- NOSQL_QUERY_INJECTION none
- OPEN_REDIRECT none
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- SYMFONY_EL_INJECTION none
- UNSAFE_REFLECTION none
- XSS none
|
- CSRF database_update
- CSRF none
- FORWARD_NULL bad_null_value_use
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- MISSING_AUTHZ none
- NOSQL_QUERY_INJECTION none
- OPEN_REDIRECT none
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- REVERSE_INULL none
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- XSS none
|
- BAD_CERT_VERIFICATION ssl_verification_bypass_hi
- CSRF csrf_not_protected_by_raising_exception_med
- CSRF csrf_protection_disabled_hi
- CSRF csrf_protection_missing_hi
- CSRF cve_2011_0447_hi
- DIVIDE_BY_ZERO divide_by_zero_low
- DIVIDE_BY_ZERO divide_by_zero_med
- DYNAMIC_OBJECT_ATTRIBUTES cve_2013_0276_hi
- DYNAMIC_OBJECT_ATTRIBUTES dangerous_attr_accessible_hi
- DYNAMIC_OBJECT_ATTRIBUTES dangerous_attr_accessible_low
- DYNAMIC_OBJECT_ATTRIBUTES dangerous_attr_accessible_med
- DYNAMIC_OBJECT_ATTRIBUTES dangerous_permit_key_hi
- DYNAMIC_OBJECT_ATTRIBUTES dangerous_permit_key_med
- FORWARD_NULL bad_null_value_use
- HARDCODED_CREDENTIALS secret_in_source_med
- INSECURE_COOKIE cookie_missing_secure_flag_low
- INSECURE_COOKIE missing_httponly_low
- INSECURE_DIRECT_OBJECT_REFERENCE unscoped_find_low
- OPEN_REDIRECT open_redirect_hi
- OPEN_REDIRECT open_redirect_low
- OS_CMD_INJECTION command_injection_hi
- OS_CMD_INJECTION command_injection_med
- PATH_MANIPULATION dynamic_render_path_hi
- PATH_MANIPULATION dynamic_render_path_low
- PATH_MANIPULATION dynamic_render_path_med
- PATH_MANIPULATION dynamic_render_path_rce_hi
- PATH_MANIPULATION file_access_hi
- PATH_MANIPULATION file_access_low
- PATH_MANIPULATION file_access_med
- RAILS_DEFAULT_ROUTES all_default_routes_hi
- RAILS_DEFAULT_ROUTES controller_default_routes_med
- RAILS_DEFAULT_ROUTES cve_2014_0130_hi
- RAILS_DEFAULT_ROUTES cve_2014_0130_med
- RAILS_DEVISE_CONFIG devise_encryptor_hi
- RAILS_DEVISE_CONFIG devise_lock_strategy_low
- RAILS_DEVISE_CONFIG devise_password_length_max_low
- RAILS_DEVISE_CONFIG devise_password_length_max_med
- RAILS_DEVISE_CONFIG devise_password_length_min_low
- RAILS_DEVISE_CONFIG devise_password_length_min_med
- RAILS_DEVISE_CONFIG devise_reset_timeout_hi
- RAILS_MISSING_FILTER_ACTION missing_action_filter_low
- REGEX_INJECTION regex_dos_hi
- REGEX_INJECTION regex_dos_low
- REGEX_INJECTION regex_dos_med
- RESOURCE_LEAK unsafe_symbol_creation_low
- REVERSE_INULL none
- REVERSE_TABNABBING reverse_tabnabbing_low
- RUBY_VULNERABLE_LIBRARY cve_2010_3933_hi
- RUBY_VULNERABLE_LIBRARY cve_2011_2929_hi
- RUBY_VULNERABLE_LIBRARY cve_2011_2930_med
- RUBY_VULNERABLE_LIBRARY cve_2011_2931_hi
- RUBY_VULNERABLE_LIBRARY cve_2011_2932_hi
- RUBY_VULNERABLE_LIBRARY cve_2011_3186_med
- RUBY_VULNERABLE_LIBRARY cve_2012_2660_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_2661_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_2695_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_3424_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_3424_low
- RUBY_VULNERABLE_LIBRARY cve_2012_3463_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_3465_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_5664_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_0155_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_1854_med
- RUBY_VULNERABLE_LIBRARY cve_2013_1855_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_1857_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_4491_med
- RUBY_VULNERABLE_LIBRARY cve_2013_6414_med
- RUBY_VULNERABLE_LIBRARY cve_2013_6416_call_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_6416_med
- RUBY_VULNERABLE_LIBRARY cve_2013_6417_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_0080_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_0081_call_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_0081_med
- RUBY_VULNERABLE_LIBRARY cve_2014_0082_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_3482_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_3483_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_low
- RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_med
- RUBY_VULNERABLE_LIBRARY cve_2014_3514_med
- RUBY_VULNERABLE_LIBRARY cve_2014_7829_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_3226_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_3226_med
- RUBY_VULNERABLE_LIBRARY cve_2015_3227_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7576_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_7577_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7578_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_7578_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7579_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_7579_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7580_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_7580_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7581_med
- RUBY_VULNERABLE_LIBRARY cve_2016_0751_med
- RUBY_VULNERABLE_LIBRARY cve_2016_6317_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_3741_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_3741_med
- RUBY_VULNERABLE_LIBRARY cve_2018_3760_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_3760_low
- RUBY_VULNERABLE_LIBRARY cve_2018_8048_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_8048_med
- RUBY_VULNERABLE_LIBRARY safe_buffer_vuln_med
- RUBY_VULNERABLE_LIBRARY select_options_vuln_low
- RUBY_VULNERABLE_LIBRARY select_options_vuln_med
- RUBY_VULNERABLE_LIBRARY translate_vuln_hi
- RUBY_VULNERABLE_LIBRARY translate_vuln_med
- SCRIPT_CODE_INJECTION code_eval_hi
- SCRIPT_CODE_INJECTION code_eval_low
- SENSITIVE_DATA_LEAK detailed_exceptions_hi
- SENSITIVE_DATA_LEAK detailed_exceptions_med
- SENSITIVE_DATA_LEAK local_request_config_hi
- SQLI sql_injection_calculate_hi
- SQLI sql_injection_calculate_low
- SQLI sql_injection_calculate_med
- SQLI sql_injection_connection_hi
- SQLI sql_injection_connection_low
- SQLI sql_injection_connection_med
- SQLI sql_injection_delete_hi
- SQLI sql_injection_delete_low
- SQLI sql_injection_delete_med
- SQLI sql_injection_dynamic_finder_med
- SQLI sql_injection_exists_hi
- SQLI sql_injection_find_by_hi
- SQLI sql_injection_find_hi
- SQLI sql_injection_find_low
- SQLI sql_injection_find_med
- SQLI sql_injection_from_hi
- SQLI sql_injection_from_low
- SQLI sql_injection_from_med
- SQLI sql_injection_group_low
- SQLI sql_injection_group_med
- SQLI sql_injection_having_low
- SQLI sql_injection_having_med
- SQLI sql_injection_hi
- SQLI sql_injection_interp_hi
- SQLI sql_injection_interp_low
- SQLI sql_injection_interp_med
- SQLI sql_injection_joins_hi
- SQLI sql_injection_joins_low
- SQLI sql_injection_joins_med
- SQLI sql_injection_limit_offset_hi
- SQLI sql_injection_limit_offset_low
- SQLI sql_injection_low
- SQLI sql_injection_med
- SQLI sql_injection_not_low
- SQLI sql_injection_order_hi
- SQLI sql_injection_order_low
- SQLI sql_injection_order_med
- SQLI sql_injection_pluck_hi
- SQLI sql_injection_pluck_low
- SQLI sql_injection_pluck_med
- SQLI sql_injection_reorder_hi
- SQLI sql_injection_reorder_low
- SQLI sql_injection_reorder_med
- SQLI sql_injection_select_hi
- SQLI sql_injection_select_med
- SQLI sql_injection_where_hi
- SQLI sql_injection_where_low
- SQLI sql_injection_where_med
- STRICT_TRANSPORT_SECURITY force_ssl_disabled_med
- UNESCAPED_HTML unescaped_output_low
- UNSAFE_BASIC_AUTH basic_auth_password_hi
- UNSAFE_BASIC_AUTH basic_auth_timing_attack_low
- UNSAFE_BASIC_AUTH basic_auth_usage_low
- UNSAFE_REFLECTION dangerous_send_hi
- UNSAFE_REFLECTION unsafe_constantize_hi
- UNSAFE_REFLECTION unsafe_constantize_med
- UNSAFE_SESSION_SETTING http_cookies_hi
- UNSAFE_SESSION_SETTING secure_cookies_hi
- UNSAFE_SESSION_SETTING session_secret_hi
- WEAK_PASSWORD_HASH weak_hash_digest_hi
- WEAK_PASSWORD_HASH weak_hash_digest_med
- WEAK_PASSWORD_HASH weak_hash_hmac_med
- XSS cross_site_scripting_hi
- XSS cross_site_scripting_inline_hi
- XSS cross_site_scripting_inline_med
- XSS cross_site_scripting_low
- XSS cross_site_scripting_med
- XSS cve_2011_0446_hi
- XSS cve_2012_3464_med
- XSS cve_2016_6316_hi
- XSS cve_2016_6316_med
- XSS unquoted_attribute_hi
- XSS unquoted_attribute_low
- XSS unquoted_attribute_med
- XSS xss_content_tag_hi
- XSS xss_content_tag_med
- XSS xss_link_to_hi
- XSS xss_link_to_href_hi
- XSS xss_link_to_href_low
- XSS xss_link_to_med
- XSS xss_to_json_hi
- XSS xss_to_json_med
|
- FORWARD_NULL deref_constant_null
- FORWARD_NULL none
- OVERFLOW_BEFORE_WIDEN none
- REVERSE_INULL none
|
- BAD_CERT_VERIFICATION bad_trust_manager
- BAD_CERT_VERIFICATION none
- CONFIG.ATS_INSECURE none
- FORWARD_NULL deref_constant_null
- FORWARD_NULL none
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- INSECURE_COMMUNICATION none
- INSECURE_MULTIPEER_CONNECTION none
- PATH_MANIPULATION none
- REGEX_INJECTION none
- REVERSE_INULL none
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- UNEXPECTED_CONTROL_FLOW ignored_exception_to_optional
- WEAK_BIOMETRIC_AUTH none
- XPATH_INJECTION none
|
- ANGULAR_BYPASS_SECURITY none
- ANGULAR_ELEMENT_REFERENCE none
- ANGULAR_EXPRESSION_INJECTION none
- ANGULAR_SCE_DISABLED angular_sce_disabled
- AWS_SSL_DISABLED aws_ssl_disabled
- AWS_VALIDATION_DISABLED aws_credentials_validation
- AWS_VALIDATION_DISABLED aws_parameters_validation
- BAD_CERT_VERIFICATION bad_cert_verification
- BAD_CERT_VERIFICATION certificate_validation_disabled
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_fields
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_filesize
- CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
- CONFIG.CORDOVA_EXCESSIVE_LOGGING cordova
- CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_intent_whitelist
- CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_navigation_whitelist
- CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_network_request_whitelist
- CONFIG.CSURF_IGNORE_METHODS csurf_ignore_methods
- CONFIG.ENABLED_DEBUG_MODE debug_mode_enabled
- CONFIG.HANA_XS_PREVENT_XSRF_DISABLED none
- CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
- CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
- CONFIG.JSONWEBTOKEN_NON_EXPIRING_TOKEN jwt_non_expiring_token
- CONFIG.MISSING_GLOBAL_EXCEPTION_HANDLER winston_exception_handling
- CONFIG.MYSQL_SSL_VERIFY_DISABLED mysql_ssl_verify_disabled
- CONFIG.REQUEST_STRICTSSL_DISABLED request_strictssl_disabled
- CONFIG.SEQUELIZE_ENABLED_LOGGING sequelize_logging_enabled
- CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
- CONFIG.SOCKETIO_MAXHTTPBUFFERSIZE_SET_TOO_LARGE socketio_max_buffer_size
- CONFIG.SOCKETIO_ORIGINS_ACCEPT_ALL socketio_all_origins
- CONFIG.UNSAFE_SESSION_TIMEOUT client_sessions_unsafe_session_timeout
- CONFIG.UNSAFE_SESSION_TIMEOUT connect_mongo_session_timeout_too_long
- CONFIG.UNSAFE_SESSION_TIMEOUT connect_redis_session_timeout_too_long
- CONFIG.UNSAFE_SESSION_TIMEOUT google_cloud_connect_datastore_unsafe_session_timeout
- COOKIE_INJECTION none
- CORS_MISCONFIGURATION cors_with_credentials_all_origin
- CORS_MISCONFIGURATION cors_with_credentials_http_origin
- CORS_MISCONFIGURATION cors_with_credentials_null_origin
- CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
- CORS_MISCONFIGURATION_AUDIT cors_headers_allowed
- CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
- CORS_MISCONFIGURATION_AUDIT cors_preflight_age_too_long
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_all_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_http_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_null_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
- CSRF database_update
- CSRF filesystem_modification
- CSRF none
- CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_cookie_name
- CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_no_validation
- CSRF_MISCONFIGURATION_HAPI_CRUMB insecure_cookie
- CSRF_MISCONFIGURATION_HAPI_CRUMB insufficient_token_entropy
- CSS_INJECTION none
- DOM_XSS none
- EXPRESS_SESSION_UNSAFE_MEMORYSTORE express_session_unsafe_memorystore
- EXPRESS_WINSTON_SENSITIVE_LOGGING error_logger
- EXPRESS_WINSTON_SENSITIVE_LOGGING meta_data
- EXPRESS_WINSTON_SENSITIVE_LOGGING request_logger
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_fields
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_filesize
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_use_temp_files
- FORWARD_NULL bad_null_value_use
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HEADER_INJECTION none
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_max_age
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_report_uri
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_set_if
- INSECURE_ACL insecure_acl
- INSECURE_COMMUNICATION insecure_connection
- INSECURE_COOKIE client_sessions_express_session
- INSECURE_COOKIE hapi_server_session
- INSECURE_RANDOM insecure_random_used
- INSECURE_RANDOM insecure_random_value
- INSECURE_SALT hardcoded
- INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_aws
- INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_google
- JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_exipration
- JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_not_before
- JSONWEBTOKEN_UNTRUSTED_DECODE jwt_untrusted_decode
- LOCALSTORAGE_MANIPULATION none
- MISSING_AUTHZ none
- MULTER_MISCONFIGURATION multer_applied_globally
- MULTER_MISCONFIGURATION multer_custom_file_filter
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_count
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
- MULTER_MISCONFIGURATION multer_misconfiguration_of_limits
- MULTER_MISCONFIGURATION multer_misconfiguration_of_storage
- NOSQL_QUERY_INJECTION none
- NULL_RETURNS none
- OPEN_REDIRECT none
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- REACT_DANGEROUS_INNERHTML react_set_unsafe_html
- REGEX_INJECTION none
- REVERSE_INULL none
- REVERSE_TABNABBING react_target_blank
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO insecure_cipher
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SA.RISKY_CRYPTO ssl_protocol
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SESSIONSTORAGE_MANIPULATION none
- SQLI none
- SQLI nosink
- SQLI sink
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
- TEMPLATE_INJECTION none
- TEMPORARY_CREDENTIALS_DURATION temporary_credentials_duration
- UNCHECKED_ORIGIN none
- UNLESS_CASE_SENSITIVE_ROUTE_MATCHING express_unless_case_sensitive_route_matching
- URL_MANIPULATION none
- VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
- WEAK_URL_SANITIZATION hostname_regular_expression
- WEAK_URL_SANITIZATION regular_expression_anchor
- WEAK_URL_SANITIZATION url_substring
- XML_EXTERNAL_ENTITY entity_expansion
- XSS none
|
- CONFIG.DYNAMIC_DATA_HTML_COMMENT none
- CONFIG.MISSING_CUSTOM_ERROR_PAGE none
- CSRF database_update
- CSRF filesystem_modification
- CSRF none
- DIVIDE_BY_ZERO float_divisor
- DIVIDE_BY_ZERO none
- FORWARD_NULL deref_constant_null
- FORWARD_NULL deref_constant_zero
- FORWARD_NULL dynamic_cast
- FORWARD_NULL none
- FORWARD_NULL null_from_as
- FORWARD_NULL throws_on_null
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HEADER_INJECTION none
- INSECURE_RANDOM insecure_random_used
- INSECURE_RANDOM insecure_random_value
- LDAP_INJECTION none
- LDAP_NOT_CONSTANT none
- LOG_INJECTION none
- MISSING_AUTHZ none
- NULL_RETURNS none
- OPEN_REDIRECT none
- OS_CMD_INJECTION command_argument
- OS_CMD_INJECTION executable_file
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- REGEX_INJECTION none
- RESOURCE_LEAK channel
- RESOURCE_LEAK database
- RESOURCE_LEAK exceptional_path
- RESOURCE_LEAK none
- RESOURCE_LEAK socket
- RESOURCE_LEAK stream
- REVERSE_INULL none
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
- UNRESTRICTED_DISPATCH none
- UNSAFE_NAMED_QUERY none
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
- XML_EXTERNAL_ENTITY entity_expansion
- XML_EXTERNAL_ENTITY unrestricted_dtds
- XML_INJECTION none
- XPATH_INJECTION none
- XSS none
- XSS stored_xss
|
| 712 OWASP Top Ten 2007 Category A1 - Cross Site Scripting (XSS) |
|
|
|
|
- CONFIG.SPRING_SECURITY_DEPRECATED_XSS_HEADER deprecated_xss_header
- FB.XSS_REQUEST_PARAMETER_TO_JSP_WRITER none
- FB.XSS_REQUEST_PARAMETER_TO_SEND_ERROR none
- FB.XSS_REQUEST_PARAMETER_TO_SERVLET_WRITER none
- XSS none
- XSS stored_xss
|
- ANGULAR_BYPASS_SECURITY none
- ANGULAR_ELEMENT_REFERENCE none
- ANGULAR_SCE_DISABLED angular_sce_disabled
- DOM_XSS none
- REACT_DANGEROUS_INNERHTML react_set_unsafe_html
- VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
- XSS none
|
|
|
|
|
- RUBY_VULNERABLE_LIBRARY cve_2011_2931_hi
- RUBY_VULNERABLE_LIBRARY cve_2011_2932_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_3463_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_3465_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_1855_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_1857_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_4491_med
- RUBY_VULNERABLE_LIBRARY cve_2013_6416_call_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_6416_med
- RUBY_VULNERABLE_LIBRARY cve_2014_0081_call_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_0081_med
- RUBY_VULNERABLE_LIBRARY cve_2015_3226_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_3226_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7578_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_7578_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7579_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_7579_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7580_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_7580_med
- RUBY_VULNERABLE_LIBRARY cve_2018_3741_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_3741_med
- RUBY_VULNERABLE_LIBRARY cve_2018_8048_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_8048_med
- RUBY_VULNERABLE_LIBRARY safe_buffer_vuln_med
- RUBY_VULNERABLE_LIBRARY select_options_vuln_low
- RUBY_VULNERABLE_LIBRARY select_options_vuln_med
- RUBY_VULNERABLE_LIBRARY translate_vuln_hi
- RUBY_VULNERABLE_LIBRARY translate_vuln_med
- UNESCAPED_HTML unescaped_output_low
- XSS cross_site_scripting_hi
- XSS cross_site_scripting_inline_hi
- XSS cross_site_scripting_inline_med
- XSS cross_site_scripting_low
- XSS cross_site_scripting_med
- XSS cve_2011_0446_hi
- XSS cve_2012_3464_med
- XSS cve_2016_6316_hi
- XSS cve_2016_6316_med
- XSS unquoted_attribute_hi
- XSS unquoted_attribute_low
- XSS unquoted_attribute_med
- XSS xss_content_tag_hi
- XSS xss_content_tag_med
- XSS xss_link_to_hi
- XSS xss_link_to_href_hi
- XSS xss_link_to_href_low
- XSS xss_link_to_med
- XSS xss_to_json_hi
- XSS xss_to_json_med
|
|
|
- ANGULAR_BYPASS_SECURITY none
- ANGULAR_ELEMENT_REFERENCE none
- ANGULAR_SCE_DISABLED angular_sce_disabled
- DOM_XSS none
- REACT_DANGEROUS_INNERHTML react_set_unsafe_html
- VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
- XSS none
|
|
| 713 OWASP Top Ten 2007 Category A2 - Injection Flaws |
- HEADER_INJECTION none
- LDAP_INJECTION none
- LDAP_NOT_CONSTANT none
- OS_CMD_INJECTION command_argument
- OS_CMD_INJECTION executable_file
- OS_CMD_INJECTION none
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
- XML_INJECTION none
- XPATH_INJECTION none
|
- HEADER_INJECTION none
- OS_CMD_INJECTION none
- SQLI none
- XPATH_INJECTION none
|
- HEADER_INJECTION none
- OS_CMD_INJECTION none
- SQLI none
- XPATH_INJECTION none
|
- HEADER_INJECTION none
- OS_CMD_INJECTION command_as_one_string
- OS_CMD_INJECTION none
- SQLI none
- SQLI nosink
- SQLI sink
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
|
- CONFIG.MYBATIS_MAPPER_SQLI none
- EL_INJECTION none
- FB.HRS_REQUEST_PARAMETER_TO_COOKIE none
- FB.HRS_REQUEST_PARAMETER_TO_HTTP_HEADER none
- FB.SQL_NONCONSTANT_STRING_PASSED_TO_EXECUTE none
- FB.SQL_PREPARED_STATEMENT_GENERATED_FROM_NONCONSTANT_STRING none
- HEADER_INJECTION none
- JSP_SQL_INJECTION none
- LDAP_INJECTION none
- LDAP_NOT_CONSTANT none
- MISSING_HEADER_VALIDATION missing_header_validation
- OS_CMD_INJECTION command_as_array_of_args
- OS_CMD_INJECTION command_as_one_string
- OS_CMD_INJECTION none
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
- XML_INJECTION none
- XPATH_INJECTION none
|
- HEADER_INJECTION none
- OS_CMD_INJECTION none
- SQLI none
- SQLI nosink
- SQLI sink
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
|
- HEADER_INJECTION none
- OS_CMD_INJECTION command_as_array_of_args
- OS_CMD_INJECTION command_as_one_string
- SQLI none
- SQLI nosink
- SQLI sink
|
- HEADER_INJECTION none
- OS_CMD_INJECTION none
- SQLI none
- XPATH_INJECTION none
|
- HEADER_INJECTION none
- OS_CMD_INJECTION none
- SQLI none
- SQLI nosink
- SQLI sink
|
- OS_CMD_INJECTION none
- SQLI none
- SQLI nosink
- SQLI sink
|
- DYNAMIC_OBJECT_ATTRIBUTES cve_2013_0276_hi
- OS_CMD_INJECTION command_injection_hi
- OS_CMD_INJECTION command_injection_med
- RUBY_VULNERABLE_LIBRARY cve_2010_3933_hi
- RUBY_VULNERABLE_LIBRARY cve_2011_2930_med
- RUBY_VULNERABLE_LIBRARY cve_2011_3186_med
- RUBY_VULNERABLE_LIBRARY cve_2012_2660_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_2661_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_2695_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_5664_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_0155_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_6417_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_0080_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_3482_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_3483_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_low
- RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_med
- RUBY_VULNERABLE_LIBRARY cve_2014_3514_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7577_med
- RUBY_VULNERABLE_LIBRARY cve_2016_6317_hi
- SQLI sql_injection_calculate_hi
- SQLI sql_injection_calculate_low
- SQLI sql_injection_calculate_med
- SQLI sql_injection_connection_hi
- SQLI sql_injection_connection_low
- SQLI sql_injection_connection_med
- SQLI sql_injection_delete_hi
- SQLI sql_injection_delete_low
- SQLI sql_injection_delete_med
- SQLI sql_injection_dynamic_finder_med
- SQLI sql_injection_exists_hi
- SQLI sql_injection_find_by_hi
- SQLI sql_injection_find_hi
- SQLI sql_injection_find_low
- SQLI sql_injection_find_med
- SQLI sql_injection_from_hi
- SQLI sql_injection_from_low
- SQLI sql_injection_from_med
- SQLI sql_injection_group_low
- SQLI sql_injection_group_med
- SQLI sql_injection_having_low
- SQLI sql_injection_having_med
- SQLI sql_injection_hi
- SQLI sql_injection_interp_hi
- SQLI sql_injection_interp_low
- SQLI sql_injection_interp_med
- SQLI sql_injection_joins_hi
- SQLI sql_injection_joins_low
- SQLI sql_injection_joins_med
- SQLI sql_injection_limit_offset_hi
- SQLI sql_injection_limit_offset_low
- SQLI sql_injection_low
- SQLI sql_injection_med
- SQLI sql_injection_not_low
- SQLI sql_injection_order_hi
- SQLI sql_injection_order_low
- SQLI sql_injection_order_med
- SQLI sql_injection_pluck_hi
- SQLI sql_injection_pluck_low
- SQLI sql_injection_pluck_med
- SQLI sql_injection_reorder_hi
- SQLI sql_injection_reorder_low
- SQLI sql_injection_reorder_med
- SQLI sql_injection_select_hi
- SQLI sql_injection_select_med
- SQLI sql_injection_where_hi
- SQLI sql_injection_where_low
- SQLI sql_injection_where_med
|
|
- SQLI none
- SQLI nosink
- SQLI sink
- XPATH_INJECTION none
|
- HEADER_INJECTION none
- OS_CMD_INJECTION none
- SQLI none
- SQLI nosink
- SQLI sink
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
|
- HEADER_INJECTION none
- LDAP_INJECTION none
- LDAP_NOT_CONSTANT none
- OS_CMD_INJECTION command_argument
- OS_CMD_INJECTION executable_file
- OS_CMD_INJECTION none
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
- XML_INJECTION none
- XPATH_INJECTION none
|
| 714 OWASP Top Ten 2007 Category A3 - Malicious File Execution |
- OS_CMD_INJECTION command_argument
- OS_CMD_INJECTION executable_file
- OS_CMD_INJECTION none
- SCRIPT_CODE_INJECTION none
|
|
|
- OS_CMD_INJECTION command_as_one_string
- OS_CMD_INJECTION none
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
|
- OS_CMD_INJECTION command_as_array_of_args
- OS_CMD_INJECTION command_as_one_string
- OS_CMD_INJECTION none
- SCRIPT_CODE_INJECTION none
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
|
- OS_CMD_INJECTION none
- SCRIPT_CODE_INJECTION none
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
|
- OS_CMD_INJECTION command_as_array_of_args
- OS_CMD_INJECTION command_as_one_string
|
|
- OS_CMD_INJECTION none
- SCRIPT_CODE_INJECTION none
|
- OS_CMD_INJECTION none
- SCRIPT_CODE_INJECTION none
|
- OS_CMD_INJECTION command_injection_hi
- OS_CMD_INJECTION command_injection_med
- PATH_MANIPULATION dynamic_render_path_rce_hi
- SCRIPT_CODE_INJECTION code_eval_hi
- SCRIPT_CODE_INJECTION code_eval_low
|
|
- SCRIPT_CODE_INJECTION none
|
- OS_CMD_INJECTION none
- SCRIPT_CODE_INJECTION none
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
|
- OS_CMD_INJECTION command_argument
- OS_CMD_INJECTION executable_file
- OS_CMD_INJECTION none
- SCRIPT_CODE_INJECTION none
|
| 715 OWASP Top Ten 2007 Category A4 - Insecure Direct Object Reference |
- PATH_MANIPULATION none
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
|
- PATH_MANIPULATION none
- SQLI none
|
- PATH_MANIPULATION none
- SQLI none
|
- PATH_MANIPULATION none
- SQLI none
- SQLI nosink
- SQLI sink
|
- CONFIG.MYBATIS_MAPPER_SQLI none
- FB.PT_ABSOLUTE_PATH_TRAVERSAL none
- FB.PT_RELATIVE_PATH_TRAVERSAL none
- JSP_DYNAMIC_INCLUDE none
- JSP_SQL_INJECTION none
- PATH_MANIPULATION none
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
|
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
- PATH_MANIPULATION none
- SQLI none
- SQLI nosink
- SQLI sink
|
- PATH_MANIPULATION none
- SQLI none
- SQLI nosink
- SQLI sink
|
- PATH_MANIPULATION none
- SQLI none
|
- PATH_MANIPULATION none
- SQLI none
- SQLI nosink
- SQLI sink
|
- PATH_MANIPULATION none
- SQLI none
- SQLI nosink
- SQLI sink
|
- INSECURE_DIRECT_OBJECT_REFERENCE unscoped_find_low
- PATH_MANIPULATION dynamic_render_path_hi
- PATH_MANIPULATION dynamic_render_path_low
- PATH_MANIPULATION dynamic_render_path_med
- PATH_MANIPULATION dynamic_render_path_rce_hi
- PATH_MANIPULATION file_access_hi
- PATH_MANIPULATION file_access_low
- PATH_MANIPULATION file_access_med
- RUBY_VULNERABLE_LIBRARY cve_2011_2929_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_3760_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_3760_low
|
|
- PATH_MANIPULATION none
- SQLI none
- SQLI nosink
- SQLI sink
|
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
- PATH_MANIPULATION none
- SQLI none
- SQLI nosink
- SQLI sink
|
- PATH_MANIPULATION none
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
|
| 716 OWASP Top Ten 2007 Category A5 - Cross Site Request Forgery (CSRF) |
- CSRF database_update
- CSRF filesystem_modification
- CSRF none
|
|
|
|
- CONFIG.SPRING_SECURITY_CSRF_PROTECTION_DISABLED spring_security
- CSRF database_update
- CSRF filesystem_modification
- CSRF none
|
- CONFIG.CSURF_IGNORE_METHODS csurf_ignore_methods
- CONFIG.HANA_XS_PREVENT_XSRF_DISABLED none
- CSRF database_update
- CSRF filesystem_modification
- CSRF none
- CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_cookie_name
- CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_no_validation
- CSRF_MISCONFIGURATION_HAPI_CRUMB insecure_cookie
- CSRF_MISCONFIGURATION_HAPI_CRUMB insufficient_token_entropy
|
|
|
- CONFIG.SYMFONY_CSRF_PROTECTION_DISABLED none
|
- CSRF database_update
- CSRF none
|
- CSRF csrf_not_protected_by_raising_exception_med
- CSRF csrf_protection_disabled_hi
- CSRF csrf_protection_missing_hi
- CSRF cve_2011_0447_hi
|
|
|
- CONFIG.CSURF_IGNORE_METHODS csurf_ignore_methods
- CONFIG.HANA_XS_PREVENT_XSRF_DISABLED none
- CSRF database_update
- CSRF filesystem_modification
- CSRF none
- CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_cookie_name
- CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_no_validation
- CSRF_MISCONFIGURATION_HAPI_CRUMB insecure_cookie
- CSRF_MISCONFIGURATION_HAPI_CRUMB insufficient_token_entropy
|
- CSRF database_update
- CSRF filesystem_modification
- CSRF none
|
| 717 OWASP Top Ten 2007 Category A6 - Information Leakage and Improper Error Handling |
- ASPNET_MVC_VERSION_HEADER none
- CONFIG.ASPNET_VERSION_HEADER none
- CONFIG.COOKIES_MISSING_HTTPONLY none
- CONFIG.DYNAMIC_DATA_HTML_COMMENT none
- CONFIG.ENABLED_DEBUG_MODE none
- CONFIG.ENABLED_TRACE_MODE none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
|
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK nested_memory_access
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK sensitive_data_comparison
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_execution_data_leak
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_uninitialized_use
- AUTOSAR C++14 A15-3-3 none
- MISRA C++-2008 Rule 15-3-2 none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNCAUGHT_EXCEPT none
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
|
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK nested_memory_access
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK sensitive_data_comparison
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_execution_data_leak
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_uninitialized_use
- AUTOSAR C++14 A15-3-3 none
- MISRA C++-2008 Rule 15-3-2 none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNCAUGHT_EXCEPT none
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
|
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
|
- ANDROID_DEBUG_MODE none
- CONFIG.ANDROID_BACKUPS_ALLOWED android
- CONFIG.DWR_DEBUG_MODE none
- CONFIG.DYNAMIC_DATA_HTML_COMMENT none
- CONFIG.JAVAEE_MISSING_HTTPONLY none
- CONFIG.SPRING_BOOT_SENSITIVE_LOGGING spring_boot_logging
- CONFIG.SPRING_BOOT_SSL_DISABLED spring_boot_ssl_disabled
- CONFIG.SPRING_SECURITY_DEBUG_MODE spring_debug_mode_enabled
- CONFIG.SPRING_SECURITY_EXPOSED_SESSIONID session_id_in_url
- CONFIG.SPRING_SECURITY_LOGIN_OVER_HTTP spring_security_login_over_http
- CONFIG.SPRING_SECURITY_UNSAFE_AUTHENTICATION_FILTER authentication_filter
- CONFIG.STRUTS2_CONFIG_BROWSER_PLUGIN none
- CORS_MISCONFIGURATION_AUDIT cors_expose_sensitive_header
- DISABLED_ENCRYPTION text_encryptor
- EXPOSED_PREFERENCES none
- INSECURE_COMMUNICATION insecure_communication
- INSECURE_COMMUNICATION unencrypted_connection
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_clipboard
- SENSITIVE_DATA_LEAK cleartext_storage_in_content_provider
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_intent
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_access
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_read
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_write
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_access
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_read
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_write
- VERBOSE_ERROR_REPORTING exception_information
- VERBOSE_ERROR_REPORTING stack_trace
|
- AWS_SSL_DISABLED aws_ssl_disabled
- CONFIG.ENABLED_DEBUG_MODE debug_mode_enabled
- CONFIG.MYSQL_SSL_VERIFY_DISABLED mysql_ssl_verify_disabled
- CONFIG.SEQUELIZE_ENABLED_LOGGING sequelize_logging_enabled
- CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
- CONFIG.VUE_ROUTER_PARAMS_EXPOSED_TO_PROPS vuerouter_exposed_params
- CORS_MISCONFIGURATION cors_configured_globally
- CORS_MISCONFIGURATION cors_origin_string
- CORS_MISCONFIGURATION_AUDIT cors_expose_sensitive_header
- CORS_MISCONFIGURATION_AUDIT cors_origin_string
- DNS_PREFETCHING helmet_dns_prefetching
- EXPRESS_WINSTON_SENSITIVE_LOGGING error_logger
- EXPRESS_WINSTON_SENSITIVE_LOGGING meta_data
- EXPRESS_WINSTON_SENSITIVE_LOGGING request_logger
- EXPRESS_X_POWERED_BY_ENABLED x_powered_by_http_header
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_report_uri
- INSECURE_ACL insecure_acl
- INSECURE_COMMUNICATION insecure_connection
- INSECURE_REFERRER_POLICY insecure_referrer_policy
- REVERSE_TABNABBING react_target_blank
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNSAFE_BUFFER_METHOD unsafe_buffer_method
|
- ANDROID_DEBUG_MODE none
- CONFIG.ANDROID_BACKUPS_ALLOWED android
- EXPOSED_PREFERENCES none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_clipboard
- SENSITIVE_DATA_LEAK cleartext_storage_in_content_provider
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_intent
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_access
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_read
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_write
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_access
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_read
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_write
|
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK nested_memory_access
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK sensitive_data_comparison
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_execution_data_leak
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_uninitialized_use
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNCAUGHT_EXCEPT none
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
|
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
|
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
|
- SENSITIVE_DATA_LEAK detailed_exceptions_hi
- SENSITIVE_DATA_LEAK detailed_exceptions_med
- SENSITIVE_DATA_LEAK local_request_config_hi
|
|
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
|
- AWS_SSL_DISABLED aws_ssl_disabled
- CONFIG.ENABLED_DEBUG_MODE debug_mode_enabled
- CONFIG.MYSQL_SSL_VERIFY_DISABLED mysql_ssl_verify_disabled
- CONFIG.SEQUELIZE_ENABLED_LOGGING sequelize_logging_enabled
- CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
- CONFIG.VUE_ROUTER_PARAMS_EXPOSED_TO_PROPS vuerouter_exposed_params
- CORS_MISCONFIGURATION cors_configured_globally
- CORS_MISCONFIGURATION cors_origin_string
- CORS_MISCONFIGURATION_AUDIT cors_expose_sensitive_header
- CORS_MISCONFIGURATION_AUDIT cors_origin_string
- DNS_PREFETCHING helmet_dns_prefetching
- EXPRESS_WINSTON_SENSITIVE_LOGGING error_logger
- EXPRESS_WINSTON_SENSITIVE_LOGGING meta_data
- EXPRESS_WINSTON_SENSITIVE_LOGGING request_logger
- EXPRESS_X_POWERED_BY_ENABLED x_powered_by_http_header
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_report_uri
- INSECURE_ACL insecure_acl
- INSECURE_COMMUNICATION insecure_connection
- INSECURE_REFERRER_POLICY insecure_referrer_policy
- REVERSE_TABNABBING react_target_blank
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNSAFE_BUFFER_METHOD unsafe_buffer_method
|
- ASPNET_MVC_VERSION_HEADER none
- CONFIG.DYNAMIC_DATA_HTML_COMMENT none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
|
| 718 OWASP Top Ten 2007 Category A7 - Broken Authentication and Session Management |
- CONFIG.CONNECTION_STRING_PASSWORD none
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- MISSING_AUTHZ none
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
|
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- WEAK_GUARD dns
- WEAK_GUARD dns_sensitive_op
- WEAK_GUARD http_referer
- WEAK_GUARD http_referer_sensitive_op
- WEAK_GUARD ip_address
- WEAK_GUARD ip_address_sensitive_op
- WEAK_GUARD none
- WEAK_GUARD os_login
- WEAK_GUARD os_login_sensitive_op
- WEAK_GUARD principal_name
- WEAK_GUARD principal_name_sensitive_op
|
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- WEAK_GUARD dns
- WEAK_GUARD dns_sensitive_op
- WEAK_GUARD http_referer
- WEAK_GUARD http_referer_sensitive_op
- WEAK_GUARD ip_address
- WEAK_GUARD ip_address_sensitive_op
- WEAK_GUARD none
- WEAK_GUARD os_login
- WEAK_GUARD os_login_sensitive_op
- WEAK_GUARD principal_name
- WEAK_GUARD principal_name_sensitive_op
|
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_transmission
|
- CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
- CONFIG.MISSING_JSF2_SECURITY_CONSTRAINT none
- CONFIG.SPRING_BOOT_SSL_DISABLED spring_boot_certificate_validation_skipped
- CONFIG.SPRING_SECURITY_HARDCODED_CREDENTIALS none
- CONFIG.SPRING_SECURITY_REMEMBER_ME_HARDCODED_KEY none
- CONFIG.SPRING_SECURITY_SESSION_FIXATION none
- CONFIG.SPRING_SECURITY_SESSION_FIXATION spring_security_source_code
- CONFIG.SPRING_SECURITY_WEAK_PASSWORD_HASH weak_encoding_for_password
- CORS_MISCONFIGURATION cors_with_credentials_null_origin
- CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
- CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
- FB.DMI_CONSTANT_DB_PASSWORD none
- FB.DMI_EMPTY_DB_PASSWORD none
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- INSECURE_COMMUNICATION none
- MISSING_AUTHZ none
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_transmission
- SESSION_FIXATION none
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- WEAK_GUARD dns
- WEAK_GUARD dns_sensitive_op
- WEAK_GUARD http_referer
- WEAK_GUARD http_referer_sensitive_op
- WEAK_GUARD ip_address
- WEAK_GUARD ip_address_sensitive_op
- WEAK_GUARD none
- WEAK_GUARD os_login
- WEAK_GUARD os_login_sensitive_op
- WEAK_GUARD principal_name
- WEAK_GUARD principal_name_sensitive_op
|
- AWS_SSL_DISABLED aws_ssl_disabled
- AWS_VALIDATION_DISABLED aws_credentials_validation
- AWS_VALIDATION_DISABLED aws_parameters_validation
- BAD_CERT_VERIFICATION bad_cert_verification
- BAD_CERT_VERIFICATION certificate_validation_disabled
- CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
- CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
- CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
- CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
- CORS_MISCONFIGURATION cors_with_credentials_all_origin
- CORS_MISCONFIGURATION cors_with_credentials_null_origin
- CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
- CORS_MISCONFIGURATION_AUDIT cors_headers_allowed
- CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_all_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_null_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_set_if
- INSECURE_COMMUNICATION insecure_connection
- MISSING_AUTHZ none
- MULTER_MISCONFIGURATION multer_applied_globally
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNLESS_CASE_SENSITIVE_ROUTE_MATCHING express_unless_case_sensitive_route_matching
- WEAK_URL_SANITIZATION hostname_regular_expression
- WEAK_URL_SANITIZATION regular_expression_anchor
- WEAK_URL_SANITIZATION url_substring
|
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- INSECURE_COMMUNICATION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
|
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- WEAK_GUARD dns
- WEAK_GUARD dns_sensitive_op
- WEAK_GUARD http_referer
- WEAK_GUARD http_referer_sensitive_op
- WEAK_GUARD ip_address
- WEAK_GUARD ip_address_sensitive_op
- WEAK_GUARD none
- WEAK_GUARD os_login
- WEAK_GUARD os_login_sensitive_op
- WEAK_GUARD principal_name
- WEAK_GUARD principal_name_sensitive_op
|
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- MISSING_AUTHZ none
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_transmission
|
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- MISSING_AUTHZ none
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_transmission
|
- HARDCODED_CREDENTIALS secret_in_source_med
- RAILS_DEVISE_CONFIG devise_lock_strategy_low
- RAILS_DEVISE_CONFIG devise_password_length_max_low
- RAILS_DEVISE_CONFIG devise_password_length_max_med
- RAILS_DEVISE_CONFIG devise_password_length_min_low
- RAILS_DEVISE_CONFIG devise_password_length_min_med
- RAILS_DEVISE_CONFIG devise_reset_timeout_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_7576_hi
- STRICT_TRANSPORT_SECURITY force_ssl_disabled_med
- UNSAFE_BASIC_AUTH basic_auth_password_hi
- UNSAFE_BASIC_AUTH basic_auth_timing_attack_low
- UNSAFE_BASIC_AUTH basic_auth_usage_low
- UNSAFE_SESSION_SETTING session_secret_hi
|
|
- CONFIG.ATS_INSECURE none
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- INSECURE_COMMUNICATION none
- INSECURE_MULTIPEER_CONNECTION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- WEAK_BIOMETRIC_AUTH none
|
- AWS_SSL_DISABLED aws_ssl_disabled
- AWS_VALIDATION_DISABLED aws_credentials_validation
- AWS_VALIDATION_DISABLED aws_parameters_validation
- BAD_CERT_VERIFICATION bad_cert_verification
- BAD_CERT_VERIFICATION certificate_validation_disabled
- CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
- CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
- CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
- CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
- CORS_MISCONFIGURATION cors_with_credentials_all_origin
- CORS_MISCONFIGURATION cors_with_credentials_null_origin
- CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
- CORS_MISCONFIGURATION_AUDIT cors_headers_allowed
- CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_all_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_null_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_set_if
- INSECURE_COMMUNICATION insecure_connection
- MISSING_AUTHZ none
- MULTER_MISCONFIGURATION multer_applied_globally
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNLESS_CASE_SENSITIVE_ROUTE_MATCHING express_unless_case_sensitive_route_matching
- WEAK_URL_SANITIZATION hostname_regular_expression
- WEAK_URL_SANITIZATION regular_expression_anchor
- WEAK_URL_SANITIZATION url_substring
|
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- MISSING_AUTHZ none
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_transmission
|
| 719 OWASP Top Ten 2007 Category A8 - Insecure Cryptographic Storage |
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- INSECURE_COOKIE dotnet
- RISKY_CRYPTO hashing
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
|
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- RISKY_CRYPTO hashing
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
|
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- RISKY_CRYPTO hashing
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
|
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- RISKY_CRYPTO hashing
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
|
- CONFIG.SPRING_BOOT_SSL_DISABLED spring_boot_ssl_disabled
- CONFIG.SPRING_SECURITY_LOGIN_OVER_HTTP spring_security_login_over_http
- CONFIG.SPRING_SECURITY_WEAK_PASSWORD_HASH weak_encoding_for_password
- DISABLED_ENCRYPTION text_encryptor
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- INSECURE_COMMUNICATION insecure_communication
- INSECURE_COMMUNICATION none
- INSECURE_COMMUNICATION unencrypted_connection
- INSECURE_COOKIE java
- INSECURE_REMEMBER_ME_COOKIE remember_me_cookie
- RISKY_CRYPTO hashing
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
|
- AWS_SSL_DISABLED aws_ssl_disabled
- CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
- INSECURE_COMMUNICATION insecure_connection
- INSECURE_COOKIE client_sessions_express_session
- INSECURE_COOKIE hapi_server_session
- RISKY_CRYPTO hashing
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
|
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- INSECURE_COMMUNICATION none
- RISKY_CRYPTO hashing
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
|
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- RISKY_CRYPTO hashing
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
|
- HARDCODED_CREDENTIALS secret_in_source_med
- INSECURE_COOKIE cookie_missing_secure_flag_low
- STRICT_TRANSPORT_SECURITY force_ssl_disabled_med
- UNSAFE_SESSION_SETTING secure_cookies_hi
- UNSAFE_SESSION_SETTING session_secret_hi
|
|
- CONFIG.ATS_INSECURE none
- INSECURE_COMMUNICATION none
- INSECURE_MULTIPEER_CONNECTION none
- RISKY_CRYPTO hashing
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
|
- AWS_SSL_DISABLED aws_ssl_disabled
- CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
- INSECURE_COMMUNICATION insecure_connection
- INSECURE_COOKIE client_sessions_express_session
- INSECURE_COOKIE hapi_server_session
- RISKY_CRYPTO hashing
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
|
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- RISKY_CRYPTO hashing
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
|
| 720 OWASP Top Ten 2007 Category A9 - Insecure Communications |
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- INSECURE_COOKIE dotnet
- RISKY_CRYPTO hashing
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
|
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- RISKY_CRYPTO hashing
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
|
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- RISKY_CRYPTO hashing
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
|
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- RISKY_CRYPTO hashing
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
|
- CONFIG.SPRING_BOOT_SSL_DISABLED spring_boot_ssl_disabled
- CONFIG.SPRING_SECURITY_LOGIN_OVER_HTTP spring_security_login_over_http
- CONFIG.SPRING_SECURITY_WEAK_PASSWORD_HASH weak_encoding_for_password
- DISABLED_ENCRYPTION text_encryptor
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- INSECURE_COMMUNICATION insecure_communication
- INSECURE_COMMUNICATION none
- INSECURE_COMMUNICATION unencrypted_connection
- INSECURE_COOKIE java
- INSECURE_REMEMBER_ME_COOKIE remember_me_cookie
- RISKY_CRYPTO hashing
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
|
- AWS_SSL_DISABLED aws_ssl_disabled
- CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
- INSECURE_COMMUNICATION insecure_connection
- INSECURE_COOKIE client_sessions_express_session
- INSECURE_COOKIE hapi_server_session
- RISKY_CRYPTO hashing
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
|
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- INSECURE_COMMUNICATION none
- RISKY_CRYPTO hashing
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
|
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- RISKY_CRYPTO hashing
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
|
- HARDCODED_CREDENTIALS secret_in_source_med
- INSECURE_COOKIE cookie_missing_secure_flag_low
- STRICT_TRANSPORT_SECURITY force_ssl_disabled_med
- UNSAFE_SESSION_SETTING secure_cookies_hi
- UNSAFE_SESSION_SETTING session_secret_hi
|
|
- CONFIG.ATS_INSECURE none
- INSECURE_COMMUNICATION none
- INSECURE_MULTIPEER_CONNECTION none
- RISKY_CRYPTO hashing
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
|
- AWS_SSL_DISABLED aws_ssl_disabled
- CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
- INSECURE_COMMUNICATION insecure_connection
- INSECURE_COOKIE client_sessions_express_session
- INSECURE_COOKIE hapi_server_session
- RISKY_CRYPTO hashing
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
|
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- RISKY_CRYPTO hashing
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
|
| 721 OWASP Top Ten 2007 Category A10 - Failure to Restrict URL Access |
- CONFIG.DEAD_AUTHORIZATION_RULE dead_allow_rule
- CONFIG.DEAD_AUTHORIZATION_RULE dead_deny_rule
- INSECURE_COOKIE dotnet
- MISSING_AUTHZ none
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
|
|
|
- SQLI none
- SQLI nosink
- SQLI sink
|
- ANDROID_CAPABILITY_LEAK none
- CONFIG.DWR_DEBUG_MODE none
- CONFIG.JAVAEE_MISSING_SERVLET_MAPPING javaee
- CONFIG.MISSING_JSF2_SECURITY_CONSTRAINT none
- CONFIG.MYBATIS_MAPPER_SQLI none
- CONFIG.SPRING_BOOT_SSL_DISABLED spring_boot_certificate_validation_skipped
- CONFIG.SPRING_SECURITY_DISABLE_AUTH_TAGS none
- CONFIG.STRUTS2_CONFIG_BROWSER_PLUGIN none
- CONFIG.STRUTS2_DYNAMIC_METHOD_INVOCATION none
- CONFIG.STRUTS2_ENABLED_DEV_MODE none
- CORS_MISCONFIGURATION cors_with_credentials_null_origin
- CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
- CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
- IMPLICIT_INTENT none
- JSP_SQL_INJECTION none
- MISSING_AUTHZ none
- MISSING_PERMISSION_FOR_BROADCAST none
- MISSING_PERMISSION_ON_EXPORTED_COMPONENT none
- SENSITIVE_DATA_LEAK cleartext_storage_in_intent
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
|
- AWS_VALIDATION_DISABLED aws_credentials_validation
- AWS_VALIDATION_DISABLED aws_parameters_validation
- BAD_CERT_VERIFICATION bad_cert_verification
- BAD_CERT_VERIFICATION certificate_validation_disabled
- CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
- CORS_MISCONFIGURATION cors_with_credentials_all_origin
- CORS_MISCONFIGURATION cors_with_credentials_null_origin
- CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
- CORS_MISCONFIGURATION_AUDIT cors_headers_allowed
- CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_all_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_null_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_set_if
- INSECURE_ACL insecure_acl
- INSECURE_COOKIE client_sessions_express_session
- INSECURE_COOKIE hapi_server_session
- MISSING_AUTHZ none
- MULTER_MISCONFIGURATION multer_applied_globally
- SQLI none
- SQLI nosink
- SQLI sink
|
- ANDROID_CAPABILITY_LEAK none
- IMPLICIT_INTENT none
- MISSING_PERMISSION_FOR_BROADCAST none
- SENSITIVE_DATA_LEAK cleartext_storage_in_intent
- SQLI none
- SQLI nosink
- SQLI sink
|
|
- MISSING_AUTHZ none
- SQLI none
- SQLI nosink
- SQLI sink
|
- MISSING_AUTHZ none
- SQLI none
- SQLI nosink
- SQLI sink
|
- INSECURE_COOKIE missing_httponly_low
- INSECURE_DIRECT_OBJECT_REFERENCE unscoped_find_low
- RAILS_DEFAULT_ROUTES all_default_routes_hi
- RAILS_DEFAULT_ROUTES controller_default_routes_med
- RAILS_MISSING_FILTER_ACTION missing_action_filter_low
- UNSAFE_SESSION_SETTING http_cookies_hi
|
|
- SQLI none
- SQLI nosink
- SQLI sink
|
- AWS_VALIDATION_DISABLED aws_credentials_validation
- AWS_VALIDATION_DISABLED aws_parameters_validation
- BAD_CERT_VERIFICATION bad_cert_verification
- BAD_CERT_VERIFICATION certificate_validation_disabled
- CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
- CORS_MISCONFIGURATION cors_with_credentials_all_origin
- CORS_MISCONFIGURATION cors_with_credentials_null_origin
- CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
- CORS_MISCONFIGURATION_AUDIT cors_headers_allowed
- CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_all_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_null_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_set_if
- INSECURE_ACL insecure_acl
- INSECURE_COOKIE client_sessions_express_session
- INSECURE_COOKIE hapi_server_session
- MISSING_AUTHZ none
- MULTER_MISCONFIGURATION multer_applied_globally
- SQLI none
- SQLI nosink
- SQLI sink
|
- MISSING_AUTHZ none
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
|
| 722 OWASP Top Ten 2004 Category A1 - Unvalidated Input |
- HEADER_INJECTION none
- LDAP_INJECTION none
- LDAP_NOT_CONSTANT none
- LOG_INJECTION none
- NOSQL_QUERY_INJECTION none
- OPEN_REDIRECT none
- OS_CMD_INJECTION command_argument
- OS_CMD_INJECTION executable_file
- OS_CMD_INJECTION none
- OVERFLOW_BEFORE_WIDEN none
- PATH_MANIPULATION none
- REGEX_INJECTION none
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
- UNKNOWN_LANGUAGE_INJECTION none
- UNRESTRICTED_DISPATCH none
- UNSAFE_NAMED_QUERY none
- XML_INJECTION none
- XPATH_INJECTION none
- XSS none
- XSS stored_xss
|
- ARRAY_VS_SINGLETON none
- BAD_ALLOC_ARITHMETIC none
- BUFFER_SIZE fixed_size_dest
- BUFFER_SIZE likely_overflow
- BUFFER_SIZE no_null_terminator
- BUFFER_SIZE no_null_terminator_warn
- BUFFER_SIZE none
- BUFFER_SIZE overflow
- BUFFER_SIZE overlapping_buffer
- COM.BAD_FREE none
- COM.BSTR.ALLOC double_free
- COM.BSTR.ALLOC free_uninit
- COM.BSTR.ALLOC none
- COM.BSTR.ALLOC use_after_free
- COM.BSTR.ALLOC use_uninit
- COM.BSTR.CONV none
- FORMAT_STRING_INJECTION none
- FORMAT_STRING_INJECTION paranoid
- HEADER_INJECTION none
- INCOMPATIBLE_CAST overrun
- INTEGER_OVERFLOW array_index_read
- INTEGER_OVERFLOW array_index_write
- INTEGER_OVERFLOW const_overflow
- INTEGER_OVERFLOW critical_argument
- INTEGER_OVERFLOW none
- INTEGER_OVERFLOW pointer_deref_read
- INTEGER_OVERFLOW pointer_deref_write
- INTEGER_OVERFLOW return_value_error
- INVALIDATE_ITERATOR none
- MISMATCHED_ITERATOR none
- MISMATCHED_ITERATOR splice_iterator_mismatch
- MISSING_ASSIGN none
- MISSING_ASSIGN uncalled
- MISSING_COPY none
- MISSING_COPY uncalled
- NEGATIVE_RETURNS array_index_read
- NEGATIVE_RETURNS array_index_write
- NEGATIVE_RETURNS loop_bound
- OS_CMD_INJECTION none
- OVERFLOW_BEFORE_WIDEN none
- OVERRUN illegal_address
- OVERRUN none
- OVERRUN read
- OVERRUN strlen
- OVERRUN write
- PATH_MANIPULATION none
- PW.INTEGER_OVERFLOW none
- PW.INTEGER_TOO_LARGE none
- PW.NON_CONST_PRINTF_FORMAT_STRING none
- PW.SHIFT_COUNT_TOO_LARGE none
- READLINK none
- REVERSE_NEGATIVE array_index_read
- REVERSE_NEGATIVE array_index_write
- REVERSE_NEGATIVE critical_argument
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SIZECHECK likely_overflow
- SIZECHECK no_null_terminator
- SQLI none
- STRING_NULL none
- STRING_OVERFLOW fixed_size_dest
- STRING_OVERFLOW likely_overflow
- STRING_OVERFLOW none
- STRING_SIZE none
- TAINTED_SCALAR allocation
- TAINTED_SCALAR array_index_read
- TAINTED_SCALAR array_index_write
- TAINTED_SCALAR critical_argument
- TAINTED_SCALAR divisor
- TAINTED_SCALAR loop_bound
- TAINTED_SCALAR none
- TAINTED_SCALAR pointer_deref_read
- TAINTED_SCALAR pointer_deref_write
- TAINTED_STRING none
- URL_MANIPULATION none
- USER_POINTER none
- USE_AFTER_FREE deref_read_after_free
- USE_AFTER_FREE deref_write_after_free
- USE_AFTER_FREE double_free
- USE_AFTER_FREE none
- WRAPPER_ESCAPE COM_deref_read_after_free
- WRAPPER_ESCAPE COM_deref_write_after_free
- WRAPPER_ESCAPE COM_use_after_free
- WRAPPER_ESCAPE deref_read_after_free
- WRAPPER_ESCAPE deref_write_after_free
- WRAPPER_ESCAPE none
- XPATH_INJECTION none
|
- ARRAY_VS_SINGLETON none
- BAD_ALLOC_ARITHMETIC none
- BUFFER_SIZE fixed_size_dest
- BUFFER_SIZE likely_overflow
- BUFFER_SIZE no_null_terminator
- BUFFER_SIZE no_null_terminator_warn
- BUFFER_SIZE none
- BUFFER_SIZE overflow
- BUFFER_SIZE overlapping_buffer
- FORMAT_STRING_INJECTION none
- FORMAT_STRING_INJECTION paranoid
- HEADER_INJECTION none
- INCOMPATIBLE_CAST overrun
- INTEGER_OVERFLOW array_index_read
- INTEGER_OVERFLOW array_index_write
- INTEGER_OVERFLOW const_overflow
- INTEGER_OVERFLOW critical_argument
- INTEGER_OVERFLOW none
- INTEGER_OVERFLOW pointer_deref_read
- INTEGER_OVERFLOW pointer_deref_write
- INTEGER_OVERFLOW return_value_error
- INVALIDATE_ITERATOR none
- MISMATCHED_ITERATOR none
- MISMATCHED_ITERATOR splice_iterator_mismatch
- MISSING_ASSIGN none
- MISSING_ASSIGN uncalled
- MISSING_COPY none
- MISSING_COPY uncalled
- NEGATIVE_RETURNS array_index_read
- NEGATIVE_RETURNS array_index_write
- NEGATIVE_RETURNS loop_bound
- OS_CMD_INJECTION none
- OVERFLOW_BEFORE_WIDEN none
- OVERRUN illegal_address
- OVERRUN none
- OVERRUN read
- OVERRUN strlen
- OVERRUN write
- PATH_MANIPULATION none
- PW.INTEGER_OVERFLOW none
- PW.INTEGER_TOO_LARGE none
- PW.NON_CONST_PRINTF_FORMAT_STRING none
- PW.SHIFT_COUNT_TOO_LARGE none
- READLINK none
- REVERSE_NEGATIVE array_index_read
- REVERSE_NEGATIVE array_index_write
- REVERSE_NEGATIVE critical_argument
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SIZECHECK likely_overflow
- SIZECHECK no_null_terminator
- SQLI none
- STRING_NULL none
- STRING_OVERFLOW fixed_size_dest
- STRING_OVERFLOW likely_overflow
- STRING_OVERFLOW none
- STRING_SIZE none
- TAINTED_SCALAR allocation
- TAINTED_SCALAR array_index_read
- TAINTED_SCALAR array_index_write
- TAINTED_SCALAR critical_argument
- TAINTED_SCALAR divisor
- TAINTED_SCALAR loop_bound
- TAINTED_SCALAR none
- TAINTED_SCALAR pointer_deref_read
- TAINTED_SCALAR pointer_deref_write
- TAINTED_STRING none
- URL_MANIPULATION none
- USER_POINTER none
- USE_AFTER_FREE deref_read_after_free
- USE_AFTER_FREE deref_write_after_free
- USE_AFTER_FREE double_free
- USE_AFTER_FREE none
- WRAPPER_ESCAPE COM_deref_read_after_free
- WRAPPER_ESCAPE COM_deref_write_after_free
- WRAPPER_ESCAPE COM_use_after_free
- WRAPPER_ESCAPE deref_read_after_free
- WRAPPER_ESCAPE deref_write_after_free
- WRAPPER_ESCAPE none
- XPATH_INJECTION none
|
- HEADER_INJECTION none
- NOSQL_QUERY_INJECTION none
- OPEN_REDIRECT none
- OS_CMD_INJECTION command_as_one_string
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SQLI none
- SQLI nosink
- SQLI sink
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
- TEMPLATE_INJECTION none
- URL_MANIPULATION none
- XSS none
|
- CONFIG.MISSING_JSF2_SECURITY_CONSTRAINT none
- CONFIG.MYBATIS_MAPPER_SQLI none
- CONFIG.SPRING_SECURITY_DEPRECATED_XSS_HEADER deprecated_xss_header
- CONFIG.STRUTS2_CONFIG_BROWSER_PLUGIN none
- CONFIG.STRUTS2_DYNAMIC_METHOD_INVOCATION none
- CONFIG.STRUTS2_ENABLED_DEV_MODE none
- CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
- EL_INJECTION none
- FB.HRS_REQUEST_PARAMETER_TO_COOKIE none
- FB.HRS_REQUEST_PARAMETER_TO_HTTP_HEADER none
- FB.PT_ABSOLUTE_PATH_TRAVERSAL none
- FB.PT_RELATIVE_PATH_TRAVERSAL none
- FB.SQL_NONCONSTANT_STRING_PASSED_TO_EXECUTE none
- FB.SQL_PREPARED_STATEMENT_GENERATED_FROM_NONCONSTANT_STRING none
- FB.XSS_REQUEST_PARAMETER_TO_JSP_WRITER none
- FB.XSS_REQUEST_PARAMETER_TO_SEND_ERROR none
- FB.XSS_REQUEST_PARAMETER_TO_SERVLET_WRITER none
- HEADER_INJECTION none
- INSECURE_HTTP_FIREWALL spring_security
- INSECURE_REMEMBER_ME_COOKIE remember_me_cookie
- INVALIDATE_ITERATOR map_put
- INVALIDATE_ITERATOR none
- JAVA_CODE_INJECTION none
- JCR_INJECTION none
- JSP_DYNAMIC_INCLUDE none
- JSP_SQL_INJECTION none
- LDAP_INJECTION none
- LDAP_NOT_CONSTANT none
- LOG_INJECTION none
- MISSING_HEADER_VALIDATION missing_header_validation
- NOSQL_QUERY_INJECTION none
- OGNL_INJECTION none
- OPEN_REDIRECT none
- OS_CMD_INJECTION command_as_array_of_args
- OS_CMD_INJECTION command_as_one_string
- OS_CMD_INJECTION none
- OVERFLOW_BEFORE_WIDEN none
- PATH_MANIPULATION none
- REGEX_INJECTION none
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
- UNKNOWN_LANGUAGE_INJECTION none
- UNRESTRICTED_DISPATCH none
- UNSAFE_JNI none
- UNSAFE_NAMED_QUERY none
- UNSAFE_REFLECTION none
- URL_MANIPULATION bad_content_uri
- URL_MANIPULATION bad_intent_uri
- URL_MANIPULATION bad_web_uri
- XML_INJECTION none
- XPATH_INJECTION none
- XSS none
- XSS stored_xss
|
- ANGULAR_BYPASS_SECURITY none
- ANGULAR_ELEMENT_REFERENCE none
- ANGULAR_EXPRESSION_INJECTION none
- ANGULAR_SCE_DISABLED angular_sce_disabled
- AWS_VALIDATION_DISABLED aws_parameters_validation
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
- CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
- CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_intent_whitelist
- CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_navigation_whitelist
- CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_network_request_whitelist
- COOKIE_INJECTION none
- CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
- CSS_INJECTION none
- DOM_XSS none
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
- HEADER_INJECTION none
- INSECURE_COOKIE client_sessions_express_session
- INSECURE_COOKIE hapi_server_session
- LOCALSTORAGE_MANIPULATION none
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
- NOSQL_QUERY_INJECTION none
- OPEN_REDIRECT none
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- REACT_DANGEROUS_INNERHTML react_set_unsafe_html
- REGEX_INJECTION none
- REVERSE_TABNABBING react_target_blank
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SESSIONSTORAGE_MANIPULATION none
- SQLI none
- SQLI nosink
- SQLI sink
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
- TEMPLATE_INJECTION none
- URL_MANIPULATION none
- VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
- WEAK_URL_SANITIZATION url_substring
- XSS none
|
- HEADER_INJECTION none
- OS_CMD_INJECTION command_as_array_of_args
- OS_CMD_INJECTION command_as_one_string
- PATH_MANIPULATION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SQLI none
- SQLI nosink
- SQLI sink
- URL_MANIPULATION bad_content_uri
- URL_MANIPULATION bad_intent_uri
- URL_MANIPULATION bad_web_uri
|
- ARRAY_VS_SINGLETON none
- BAD_ALLOC_ARITHMETIC none
- BUFFER_SIZE fixed_size_dest
- BUFFER_SIZE likely_overflow
- BUFFER_SIZE no_null_terminator
- BUFFER_SIZE no_null_terminator_warn
- BUFFER_SIZE none
- BUFFER_SIZE overflow
- BUFFER_SIZE overlapping_buffer
- FORMAT_STRING_INJECTION none
- FORMAT_STRING_INJECTION paranoid
- HEADER_INJECTION none
- INCOMPATIBLE_CAST overrun
- INTEGER_OVERFLOW array_index_read
- INTEGER_OVERFLOW array_index_write
- INTEGER_OVERFLOW const_overflow
- INTEGER_OVERFLOW critical_argument
- INTEGER_OVERFLOW none
- INTEGER_OVERFLOW pointer_deref_read
- INTEGER_OVERFLOW pointer_deref_write
- INTEGER_OVERFLOW return_value_error
- INVALIDATE_ITERATOR none
- MISMATCHED_ITERATOR none
- MISMATCHED_ITERATOR splice_iterator_mismatch
- MISSING_ASSIGN none
- MISSING_ASSIGN uncalled
- MISSING_COPY none
- MISSING_COPY uncalled
- NEGATIVE_RETURNS array_index_read
- NEGATIVE_RETURNS array_index_write
- NEGATIVE_RETURNS loop_bound
- OS_CMD_INJECTION none
- OVERFLOW_BEFORE_WIDEN none
- OVERRUN illegal_address
- OVERRUN none
- OVERRUN read
- OVERRUN strlen
- OVERRUN write
- PATH_MANIPULATION none
- READLINK none
- REVERSE_NEGATIVE array_index_read
- REVERSE_NEGATIVE array_index_write
- REVERSE_NEGATIVE critical_argument
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SIZECHECK likely_overflow
- SIZECHECK no_null_terminator
- SQLI none
- STRING_NULL none
- STRING_OVERFLOW fixed_size_dest
- STRING_OVERFLOW likely_overflow
- STRING_OVERFLOW none
- STRING_SIZE none
- TAINTED_SCALAR allocation
- TAINTED_SCALAR array_index_read
- TAINTED_SCALAR array_index_write
- TAINTED_SCALAR critical_argument
- TAINTED_SCALAR divisor
- TAINTED_SCALAR loop_bound
- TAINTED_SCALAR none
- TAINTED_SCALAR pointer_deref_read
- TAINTED_SCALAR pointer_deref_write
- TAINTED_STRING none
- URL_MANIPULATION none
- USER_POINTER none
- USE_AFTER_FREE deref_read_after_free
- USE_AFTER_FREE deref_write_after_free
- USE_AFTER_FREE double_free
- USE_AFTER_FREE none
- WRAPPER_ESCAPE COM_deref_read_after_free
- WRAPPER_ESCAPE COM_deref_write_after_free
- WRAPPER_ESCAPE COM_use_after_free
- WRAPPER_ESCAPE deref_read_after_free
- WRAPPER_ESCAPE deref_write_after_free
- WRAPPER_ESCAPE none
- XPATH_INJECTION none
|
- HEADER_INJECTION none
- NOSQL_QUERY_INJECTION none
- OPEN_REDIRECT none
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SQLI none
- SQLI nosink
- SQLI sink
- SYMFONY_EL_INJECTION none
- UNSAFE_REFLECTION none
- XSS none
|
- NOSQL_QUERY_INJECTION none
- OPEN_REDIRECT none
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SQLI none
- SQLI nosink
- SQLI sink
- XSS none
|
- DYNAMIC_OBJECT_ATTRIBUTES cve_2013_0276_hi
- DYNAMIC_OBJECT_ATTRIBUTES dangerous_attr_accessible_hi
- DYNAMIC_OBJECT_ATTRIBUTES dangerous_attr_accessible_low
- DYNAMIC_OBJECT_ATTRIBUTES dangerous_attr_accessible_med
- DYNAMIC_OBJECT_ATTRIBUTES dangerous_permit_key_hi
- DYNAMIC_OBJECT_ATTRIBUTES dangerous_permit_key_med
- OPEN_REDIRECT open_redirect_hi
- OPEN_REDIRECT open_redirect_low
- OS_CMD_INJECTION command_injection_hi
- OS_CMD_INJECTION command_injection_med
- PATH_MANIPULATION dynamic_render_path_hi
- PATH_MANIPULATION dynamic_render_path_low
- PATH_MANIPULATION dynamic_render_path_med
- PATH_MANIPULATION dynamic_render_path_rce_hi
- PATH_MANIPULATION file_access_hi
- PATH_MANIPULATION file_access_low
- PATH_MANIPULATION file_access_med
- REGEX_INJECTION regex_dos_hi
- REGEX_INJECTION regex_dos_low
- REGEX_INJECTION regex_dos_med
- REVERSE_TABNABBING reverse_tabnabbing_low
- RUBY_VULNERABLE_LIBRARY cve_2010_3933_hi
- RUBY_VULNERABLE_LIBRARY cve_2011_2929_hi
- RUBY_VULNERABLE_LIBRARY cve_2011_2930_med
- RUBY_VULNERABLE_LIBRARY cve_2011_2931_hi
- RUBY_VULNERABLE_LIBRARY cve_2011_2932_hi
- RUBY_VULNERABLE_LIBRARY cve_2011_3186_med
- RUBY_VULNERABLE_LIBRARY cve_2012_2660_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_2661_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_2695_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_3463_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_3465_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_5664_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_0155_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_1855_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_1857_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_4491_med
- RUBY_VULNERABLE_LIBRARY cve_2013_6416_call_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_6416_med
- RUBY_VULNERABLE_LIBRARY cve_2013_6417_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_0080_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_0081_call_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_0081_med
- RUBY_VULNERABLE_LIBRARY cve_2014_3482_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_3483_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_low
- RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_med
- RUBY_VULNERABLE_LIBRARY cve_2014_3514_med
- RUBY_VULNERABLE_LIBRARY cve_2014_7829_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_3226_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_3226_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7577_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7578_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_7578_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7579_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_7579_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7580_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_7580_med
- RUBY_VULNERABLE_LIBRARY cve_2016_6317_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_3741_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_3741_med
- RUBY_VULNERABLE_LIBRARY cve_2018_3760_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_3760_low
- RUBY_VULNERABLE_LIBRARY cve_2018_8048_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_8048_med
- RUBY_VULNERABLE_LIBRARY safe_buffer_vuln_med
- RUBY_VULNERABLE_LIBRARY select_options_vuln_low
- RUBY_VULNERABLE_LIBRARY select_options_vuln_med
- RUBY_VULNERABLE_LIBRARY translate_vuln_hi
- RUBY_VULNERABLE_LIBRARY translate_vuln_med
- SCRIPT_CODE_INJECTION code_eval_hi
- SCRIPT_CODE_INJECTION code_eval_low
- SQLI sql_injection_calculate_hi
- SQLI sql_injection_calculate_low
- SQLI sql_injection_calculate_med
- SQLI sql_injection_connection_hi
- SQLI sql_injection_connection_low
- SQLI sql_injection_connection_med
- SQLI sql_injection_delete_hi
- SQLI sql_injection_delete_low
- SQLI sql_injection_delete_med
- SQLI sql_injection_dynamic_finder_med
- SQLI sql_injection_exists_hi
- SQLI sql_injection_find_by_hi
- SQLI sql_injection_find_hi
- SQLI sql_injection_find_low
- SQLI sql_injection_find_med
- SQLI sql_injection_from_hi
- SQLI sql_injection_from_low
- SQLI sql_injection_from_med
- SQLI sql_injection_group_low
- SQLI sql_injection_group_med
- SQLI sql_injection_having_low
- SQLI sql_injection_having_med
- SQLI sql_injection_hi
- SQLI sql_injection_interp_hi
- SQLI sql_injection_interp_low
- SQLI sql_injection_interp_med
- SQLI sql_injection_joins_hi
- SQLI sql_injection_joins_low
- SQLI sql_injection_joins_med
- SQLI sql_injection_limit_offset_hi
- SQLI sql_injection_limit_offset_low
- SQLI sql_injection_low
- SQLI sql_injection_med
- SQLI sql_injection_not_low
- SQLI sql_injection_order_hi
- SQLI sql_injection_order_low
- SQLI sql_injection_order_med
- SQLI sql_injection_pluck_hi
- SQLI sql_injection_pluck_low
- SQLI sql_injection_pluck_med
- SQLI sql_injection_reorder_hi
- SQLI sql_injection_reorder_low
- SQLI sql_injection_reorder_med
- SQLI sql_injection_select_hi
- SQLI sql_injection_select_med
- SQLI sql_injection_where_hi
- SQLI sql_injection_where_low
- SQLI sql_injection_where_med
- UNESCAPED_HTML unescaped_output_low
- UNSAFE_REFLECTION dangerous_send_hi
- UNSAFE_REFLECTION unsafe_constantize_hi
- UNSAFE_REFLECTION unsafe_constantize_med
- XSS cross_site_scripting_hi
- XSS cross_site_scripting_inline_hi
- XSS cross_site_scripting_inline_med
- XSS cross_site_scripting_low
- XSS cross_site_scripting_med
- XSS cve_2011_0446_hi
- XSS cve_2012_3464_med
- XSS cve_2016_6316_hi
- XSS cve_2016_6316_med
- XSS unquoted_attribute_hi
- XSS unquoted_attribute_low
- XSS unquoted_attribute_med
- XSS xss_content_tag_hi
- XSS xss_content_tag_med
- XSS xss_link_to_hi
- XSS xss_link_to_href_hi
- XSS xss_link_to_href_low
- XSS xss_link_to_med
- XSS xss_to_json_hi
- XSS xss_to_json_med
|
- OVERFLOW_BEFORE_WIDEN none
|
- PATH_MANIPULATION none
- REGEX_INJECTION none
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SQLI none
- SQLI nosink
- SQLI sink
- XPATH_INJECTION none
|
- ANGULAR_BYPASS_SECURITY none
- ANGULAR_ELEMENT_REFERENCE none
- ANGULAR_EXPRESSION_INJECTION none
- ANGULAR_SCE_DISABLED angular_sce_disabled
- AWS_VALIDATION_DISABLED aws_parameters_validation
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
- CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
- CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_intent_whitelist
- CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_navigation_whitelist
- CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_network_request_whitelist
- COOKIE_INJECTION none
- CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
- CSS_INJECTION none
- DOM_XSS none
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
- HEADER_INJECTION none
- INSECURE_COOKIE client_sessions_express_session
- INSECURE_COOKIE hapi_server_session
- LOCALSTORAGE_MANIPULATION none
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
- NOSQL_QUERY_INJECTION none
- OPEN_REDIRECT none
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- REACT_DANGEROUS_INNERHTML react_set_unsafe_html
- REGEX_INJECTION none
- REVERSE_TABNABBING react_target_blank
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SESSIONSTORAGE_MANIPULATION none
- SQLI none
- SQLI nosink
- SQLI sink
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
- TEMPLATE_INJECTION none
- URL_MANIPULATION none
- VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
- WEAK_URL_SANITIZATION url_substring
- XSS none
|
- HEADER_INJECTION none
- LDAP_INJECTION none
- LDAP_NOT_CONSTANT none
- LOG_INJECTION none
- OPEN_REDIRECT none
- OS_CMD_INJECTION command_argument
- OS_CMD_INJECTION executable_file
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- REGEX_INJECTION none
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
- UNRESTRICTED_DISPATCH none
- UNSAFE_NAMED_QUERY none
- XML_INJECTION none
- XPATH_INJECTION none
- XSS none
- XSS stored_xss
|
| 723 OWASP Top Ten 2004 Category A2 - Broken Access Control |
- CONFIG.CONNECTION_STRING_PASSWORD none
- CONFIG.DEAD_AUTHORIZATION_RULE dead_allow_rule
- CONFIG.DEAD_AUTHORIZATION_RULE dead_deny_rule
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- INSECURE_COOKIE dotnet
- INSECURE_RANDOM insecure_random_used
- INSECURE_RANDOM insecure_random_value
- MISSING_AUTHZ none
- PATH_MANIPULATION none
- RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- UNRESTRICTED_DISPATCH none
|
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- PATH_MANIPULATION none
- RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- WEAK_GUARD dns
- WEAK_GUARD dns_sensitive_op
- WEAK_GUARD http_referer
- WEAK_GUARD http_referer_sensitive_op
- WEAK_GUARD ip_address
- WEAK_GUARD ip_address_sensitive_op
- WEAK_GUARD none
- WEAK_GUARD os_login
- WEAK_GUARD os_login_sensitive_op
- WEAK_GUARD principal_name
- WEAK_GUARD principal_name_sensitive_op
|
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- PATH_MANIPULATION none
- RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- WEAK_GUARD dns
- WEAK_GUARD dns_sensitive_op
- WEAK_GUARD http_referer
- WEAK_GUARD http_referer_sensitive_op
- WEAK_GUARD ip_address
- WEAK_GUARD ip_address_sensitive_op
- WEAK_GUARD none
- WEAK_GUARD os_login
- WEAK_GUARD os_login_sensitive_op
- WEAK_GUARD principal_name
- WEAK_GUARD principal_name_sensitive_op
|
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- PATH_MANIPULATION none
- RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
|
- ANDROID_CAPABILITY_LEAK none
- ANDROID_WEBVIEW_FILEACCESS android_webview_file_access
- BAD_CERT_VERIFICATION bad_hostname_verifier
- BAD_CERT_VERIFICATION bad_revocation_check
- BAD_CERT_VERIFICATION bad_ssl_session
- BAD_CERT_VERIFICATION bad_trust_manager
- CONFIG.DWR_DEBUG_MODE none
- CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
- CONFIG.JAVAEE_MISSING_SERVLET_MAPPING javaee
- CONFIG.MISSING_JSF2_SECURITY_CONSTRAINT none
- CONFIG.MYBATIS_MAPPER_SQLI none
- CONFIG.SPRING_BOOT_SSL_DISABLED spring_boot_certificate_validation_skipped
- CONFIG.SPRING_SECURITY_DISABLE_AUTH_TAGS none
- CONFIG.SPRING_SECURITY_HARDCODED_CREDENTIALS none
- CONFIG.SPRING_SECURITY_REMEMBER_ME_HARDCODED_KEY none
- CONFIG.SPRING_SECURITY_SESSION_FIXATION none
- CONFIG.SPRING_SECURITY_SESSION_FIXATION spring_security_source_code
- CONFIG.SPRING_SECURITY_WEAK_PASSWORD_HASH weak_encoding_for_password
- CONFIG.STRUTS2_CONFIG_BROWSER_PLUGIN none
- CONFIG.STRUTS2_DYNAMIC_METHOD_INVOCATION none
- CONFIG.STRUTS2_ENABLED_DEV_MODE none
- CONFIG.UNSAFE_SESSION_TIMEOUT none
- CORS_MISCONFIGURATION cors_with_credentials_http_origin
- CORS_MISCONFIGURATION cors_with_credentials_null_origin
- CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
- CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
- FB.DMI_CONSTANT_DB_PASSWORD none
- FB.DMI_EMPTY_DB_PASSWORD none
- FB.PT_ABSOLUTE_PATH_TRAVERSAL none
- FB.PT_RELATIVE_PATH_TRAVERSAL none
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- IMPLICIT_INTENT none
- INSECURE_COMMUNICATION none
- INSECURE_RANDOM insecure_random_used
- INSECURE_RANDOM insecure_random_value
- INSECURE_REMEMBER_ME_COOKIE remember_me_cookie
- JSP_DYNAMIC_INCLUDE none
- JSP_SQL_INJECTION none
- MISSING_AUTHZ none
- MISSING_PERMISSION_FOR_BROADCAST none
- MISSING_PERMISSION_ON_EXPORTED_COMPONENT none
- MOBILE_ID_MISUSE none
- PATH_MANIPULATION none
- PREDICTABLE_RANDOM_SEED random_seed
- PREDICTABLE_RANDOM_SEED secure_random_seed_const
- PREDICTABLE_RANDOM_SEED secure_random_seed_sys_time
- RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_intent
- SENSITIVE_DATA_LEAK cleartext_transmission
- SESSION_FIXATION none
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- UNRESTRICTED_DISPATCH none
- WEAK_GUARD dns
- WEAK_GUARD dns_sensitive_op
- WEAK_GUARD http_referer
- WEAK_GUARD http_referer_sensitive_op
- WEAK_GUARD ip_address
- WEAK_GUARD ip_address_sensitive_op
- WEAK_GUARD none
- WEAK_GUARD os_login
- WEAK_GUARD os_login_sensitive_op
- WEAK_GUARD principal_name
- WEAK_GUARD principal_name_sensitive_op
|
- AWS_SSL_DISABLED aws_ssl_disabled
- AWS_VALIDATION_DISABLED aws_credentials_validation
- AWS_VALIDATION_DISABLED aws_parameters_validation
- BAD_CERT_VERIFICATION bad_cert_verification
- BAD_CERT_VERIFICATION certificate_validation_disabled
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
- CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
- CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
- CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
- CONFIG.REQUEST_STRICTSSL_DISABLED request_strictssl_disabled
- CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
- CONFIG.UNSAFE_SESSION_TIMEOUT client_sessions_unsafe_session_timeout
- CONFIG.UNSAFE_SESSION_TIMEOUT connect_mongo_session_timeout_too_long
- CONFIG.UNSAFE_SESSION_TIMEOUT connect_redis_session_timeout_too_long
- CONFIG.UNSAFE_SESSION_TIMEOUT google_cloud_connect_datastore_unsafe_session_timeout
- CORS_MISCONFIGURATION cors_with_credentials_all_origin
- CORS_MISCONFIGURATION cors_with_credentials_http_origin
- CORS_MISCONFIGURATION cors_with_credentials_null_origin
- CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
- CORS_MISCONFIGURATION_AUDIT cors_headers_allowed
- CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
- CORS_MISCONFIGURATION_AUDIT cors_preflight_age_too_long
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_all_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_http_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_null_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_max_age
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_set_if
- INSECURE_ACL insecure_acl
- INSECURE_COMMUNICATION insecure_connection
- INSECURE_COOKIE client_sessions_express_session
- INSECURE_COOKIE hapi_server_session
- INSECURE_RANDOM insecure_random_used
- INSECURE_RANDOM insecure_random_value
- INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_aws
- INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_google
- MISSING_AUTHZ none
- MULTER_MISCONFIGURATION multer_applied_globally
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
- PATH_MANIPULATION none
- RISKY_CRYPTO ssl_protocol
- SA.RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- TEMPORARY_CREDENTIALS_DURATION temporary_credentials_duration
- UNCHECKED_ORIGIN none
- UNLESS_CASE_SENSITIVE_ROUTE_MATCHING express_unless_case_sensitive_route_matching
- WEAK_URL_SANITIZATION hostname_regular_expression
- WEAK_URL_SANITIZATION regular_expression_anchor
- WEAK_URL_SANITIZATION url_substring
|
- ANDROID_CAPABILITY_LEAK none
- BAD_CERT_VERIFICATION bad_hostname_verifier
- BAD_CERT_VERIFICATION bad_revocation_check
- BAD_CERT_VERIFICATION bad_ssl_session
- BAD_CERT_VERIFICATION bad_trust_manager
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- IMPLICIT_INTENT none
- INSECURE_COMMUNICATION none
- INSECURE_RANDOM insecure_random_used
- INSECURE_RANDOM insecure_random_value
- MISSING_PERMISSION_FOR_BROADCAST none
- MOBILE_ID_MISUSE none
- PATH_MANIPULATION none
- PREDICTABLE_RANDOM_SEED random_seed
- PREDICTABLE_RANDOM_SEED secure_random_seed_const
- PREDICTABLE_RANDOM_SEED secure_random_seed_sys_time
- RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_intent
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
|
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- PATH_MANIPULATION none
- RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- WEAK_GUARD dns
- WEAK_GUARD dns_sensitive_op
- WEAK_GUARD http_referer
- WEAK_GUARD http_referer_sensitive_op
- WEAK_GUARD ip_address
- WEAK_GUARD ip_address_sensitive_op
- WEAK_GUARD none
- WEAK_GUARD os_login
- WEAK_GUARD os_login_sensitive_op
- WEAK_GUARD principal_name
- WEAK_GUARD principal_name_sensitive_op
|
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- MISSING_AUTHZ none
- PATH_MANIPULATION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
|
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- MISSING_AUTHZ none
- PATH_MANIPULATION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
|
- BAD_CERT_VERIFICATION ssl_verification_bypass_hi
- HARDCODED_CREDENTIALS secret_in_source_med
- INSECURE_COOKIE missing_httponly_low
- INSECURE_DIRECT_OBJECT_REFERENCE unscoped_find_low
- PATH_MANIPULATION dynamic_render_path_hi
- PATH_MANIPULATION dynamic_render_path_low
- PATH_MANIPULATION dynamic_render_path_med
- PATH_MANIPULATION dynamic_render_path_rce_hi
- PATH_MANIPULATION file_access_hi
- PATH_MANIPULATION file_access_low
- PATH_MANIPULATION file_access_med
- RAILS_DEFAULT_ROUTES all_default_routes_hi
- RAILS_DEFAULT_ROUTES controller_default_routes_med
- RAILS_DEVISE_CONFIG devise_lock_strategy_low
- RAILS_DEVISE_CONFIG devise_password_length_max_low
- RAILS_DEVISE_CONFIG devise_password_length_max_med
- RAILS_DEVISE_CONFIG devise_password_length_min_low
- RAILS_DEVISE_CONFIG devise_password_length_min_med
- RAILS_DEVISE_CONFIG devise_reset_timeout_hi
- RAILS_MISSING_FILTER_ACTION missing_action_filter_low
- RUBY_VULNERABLE_LIBRARY cve_2011_2929_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_7829_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_7576_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_3760_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_3760_low
- STRICT_TRANSPORT_SECURITY force_ssl_disabled_med
- UNSAFE_BASIC_AUTH basic_auth_password_hi
- UNSAFE_BASIC_AUTH basic_auth_timing_attack_low
- UNSAFE_BASIC_AUTH basic_auth_usage_low
- UNSAFE_SESSION_SETTING http_cookies_hi
- UNSAFE_SESSION_SETTING session_secret_hi
|
|
- BAD_CERT_VERIFICATION bad_trust_manager
- BAD_CERT_VERIFICATION none
- CONFIG.ATS_INSECURE none
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- INSECURE_COMMUNICATION none
- INSECURE_MULTIPEER_CONNECTION none
- PATH_MANIPULATION none
- RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- WEAK_BIOMETRIC_AUTH none
|
- AWS_SSL_DISABLED aws_ssl_disabled
- AWS_VALIDATION_DISABLED aws_credentials_validation
- AWS_VALIDATION_DISABLED aws_parameters_validation
- BAD_CERT_VERIFICATION bad_cert_verification
- BAD_CERT_VERIFICATION certificate_validation_disabled
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
- CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
- CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
- CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
- CONFIG.REQUEST_STRICTSSL_DISABLED request_strictssl_disabled
- CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
- CONFIG.UNSAFE_SESSION_TIMEOUT client_sessions_unsafe_session_timeout
- CONFIG.UNSAFE_SESSION_TIMEOUT connect_mongo_session_timeout_too_long
- CONFIG.UNSAFE_SESSION_TIMEOUT connect_redis_session_timeout_too_long
- CONFIG.UNSAFE_SESSION_TIMEOUT google_cloud_connect_datastore_unsafe_session_timeout
- CORS_MISCONFIGURATION cors_with_credentials_all_origin
- CORS_MISCONFIGURATION cors_with_credentials_http_origin
- CORS_MISCONFIGURATION cors_with_credentials_null_origin
- CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
- CORS_MISCONFIGURATION_AUDIT cors_headers_allowed
- CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
- CORS_MISCONFIGURATION_AUDIT cors_preflight_age_too_long
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_all_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_http_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_null_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_max_age
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_set_if
- INSECURE_ACL insecure_acl
- INSECURE_COMMUNICATION insecure_connection
- INSECURE_COOKIE client_sessions_express_session
- INSECURE_COOKIE hapi_server_session
- INSECURE_RANDOM insecure_random_used
- INSECURE_RANDOM insecure_random_value
- INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_aws
- INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_google
- MISSING_AUTHZ none
- MULTER_MISCONFIGURATION multer_applied_globally
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
- PATH_MANIPULATION none
- RISKY_CRYPTO ssl_protocol
- SA.RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- TEMPORARY_CREDENTIALS_DURATION temporary_credentials_duration
- UNCHECKED_ORIGIN none
- UNLESS_CASE_SENSITIVE_ROUTE_MATCHING express_unless_case_sensitive_route_matching
- WEAK_URL_SANITIZATION hostname_regular_expression
- WEAK_URL_SANITIZATION regular_expression_anchor
- WEAK_URL_SANITIZATION url_substring
|
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- INSECURE_RANDOM insecure_random_used
- INSECURE_RANDOM insecure_random_value
- MISSING_AUTHZ none
- PATH_MANIPULATION none
- RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
- UNRESTRICTED_DISPATCH none
|
| 724 OWASP Top Ten 2004 Category A3 - Broken Authentication and Session Management |
- CONFIG.CONNECTION_STRING_PASSWORD none
- CSRF database_update
- CSRF filesystem_modification
- CSRF none
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- MISSING_AUTHZ none
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
|
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- WEAK_GUARD dns
- WEAK_GUARD dns_sensitive_op
- WEAK_GUARD http_referer
- WEAK_GUARD http_referer_sensitive_op
- WEAK_GUARD ip_address
- WEAK_GUARD ip_address_sensitive_op
- WEAK_GUARD none
- WEAK_GUARD os_login
- WEAK_GUARD os_login_sensitive_op
- WEAK_GUARD principal_name
- WEAK_GUARD principal_name_sensitive_op
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
|
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- WEAK_GUARD dns
- WEAK_GUARD dns_sensitive_op
- WEAK_GUARD http_referer
- WEAK_GUARD http_referer_sensitive_op
- WEAK_GUARD ip_address
- WEAK_GUARD ip_address_sensitive_op
- WEAK_GUARD none
- WEAK_GUARD os_login
- WEAK_GUARD os_login_sensitive_op
- WEAK_GUARD principal_name
- WEAK_GUARD principal_name_sensitive_op
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
|
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_transmission
|
- BAD_CERT_VERIFICATION bad_trust_manager
- CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
- CONFIG.MISSING_JSF2_SECURITY_CONSTRAINT none
- CONFIG.SPRING_BOOT_SSL_DISABLED spring_boot_certificate_validation_skipped
- CONFIG.SPRING_SECURITY_CSRF_PROTECTION_DISABLED spring_security
- CONFIG.SPRING_SECURITY_HARDCODED_CREDENTIALS none
- CONFIG.SPRING_SECURITY_REMEMBER_ME_HARDCODED_KEY none
- CONFIG.SPRING_SECURITY_SESSION_FIXATION none
- CONFIG.SPRING_SECURITY_SESSION_FIXATION spring_security_source_code
- CONFIG.SPRING_SECURITY_WEAK_PASSWORD_HASH weak_encoding_for_password
- CONFIG.UNSAFE_SESSION_TIMEOUT none
- CORS_MISCONFIGURATION cors_with_credentials_null_origin
- CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
- CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
- CSRF database_update
- CSRF filesystem_modification
- CSRF none
- FB.DMI_CONSTANT_DB_PASSWORD none
- FB.DMI_EMPTY_DB_PASSWORD none
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- INSECURE_COMMUNICATION none
- MISSING_AUTHZ none
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_transmission
- SESSION_FIXATION none
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- WEAK_GUARD dns
- WEAK_GUARD dns_sensitive_op
- WEAK_GUARD http_referer
- WEAK_GUARD http_referer_sensitive_op
- WEAK_GUARD ip_address
- WEAK_GUARD ip_address_sensitive_op
- WEAK_GUARD none
- WEAK_GUARD os_login
- WEAK_GUARD os_login_sensitive_op
- WEAK_GUARD principal_name
- WEAK_GUARD principal_name_sensitive_op
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
|
- AWS_SSL_DISABLED aws_ssl_disabled
- AWS_VALIDATION_DISABLED aws_credentials_validation
- AWS_VALIDATION_DISABLED aws_parameters_validation
- BAD_CERT_VERIFICATION bad_cert_verification
- BAD_CERT_VERIFICATION certificate_validation_disabled
- CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
- CONFIG.CSURF_IGNORE_METHODS csurf_ignore_methods
- CONFIG.HANA_XS_PREVENT_XSRF_DISABLED none
- CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
- CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
- CONFIG.JSONWEBTOKEN_NON_EXPIRING_TOKEN jwt_non_expiring_token
- CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
- CONFIG.UNSAFE_SESSION_TIMEOUT client_sessions_unsafe_session_timeout
- CONFIG.UNSAFE_SESSION_TIMEOUT connect_mongo_session_timeout_too_long
- CONFIG.UNSAFE_SESSION_TIMEOUT connect_redis_session_timeout_too_long
- CONFIG.UNSAFE_SESSION_TIMEOUT google_cloud_connect_datastore_unsafe_session_timeout
- CORS_MISCONFIGURATION cors_with_credentials_all_origin
- CORS_MISCONFIGURATION cors_with_credentials_null_origin
- CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
- CORS_MISCONFIGURATION_AUDIT cors_headers_allowed
- CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
- CORS_MISCONFIGURATION_AUDIT cors_preflight_age_too_long
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_all_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_null_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
- CSRF database_update
- CSRF filesystem_modification
- CSRF none
- CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_cookie_name
- CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_no_validation
- CSRF_MISCONFIGURATION_HAPI_CRUMB insecure_cookie
- CSRF_MISCONFIGURATION_HAPI_CRUMB insufficient_token_entropy
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_max_age
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_set_if
- INSECURE_COMMUNICATION insecure_connection
- INSECURE_SALT hardcoded
- INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_aws
- INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_google
- JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_exipration
- JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_not_before
- JSONWEBTOKEN_UNTRUSTED_DECODE jwt_untrusted_decode
- MISSING_AUTHZ none
- MULTER_MISCONFIGURATION multer_applied_globally
- MULTER_MISCONFIGURATION multer_custom_file_filter
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_transmission
- TEMPORARY_CREDENTIALS_DURATION temporary_credentials_duration
- UNCHECKED_ORIGIN none
- UNLESS_CASE_SENSITIVE_ROUTE_MATCHING express_unless_case_sensitive_route_matching
- WEAK_URL_SANITIZATION hostname_regular_expression
- WEAK_URL_SANITIZATION regular_expression_anchor
- WEAK_URL_SANITIZATION url_substring
|
- BAD_CERT_VERIFICATION bad_trust_manager
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- INSECURE_COMMUNICATION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
|
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- WEAK_GUARD dns
- WEAK_GUARD dns_sensitive_op
- WEAK_GUARD http_referer
- WEAK_GUARD http_referer_sensitive_op
- WEAK_GUARD ip_address
- WEAK_GUARD ip_address_sensitive_op
- WEAK_GUARD none
- WEAK_GUARD os_login
- WEAK_GUARD os_login_sensitive_op
- WEAK_GUARD principal_name
- WEAK_GUARD principal_name_sensitive_op
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
|
- CONFIG.SYMFONY_CSRF_PROTECTION_DISABLED none
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- MISSING_AUTHZ none
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_transmission
|
- CSRF database_update
- CSRF none
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- MISSING_AUTHZ none
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_transmission
|
- CSRF csrf_not_protected_by_raising_exception_med
- CSRF csrf_protection_disabled_hi
- CSRF csrf_protection_missing_hi
- CSRF cve_2011_0447_hi
- HARDCODED_CREDENTIALS secret_in_source_med
- RAILS_DEVISE_CONFIG devise_encryptor_hi
- RAILS_DEVISE_CONFIG devise_lock_strategy_low
- RAILS_DEVISE_CONFIG devise_password_length_max_low
- RAILS_DEVISE_CONFIG devise_password_length_max_med
- RAILS_DEVISE_CONFIG devise_password_length_min_low
- RAILS_DEVISE_CONFIG devise_password_length_min_med
- RAILS_DEVISE_CONFIG devise_reset_timeout_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_7576_hi
- STRICT_TRANSPORT_SECURITY force_ssl_disabled_med
- UNSAFE_BASIC_AUTH basic_auth_password_hi
- UNSAFE_BASIC_AUTH basic_auth_timing_attack_low
- UNSAFE_BASIC_AUTH basic_auth_usage_low
- UNSAFE_SESSION_SETTING session_secret_hi
- WEAK_PASSWORD_HASH weak_hash_digest_hi
- WEAK_PASSWORD_HASH weak_hash_digest_med
- WEAK_PASSWORD_HASH weak_hash_hmac_med
|
|
- BAD_CERT_VERIFICATION bad_trust_manager
- CONFIG.ATS_INSECURE none
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- INSECURE_COMMUNICATION none
- INSECURE_MULTIPEER_CONNECTION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- WEAK_BIOMETRIC_AUTH none
|
- AWS_SSL_DISABLED aws_ssl_disabled
- AWS_VALIDATION_DISABLED aws_credentials_validation
- AWS_VALIDATION_DISABLED aws_parameters_validation
- BAD_CERT_VERIFICATION bad_cert_verification
- BAD_CERT_VERIFICATION certificate_validation_disabled
- CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
- CONFIG.CSURF_IGNORE_METHODS csurf_ignore_methods
- CONFIG.HANA_XS_PREVENT_XSRF_DISABLED none
- CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
- CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
- CONFIG.JSONWEBTOKEN_NON_EXPIRING_TOKEN jwt_non_expiring_token
- CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
- CONFIG.UNSAFE_SESSION_TIMEOUT client_sessions_unsafe_session_timeout
- CONFIG.UNSAFE_SESSION_TIMEOUT connect_mongo_session_timeout_too_long
- CONFIG.UNSAFE_SESSION_TIMEOUT connect_redis_session_timeout_too_long
- CONFIG.UNSAFE_SESSION_TIMEOUT google_cloud_connect_datastore_unsafe_session_timeout
- CORS_MISCONFIGURATION cors_with_credentials_all_origin
- CORS_MISCONFIGURATION cors_with_credentials_null_origin
- CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
- CORS_MISCONFIGURATION_AUDIT cors_headers_allowed
- CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
- CORS_MISCONFIGURATION_AUDIT cors_preflight_age_too_long
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_all_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_null_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
- CSRF database_update
- CSRF filesystem_modification
- CSRF none
- CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_cookie_name
- CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_no_validation
- CSRF_MISCONFIGURATION_HAPI_CRUMB insecure_cookie
- CSRF_MISCONFIGURATION_HAPI_CRUMB insufficient_token_entropy
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_max_age
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_set_if
- INSECURE_COMMUNICATION insecure_connection
- INSECURE_SALT hardcoded
- INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_aws
- INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_google
- JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_exipration
- JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_not_before
- JSONWEBTOKEN_UNTRUSTED_DECODE jwt_untrusted_decode
- MISSING_AUTHZ none
- MULTER_MISCONFIGURATION multer_applied_globally
- MULTER_MISCONFIGURATION multer_custom_file_filter
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_transmission
- TEMPORARY_CREDENTIALS_DURATION temporary_credentials_duration
- UNCHECKED_ORIGIN none
- UNLESS_CASE_SENSITIVE_ROUTE_MATCHING express_unless_case_sensitive_route_matching
- WEAK_URL_SANITIZATION hostname_regular_expression
- WEAK_URL_SANITIZATION regular_expression_anchor
- WEAK_URL_SANITIZATION url_substring
|
- CSRF database_update
- CSRF filesystem_modification
- CSRF none
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- MISSING_AUTHZ none
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_transmission
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
|
| 725 OWASP Top Ten 2004 Category A4 - Cross-Site Scripting (XSS) Flaws |
|
|
|
|
- CONFIG.SPRING_SECURITY_DEPRECATED_XSS_HEADER deprecated_xss_header
- FB.XSS_REQUEST_PARAMETER_TO_JSP_WRITER none
- FB.XSS_REQUEST_PARAMETER_TO_SEND_ERROR none
- FB.XSS_REQUEST_PARAMETER_TO_SERVLET_WRITER none
- XSS none
- XSS stored_xss
|
- ANGULAR_BYPASS_SECURITY none
- ANGULAR_ELEMENT_REFERENCE none
- ANGULAR_SCE_DISABLED angular_sce_disabled
- DOM_XSS none
- REACT_DANGEROUS_INNERHTML react_set_unsafe_html
- VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
- XSS none
|
|
|
|
|
- RUBY_VULNERABLE_LIBRARY cve_2011_2931_hi
- RUBY_VULNERABLE_LIBRARY cve_2011_2932_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_3463_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_3465_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_1855_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_1857_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_4491_med
- RUBY_VULNERABLE_LIBRARY cve_2013_6416_call_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_6416_med
- RUBY_VULNERABLE_LIBRARY cve_2014_0081_call_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_0081_med
- RUBY_VULNERABLE_LIBRARY cve_2015_3226_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_3226_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7578_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_7578_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7579_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_7579_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7580_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_7580_med
- RUBY_VULNERABLE_LIBRARY cve_2018_3741_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_3741_med
- RUBY_VULNERABLE_LIBRARY cve_2018_8048_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_8048_med
- RUBY_VULNERABLE_LIBRARY safe_buffer_vuln_med
- RUBY_VULNERABLE_LIBRARY select_options_vuln_low
- RUBY_VULNERABLE_LIBRARY select_options_vuln_med
- RUBY_VULNERABLE_LIBRARY translate_vuln_hi
- RUBY_VULNERABLE_LIBRARY translate_vuln_med
- UNESCAPED_HTML unescaped_output_low
- XSS cross_site_scripting_hi
- XSS cross_site_scripting_inline_hi
- XSS cross_site_scripting_inline_med
- XSS cross_site_scripting_low
- XSS cross_site_scripting_med
- XSS cve_2011_0446_hi
- XSS cve_2012_3464_med
- XSS cve_2016_6316_hi
- XSS cve_2016_6316_med
- XSS unquoted_attribute_hi
- XSS unquoted_attribute_low
- XSS unquoted_attribute_med
- XSS xss_content_tag_hi
- XSS xss_content_tag_med
- XSS xss_link_to_hi
- XSS xss_link_to_href_hi
- XSS xss_link_to_href_low
- XSS xss_link_to_med
- XSS xss_to_json_hi
- XSS xss_to_json_med
|
|
|
- ANGULAR_BYPASS_SECURITY none
- ANGULAR_ELEMENT_REFERENCE none
- ANGULAR_SCE_DISABLED angular_sce_disabled
- DOM_XSS none
- REACT_DANGEROUS_INNERHTML react_set_unsafe_html
- VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
- XSS none
|
|
| 726 OWASP Top Ten 2004 Category A5 - Buffer Overflows |
|
- ARRAY_VS_SINGLETON none
- BAD_ALLOC_ARITHMETIC none
- BUFFER_SIZE fixed_size_dest
- BUFFER_SIZE likely_overflow
- BUFFER_SIZE none
- BUFFER_SIZE overflow
- BUFFER_SIZE overlapping_buffer
- COM.BAD_FREE none
- COM.BSTR.ALLOC double_free
- COM.BSTR.ALLOC free_uninit
- COM.BSTR.ALLOC none
- COM.BSTR.ALLOC use_after_free
- COM.BSTR.ALLOC use_uninit
- COM.BSTR.CONV none
- FORMAT_STRING_INJECTION none
- FORMAT_STRING_INJECTION paranoid
- INCOMPATIBLE_CAST overrun
- INTEGER_OVERFLOW array_index_read
- INTEGER_OVERFLOW array_index_write
- INTEGER_OVERFLOW pointer_deref_read
- INTEGER_OVERFLOW pointer_deref_write
- INVALIDATE_ITERATOR none
- MISMATCHED_ITERATOR none
- MISMATCHED_ITERATOR splice_iterator_mismatch
- MISSING_ASSIGN none
- MISSING_ASSIGN uncalled
- MISSING_COPY none
- MISSING_COPY uncalled
- OVERRUN illegal_address
- OVERRUN none
- OVERRUN read
- OVERRUN strlen
- OVERRUN write
- PW.NON_CONST_PRINTF_FORMAT_STRING none
- REVERSE_NEGATIVE critical_argument
- SIZECHECK likely_overflow
- STRING_OVERFLOW fixed_size_dest
- STRING_OVERFLOW likely_overflow
- STRING_OVERFLOW none
- STRING_SIZE none
- TAINTED_SCALAR allocation
- TAINTED_SCALAR array_index_read
- TAINTED_SCALAR array_index_write
- TAINTED_SCALAR critical_argument
- TAINTED_SCALAR divisor
- TAINTED_SCALAR loop_bound
- TAINTED_SCALAR none
- TAINTED_SCALAR pointer_deref_read
- TAINTED_SCALAR pointer_deref_write
- USE_AFTER_FREE deref_read_after_free
- USE_AFTER_FREE deref_write_after_free
- USE_AFTER_FREE double_free
- USE_AFTER_FREE none
- WRAPPER_ESCAPE COM_deref_read_after_free
- WRAPPER_ESCAPE COM_deref_write_after_free
- WRAPPER_ESCAPE COM_use_after_free
- WRAPPER_ESCAPE deref_read_after_free
- WRAPPER_ESCAPE deref_write_after_free
- WRAPPER_ESCAPE none
|
- ARRAY_VS_SINGLETON none
- BAD_ALLOC_ARITHMETIC none
- BUFFER_SIZE fixed_size_dest
- BUFFER_SIZE likely_overflow
- BUFFER_SIZE none
- BUFFER_SIZE overflow
- BUFFER_SIZE overlapping_buffer
- FORMAT_STRING_INJECTION none
- FORMAT_STRING_INJECTION paranoid
- INCOMPATIBLE_CAST overrun
- INTEGER_OVERFLOW array_index_read
- INTEGER_OVERFLOW array_index_write
- INTEGER_OVERFLOW pointer_deref_read
- INTEGER_OVERFLOW pointer_deref_write
- INVALIDATE_ITERATOR none
- MISMATCHED_ITERATOR none
- MISMATCHED_ITERATOR splice_iterator_mismatch
- MISSING_ASSIGN none
- MISSING_ASSIGN uncalled
- MISSING_COPY none
- MISSING_COPY uncalled
- OVERRUN illegal_address
- OVERRUN none
- OVERRUN read
- OVERRUN strlen
- OVERRUN write
- PW.NON_CONST_PRINTF_FORMAT_STRING none
- REVERSE_NEGATIVE critical_argument
- SIZECHECK likely_overflow
- STRING_OVERFLOW fixed_size_dest
- STRING_OVERFLOW likely_overflow
- STRING_OVERFLOW none
- STRING_SIZE none
- TAINTED_SCALAR allocation
- TAINTED_SCALAR array_index_read
- TAINTED_SCALAR array_index_write
- TAINTED_SCALAR critical_argument
- TAINTED_SCALAR divisor
- TAINTED_SCALAR loop_bound
- TAINTED_SCALAR none
- TAINTED_SCALAR pointer_deref_read
- TAINTED_SCALAR pointer_deref_write
- USE_AFTER_FREE deref_read_after_free
- USE_AFTER_FREE deref_write_after_free
- USE_AFTER_FREE double_free
- USE_AFTER_FREE none
- WRAPPER_ESCAPE COM_deref_read_after_free
- WRAPPER_ESCAPE COM_deref_write_after_free
- WRAPPER_ESCAPE COM_use_after_free
- WRAPPER_ESCAPE deref_read_after_free
- WRAPPER_ESCAPE deref_write_after_free
- WRAPPER_ESCAPE none
|
|
- INVALIDATE_ITERATOR map_put
- INVALIDATE_ITERATOR none
|
|
|
- ARRAY_VS_SINGLETON none
- BAD_ALLOC_ARITHMETIC none
- BUFFER_SIZE fixed_size_dest
- BUFFER_SIZE likely_overflow
- BUFFER_SIZE none
- BUFFER_SIZE overflow
- BUFFER_SIZE overlapping_buffer
- FORMAT_STRING_INJECTION none
- FORMAT_STRING_INJECTION paranoid
- INCOMPATIBLE_CAST overrun
- INTEGER_OVERFLOW array_index_read
- INTEGER_OVERFLOW array_index_write
- INTEGER_OVERFLOW pointer_deref_read
- INTEGER_OVERFLOW pointer_deref_write
- INVALIDATE_ITERATOR none
- MISMATCHED_ITERATOR none
- MISMATCHED_ITERATOR splice_iterator_mismatch
- MISSING_ASSIGN none
- MISSING_ASSIGN uncalled
- MISSING_COPY none
- MISSING_COPY uncalled
- OVERRUN illegal_address
- OVERRUN none
- OVERRUN read
- OVERRUN strlen
- OVERRUN write
- REVERSE_NEGATIVE critical_argument
- SIZECHECK likely_overflow
- STRING_OVERFLOW fixed_size_dest
- STRING_OVERFLOW likely_overflow
- STRING_OVERFLOW none
- STRING_SIZE none
- TAINTED_SCALAR allocation
- TAINTED_SCALAR array_index_read
- TAINTED_SCALAR array_index_write
- TAINTED_SCALAR critical_argument
- TAINTED_SCALAR divisor
- TAINTED_SCALAR loop_bound
- TAINTED_SCALAR none
- TAINTED_SCALAR pointer_deref_read
- TAINTED_SCALAR pointer_deref_write
- USE_AFTER_FREE deref_read_after_free
- USE_AFTER_FREE deref_write_after_free
- USE_AFTER_FREE double_free
- USE_AFTER_FREE none
- WRAPPER_ESCAPE COM_deref_read_after_free
- WRAPPER_ESCAPE COM_deref_write_after_free
- WRAPPER_ESCAPE COM_use_after_free
- WRAPPER_ESCAPE deref_read_after_free
- WRAPPER_ESCAPE deref_write_after_free
- WRAPPER_ESCAPE none
|
|
|
|
|
|
|
|
| 727 OWASP Top Ten 2004 Category A6 - Injection Flaws |
- HEADER_INJECTION none
- LDAP_INJECTION none
- LDAP_NOT_CONSTANT none
- LOG_INJECTION none
- NOSQL_QUERY_INJECTION none
- OS_CMD_INJECTION command_argument
- OS_CMD_INJECTION executable_file
- OS_CMD_INJECTION none
- REGEX_INJECTION none
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
- UNKNOWN_LANGUAGE_INJECTION none
- XML_INJECTION none
- XPATH_INJECTION none
- XSS none
- XSS stored_xss
|
- BUFFER_SIZE no_null_terminator
- BUFFER_SIZE no_null_terminator_warn
- FORMAT_STRING_INJECTION none
- FORMAT_STRING_INJECTION paranoid
- HEADER_INJECTION none
- OS_CMD_INJECTION none
- PW.NON_CONST_PRINTF_FORMAT_STRING none
- READLINK none
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SIZECHECK no_null_terminator
- SQLI none
- STRING_NULL none
- URL_MANIPULATION none
- XPATH_INJECTION none
|
- BUFFER_SIZE no_null_terminator
- BUFFER_SIZE no_null_terminator_warn
- FORMAT_STRING_INJECTION none
- FORMAT_STRING_INJECTION paranoid
- HEADER_INJECTION none
- OS_CMD_INJECTION none
- PW.NON_CONST_PRINTF_FORMAT_STRING none
- READLINK none
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SIZECHECK no_null_terminator
- SQLI none
- STRING_NULL none
- URL_MANIPULATION none
- XPATH_INJECTION none
|
- HEADER_INJECTION none
- NOSQL_QUERY_INJECTION none
- OS_CMD_INJECTION command_as_one_string
- OS_CMD_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SQLI none
- SQLI nosink
- SQLI sink
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
- TEMPLATE_INJECTION none
- URL_MANIPULATION none
- XSS none
|
- CONFIG.MYBATIS_MAPPER_SQLI none
- CONFIG.SPRING_SECURITY_DEPRECATED_XSS_HEADER deprecated_xss_header
- EL_INJECTION none
- FB.HRS_REQUEST_PARAMETER_TO_COOKIE none
- FB.HRS_REQUEST_PARAMETER_TO_HTTP_HEADER none
- FB.SQL_NONCONSTANT_STRING_PASSED_TO_EXECUTE none
- FB.SQL_PREPARED_STATEMENT_GENERATED_FROM_NONCONSTANT_STRING none
- FB.XSS_REQUEST_PARAMETER_TO_JSP_WRITER none
- FB.XSS_REQUEST_PARAMETER_TO_SEND_ERROR none
- FB.XSS_REQUEST_PARAMETER_TO_SERVLET_WRITER none
- HEADER_INJECTION none
- JAVA_CODE_INJECTION none
- JCR_INJECTION none
- JSP_DYNAMIC_INCLUDE none
- JSP_SQL_INJECTION none
- LDAP_INJECTION none
- LDAP_NOT_CONSTANT none
- LOG_INJECTION none
- MISSING_HEADER_VALIDATION missing_header_validation
- NOSQL_QUERY_INJECTION none
- OGNL_INJECTION none
- OS_CMD_INJECTION command_as_array_of_args
- OS_CMD_INJECTION command_as_one_string
- OS_CMD_INJECTION none
- REGEX_INJECTION none
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
- UNKNOWN_LANGUAGE_INJECTION none
- URL_MANIPULATION bad_content_uri
- URL_MANIPULATION bad_intent_uri
- URL_MANIPULATION bad_web_uri
- XML_INJECTION none
- XPATH_INJECTION none
- XSS none
- XSS stored_xss
|
- ANGULAR_BYPASS_SECURITY none
- ANGULAR_ELEMENT_REFERENCE none
- ANGULAR_EXPRESSION_INJECTION none
- ANGULAR_SCE_DISABLED angular_sce_disabled
- CSS_INJECTION none
- DOM_XSS none
- HEADER_INJECTION none
- LOCALSTORAGE_MANIPULATION none
- NOSQL_QUERY_INJECTION none
- OS_CMD_INJECTION none
- REACT_DANGEROUS_INNERHTML react_set_unsafe_html
- REGEX_INJECTION none
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SESSIONSTORAGE_MANIPULATION none
- SQLI none
- SQLI nosink
- SQLI sink
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
- TEMPLATE_INJECTION none
- URL_MANIPULATION none
- VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
- XSS none
|
- HEADER_INJECTION none
- OS_CMD_INJECTION command_as_array_of_args
- OS_CMD_INJECTION command_as_one_string
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SQLI none
- SQLI nosink
- SQLI sink
- URL_MANIPULATION bad_content_uri
- URL_MANIPULATION bad_intent_uri
- URL_MANIPULATION bad_web_uri
|
- BUFFER_SIZE no_null_terminator
- BUFFER_SIZE no_null_terminator_warn
- FORMAT_STRING_INJECTION none
- FORMAT_STRING_INJECTION paranoid
- HEADER_INJECTION none
- OS_CMD_INJECTION none
- READLINK none
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SIZECHECK no_null_terminator
- SQLI none
- STRING_NULL none
- URL_MANIPULATION none
- XPATH_INJECTION none
|
- HEADER_INJECTION none
- NOSQL_QUERY_INJECTION none
- OS_CMD_INJECTION none
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SQLI none
- SQLI nosink
- SQLI sink
- SYMFONY_EL_INJECTION none
- XSS none
|
- NOSQL_QUERY_INJECTION none
- OS_CMD_INJECTION none
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SQLI none
- SQLI nosink
- SQLI sink
- XSS none
|
- DYNAMIC_OBJECT_ATTRIBUTES cve_2013_0276_hi
- OS_CMD_INJECTION command_injection_hi
- OS_CMD_INJECTION command_injection_med
- PATH_MANIPULATION dynamic_render_path_rce_hi
- REGEX_INJECTION regex_dos_hi
- REGEX_INJECTION regex_dos_low
- REGEX_INJECTION regex_dos_med
- RUBY_VULNERABLE_LIBRARY cve_2010_3933_hi
- RUBY_VULNERABLE_LIBRARY cve_2011_2930_med
- RUBY_VULNERABLE_LIBRARY cve_2011_2931_hi
- RUBY_VULNERABLE_LIBRARY cve_2011_2932_hi
- RUBY_VULNERABLE_LIBRARY cve_2011_3186_med
- RUBY_VULNERABLE_LIBRARY cve_2012_2660_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_2661_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_2695_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_3463_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_3465_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_5664_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_0155_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_1855_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_1857_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_4491_med
- RUBY_VULNERABLE_LIBRARY cve_2013_6416_call_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_6416_med
- RUBY_VULNERABLE_LIBRARY cve_2013_6417_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_0080_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_0081_call_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_0081_med
- RUBY_VULNERABLE_LIBRARY cve_2014_3482_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_3483_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_low
- RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_med
- RUBY_VULNERABLE_LIBRARY cve_2014_3514_med
- RUBY_VULNERABLE_LIBRARY cve_2015_3226_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_3226_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7577_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7578_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_7578_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7579_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_7579_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7580_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_7580_med
- RUBY_VULNERABLE_LIBRARY cve_2016_6317_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_3741_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_3741_med
- RUBY_VULNERABLE_LIBRARY cve_2018_8048_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_8048_med
- RUBY_VULNERABLE_LIBRARY safe_buffer_vuln_med
- RUBY_VULNERABLE_LIBRARY select_options_vuln_low
- RUBY_VULNERABLE_LIBRARY select_options_vuln_med
- RUBY_VULNERABLE_LIBRARY translate_vuln_hi
- RUBY_VULNERABLE_LIBRARY translate_vuln_med
- SCRIPT_CODE_INJECTION code_eval_hi
- SCRIPT_CODE_INJECTION code_eval_low
- SQLI sql_injection_calculate_hi
- SQLI sql_injection_calculate_low
- SQLI sql_injection_calculate_med
- SQLI sql_injection_connection_hi
- SQLI sql_injection_connection_low
- SQLI sql_injection_connection_med
- SQLI sql_injection_delete_hi
- SQLI sql_injection_delete_low
- SQLI sql_injection_delete_med
- SQLI sql_injection_dynamic_finder_med
- SQLI sql_injection_exists_hi
- SQLI sql_injection_find_by_hi
- SQLI sql_injection_find_hi
- SQLI sql_injection_find_low
- SQLI sql_injection_find_med
- SQLI sql_injection_from_hi
- SQLI sql_injection_from_low
- SQLI sql_injection_from_med
- SQLI sql_injection_group_low
- SQLI sql_injection_group_med
- SQLI sql_injection_having_low
- SQLI sql_injection_having_med
- SQLI sql_injection_hi
- SQLI sql_injection_interp_hi
- SQLI sql_injection_interp_low
- SQLI sql_injection_interp_med
- SQLI sql_injection_joins_hi
- SQLI sql_injection_joins_low
- SQLI sql_injection_joins_med
- SQLI sql_injection_limit_offset_hi
- SQLI sql_injection_limit_offset_low
- SQLI sql_injection_low
- SQLI sql_injection_med
- SQLI sql_injection_not_low
- SQLI sql_injection_order_hi
- SQLI sql_injection_order_low
- SQLI sql_injection_order_med
- SQLI sql_injection_pluck_hi
- SQLI sql_injection_pluck_low
- SQLI sql_injection_pluck_med
- SQLI sql_injection_reorder_hi
- SQLI sql_injection_reorder_low
- SQLI sql_injection_reorder_med
- SQLI sql_injection_select_hi
- SQLI sql_injection_select_med
- SQLI sql_injection_where_hi
- SQLI sql_injection_where_low
- SQLI sql_injection_where_med
- UNESCAPED_HTML unescaped_output_low
- XSS cross_site_scripting_hi
- XSS cross_site_scripting_inline_hi
- XSS cross_site_scripting_inline_med
- XSS cross_site_scripting_low
- XSS cross_site_scripting_med
- XSS cve_2011_0446_hi
- XSS cve_2012_3464_med
- XSS cve_2016_6316_hi
- XSS cve_2016_6316_med
- XSS unquoted_attribute_hi
- XSS unquoted_attribute_low
- XSS unquoted_attribute_med
- XSS xss_content_tag_hi
- XSS xss_content_tag_med
- XSS xss_link_to_hi
- XSS xss_link_to_href_hi
- XSS xss_link_to_href_low
- XSS xss_link_to_med
- XSS xss_to_json_hi
- XSS xss_to_json_med
|
|
- REGEX_INJECTION none
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SQLI none
- SQLI nosink
- SQLI sink
- XPATH_INJECTION none
|
- ANGULAR_BYPASS_SECURITY none
- ANGULAR_ELEMENT_REFERENCE none
- ANGULAR_EXPRESSION_INJECTION none
- ANGULAR_SCE_DISABLED angular_sce_disabled
- CSS_INJECTION none
- DOM_XSS none
- HEADER_INJECTION none
- LOCALSTORAGE_MANIPULATION none
- NOSQL_QUERY_INJECTION none
- OS_CMD_INJECTION none
- REACT_DANGEROUS_INNERHTML react_set_unsafe_html
- REGEX_INJECTION none
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SESSIONSTORAGE_MANIPULATION none
- SQLI none
- SQLI nosink
- SQLI sink
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
- TEMPLATE_INJECTION none
- URL_MANIPULATION none
- VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
- XSS none
|
- HEADER_INJECTION none
- LDAP_INJECTION none
- LDAP_NOT_CONSTANT none
- LOG_INJECTION none
- OS_CMD_INJECTION command_argument
- OS_CMD_INJECTION executable_file
- OS_CMD_INJECTION none
- REGEX_INJECTION none
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
- XML_INJECTION none
- XPATH_INJECTION none
- XSS none
- XSS stored_xss
|
| 728 OWASP Top Ten 2004 Category A7 - Improper Error Handling |
- CONFIG.MISSING_CUSTOM_ERROR_PAGE none
- MISSING_THROW none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
|
- AUTOSAR C++14 A15-3-3 none
- BAD_COMPARE comparator_misuse
- CHECKED_RETURN library_function
- CHECKED_RETURN none
- CHECKED_RETURN returns_error_info
- CHECKED_RETURN short_read
- CHECKED_RETURN unchecked_arg
- CHECKED_RETURN user_required
- LOCK lock_assert
- MISRA C++-2008 Rule 15-3-2 none
- NEGATIVE_RETURNS none
- REVERSE_NEGATIVE none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- TAINTED_SCALAR allocation
- TAINTED_SCALAR array_index_read
- TAINTED_SCALAR array_index_write
- TAINTED_SCALAR critical_argument
- TAINTED_SCALAR divisor
- TAINTED_SCALAR loop_bound
- TAINTED_SCALAR none
- TAINTED_SCALAR pointer_deref_read
- TAINTED_SCALAR pointer_deref_write
- UNCAUGHT_EXCEPT none
|
- AUTOSAR C++14 A15-3-3 none
- BAD_COMPARE comparator_misuse
- CHECKED_RETURN library_function
- CHECKED_RETURN none
- CHECKED_RETURN returns_error_info
- CHECKED_RETURN short_read
- CHECKED_RETURN unchecked_arg
- CHECKED_RETURN user_required
- LOCK lock_assert
- MISRA C++-2008 Rule 15-3-2 none
- NEGATIVE_RETURNS none
- REVERSE_NEGATIVE none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- TAINTED_SCALAR allocation
- TAINTED_SCALAR array_index_read
- TAINTED_SCALAR array_index_write
- TAINTED_SCALAR critical_argument
- TAINTED_SCALAR divisor
- TAINTED_SCALAR loop_bound
- TAINTED_SCALAR none
- TAINTED_SCALAR pointer_deref_read
- TAINTED_SCALAR pointer_deref_write
- UNCAUGHT_EXCEPT none
|
- CHECKED_RETURN none
- CHECKED_RETURN unchecked_arg
- LOCK lock_assert
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
|
- CHECKED_RETURN library_function
- CHECKED_RETURN none
- CHECKED_RETURN short_read
- CHECKED_RETURN user_required
- CONFIG.MISSING_GLOBAL_EXCEPTION_HANDLER none
- FB.DE_MIGHT_DROP none
- FB.DE_MIGHT_IGNORE none
- FB.REC_CATCH_EXCEPTION none
- FB.RV_RETURN_VALUE_IGNORED_BAD_PRACTICE none
- MISSING_THROW none
- ORM_LOAD_NULL_CHECK none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- VERBOSE_ERROR_REPORTING exception_information
- VERBOSE_ERROR_REPORTING stack_trace
|
- CONFIG.MISSING_GLOBAL_EXCEPTION_HANDLER winston_exception_handling
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
|
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
|
- BAD_COMPARE comparator_misuse
- CHECKED_RETURN library_function
- CHECKED_RETURN none
- CHECKED_RETURN short_read
- CHECKED_RETURN unchecked_arg
- CHECKED_RETURN user_required
- LOCK lock_assert
- NEGATIVE_RETURNS none
- REVERSE_NEGATIVE none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- TAINTED_SCALAR allocation
- TAINTED_SCALAR array_index_read
- TAINTED_SCALAR array_index_write
- TAINTED_SCALAR critical_argument
- TAINTED_SCALAR divisor
- TAINTED_SCALAR loop_bound
- TAINTED_SCALAR none
- TAINTED_SCALAR pointer_deref_read
- TAINTED_SCALAR pointer_deref_write
- UNCAUGHT_EXCEPT none
|
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
|
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
|
- SENSITIVE_DATA_LEAK detailed_exceptions_hi
- SENSITIVE_DATA_LEAK detailed_exceptions_med
|
|
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- UNEXPECTED_CONTROL_FLOW ignored_exception_to_optional
|
- CONFIG.MISSING_GLOBAL_EXCEPTION_HANDLER winston_exception_handling
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
|
- CONFIG.MISSING_CUSTOM_ERROR_PAGE none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
|
| 729 OWASP Top Ten 2004 Category A8 - Insecure Storage |
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- INSECURE_COOKIE dotnet
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
|
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
|
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
|
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
|
- CONFIG.SPRING_BOOT_SSL_DISABLED spring_boot_ssl_disabled
- CONFIG.SPRING_SECURITY_EXPOSED_SESSIONID session_id_in_url
- CONFIG.SPRING_SECURITY_LOGIN_OVER_HTTP spring_security_login_over_http
- CONFIG.SPRING_SECURITY_UNSAFE_AUTHENTICATION_FILTER authentication_filter
- CONFIG.SPRING_SECURITY_WEAK_PASSWORD_HASH weak_encoding_for_password
- DISABLED_ENCRYPTION text_encryptor
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- INSECURE_COMMUNICATION insecure_communication
- INSECURE_COMMUNICATION none
- INSECURE_COMMUNICATION unencrypted_connection
- INSECURE_COOKIE java
- INSECURE_REMEMBER_ME_COOKIE remember_me_cookie
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
|
- AWS_SSL_DISABLED aws_ssl_disabled
- CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
- INSECURE_COMMUNICATION insecure_connection
- INSECURE_COOKIE client_sessions_express_session
- INSECURE_COOKIE hapi_server_session
- INSECURE_SALT hardcoded
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO insecure_cipher
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SA.RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
|
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- INSECURE_COMMUNICATION none
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
|
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
|
- HARDCODED_CREDENTIALS secret_in_source_med
- INSECURE_COOKIE cookie_missing_secure_flag_low
- RAILS_DEVISE_CONFIG devise_encryptor_hi
- STRICT_TRANSPORT_SECURITY force_ssl_disabled_med
- UNSAFE_SESSION_SETTING secure_cookies_hi
- UNSAFE_SESSION_SETTING session_secret_hi
- WEAK_PASSWORD_HASH weak_hash_digest_hi
- WEAK_PASSWORD_HASH weak_hash_digest_med
- WEAK_PASSWORD_HASH weak_hash_hmac_med
|
|
- CONFIG.ATS_INSECURE none
- INSECURE_COMMUNICATION none
- INSECURE_MULTIPEER_CONNECTION none
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
|
- AWS_SSL_DISABLED aws_ssl_disabled
- CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
- INSECURE_COMMUNICATION insecure_connection
- INSECURE_COOKIE client_sessions_express_session
- INSECURE_COOKIE hapi_server_session
- INSECURE_SALT hardcoded
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO insecure_cipher
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SA.RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
|
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
|
| 730 OWASP Top Ten 2004 Category A9 - Denial of Service |
- DIVIDE_BY_ZERO float_divisor
- DIVIDE_BY_ZERO none
- FORWARD_NULL deref_constant_null
- FORWARD_NULL deref_constant_zero
- FORWARD_NULL dynamic_cast
- FORWARD_NULL none
- FORWARD_NULL null_from_as
- FORWARD_NULL throws_on_null
- NULL_RETURNS none
- NULL_RETURNS unimpl
- RESOURCE_LEAK channel
- RESOURCE_LEAK database
- RESOURCE_LEAK exceptional_path
- RESOURCE_LEAK none
- RESOURCE_LEAK socket
- RESOURCE_LEAK stream
- REVERSE_INULL none
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- XML_EXTERNAL_ENTITY entity_expansion
- XML_EXTERNAL_ENTITY unrestricted_dtds
|
- ALLOC_FREE_MISMATCH none
- BAD_FREE address
- BAD_FREE alloca
- BAD_FREE array
- BAD_FREE first_field_address
- BAD_FREE function_pointer
- BAD_FREE none
- BUFFER_SIZE no_null_terminator
- BUFFER_SIZE no_null_terminator_warn
- COM.ADDROF_LEAK none
- COM.BAD_FREE none
- COM.BSTR.ALLOC leak
- CTOR_DTOR_LEAK none
- DELETE_ARRAY non_array_delete
- DELETE_ARRAY none
- DELETE_ARRAY object
- DELETE_ARRAY scalar
- DIVIDE_BY_ZERO float_divisor
- DIVIDE_BY_ZERO none
- FORWARD_NULL deref_constant_null
- FORWARD_NULL dynamic_cast
- FORWARD_NULL none
- FORWARD_NULL throws_on_null
- NO_EFFECT incomplete_delete
- NULL_RETURNS none
- NULL_RETURNS unimpl
- PW.DIVIDE_BY_ZERO none
- READLINK none
- RESOURCE_LEAK exceptional_path
- RESOURCE_LEAK fds_handles
- RESOURCE_LEAK none
- REVERSE_INULL none
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SIZECHECK no_null_terminator
- STACK_USE none
- STRING_NULL none
- TAINTED_SCALAR allocation
- TAINTED_SCALAR divisor
- UNCAUGHT_EXCEPT none
- VIRTUAL_DTOR empty_dtor
- VIRTUAL_DTOR none
|
- ALLOC_FREE_MISMATCH none
- BAD_FREE address
- BAD_FREE alloca
- BAD_FREE array
- BAD_FREE first_field_address
- BAD_FREE function_pointer
- BAD_FREE none
- BUFFER_SIZE no_null_terminator
- BUFFER_SIZE no_null_terminator_warn
- CTOR_DTOR_LEAK none
- DELETE_ARRAY non_array_delete
- DELETE_ARRAY none
- DELETE_ARRAY object
- DELETE_ARRAY scalar
- DIVIDE_BY_ZERO float_divisor
- DIVIDE_BY_ZERO none
- FORWARD_NULL deref_constant_null
- FORWARD_NULL dynamic_cast
- FORWARD_NULL none
- FORWARD_NULL throws_on_null
- NO_EFFECT incomplete_delete
- NULL_RETURNS none
- NULL_RETURNS unimpl
- PW.DIVIDE_BY_ZERO none
- READLINK none
- RESOURCE_LEAK exceptional_path
- RESOURCE_LEAK fds_handles
- RESOURCE_LEAK none
- REVERSE_INULL none
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SIZECHECK no_null_terminator
- STACK_USE none
- STRING_NULL none
- TAINTED_SCALAR allocation
- TAINTED_SCALAR divisor
- UNCAUGHT_EXCEPT none
- VIRTUAL_DTOR empty_dtor
- VIRTUAL_DTOR none
|
- DIVIDE_BY_ZERO float_divisor
- DIVIDE_BY_ZERO none
- FORWARD_NULL deref_constant_null
- FORWARD_NULL none
- NULL_RETURNS none
- NULL_RETURNS unimpl
- REVERSE_INULL none
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- XML_EXTERNAL_ENTITY entity_expansion
|
- BAD_CERT_VERIFICATION bad_revocation_check
- CALL_SUPER finalize
- DIVIDE_BY_ZERO float_divisor
- DIVIDE_BY_ZERO none
- FB.BC_NULL_INSTANCEOF none
- FB.DM_EXIT none
- FB.IL_INFINITE_RECURSIVE_LOOP none
- FB.NP_ALWAYS_NULL none
- FB.NP_ALWAYS_NULL_EXCEPTION none
- FB.NP_ARGUMENT_MIGHT_BE_NULL none
- FB.NP_BOOLEAN_RETURN_NULL none
- FB.NP_CLONE_COULD_RETURN_NULL none
- FB.NP_CLOSING_NULL none
- FB.NP_DEREFERENCE_OF_READLINE_VALUE none
- FB.NP_DOES_NOT_HANDLE_NULL none
- FB.NP_EQUALS_SHOULD_HANDLE_NULL_ARGUMENT none
- FB.NP_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR none
- FB.NP_GUARANTEED_DEREF none
- FB.NP_GUARANTEED_DEREF_ON_EXCEPTION_PATH none
- FB.NP_IMMEDIATE_DEREFERENCE_OF_READLINE none
- FB.NP_LOAD_OF_KNOWN_NULL_VALUE none
- FB.NP_METHOD_PARAMETER_RELAXING_ANNOTATION none
- FB.NP_METHOD_PARAMETER_TIGHTENS_ANNOTATION none
- FB.NP_METHOD_RETURN_RELAXING_ANNOTATION none
- FB.NP_NONNULL_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR none
- FB.NP_NONNULL_PARAM_VIOLATION none
- FB.NP_NONNULL_RETURN_VIOLATION none
- FB.NP_NULL_INSTANCEOF none
- FB.NP_NULL_ON_SOME_PATH none
- FB.NP_NULL_ON_SOME_PATH_EXCEPTION none
- FB.NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE none
- FB.NP_NULL_ON_SOME_PATH_MIGHT_BE_INFEASIBLE none
- FB.NP_NULL_PARAM_DEREF none
- FB.NP_NULL_PARAM_DEREF_ALL_TARGETS_DANGEROUS none
- FB.NP_NULL_PARAM_DEREF_NONVIRTUAL none
- FB.NP_OPTIONAL_RETURN_NULL none
- FB.NP_PARAMETER_MUST_BE_NONNULL_BUT_MARKED_AS_NULLABLE none
- FB.NP_STORE_INTO_NONNULL_FIELD none
- FB.NP_TOSTRING_COULD_RETURN_NULL none
- FB.NP_UNWRITTEN_FIELD none
- FB.NP_UNWRITTEN_PUBLIC_OR_PROTECTED_FIELD none
- FB.RCN_REDUNDANT_COMPARISON_OF_NULL_AND_NONNULL_VALUE none
- FB.RCN_REDUNDANT_COMPARISON_TWO_NULL_VALUES none
- FB.RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE none
- FB.RCN_REDUNDANT_NULLCHECK_OF_NULL_VALUE none
- FB.RCN_REDUNDANT_NULLCHECK_WOULD_HAVE_BEEN_A_NPE none
- FORWARD_NULL deref_constant_null
- FORWARD_NULL deref_constant_zero
- FORWARD_NULL needs_null_check
- FORWARD_NULL none
- NULL_RETURNS none
- NULL_RETURNS unimpl
- RESOURCE_LEAK exceptional_path
- RESOURCE_LEAK none
- RESOURCE_LEAK socket
- RESOURCE_LEAK stream
- REVERSE_INULL none
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- UNLIMITED_CONCURRENT_SESSIONS unlimited_concurrent_sessions
- XML_EXTERNAL_ENTITY entity_expansion
- XML_EXTERNAL_ENTITY unrestricted_dtds
|
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_fields
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_filesize
- CONFIG.CORDOVA_EXCESSIVE_LOGGING cordova
- CONFIG.SOCKETIO_MAXHTTPBUFFERSIZE_SET_TOO_LARGE socketio_max_buffer_size
- CONFIG.SOCKETIO_ORIGINS_ACCEPT_ALL socketio_all_origins
- EXPRESS_SESSION_UNSAFE_MEMORYSTORE express_session_unsafe_memorystore
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_fields
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_filesize
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_use_temp_files
- FORWARD_NULL bad_null_value_use
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_count
- MULTER_MISCONFIGURATION multer_misconfiguration_of_limits
- MULTER_MISCONFIGURATION multer_misconfiguration_of_storage
- NULL_RETURNS none
- REVERSE_INULL none
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- XML_EXTERNAL_ENTITY entity_expansion
|
- BAD_CERT_VERIFICATION bad_revocation_check
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- XML_EXTERNAL_ENTITY entity_expansion
- XML_EXTERNAL_ENTITY unrestricted_dtds
|
- ALLOC_FREE_MISMATCH none
- BAD_FREE address
- BAD_FREE alloca
- BAD_FREE array
- BAD_FREE first_field_address
- BAD_FREE function_pointer
- BAD_FREE none
- BUFFER_SIZE no_null_terminator
- BUFFER_SIZE no_null_terminator_warn
- CTOR_DTOR_LEAK none
- DELETE_ARRAY non_array_delete
- DELETE_ARRAY none
- DELETE_ARRAY object
- DELETE_ARRAY scalar
- DIVIDE_BY_ZERO float_divisor
- DIVIDE_BY_ZERO none
- FORWARD_NULL deref_constant_null
- FORWARD_NULL dynamic_cast
- FORWARD_NULL none
- FORWARD_NULL throws_on_null
- NO_EFFECT incomplete_delete
- NULL_RETURNS none
- NULL_RETURNS unimpl
- READLINK none
- RESOURCE_LEAK exceptional_path
- RESOURCE_LEAK fds_handles
- RESOURCE_LEAK none
- REVERSE_INULL none
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SIZECHECK no_null_terminator
- STACK_USE none
- STRING_NULL none
- TAINTED_SCALAR allocation
- TAINTED_SCALAR divisor
- UNCAUGHT_EXCEPT none
- VIRTUAL_DTOR empty_dtor
- VIRTUAL_DTOR none
|
- FORWARD_NULL bad_null_value_use
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
|
- FORWARD_NULL bad_null_value_use
- REVERSE_INULL none
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
|
- DIVIDE_BY_ZERO divide_by_zero_low
- DIVIDE_BY_ZERO divide_by_zero_med
- FORWARD_NULL bad_null_value_use
- RAILS_DEFAULT_ROUTES cve_2014_0130_hi
- RAILS_DEFAULT_ROUTES cve_2014_0130_med
- RAILS_DEVISE_CONFIG devise_reset_timeout_hi
- RESOURCE_LEAK unsafe_symbol_creation_low
- REVERSE_INULL none
- RUBY_VULNERABLE_LIBRARY cve_2012_3424_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_3424_low
- RUBY_VULNERABLE_LIBRARY cve_2013_1854_med
- RUBY_VULNERABLE_LIBRARY cve_2013_6414_med
- RUBY_VULNERABLE_LIBRARY cve_2014_0082_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_3227_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7581_med
- RUBY_VULNERABLE_LIBRARY cve_2016_0751_med
|
- FORWARD_NULL deref_constant_null
- FORWARD_NULL none
- REVERSE_INULL none
|
- FORWARD_NULL deref_constant_null
- FORWARD_NULL none
- REVERSE_INULL none
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
|
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_fields
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_filesize
- CONFIG.CORDOVA_EXCESSIVE_LOGGING cordova
- CONFIG.SOCKETIO_MAXHTTPBUFFERSIZE_SET_TOO_LARGE socketio_max_buffer_size
- CONFIG.SOCKETIO_ORIGINS_ACCEPT_ALL socketio_all_origins
- EXPRESS_SESSION_UNSAFE_MEMORYSTORE express_session_unsafe_memorystore
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_fields
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_filesize
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_use_temp_files
- FORWARD_NULL bad_null_value_use
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_count
- MULTER_MISCONFIGURATION multer_misconfiguration_of_limits
- MULTER_MISCONFIGURATION multer_misconfiguration_of_storage
- NULL_RETURNS none
- REVERSE_INULL none
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- XML_EXTERNAL_ENTITY entity_expansion
|
- DIVIDE_BY_ZERO float_divisor
- DIVIDE_BY_ZERO none
- FORWARD_NULL deref_constant_null
- FORWARD_NULL deref_constant_zero
- FORWARD_NULL dynamic_cast
- FORWARD_NULL none
- FORWARD_NULL null_from_as
- FORWARD_NULL throws_on_null
- NULL_RETURNS none
- RESOURCE_LEAK channel
- RESOURCE_LEAK database
- RESOURCE_LEAK exceptional_path
- RESOURCE_LEAK none
- RESOURCE_LEAK socket
- RESOURCE_LEAK stream
- REVERSE_INULL none
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- XML_EXTERNAL_ENTITY entity_expansion
- XML_EXTERNAL_ENTITY unrestricted_dtds
|
| 731 OWASP Top Ten 2004 Category A10 - Insecure Configuration Management |
- CONFIG.ASPNET_VERSION_HEADER none
- CONFIG.ASP_VIEWSTATE_MAC none
- CONFIG.CONNECTION_STRING_PASSWORD none
- CONFIG.COOKIES_MISSING_HTTPONLY none
- CONFIG.DEAD_AUTHORIZATION_RULE dead_allow_rule
- CONFIG.DEAD_AUTHORIZATION_RULE dead_deny_rule
- CONFIG.DYNAMIC_DATA_HTML_COMMENT none
- CONFIG.ENABLED_DEBUG_MODE none
- CONFIG.ENABLED_TRACE_MODE none
- CONFIG.MISSING_CUSTOM_ERROR_PAGE none
- INSECURE_COOKIE dotnet
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
|
- AUTOSAR C++14 A15-3-3 none
- DELETE_ARRAY non_array_delete
- DELETE_ARRAY none
- DELETE_ARRAY object
- DELETE_ARRAY scalar
- MISRA C++-2008 Rule 15-3-2 none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNCAUGHT_EXCEPT none
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
|
- AUTOSAR C++14 A15-3-3 none
- DELETE_ARRAY non_array_delete
- DELETE_ARRAY none
- DELETE_ARRAY object
- DELETE_ARRAY scalar
- MISRA C++-2008 Rule 15-3-2 none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNCAUGHT_EXCEPT none
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
|
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_transmission
|
- ANDROID_DEBUG_MODE none
- BAD_CERT_VERIFICATION bad_hostname_verifier
- BAD_CERT_VERIFICATION bad_revocation_check
- BAD_CERT_VERIFICATION bad_ssl_session
- BAD_CERT_VERIFICATION bad_trust_manager
- CALL_SUPER finalize
- CONFIG.ANDROID_BACKUPS_ALLOWED android
- CONFIG.DUPLICATE_SERVLET_DEFINITION none
- CONFIG.DWR_DEBUG_MODE none
- CONFIG.DYNAMIC_DATA_HTML_COMMENT none
- CONFIG.HTTP_VERB_TAMPERING none
- CONFIG.JAVAEE_MISSING_HTTPONLY none
- CONFIG.MISSING_GLOBAL_EXCEPTION_HANDLER none
- CONFIG.MISSING_JSF2_SECURITY_CONSTRAINT none
- CONFIG.SPRING_BOOT_SENSITIVE_LOGGING spring_boot_logging
- CONFIG.SPRING_BOOT_SSL_DISABLED spring_boot_certificate_validation_skipped
- CONFIG.SPRING_SECURITY_DEBUG_MODE spring_debug_mode_enabled
- CONFIG.SPRING_SECURITY_DISABLE_AUTH_TAGS none
- CONFIG.SPRING_SECURITY_HARDCODED_CREDENTIALS none
- CONFIG.SPRING_SECURITY_LOGIN_OVER_HTTP spring_security_login_over_http
- CONFIG.SPRING_SECURITY_REMEMBER_ME_HARDCODED_KEY none
- CONFIG.SPRING_SECURITY_SESSION_FIXATION none
- CONFIG.STRUTS2_CONFIG_BROWSER_PLUGIN none
- CONFIG.STRUTS2_DYNAMIC_METHOD_INVOCATION none
- CONFIG.STRUTS2_ENABLED_DEV_MODE none
- CONFIG.UNSAFE_SESSION_TIMEOUT none
- INSECURE_COMMUNICATION insecure_communication
- INSECURE_COMMUNICATION none
- INSECURE_COMMUNICATION unencrypted_connection
- INSECURE_HTTP_FIREWALL spring_security
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- VERBOSE_ERROR_REPORTING exception_information
- VERBOSE_ERROR_REPORTING stack_trace
|
- AWS_VALIDATION_DISABLED aws_credentials_validation
- BAD_CERT_VERIFICATION bad_cert_verification
- BAD_CERT_VERIFICATION certificate_validation_disabled
- CONFIG.ENABLED_DEBUG_MODE debug_mode_enabled
- CONFIG.MISSING_GLOBAL_EXCEPTION_HANDLER winston_exception_handling
- CONFIG.MYSQL_SSL_VERIFY_DISABLED mysql_ssl_verify_disabled
- CONFIG.REQUEST_STRICTSSL_DISABLED request_strictssl_disabled
- CONFIG.SEQUELIZE_ENABLED_LOGGING sequelize_logging_enabled
- EXPRESS_WINSTON_SENSITIVE_LOGGING error_logger
- EXPRESS_WINSTON_SENSITIVE_LOGGING meta_data
- EXPRESS_WINSTON_SENSITIVE_LOGGING request_logger
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_max_age
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_report_uri
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_set_if
- INSECURE_ACL insecure_acl
- INSECURE_COOKIE client_sessions_express_session
- INSECURE_COOKIE hapi_server_session
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_transmission
|
- ANDROID_DEBUG_MODE none
- BAD_CERT_VERIFICATION bad_hostname_verifier
- BAD_CERT_VERIFICATION bad_revocation_check
- BAD_CERT_VERIFICATION bad_ssl_session
- BAD_CERT_VERIFICATION bad_trust_manager
- CONFIG.ANDROID_BACKUPS_ALLOWED android
- INSECURE_COMMUNICATION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
|
- DELETE_ARRAY non_array_delete
- DELETE_ARRAY none
- DELETE_ARRAY object
- DELETE_ARRAY scalar
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNCAUGHT_EXCEPT none
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
|
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_transmission
|
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_transmission
|
- BAD_CERT_VERIFICATION ssl_verification_bypass_hi
- INSECURE_COOKIE missing_httponly_low
- SENSITIVE_DATA_LEAK detailed_exceptions_hi
- SENSITIVE_DATA_LEAK detailed_exceptions_med
- SENSITIVE_DATA_LEAK local_request_config_hi
- UNSAFE_SESSION_SETTING http_cookies_hi
|
|
- BAD_CERT_VERIFICATION bad_trust_manager
- BAD_CERT_VERIFICATION none
- INSECURE_COMMUNICATION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
|
- AWS_VALIDATION_DISABLED aws_credentials_validation
- BAD_CERT_VERIFICATION bad_cert_verification
- BAD_CERT_VERIFICATION certificate_validation_disabled
- CONFIG.ENABLED_DEBUG_MODE debug_mode_enabled
- CONFIG.MISSING_GLOBAL_EXCEPTION_HANDLER winston_exception_handling
- CONFIG.MYSQL_SSL_VERIFY_DISABLED mysql_ssl_verify_disabled
- CONFIG.REQUEST_STRICTSSL_DISABLED request_strictssl_disabled
- CONFIG.SEQUELIZE_ENABLED_LOGGING sequelize_logging_enabled
- EXPRESS_WINSTON_SENSITIVE_LOGGING error_logger
- EXPRESS_WINSTON_SENSITIVE_LOGGING meta_data
- EXPRESS_WINSTON_SENSITIVE_LOGGING request_logger
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_max_age
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_report_uri
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_set_if
- INSECURE_ACL insecure_acl
- INSECURE_COOKIE client_sessions_express_session
- INSECURE_COOKIE hapi_server_session
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_transmission
|
- CONFIG.DYNAMIC_DATA_HTML_COMMENT none
- CONFIG.MISSING_CUSTOM_ERROR_PAGE none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_transmission
|
| 732 Incorrect Permission Assignment for Critical Resource |
|
|
|
|
|
- INSECURE_ACL insecure_acl
- INSECURE_COOKIE client_sessions_express_session
- INSECURE_COOKIE hapi_server_session
|
|
|
|
|
- INSECURE_COOKIE missing_httponly_low
- UNSAFE_SESSION_SETTING http_cookies_hi
|
|
|
- INSECURE_ACL insecure_acl
- INSECURE_COOKIE client_sessions_express_session
- INSECURE_COOKIE hapi_server_session
|
|
| 733 Compiler Optimization Removal or Modification of Security-critical Code |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 734 Weaknesses Addressed by the CERT C Secure Coding Standard (2008) |
- BAD_EQ referential
- BAD_EQ_TYPES none
- BAD_LOCK_OBJECT boxed_lock
- BAD_LOCK_OBJECT interned_string_lock
- BAD_LOCK_OBJECT none
- BAD_LOCK_OBJECT single_thread_lock
- BAD_LOCK_OBJECT unsafe_assign_to_locked_field
- CONFIG.CONNECTION_STRING_PASSWORD none
- CONFIG.DYNAMIC_DATA_HTML_COMMENT none
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT missing_parentheses
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- DEADCODE dead_case_in_switch
- DEADCODE dead_default_in_switch
- DEADCODE effectively_constant
- DEADCODE none
- DEADCODE redundant_test
- DIVIDE_BY_ZERO float_divisor
- DIVIDE_BY_ZERO none
- FORWARD_NULL deref_constant_null
- FORWARD_NULL deref_constant_zero
- FORWARD_NULL dynamic_cast
- FORWARD_NULL none
- FORWARD_NULL null_from_as
- FORWARD_NULL throws_on_null
- GUARDED_BY_VIOLATION none
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HEADER_INJECTION none
- INSECURE_COOKIE dotnet
- INSECURE_RANDOM insecure_random_used
- INSECURE_RANDOM insecure_random_value
- LDAP_INJECTION none
- LDAP_NOT_CONSTANT none
- LOCK_EVASION none
- LOCK_INVERSION none
- LOG_INJECTION none
- NON_STATIC_GUARDING_STATIC none
- NOSQL_QUERY_INJECTION none
- NULL_RETURNS none
- NULL_RETURNS unimpl
- OPEN_REDIRECT none
- OS_CMD_INJECTION command_argument
- OS_CMD_INJECTION executable_file
- OS_CMD_INJECTION none
- OVERFLOW_BEFORE_WIDEN none
- PATH_MANIPULATION none
- REGEX_INJECTION none
- RESOURCE_LEAK channel
- RESOURCE_LEAK database
- RESOURCE_LEAK exceptional_path
- RESOURCE_LEAK none
- RESOURCE_LEAK socket
- RESOURCE_LEAK stream
- REVERSE_INULL none
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
- SWAPPED_ARGUMENTS none
- UNKNOWN_LANGUAGE_INJECTION none
- UNREACHABLE none
- UNRESTRICTED_DISPATCH none
- UNSAFE_NAMED_QUERY none
- UNUSED_VALUE adjacent
- UNUSED_VALUE none
- VOLATILE_ATOMICITY compare
- VOLATILE_ATOMICITY none
- VOLATILE_ATOMICITY semantic
- VOLATILE_ATOMICITY threshold
- XML_INJECTION none
- XPATH_INJECTION none
- XSS none
- XSS stored_xss
|
- ALLOC_FREE_MISMATCH none
- ARRAY_VS_SINGLETON none
- ATOMICITY none
- BAD_ALLOC_ARITHMETIC none
- BAD_ALLOC_STRLEN none
- BAD_COMPARE comparator_misuse
- BAD_COMPARE misuse_of_not
- BAD_COMPARE none
- BAD_COMPARE string_lit_comparison
- BAD_FREE address
- BAD_FREE alloca
- BAD_FREE array
- BAD_FREE first_field_address
- BAD_FREE function_pointer
- BAD_FREE none
- BAD_SIZEOF none
- BAD_SIZEOF sizeof_ptr_expr
- BUFFER_SIZE fixed_size_dest
- BUFFER_SIZE likely_overflow
- BUFFER_SIZE no_null_terminator
- BUFFER_SIZE no_null_terminator_warn
- BUFFER_SIZE none
- BUFFER_SIZE overflow
- BUFFER_SIZE overlapping_buffer
- CHAR_IO none
- CHECKED_RETURN library_function
- CHECKED_RETURN none
- CHECKED_RETURN returns_error_info
- CHECKED_RETURN short_read
- CHECKED_RETURN unchecked_arg
- CHECKED_RETURN user_required
- COM.ADDROF_LEAK none
- COM.BAD_FREE none
- COM.BSTR.ALLOC double_free
- COM.BSTR.ALLOC free_uninit
- COM.BSTR.ALLOC leak
- COM.BSTR.ALLOC none
- COM.BSTR.ALLOC use_after_free
- COM.BSTR.ALLOC use_uninit
- COM.BSTR.CONV none
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT missing_parentheses
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- CTOR_DTOR_LEAK none
- DC.PREDICTABLE_KEY_PASSWORD none
- DC.STREAM_BUFFER none
- DC.STRING_BUFFER none
- DC.WEAK_CRYPTO none
- DEADCODE dead_case_in_switch
- DEADCODE dead_default_in_switch
- DEADCODE effectively_constant
- DEADCODE none
- DEADCODE redundant_test
- DELETE_ARRAY non_array_delete
- DELETE_ARRAY none
- DELETE_ARRAY object
- DELETE_ARRAY scalar
- DIVIDE_BY_ZERO float_divisor
- DIVIDE_BY_ZERO none
- FORMAT_STRING_INJECTION none
- FORMAT_STRING_INJECTION paranoid
- FORWARD_NULL deref_constant_null
- FORWARD_NULL dynamic_cast
- FORWARD_NULL none
- FORWARD_NULL throws_on_null
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HEADER_INJECTION none
- INCOMPATIBLE_CAST float_vs_integral
- INCOMPATIBLE_CAST none
- INCOMPATIBLE_CAST overrun
- INTEGER_OVERFLOW array_index_read
- INTEGER_OVERFLOW array_index_write
- INTEGER_OVERFLOW const_overflow
- INTEGER_OVERFLOW critical_argument
- INTEGER_OVERFLOW none
- INTEGER_OVERFLOW pointer_deref_read
- INTEGER_OVERFLOW pointer_deref_write
- INTEGER_OVERFLOW return_value_error
- INVALIDATE_ITERATOR none
- LOCK double_lock
- LOCK missing_unlock
- LOCK none
- MISMATCHED_ITERATOR none
- MISMATCHED_ITERATOR splice_iterator_mismatch
- MISRA_CAST bitwise_op_bad_cast
- MISRA_CAST bitwise_op_no_cast
- MISRA_CAST float_complex_conversion
- MISRA_CAST float_narrowing_conversion
- MISRA_CAST float_non_constant_arg_conversion
- MISRA_CAST float_non_constant_conversion
- MISRA_CAST float_non_constant_rtn_conversion
- MISRA_CAST float_to_integer_cast
- MISRA_CAST float_to_integer_conversion
- MISRA_CAST float_widening_cast
- MISRA_CAST integer_complex_conversion
- MISRA_CAST integer_narrowing_conversion
- MISRA_CAST integer_non_constant_arg_conversion
- MISRA_CAST integer_non_constant_conversion
- MISRA_CAST integer_non_constant_rtn_conversion
- MISRA_CAST integer_signedness_changing_cast
- MISRA_CAST integer_signedness_changing_conversion
- MISRA_CAST integer_to_float_cast
- MISRA_CAST integer_to_float_conversion
- MISRA_CAST integer_widening_cast
- MISRA_CAST none
- MISSING_ASSIGN none
- MISSING_ASSIGN uncalled
- MISSING_COPY none
- MISSING_COPY uncalled
- MISSING_LOCK none
- NEGATIVE_RETURNS array_index_read
- NEGATIVE_RETURNS array_index_write
- NEGATIVE_RETURNS critical_argument
- NEGATIVE_RETURNS loop_bound
- NEGATIVE_RETURNS none
- NO_EFFECT bad_memset_fill_value
- NO_EFFECT bad_memset_truncated_fill
- NO_EFFECT bad_memset_zero_size
- NO_EFFECT extra_comma
- NO_EFFECT incomplete_delete
- NO_EFFECT no_effect_test
- NO_EFFECT self_assign
- NO_EFFECT unsigned_compare
- NO_EFFECT unsigned_compare_macros
- NO_EFFECT unsigned_enums
- NULL_RETURNS none
- NULL_RETURNS unimpl
- ORDER_REVERSAL none
- OS_CMD_INJECTION none
- OVERFLOW_BEFORE_WIDEN none
- OVERRUN illegal_address
- OVERRUN none
- OVERRUN read
- OVERRUN strlen
- OVERRUN write
- PATH_MANIPULATION none
- PRINTF_ARGS extra_printf_arg
- PRINTF_ARGS invalid_type_printf_arg
- PRINTF_ARGS missing_printf_arg
- PW.ASSIGN_WHERE_COMPARE_MEANT none
- PW.BAD_CAST none
- PW.BAD_PRINTF_FORMAT_STRING none
- PW.BRANCH_PAST_INITIALIZATION none
- PW.CONVERSION_TO_POINTER_LOSES_BITS none
- PW.DIVIDE_BY_ZERO none
- PW.INTEGER_OVERFLOW none
- PW.INTEGER_TOO_LARGE none
- PW.NON_CONST_PRINTF_FORMAT_STRING none
- PW.RETURN_PTR_TO_LOCAL_TEMP none
- PW.SHIFT_COUNT_TOO_LARGE none
- PW.TOO_FEW_PRINTF_ARGS none
- PW.TOO_MANY_PRINTF_ARGS none
- PW.UNSIGNED_COMPARE_WITH_NEGATIVE none
- READLINK none
- RESOURCE_LEAK exceptional_path
- RESOURCE_LEAK fds_handles
- RESOURCE_LEAK none
- RETURN_LOCAL escape_local_addr_to_fields_or_globals
- RETURN_LOCAL none
- REVERSE_INULL none
- REVERSE_NEGATIVE array_index_read
- REVERSE_NEGATIVE array_index_write
- REVERSE_NEGATIVE critical_argument
- REVERSE_NEGATIVE none
- SECURE_CODING none
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SIGN_EXTENSION none
- SIZECHECK ampersand_in_size
- SIZECHECK improper_new
- SIZECHECK incorrect_multiplication
- SIZECHECK likely_overflow
- SIZECHECK no_null_terminator
- SIZECHECK none
- SIZEOF_MISMATCH missing_parentheses
- SIZEOF_MISMATCH sizeof_punning
- SLEEP none
- SQLI none
- STRING_NULL none
- STRING_OVERFLOW fixed_size_dest
- STRING_OVERFLOW likely_overflow
- STRING_OVERFLOW none
- STRING_SIZE none
- SWAPPED_ARGUMENTS none
- TAINTED_SCALAR allocation
- TAINTED_SCALAR array_index_read
- TAINTED_SCALAR array_index_write
- TAINTED_SCALAR critical_argument
- TAINTED_SCALAR divisor
- TAINTED_SCALAR loop_bound
- TAINTED_SCALAR none
- TAINTED_SCALAR pointer_deref_read
- TAINTED_SCALAR pointer_deref_write
- TAINTED_STRING none
- TOCTOU none
- UNCAUGHT_EXCEPT none
- UNINIT array_index_read
- UNINIT array_index_write
- UNINIT none
- UNINIT pointer_deref_read
- UNINIT pointer_deref_write
- UNINIT_CTOR none
- UNINIT_CTOR pointer
- UNREACHABLE none
- UNUSED_VALUE adjacent
- UNUSED_VALUE none
- URL_MANIPULATION none
- USER_POINTER none
- USE_AFTER_FREE deref_read_after_free
- USE_AFTER_FREE deref_write_after_free
- USE_AFTER_FREE double_free
- USE_AFTER_FREE none
- VIRTUAL_DTOR empty_dtor
- VIRTUAL_DTOR none
- WRAPPER_ESCAPE COM_deref_read_after_free
- WRAPPER_ESCAPE COM_deref_write_after_free
- WRAPPER_ESCAPE COM_use_after_free
- WRAPPER_ESCAPE deref_read_after_free
- WRAPPER_ESCAPE deref_write_after_free
- WRAPPER_ESCAPE none
- XPATH_INJECTION none
- Y2K38_SAFETY declaration_with_small_time_t
- Y2K38_SAFETY truncation_of_time_t
|
- ALLOC_FREE_MISMATCH none
- ARRAY_VS_SINGLETON none
- ATOMICITY none
- BAD_ALLOC_ARITHMETIC none
- BAD_ALLOC_STRLEN none
- BAD_COMPARE comparator_misuse
- BAD_COMPARE misuse_of_not
- BAD_COMPARE none
- BAD_COMPARE string_lit_comparison
- BAD_FREE address
- BAD_FREE alloca
- BAD_FREE array
- BAD_FREE first_field_address
- BAD_FREE function_pointer
- BAD_FREE none
- BAD_SIZEOF none
- BAD_SIZEOF sizeof_ptr_expr
- BUFFER_SIZE fixed_size_dest
- BUFFER_SIZE likely_overflow
- BUFFER_SIZE no_null_terminator
- BUFFER_SIZE no_null_terminator_warn
- BUFFER_SIZE none
- BUFFER_SIZE overflow
- BUFFER_SIZE overlapping_buffer
- CHAR_IO none
- CHECKED_RETURN library_function
- CHECKED_RETURN none
- CHECKED_RETURN returns_error_info
- CHECKED_RETURN short_read
- CHECKED_RETURN unchecked_arg
- CHECKED_RETURN user_required
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT missing_parentheses
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- CTOR_DTOR_LEAK none
- DC.PREDICTABLE_KEY_PASSWORD none
- DC.STREAM_BUFFER none
- DC.STRING_BUFFER none
- DC.WEAK_CRYPTO none
- DEADCODE dead_case_in_switch
- DEADCODE dead_default_in_switch
- DEADCODE effectively_constant
- DEADCODE none
- DEADCODE redundant_test
- DELETE_ARRAY non_array_delete
- DELETE_ARRAY none
- DELETE_ARRAY object
- DELETE_ARRAY scalar
- DIVIDE_BY_ZERO float_divisor
- DIVIDE_BY_ZERO none
- FORMAT_STRING_INJECTION none
- FORMAT_STRING_INJECTION paranoid
- FORWARD_NULL deref_constant_null
- FORWARD_NULL dynamic_cast
- FORWARD_NULL none
- FORWARD_NULL throws_on_null
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HEADER_INJECTION none
- INCOMPATIBLE_CAST float_vs_integral
- INCOMPATIBLE_CAST none
- INCOMPATIBLE_CAST overrun
- INTEGER_OVERFLOW array_index_read
- INTEGER_OVERFLOW array_index_write
- INTEGER_OVERFLOW const_overflow
- INTEGER_OVERFLOW critical_argument
- INTEGER_OVERFLOW none
- INTEGER_OVERFLOW pointer_deref_read
- INTEGER_OVERFLOW pointer_deref_write
- INTEGER_OVERFLOW return_value_error
- INVALIDATE_ITERATOR none
- LOCK double_lock
- LOCK missing_unlock
- LOCK none
- MISMATCHED_ITERATOR none
- MISMATCHED_ITERATOR splice_iterator_mismatch
- MISRA_CAST bitwise_op_bad_cast
- MISRA_CAST bitwise_op_no_cast
- MISRA_CAST float_complex_conversion
- MISRA_CAST float_narrowing_conversion
- MISRA_CAST float_non_constant_arg_conversion
- MISRA_CAST float_non_constant_conversion
- MISRA_CAST float_non_constant_rtn_conversion
- MISRA_CAST float_to_integer_cast
- MISRA_CAST float_to_integer_conversion
- MISRA_CAST float_widening_cast
- MISRA_CAST integer_complex_conversion
- MISRA_CAST integer_narrowing_conversion
- MISRA_CAST integer_non_constant_arg_conversion
- MISRA_CAST integer_non_constant_conversion
- MISRA_CAST integer_non_constant_rtn_conversion
- MISRA_CAST integer_signedness_changing_cast
- MISRA_CAST integer_signedness_changing_conversion
- MISRA_CAST integer_to_float_cast
- MISRA_CAST integer_to_float_conversion
- MISRA_CAST integer_widening_cast
- MISRA_CAST none
- MISSING_ASSIGN none
- MISSING_ASSIGN uncalled
- MISSING_COPY none
- MISSING_COPY uncalled
- MISSING_LOCK none
- NEGATIVE_RETURNS array_index_read
- NEGATIVE_RETURNS array_index_write
- NEGATIVE_RETURNS critical_argument
- NEGATIVE_RETURNS loop_bound
- NEGATIVE_RETURNS none
- NO_EFFECT bad_memset_fill_value
- NO_EFFECT bad_memset_truncated_fill
- NO_EFFECT bad_memset_zero_size
- NO_EFFECT extra_comma
- NO_EFFECT incomplete_delete
- NO_EFFECT no_effect_test
- NO_EFFECT self_assign
- NO_EFFECT unsigned_compare
- NO_EFFECT unsigned_compare_macros
- NO_EFFECT unsigned_enums
- NULL_RETURNS none
- NULL_RETURNS unimpl
- ORDER_REVERSAL none
- OS_CMD_INJECTION none
- OVERFLOW_BEFORE_WIDEN none
- OVERRUN illegal_address
- OVERRUN none
- OVERRUN read
- OVERRUN strlen
- OVERRUN write
- PATH_MANIPULATION none
- PRINTF_ARGS extra_printf_arg
- PRINTF_ARGS invalid_type_printf_arg
- PRINTF_ARGS missing_printf_arg
- PW.ASSIGN_WHERE_COMPARE_MEANT none
- PW.BAD_CAST none
- PW.BAD_PRINTF_FORMAT_STRING none
- PW.BRANCH_PAST_INITIALIZATION none
- PW.CONVERSION_TO_POINTER_LOSES_BITS none
- PW.DIVIDE_BY_ZERO none
- PW.INTEGER_OVERFLOW none
- PW.INTEGER_TOO_LARGE none
- PW.NON_CONST_PRINTF_FORMAT_STRING none
- PW.RETURN_PTR_TO_LOCAL_TEMP none
- PW.SHIFT_COUNT_TOO_LARGE none
- PW.TOO_FEW_PRINTF_ARGS none
- PW.TOO_MANY_PRINTF_ARGS none
- PW.UNSIGNED_COMPARE_WITH_NEGATIVE none
- READLINK none
- RESOURCE_LEAK exceptional_path
- RESOURCE_LEAK fds_handles
- RESOURCE_LEAK none
- RETURN_LOCAL escape_local_addr_to_fields_or_globals
- RETURN_LOCAL none
- REVERSE_INULL none
- REVERSE_NEGATIVE array_index_read
- REVERSE_NEGATIVE array_index_write
- REVERSE_NEGATIVE critical_argument
- REVERSE_NEGATIVE none
- SECURE_CODING none
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SIGN_EXTENSION none
- SIZECHECK ampersand_in_size
- SIZECHECK improper_new
- SIZECHECK incorrect_multiplication
- SIZECHECK likely_overflow
- SIZECHECK no_null_terminator
- SIZECHECK none
- SIZEOF_MISMATCH missing_parentheses
- SIZEOF_MISMATCH sizeof_punning
- SLEEP none
- SQLI none
- STRING_NULL none
- STRING_OVERFLOW fixed_size_dest
- STRING_OVERFLOW likely_overflow
- STRING_OVERFLOW none
- STRING_SIZE none
- SWAPPED_ARGUMENTS none
- TAINTED_SCALAR allocation
- TAINTED_SCALAR array_index_read
- TAINTED_SCALAR array_index_write
- TAINTED_SCALAR critical_argument
- TAINTED_SCALAR divisor
- TAINTED_SCALAR loop_bound
- TAINTED_SCALAR none
- TAINTED_SCALAR pointer_deref_read
- TAINTED_SCALAR pointer_deref_write
- TAINTED_STRING none
- TOCTOU none
- UNCAUGHT_EXCEPT none
- UNINIT array_index_read
- UNINIT array_index_write
- UNINIT none
- UNINIT pointer_deref_read
- UNINIT pointer_deref_write
- UNINIT_CTOR none
- UNINIT_CTOR pointer
- UNREACHABLE none
- UNUSED_VALUE adjacent
- UNUSED_VALUE none
- URL_MANIPULATION none
- USER_POINTER none
- USE_AFTER_FREE deref_read_after_free
- USE_AFTER_FREE deref_write_after_free
- USE_AFTER_FREE double_free
- USE_AFTER_FREE none
- VIRTUAL_DTOR empty_dtor
- VIRTUAL_DTOR none
- WRAPPER_ESCAPE COM_deref_read_after_free
- WRAPPER_ESCAPE COM_deref_write_after_free
- WRAPPER_ESCAPE COM_use_after_free
- WRAPPER_ESCAPE deref_read_after_free
- WRAPPER_ESCAPE deref_write_after_free
- WRAPPER_ESCAPE none
- XPATH_INJECTION none
|
- ATOMICITY none
- CHECKED_RETURN none
- CHECKED_RETURN unchecked_arg
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT missing_parentheses
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- DEADCODE dead_case_in_switch
- DEADCODE dead_default_in_switch
- DEADCODE effectively_constant
- DEADCODE none
- DEADCODE redundant_test
- DIVIDE_BY_ZERO float_divisor
- DIVIDE_BY_ZERO none
- FORWARD_NULL deref_constant_null
- FORWARD_NULL none
- GUARDED_BY_VIOLATION none
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HEADER_INJECTION none
- LOCK double_lock
- LOCK missing_unlock
- LOCK none
- LOCK_INVERSION none
- NOSQL_QUERY_INJECTION none
- NULL_RETURNS none
- NULL_RETURNS unimpl
- OPEN_REDIRECT none
- OS_CMD_INJECTION command_as_one_string
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- REVERSE_INULL none
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SLEEP none
- SQLI none
- SQLI nosink
- SQLI sink
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
- TEMPLATE_INJECTION none
- UNUSED_VALUE adjacent
- UNUSED_VALUE none
- URL_MANIPULATION none
- XSS none
|
- ATOMICITY none
- BAD_CERT_VERIFICATION bad_revocation_check
- BAD_LOCK_OBJECT boxed_lock
- BAD_LOCK_OBJECT interned_string_lock
- BAD_LOCK_OBJECT none
- BAD_LOCK_OBJECT single_thread_lock
- BAD_LOCK_OBJECT unsafe_assign_to_locked_field
- CALL_SUPER finalize
- CHECKED_RETURN library_function
- CHECKED_RETURN none
- CHECKED_RETURN short_read
- CHECKED_RETURN user_required
- CONFIG.ANDROID_BACKUPS_ALLOWED android
- CONFIG.DYNAMIC_DATA_HTML_COMMENT none
- CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
- CONFIG.MYBATIS_MAPPER_SQLI none
- CONFIG.SPRING_BOOT_SENSITIVE_LOGGING spring_boot_logging
- CONFIG.SPRING_SECURITY_DEPRECATED_XSS_HEADER deprecated_xss_header
- CONFIG.SPRING_SECURITY_HARDCODED_CREDENTIALS none
- CONFIG.SPRING_SECURITY_REMEMBER_ME_HARDCODED_KEY none
- CONFIG.STRUTS2_CONFIG_BROWSER_PLUGIN none
- CONFIG.STRUTS2_DYNAMIC_METHOD_INVOCATION none
- CONFIG.STRUTS2_ENABLED_DEV_MODE none
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT missing_parentheses
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
- DC.DANGEROUS none
- DC.DEADLOCK none
- DEADCODE dead_case_in_switch
- DEADCODE dead_default_in_switch
- DEADCODE effectively_constant
- DEADCODE none
- DEADCODE redundant_test
- DIVIDE_BY_ZERO float_divisor
- DIVIDE_BY_ZERO none
- EL_INJECTION none
- FB.BC_IMPOSSIBLE_CAST none
- FB.BC_IMPOSSIBLE_DOWNCAST none
- FB.BC_IMPOSSIBLE_DOWNCAST_OF_TOARRAY none
- FB.BC_IMPOSSIBLE_INSTANCEOF none
- FB.BC_NULL_INSTANCEOF none
- FB.BC_VACUOUS_INSTANCEOF none
- FB.BX_BOXING_IMMEDIATELY_UNBOXED_TO_PERFORM_COERCION none
- FB.DC_DOUBLECHECK none
- FB.DC_PARTIALLY_CONSTRUCTED none
- FB.DE_MIGHT_DROP none
- FB.DE_MIGHT_IGNORE none
- FB.DLS_DEAD_LOCAL_INCREMENT_IN_RETURN none
- FB.DLS_DEAD_LOCAL_STORE none
- FB.DLS_DEAD_LOCAL_STORE_IN_RETURN none
- FB.DLS_DEAD_LOCAL_STORE_OF_NULL none
- FB.DLS_DEAD_LOCAL_STORE_SHADOWS_FIELD none
- FB.DLS_DEAD_STORE_OF_CLASS_LITERAL none
- FB.DLS_OVERWRITTEN_INCREMENT none
- FB.DMI_ANNOTATION_IS_NOT_VISIBLE_TO_REFLECTION none
- FB.DMI_ARGUMENTS_WRONG_ORDER none
- FB.DMI_BAD_MONTH none
- FB.DMI_BIGDECIMAL_CONSTRUCTED_FROM_DOUBLE none
- FB.DMI_BLOCKING_METHODS_ON_URL none
- FB.DMI_CALLING_NEXT_FROM_HASNEXT none
- FB.DMI_COLLECTIONS_SHOULD_NOT_CONTAIN_THEMSELVES none
- FB.DMI_COLLECTION_OF_URLS none
- FB.DMI_CONSTANT_DB_PASSWORD none
- FB.DMI_DOH none
- FB.DMI_EMPTY_DB_PASSWORD none
- FB.DMI_ENTRY_SETS_MAY_REUSE_ENTRY_OBJECTS none
- FB.DMI_FUTILE_ATTEMPT_TO_CHANGE_MAXPOOL_SIZE_OF_SCHEDULED_THREAD none
- FB.DMI_HARDCODED_ABSOLUTE_FILENAME none
- FB.DMI_INVOKING_HASHCODE_ON_ARRAY none
- FB.DMI_INVOKING_TOSTRING_ON_ANONYMOUS_ARRAY none
- FB.DMI_INVOKING_TOSTRING_ON_ARRAY none
- FB.DMI_LONG_BITS_TO_DOUBLE_INVOKED_ON_INT none
- FB.DMI_NONSERIALIZABLE_OBJECT_WRITTEN none
- FB.DMI_RANDOM_USED_ONLY_ONCE none
- FB.DMI_SCHEDULED_THREAD_POOL_EXECUTOR_WITH_ZERO_CORE_THREADS none
- FB.DMI_THREAD_PASSED_WHERE_RUNNABLE_EXPECTED none
- FB.DMI_UNSUPPORTED_METHOD none
- FB.DMI_USELESS_SUBSTRING none
- FB.DMI_USING_REMOVEALL_TO_CLEAR_COLLECTION none
- FB.DMI_VACUOUS_CALL_TO_EASYMOCK_METHOD none
- FB.DMI_VACUOUS_SELF_COLLECTION_CALL none
- FB.DM_EXIT none
- FB.EQ_ABSTRACT_SELF none
- FB.EQ_ALWAYS_FALSE none
- FB.EQ_ALWAYS_TRUE none
- FB.EQ_CHECK_FOR_OPERAND_NOT_COMPATIBLE_WITH_THIS none
- FB.EQ_COMPARETO_USE_OBJECT_EQUALS none
- FB.EQ_COMPARING_CLASS_NAMES none
- FB.EQ_DOESNT_OVERRIDE_EQUALS none
- FB.EQ_DONT_DEFINE_EQUALS_FOR_ENUM none
- FB.EQ_GETCLASS_AND_CLASS_CONSTANT none
- FB.EQ_OTHER_NO_OBJECT none
- FB.EQ_OTHER_USE_OBJECT none
- FB.EQ_OVERRIDING_EQUALS_NOT_SYMMETRIC none
- FB.EQ_SELF_NO_OBJECT none
- FB.EQ_SELF_USE_OBJECT none
- FB.EQ_UNUSUAL none
- FB.ES_COMPARING_PARAMETER_STRING_WITH_EQ none
- FB.ES_COMPARING_STRINGS_WITH_EQ none
- FB.HRS_REQUEST_PARAMETER_TO_COOKIE none
- FB.HRS_REQUEST_PARAMETER_TO_HTTP_HEADER none
- FB.ICAST_BAD_SHIFT_AMOUNT none
- FB.ICAST_IDIV_CAST_TO_DOUBLE none
- FB.ICAST_INTEGER_MULTIPLY_CAST_TO_LONG none
- FB.ICAST_INT_2_LONG_AS_INSTANT none
- FB.ICAST_INT_CAST_TO_DOUBLE_PASSED_TO_CEIL none
- FB.ICAST_INT_CAST_TO_FLOAT_PASSED_TO_ROUND none
- FB.ICAST_QUESTIONABLE_UNSIGNED_RIGHT_SHIFT none
- FB.IP_PARAMETER_IS_DEAD_BUT_OVERWRITTEN none
- FB.IS2_INCONSISTENT_SYNC none
- FB.IS_FIELD_NOT_GUARDED none
- FB.IS_INCONSISTENT_SYNC none
- FB.LI_LAZY_INIT_STATIC none
- FB.LI_LAZY_INIT_UPDATE_STATIC none
- FB.NP_ALWAYS_NULL none
- FB.NP_ALWAYS_NULL_EXCEPTION none
- FB.NP_ARGUMENT_MIGHT_BE_NULL none
- FB.NP_BOOLEAN_RETURN_NULL none
- FB.NP_CLONE_COULD_RETURN_NULL none
- FB.NP_CLOSING_NULL none
- FB.NP_DEREFERENCE_OF_READLINE_VALUE none
- FB.NP_DOES_NOT_HANDLE_NULL none
- FB.NP_EQUALS_SHOULD_HANDLE_NULL_ARGUMENT none
- FB.NP_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR none
- FB.NP_GUARANTEED_DEREF none
- FB.NP_GUARANTEED_DEREF_ON_EXCEPTION_PATH none
- FB.NP_IMMEDIATE_DEREFERENCE_OF_READLINE none
- FB.NP_LOAD_OF_KNOWN_NULL_VALUE none
- FB.NP_METHOD_PARAMETER_RELAXING_ANNOTATION none
- FB.NP_METHOD_PARAMETER_TIGHTENS_ANNOTATION none
- FB.NP_METHOD_RETURN_RELAXING_ANNOTATION none
- FB.NP_NONNULL_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR none
- FB.NP_NONNULL_PARAM_VIOLATION none
- FB.NP_NONNULL_RETURN_VIOLATION none
- FB.NP_NULL_INSTANCEOF none
- FB.NP_NULL_ON_SOME_PATH none
- FB.NP_NULL_ON_SOME_PATH_EXCEPTION none
- FB.NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE none
- FB.NP_NULL_ON_SOME_PATH_MIGHT_BE_INFEASIBLE none
- FB.NP_NULL_PARAM_DEREF none
- FB.NP_NULL_PARAM_DEREF_ALL_TARGETS_DANGEROUS none
- FB.NP_NULL_PARAM_DEREF_NONVIRTUAL none
- FB.NP_OPTIONAL_RETURN_NULL none
- FB.NP_PARAMETER_MUST_BE_NONNULL_BUT_MARKED_AS_NULLABLE none
- FB.NP_STORE_INTO_NONNULL_FIELD none
- FB.NP_TOSTRING_COULD_RETURN_NULL none
- FB.NP_UNWRITTEN_FIELD none
- FB.NP_UNWRITTEN_PUBLIC_OR_PROTECTED_FIELD none
- FB.PT_ABSOLUTE_PATH_TRAVERSAL none
- FB.PT_RELATIVE_PATH_TRAVERSAL none
- FB.QBA_QUESTIONABLE_BOOLEAN_ASSIGNMENT none
- FB.RCN_REDUNDANT_COMPARISON_OF_NULL_AND_NONNULL_VALUE none
- FB.RCN_REDUNDANT_COMPARISON_TWO_NULL_VALUES none
- FB.RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE none
- FB.RCN_REDUNDANT_NULLCHECK_OF_NULL_VALUE none
- FB.RCN_REDUNDANT_NULLCHECK_WOULD_HAVE_BEEN_A_NPE none
- FB.REC_CATCH_EXCEPTION none
- FB.RE_BAD_SYNTAX_FOR_REGULAR_EXPRESSION none
- FB.RE_CANT_USE_FILE_SEPARATOR_AS_REGULAR_EXPRESSION none
- FB.RE_POSSIBLE_UNINTENDED_PATTERN none
- FB.RU_INVOKE_RUN none
- FB.RV_01_TO_INT none
- FB.RV_ABSOLUTE_VALUE_OF_HASHCODE none
- FB.RV_ABSOLUTE_VALUE_OF_RANDOM_INT none
- FB.RV_CHECK_COMPARETO_FOR_SPECIFIC_RETURN_VALUE none
- FB.RV_CHECK_FOR_POSITIVE_INDEXOF none
- FB.RV_DONT_JUST_NULL_CHECK_READLINE none
- FB.RV_EXCEPTION_NOT_THROWN none
- FB.RV_NEGATING_RESULT_OF_COMPARETO none
- FB.RV_REM_OF_HASHCODE none
- FB.RV_REM_OF_RANDOM_INT none
- FB.RV_RETURN_VALUE_IGNORED none
- FB.RV_RETURN_VALUE_IGNORED2 none
- FB.RV_RETURN_VALUE_IGNORED_BAD_PRACTICE none
- FB.RV_RETURN_VALUE_IGNORED_INFERRED none
- FB.RV_RETURN_VALUE_IGNORED_NO_SIDE_EFFECT none
- FB.RV_RETURN_VALUE_OF_PUTIFABSENT_IGNORED none
- FB.SQL_NONCONSTANT_STRING_PASSED_TO_EXECUTE none
- FB.SQL_PREPARED_STATEMENT_GENERATED_FROM_NONCONSTANT_STRING none
- FB.STCAL_INVOKE_ON_STATIC_CALENDAR_INSTANCE none
- FB.STCAL_INVOKE_ON_STATIC_DATE_FORMAT_INSTANCE none
- FB.STCAL_STATIC_CALENDAR_INSTANCE none
- FB.STCAL_STATIC_SIMPLE_DATE_FORMAT_INSTANCE none
- FB.XSS_REQUEST_PARAMETER_TO_JSP_WRITER none
- FB.XSS_REQUEST_PARAMETER_TO_SEND_ERROR none
- FB.XSS_REQUEST_PARAMETER_TO_SERVLET_WRITER none
- FORWARD_NULL deref_constant_null
- FORWARD_NULL deref_constant_zero
- FORWARD_NULL needs_null_check
- FORWARD_NULL none
- GUARDED_BY_VIOLATION none
- GUARDED_BY_VIOLATION unlocked_read
- GUARDED_BY_VIOLATION unlocked_write
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HEADER_INJECTION none
- HIBERNATE_BAD_HASHCODE bad_equals
- INSECURE_HTTP_FIREWALL spring_security
- INSECURE_RANDOM insecure_random_used
- INSECURE_RANDOM insecure_random_value
- INSECURE_REMEMBER_ME_COOKIE remember_me_cookie
- INVALIDATE_ITERATOR map_put
- INVALIDATE_ITERATOR none
- JAVA_CODE_INJECTION none
- JCR_INJECTION none
- JSP_DYNAMIC_INCLUDE none
- JSP_SQL_INJECTION none
- LDAP_INJECTION none
- LDAP_NOT_CONSTANT none
- LOCK_EVASION none
- LOCK_INVERSION none
- LOG_INJECTION none
- MISSING_HEADER_VALIDATION missing_header_validation
- MOBILE_ID_MISUSE none
- NON_STATIC_GUARDING_STATIC none
- NOSQL_QUERY_INJECTION none
- NULL_RETURNS none
- NULL_RETURNS unimpl
- OGNL_INJECTION none
- OPEN_REDIRECT none
- ORM_LOAD_NULL_CHECK none
- OS_CMD_INJECTION command_as_array_of_args
- OS_CMD_INJECTION command_as_one_string
- OS_CMD_INJECTION none
- OVERFLOW_BEFORE_WIDEN none
- PATH_MANIPULATION none
- PREDICTABLE_RANDOM_SEED random_seed
- PREDICTABLE_RANDOM_SEED secure_random_seed_const
- PREDICTABLE_RANDOM_SEED secure_random_seed_sys_time
- REGEX_CONFUSION none
- REGEX_INJECTION none
- RESOURCE_LEAK exceptional_path
- RESOURCE_LEAK none
- RESOURCE_LEAK socket
- RESOURCE_LEAK stream
- REVERSE_INULL none
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SERVLET_ATOMICITY attribute_init_race
- SERVLET_ATOMICITY none
- SERVLET_ATOMICITY violation_on_session_object
- SINGLETON_RACE none
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
- SWAPPED_ARGUMENTS none
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
- UNKNOWN_LANGUAGE_INJECTION none
- UNREACHABLE none
- UNRESTRICTED_DISPATCH none
- UNSAFE_JNI none
- UNSAFE_NAMED_QUERY none
- UNSAFE_REFLECTION none
- UNUSED_VALUE adjacent
- UNUSED_VALUE none
- URL_MANIPULATION bad_content_uri
- URL_MANIPULATION bad_intent_uri
- URL_MANIPULATION bad_web_uri
- VOLATILE_ATOMICITY compare
- VOLATILE_ATOMICITY none
- VOLATILE_ATOMICITY semantic
- VOLATILE_ATOMICITY threshold
- XML_INJECTION none
- XPATH_INJECTION none
- XSS none
- XSS stored_xss
|
- ANGULAR_BYPASS_SECURITY none
- ANGULAR_ELEMENT_REFERENCE none
- ANGULAR_EXPRESSION_INJECTION none
- ANGULAR_SCE_DISABLED angular_sce_disabled
- AWS_VALIDATION_DISABLED aws_parameters_validation
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
- CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_intent_whitelist
- CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_navigation_whitelist
- CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_network_request_whitelist
- CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
- CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
- CONFIG.SEQUELIZE_ENABLED_LOGGING sequelize_logging_enabled
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT missing_parentheses
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- COOKIE_INJECTION none
- CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
- CSS_INJECTION none
- DEADCODE none
- DEADCODE redundant_test
- DOM_XSS none
- EXPLICIT_THIS_EXPECTED none
- EXPRESS_SESSION_UNSAFE_MEMORYSTORE express_session_unsafe_memorystore
- EXPRESS_WINSTON_SENSITIVE_LOGGING error_logger
- EXPRESS_WINSTON_SENSITIVE_LOGGING meta_data
- EXPRESS_WINSTON_SENSITIVE_LOGGING request_logger
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
- FORWARD_NULL bad_null_value_use
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HEADER_INJECTION none
- IDENTIFIER_TYPO none
- INSECURE_ACL insecure_acl
- INSECURE_COOKIE client_sessions_express_session
- INSECURE_COOKIE hapi_server_session
- INSECURE_RANDOM insecure_random_used
- INSECURE_RANDOM insecure_random_value
- LOCALSTORAGE_MANIPULATION none
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_count
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
- MULTER_MISCONFIGURATION multer_misconfiguration_of_limits
- NOSQL_QUERY_INJECTION none
- NO_EFFECT self_assign
- NULL_RETURNS none
- OPEN_REDIRECT none
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- REACT_DANGEROUS_INNERHTML react_set_unsafe_html
- REGEX_INJECTION none
- REVERSE_INULL none
- REVERSE_TABNABBING react_target_blank
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SESSIONSTORAGE_MANIPULATION none
- SQLI none
- SQLI nosink
- SQLI sink
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
- TEMPLATE_INJECTION none
- UNREACHABLE none
- URL_MANIPULATION none
- VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
- WEAK_URL_SANITIZATION hostname_regular_expression
- WEAK_URL_SANITIZATION regular_expression_anchor
- WEAK_URL_SANITIZATION url_substring
- XSS none
|
- BAD_CERT_VERIFICATION bad_revocation_check
- CONFIG.ANDROID_BACKUPS_ALLOWED android
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HEADER_INJECTION none
- INSECURE_RANDOM insecure_random_used
- INSECURE_RANDOM insecure_random_value
- MOBILE_ID_MISUSE none
- OS_CMD_INJECTION command_as_array_of_args
- OS_CMD_INJECTION command_as_one_string
- PATH_MANIPULATION none
- PREDICTABLE_RANDOM_SEED random_seed
- PREDICTABLE_RANDOM_SEED secure_random_seed_const
- PREDICTABLE_RANDOM_SEED secure_random_seed_sys_time
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SQLI none
- SQLI nosink
- SQLI sink
- URL_MANIPULATION bad_content_uri
- URL_MANIPULATION bad_intent_uri
- URL_MANIPULATION bad_web_uri
|
- ALLOC_FREE_MISMATCH none
- ARRAY_VS_SINGLETON none
- ATOMICITY none
- BAD_ALLOC_ARITHMETIC none
- BAD_ALLOC_STRLEN none
- BAD_COMPARE comparator_misuse
- BAD_COMPARE misuse_of_not
- BAD_COMPARE none
- BAD_COMPARE string_lit_comparison
- BAD_FREE address
- BAD_FREE alloca
- BAD_FREE array
- BAD_FREE first_field_address
- BAD_FREE function_pointer
- BAD_FREE none
- BAD_SIZEOF none
- BAD_SIZEOF sizeof_ptr_expr
- BUFFER_SIZE fixed_size_dest
- BUFFER_SIZE likely_overflow
- BUFFER_SIZE no_null_terminator
- BUFFER_SIZE no_null_terminator_warn
- BUFFER_SIZE none
- BUFFER_SIZE overflow
- BUFFER_SIZE overlapping_buffer
- CHAR_IO none
- CHECKED_RETURN library_function
- CHECKED_RETURN none
- CHECKED_RETURN short_read
- CHECKED_RETURN unchecked_arg
- CHECKED_RETURN user_required
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT missing_parentheses
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- CTOR_DTOR_LEAK none
- DC.PREDICTABLE_KEY_PASSWORD none
- DC.STREAM_BUFFER none
- DC.STRING_BUFFER none
- DC.WEAK_CRYPTO none
- DEADCODE dead_case_in_switch
- DEADCODE dead_default_in_switch
- DEADCODE effectively_constant
- DEADCODE none
- DEADCODE redundant_test
- DELETE_ARRAY non_array_delete
- DELETE_ARRAY none
- DELETE_ARRAY object
- DELETE_ARRAY scalar
- DIVIDE_BY_ZERO float_divisor
- DIVIDE_BY_ZERO none
- FORMAT_STRING_INJECTION none
- FORMAT_STRING_INJECTION paranoid
- FORWARD_NULL deref_constant_null
- FORWARD_NULL dynamic_cast
- FORWARD_NULL none
- FORWARD_NULL throws_on_null
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HEADER_INJECTION none
- INCOMPATIBLE_CAST float_vs_integral
- INCOMPATIBLE_CAST none
- INCOMPATIBLE_CAST overrun
- INTEGER_OVERFLOW array_index_read
- INTEGER_OVERFLOW array_index_write
- INTEGER_OVERFLOW const_overflow
- INTEGER_OVERFLOW critical_argument
- INTEGER_OVERFLOW none
- INTEGER_OVERFLOW pointer_deref_read
- INTEGER_OVERFLOW pointer_deref_write
- INTEGER_OVERFLOW return_value_error
- INVALIDATE_ITERATOR none
- LOCK double_lock
- LOCK missing_unlock
- LOCK none
- MISMATCHED_ITERATOR none
- MISMATCHED_ITERATOR splice_iterator_mismatch
- MISRA_CAST bitwise_op_bad_cast
- MISRA_CAST bitwise_op_no_cast
- MISRA_CAST float_complex_conversion
- MISRA_CAST float_narrowing_conversion
- MISRA_CAST float_non_constant_arg_conversion
- MISRA_CAST float_non_constant_conversion
- MISRA_CAST float_non_constant_rtn_conversion
- MISRA_CAST float_to_integer_cast
- MISRA_CAST float_to_integer_conversion
- MISRA_CAST float_widening_cast
- MISRA_CAST integer_complex_conversion
- MISRA_CAST integer_narrowing_conversion
- MISRA_CAST integer_non_constant_arg_conversion
- MISRA_CAST integer_non_constant_conversion
- MISRA_CAST integer_non_constant_rtn_conversion
- MISRA_CAST integer_signedness_changing_cast
- MISRA_CAST integer_signedness_changing_conversion
- MISRA_CAST integer_to_float_cast
- MISRA_CAST integer_to_float_conversion
- MISRA_CAST integer_widening_cast
- MISRA_CAST none
- MISSING_ASSIGN none
- MISSING_ASSIGN uncalled
- MISSING_COPY none
- MISSING_COPY uncalled
- MISSING_LOCK none
- NEGATIVE_RETURNS array_index_read
- NEGATIVE_RETURNS array_index_write
- NEGATIVE_RETURNS critical_argument
- NEGATIVE_RETURNS loop_bound
- NEGATIVE_RETURNS none
- NO_EFFECT bad_memset_fill_value
- NO_EFFECT bad_memset_truncated_fill
- NO_EFFECT bad_memset_zero_size
- NO_EFFECT extra_comma
- NO_EFFECT incomplete_delete
- NO_EFFECT no_effect_test
- NO_EFFECT self_assign
- NO_EFFECT unsigned_compare
- NO_EFFECT unsigned_compare_macros
- NO_EFFECT unsigned_enums
- NULL_RETURNS none
- NULL_RETURNS unimpl
- ORDER_REVERSAL none
- OS_CMD_INJECTION none
- OVERFLOW_BEFORE_WIDEN none
- OVERRUN illegal_address
- OVERRUN none
- OVERRUN read
- OVERRUN strlen
- OVERRUN write
- PATH_MANIPULATION none
- PRINTF_ARGS extra_printf_arg
- PRINTF_ARGS invalid_type_printf_arg
- PRINTF_ARGS missing_printf_arg
- READLINK none
- RESOURCE_LEAK exceptional_path
- RESOURCE_LEAK fds_handles
- RESOURCE_LEAK none
- RETURN_LOCAL escape_local_addr_to_fields_or_globals
- RETURN_LOCAL none
- REVERSE_INULL none
- REVERSE_NEGATIVE array_index_read
- REVERSE_NEGATIVE array_index_write
- REVERSE_NEGATIVE critical_argument
- REVERSE_NEGATIVE none
- SECURE_CODING none
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SIGN_EXTENSION none
- SIZECHECK ampersand_in_size
- SIZECHECK improper_new
- SIZECHECK incorrect_multiplication
- SIZECHECK likely_overflow
- SIZECHECK no_null_terminator
- SIZECHECK none
- SIZEOF_MISMATCH missing_parentheses
- SIZEOF_MISMATCH sizeof_punning
- SLEEP none
- SQLI none
- STRING_NULL none
- STRING_OVERFLOW fixed_size_dest
- STRING_OVERFLOW likely_overflow
- STRING_OVERFLOW none
- STRING_SIZE none
- SWAPPED_ARGUMENTS none
- TAINTED_SCALAR allocation
- TAINTED_SCALAR array_index_read
- TAINTED_SCALAR array_index_write
- TAINTED_SCALAR critical_argument
- TAINTED_SCALAR divisor
- TAINTED_SCALAR loop_bound
- TAINTED_SCALAR none
- TAINTED_SCALAR pointer_deref_read
- TAINTED_SCALAR pointer_deref_write
- TAINTED_STRING none
- TOCTOU none
- UNCAUGHT_EXCEPT none
- UNINIT array_index_read
- UNINIT array_index_write
- UNINIT none
- UNINIT pointer_deref_read
- UNINIT pointer_deref_write
- UNINIT_CTOR none
- UNINIT_CTOR pointer
- UNREACHABLE none
- UNUSED_VALUE adjacent
- UNUSED_VALUE none
- URL_MANIPULATION none
- USER_POINTER none
- USE_AFTER_FREE deref_read_after_free
- USE_AFTER_FREE deref_write_after_free
- USE_AFTER_FREE double_free
- USE_AFTER_FREE none
- VIRTUAL_DTOR empty_dtor
- VIRTUAL_DTOR none
- WRAPPER_ESCAPE COM_deref_read_after_free
- WRAPPER_ESCAPE COM_deref_write_after_free
- WRAPPER_ESCAPE COM_use_after_free
- WRAPPER_ESCAPE deref_read_after_free
- WRAPPER_ESCAPE deref_write_after_free
- WRAPPER_ESCAPE none
- XPATH_INJECTION none
|
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT missing_parentheses
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- DEADCODE none
- DEADCODE redundant_test
- FORWARD_NULL bad_null_value_use
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HEADER_INJECTION none
- IDENTIFIER_TYPO none
- NOSQL_QUERY_INJECTION none
- NO_EFFECT self_assign
- OPEN_REDIRECT none
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SQLI none
- SQLI nosink
- SQLI sink
- SYMFONY_EL_INJECTION none
- UNREACHABLE none
- UNSAFE_REFLECTION none
- XSS none
|
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT missing_parentheses
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- DEADCODE none
- DEADCODE redundant_test
- FORWARD_NULL bad_null_value_use
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- IDENTIFIER_TYPO none
- NOSQL_QUERY_INJECTION none
- OPEN_REDIRECT none
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- REVERSE_INULL none
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SQLI none
- SQLI nosink
- SQLI sink
- UNREACHABLE none
- XSS none
|
- BLACKLIST_FOR_AUTHN auth_blacklist_med
- BLACKLIST_FOR_AUTHN csrf_blacklist_med
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT missing_parentheses
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- DEADCODE none
- DEADCODE redundant_test
- DIVIDE_BY_ZERO divide_by_zero_low
- DIVIDE_BY_ZERO divide_by_zero_med
- DYNAMIC_OBJECT_ATTRIBUTES cve_2013_0276_hi
- DYNAMIC_OBJECT_ATTRIBUTES dangerous_attr_accessible_hi
- DYNAMIC_OBJECT_ATTRIBUTES dangerous_attr_accessible_low
- DYNAMIC_OBJECT_ATTRIBUTES dangerous_attr_accessible_med
- DYNAMIC_OBJECT_ATTRIBUTES dangerous_permit_key_hi
- DYNAMIC_OBJECT_ATTRIBUTES dangerous_permit_key_med
- FORWARD_NULL bad_null_value_use
- HARDCODED_CREDENTIALS secret_in_source_med
- IDENTIFIER_TYPO none
- INSECURE_COOKIE missing_httponly_low
- NO_EFFECT self_assign
- OPEN_REDIRECT open_redirect_hi
- OPEN_REDIRECT open_redirect_low
- OS_CMD_INJECTION command_injection_hi
- OS_CMD_INJECTION command_injection_med
- PATH_MANIPULATION dynamic_render_path_hi
- PATH_MANIPULATION dynamic_render_path_low
- PATH_MANIPULATION dynamic_render_path_med
- PATH_MANIPULATION dynamic_render_path_rce_hi
- PATH_MANIPULATION file_access_hi
- PATH_MANIPULATION file_access_low
- PATH_MANIPULATION file_access_med
- RAILS_DEVISE_CONFIG devise_reset_timeout_hi
- REGEX_INJECTION regex_dos_hi
- REGEX_INJECTION regex_dos_low
- REGEX_INJECTION regex_dos_med
- REGEX_MISSING_ANCHOR validation_regex_hi
- RESOURCE_LEAK unsafe_symbol_creation_low
- REVERSE_INULL none
- REVERSE_TABNABBING reverse_tabnabbing_low
- RUBY_VULNERABLE_LIBRARY cve_2010_3933_hi
- RUBY_VULNERABLE_LIBRARY cve_2011_2929_hi
- RUBY_VULNERABLE_LIBRARY cve_2011_2930_med
- RUBY_VULNERABLE_LIBRARY cve_2011_2931_hi
- RUBY_VULNERABLE_LIBRARY cve_2011_2932_hi
- RUBY_VULNERABLE_LIBRARY cve_2011_3186_med
- RUBY_VULNERABLE_LIBRARY cve_2012_2660_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_2661_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_2695_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_3463_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_3465_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_5664_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_0155_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_1855_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_1857_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_4491_med
- RUBY_VULNERABLE_LIBRARY cve_2013_6416_call_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_6416_med
- RUBY_VULNERABLE_LIBRARY cve_2013_6417_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_0080_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_0081_call_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_0081_med
- RUBY_VULNERABLE_LIBRARY cve_2014_3482_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_3483_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_low
- RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_med
- RUBY_VULNERABLE_LIBRARY cve_2014_3514_med
- RUBY_VULNERABLE_LIBRARY cve_2014_7829_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_3226_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_3226_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7577_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7578_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_7578_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7579_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_7579_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7580_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_7580_med
- RUBY_VULNERABLE_LIBRARY cve_2016_6317_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_3741_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_3741_med
- RUBY_VULNERABLE_LIBRARY cve_2018_3760_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_3760_low
- RUBY_VULNERABLE_LIBRARY cve_2018_8048_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_8048_med
- RUBY_VULNERABLE_LIBRARY safe_buffer_vuln_med
- RUBY_VULNERABLE_LIBRARY select_options_vuln_low
- RUBY_VULNERABLE_LIBRARY select_options_vuln_med
- RUBY_VULNERABLE_LIBRARY translate_vuln_hi
- RUBY_VULNERABLE_LIBRARY translate_vuln_med
- SCRIPT_CODE_INJECTION code_eval_hi
- SCRIPT_CODE_INJECTION code_eval_low
- SQLI sql_injection_calculate_hi
- SQLI sql_injection_calculate_low
- SQLI sql_injection_calculate_med
- SQLI sql_injection_connection_hi
- SQLI sql_injection_connection_low
- SQLI sql_injection_connection_med
- SQLI sql_injection_delete_hi
- SQLI sql_injection_delete_low
- SQLI sql_injection_delete_med
- SQLI sql_injection_dynamic_finder_med
- SQLI sql_injection_exists_hi
- SQLI sql_injection_find_by_hi
- SQLI sql_injection_find_hi
- SQLI sql_injection_find_low
- SQLI sql_injection_find_med
- SQLI sql_injection_from_hi
- SQLI sql_injection_from_low
- SQLI sql_injection_from_med
- SQLI sql_injection_group_low
- SQLI sql_injection_group_med
- SQLI sql_injection_having_low
- SQLI sql_injection_having_med
- SQLI sql_injection_hi
- SQLI sql_injection_interp_hi
- SQLI sql_injection_interp_low
- SQLI sql_injection_interp_med
- SQLI sql_injection_joins_hi
- SQLI sql_injection_joins_low
- SQLI sql_injection_joins_med
- SQLI sql_injection_limit_offset_hi
- SQLI sql_injection_limit_offset_low
- SQLI sql_injection_low
- SQLI sql_injection_med
- SQLI sql_injection_not_low
- SQLI sql_injection_order_hi
- SQLI sql_injection_order_low
- SQLI sql_injection_order_med
- SQLI sql_injection_pluck_hi
- SQLI sql_injection_pluck_low
- SQLI sql_injection_pluck_med
- SQLI sql_injection_reorder_hi
- SQLI sql_injection_reorder_low
- SQLI sql_injection_reorder_med
- SQLI sql_injection_select_hi
- SQLI sql_injection_select_med
- SQLI sql_injection_where_hi
- SQLI sql_injection_where_low
- SQLI sql_injection_where_med
- UNESCAPED_HTML unescaped_output_low
- UNREACHABLE none
- UNSAFE_BASIC_AUTH basic_auth_password_hi
- UNSAFE_REFLECTION dangerous_send_hi
- UNSAFE_REFLECTION unsafe_constantize_hi
- UNSAFE_REFLECTION unsafe_constantize_med
- UNSAFE_SESSION_SETTING http_cookies_hi
- UNSAFE_SESSION_SETTING session_secret_hi
- XSS cross_site_scripting_hi
- XSS cross_site_scripting_inline_hi
- XSS cross_site_scripting_inline_med
- XSS cross_site_scripting_low
- XSS cross_site_scripting_med
- XSS cve_2011_0446_hi
- XSS cve_2012_3464_med
- XSS cve_2016_6316_hi
- XSS cve_2016_6316_med
- XSS unquoted_attribute_hi
- XSS unquoted_attribute_low
- XSS unquoted_attribute_med
- XSS xss_content_tag_hi
- XSS xss_content_tag_med
- XSS xss_link_to_hi
- XSS xss_link_to_href_hi
- XSS xss_link_to_href_low
- XSS xss_link_to_med
- XSS xss_to_json_hi
- XSS xss_to_json_med
|
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT missing_parentheses
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- DEADCODE dead_case_in_switch
- DEADCODE dead_default_in_switch
- DEADCODE effectively_constant
- DEADCODE none
- DEADCODE redundant_test
- FORWARD_NULL deref_constant_null
- FORWARD_NULL none
- NO_EFFECT self_assign
- OVERFLOW_BEFORE_WIDEN none
- REVERSE_INULL none
- UNREACHABLE none
|
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- DEADCODE dead_case_in_switch
- DEADCODE dead_default_in_switch
- DEADCODE effectively_constant
- DEADCODE none
- DEADCODE redundant_test
- FORWARD_NULL deref_constant_null
- FORWARD_NULL none
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- PATH_MANIPULATION none
- REGEX_INJECTION none
- REVERSE_INULL none
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SQLI none
- SQLI nosink
- SQLI sink
- UNEXPECTED_CONTROL_FLOW ignored_exception_to_optional
- XPATH_INJECTION none
|
- ANGULAR_BYPASS_SECURITY none
- ANGULAR_ELEMENT_REFERENCE none
- ANGULAR_EXPRESSION_INJECTION none
- ANGULAR_SCE_DISABLED angular_sce_disabled
- AWS_VALIDATION_DISABLED aws_parameters_validation
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
- CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_intent_whitelist
- CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_navigation_whitelist
- CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_network_request_whitelist
- CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
- CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
- CONFIG.SEQUELIZE_ENABLED_LOGGING sequelize_logging_enabled
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT missing_parentheses
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- COOKIE_INJECTION none
- CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
- CSS_INJECTION none
- DEADCODE none
- DEADCODE redundant_test
- DOM_XSS none
- EXPLICIT_THIS_EXPECTED none
- EXPRESS_SESSION_UNSAFE_MEMORYSTORE express_session_unsafe_memorystore
- EXPRESS_WINSTON_SENSITIVE_LOGGING error_logger
- EXPRESS_WINSTON_SENSITIVE_LOGGING meta_data
- EXPRESS_WINSTON_SENSITIVE_LOGGING request_logger
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
- FORWARD_NULL bad_null_value_use
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HEADER_INJECTION none
- IDENTIFIER_TYPO none
- INSECURE_ACL insecure_acl
- INSECURE_COOKIE client_sessions_express_session
- INSECURE_COOKIE hapi_server_session
- INSECURE_RANDOM insecure_random_used
- INSECURE_RANDOM insecure_random_value
- LOCALSTORAGE_MANIPULATION none
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_count
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
- MULTER_MISCONFIGURATION multer_misconfiguration_of_limits
- NOSQL_QUERY_INJECTION none
- NO_EFFECT self_assign
- NULL_RETURNS none
- OPEN_REDIRECT none
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- REACT_DANGEROUS_INNERHTML react_set_unsafe_html
- REGEX_INJECTION none
- REVERSE_INULL none
- REVERSE_TABNABBING react_target_blank
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SESSIONSTORAGE_MANIPULATION none
- SQLI none
- SQLI nosink
- SQLI sink
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
- TEMPLATE_INJECTION none
- UNREACHABLE none
- URL_MANIPULATION none
- VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
- WEAK_URL_SANITIZATION hostname_regular_expression
- WEAK_URL_SANITIZATION regular_expression_anchor
- WEAK_URL_SANITIZATION url_substring
- XSS none
|
- CONFIG.DYNAMIC_DATA_HTML_COMMENT none
- DEADCODE dead_case_in_switch
- DEADCODE dead_default_in_switch
- DEADCODE effectively_constant
- DEADCODE none
- DEADCODE redundant_test
- DIVIDE_BY_ZERO float_divisor
- DIVIDE_BY_ZERO none
- FORWARD_NULL deref_constant_null
- FORWARD_NULL deref_constant_zero
- FORWARD_NULL dynamic_cast
- FORWARD_NULL none
- FORWARD_NULL null_from_as
- FORWARD_NULL throws_on_null
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HEADER_INJECTION none
- INSECURE_RANDOM insecure_random_used
- INSECURE_RANDOM insecure_random_value
- LDAP_INJECTION none
- LDAP_NOT_CONSTANT none
- LOCK_EVASION none
- LOG_INJECTION none
- NULL_RETURNS none
- OPEN_REDIRECT none
- OS_CMD_INJECTION command_argument
- OS_CMD_INJECTION executable_file
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- REGEX_INJECTION none
- RESOURCE_LEAK channel
- RESOURCE_LEAK database
- RESOURCE_LEAK exceptional_path
- RESOURCE_LEAK none
- RESOURCE_LEAK socket
- RESOURCE_LEAK stream
- REVERSE_INULL none
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
- SWAPPED_ARGUMENTS none
- UNREACHABLE none
- UNRESTRICTED_DISPATCH none
- UNSAFE_NAMED_QUERY none
- XML_INJECTION none
- XPATH_INJECTION none
- XSS none
- XSS stored_xss
|
| 735 CERT C Secure Coding Standard (2008) Chapter 2 - Preprocessor (PRE) |
|
|
|
|
- FB.DMI_ANNOTATION_IS_NOT_VISIBLE_TO_REFLECTION none
- FB.DMI_ARGUMENTS_WRONG_ORDER none
- FB.DMI_BAD_MONTH none
- FB.DMI_BIGDECIMAL_CONSTRUCTED_FROM_DOUBLE none
- FB.DMI_BLOCKING_METHODS_ON_URL none
- FB.DMI_CALLING_NEXT_FROM_HASNEXT none
- FB.DMI_COLLECTIONS_SHOULD_NOT_CONTAIN_THEMSELVES none
- FB.DMI_COLLECTION_OF_URLS none
- FB.DMI_DOH none
- FB.DMI_ENTRY_SETS_MAY_REUSE_ENTRY_OBJECTS none
- FB.DMI_FUTILE_ATTEMPT_TO_CHANGE_MAXPOOL_SIZE_OF_SCHEDULED_THREAD none
- FB.DMI_HARDCODED_ABSOLUTE_FILENAME none
- FB.DMI_INVOKING_HASHCODE_ON_ARRAY none
- FB.DMI_INVOKING_TOSTRING_ON_ANONYMOUS_ARRAY none
- FB.DMI_INVOKING_TOSTRING_ON_ARRAY none
- FB.DMI_LONG_BITS_TO_DOUBLE_INVOKED_ON_INT none
- FB.DMI_NONSERIALIZABLE_OBJECT_WRITTEN none
- FB.DMI_RANDOM_USED_ONLY_ONCE none
- FB.DMI_SCHEDULED_THREAD_POOL_EXECUTOR_WITH_ZERO_CORE_THREADS none
- FB.DMI_THREAD_PASSED_WHERE_RUNNABLE_EXPECTED none
- FB.DMI_UNSUPPORTED_METHOD none
- FB.DMI_USELESS_SUBSTRING none
- FB.DMI_USING_REMOVEALL_TO_CLEAR_COLLECTION none
- FB.DMI_VACUOUS_CALL_TO_EASYMOCK_METHOD none
- FB.DMI_VACUOUS_SELF_COLLECTION_CALL none
- FB.RV_01_TO_INT none
- FB.RV_ABSOLUTE_VALUE_OF_HASHCODE none
- FB.RV_ABSOLUTE_VALUE_OF_RANDOM_INT none
- FB.RV_CHECK_COMPARETO_FOR_SPECIFIC_RETURN_VALUE none
- FB.RV_CHECK_FOR_POSITIVE_INDEXOF none
- FB.RV_DONT_JUST_NULL_CHECK_READLINE none
- FB.RV_EXCEPTION_NOT_THROWN none
- FB.RV_NEGATING_RESULT_OF_COMPARETO none
- FB.RV_REM_OF_HASHCODE none
- FB.RV_REM_OF_RANDOM_INT none
- FB.RV_RETURN_VALUE_IGNORED none
- FB.RV_RETURN_VALUE_IGNORED2 none
- FB.RV_RETURN_VALUE_IGNORED_INFERRED none
- FB.RV_RETURN_VALUE_IGNORED_NO_SIDE_EFFECT none
- FB.RV_RETURN_VALUE_OF_PUTIFABSENT_IGNORED none
|
|
|
|
|
|
|
|
|
|
|
| 736 CERT C Secure Coding Standard (2008) Chapter 3 - Declarations and Initialization (DCL) |
|
- BAD_COMPARE none
- NEGATIVE_RETURNS critical_argument
- PRINTF_ARGS extra_printf_arg
- PRINTF_ARGS invalid_type_printf_arg
- PRINTF_ARGS missing_printf_arg
- PW.BAD_PRINTF_FORMAT_STRING none
- PW.TOO_FEW_PRINTF_ARGS none
- PW.TOO_MANY_PRINTF_ARGS none
- SWAPPED_ARGUMENTS none
|
- BAD_COMPARE none
- NEGATIVE_RETURNS critical_argument
- PRINTF_ARGS extra_printf_arg
- PRINTF_ARGS invalid_type_printf_arg
- PRINTF_ARGS missing_printf_arg
- PW.BAD_PRINTF_FORMAT_STRING none
- PW.TOO_FEW_PRINTF_ARGS none
- PW.TOO_MANY_PRINTF_ARGS none
- SWAPPED_ARGUMENTS none
|
|
|
- EXPLICIT_THIS_EXPECTED none
- IDENTIFIER_TYPO none
|
|
- BAD_COMPARE none
- NEGATIVE_RETURNS critical_argument
- PRINTF_ARGS extra_printf_arg
- PRINTF_ARGS invalid_type_printf_arg
- PRINTF_ARGS missing_printf_arg
- SWAPPED_ARGUMENTS none
|
|
|
|
|
|
- EXPLICIT_THIS_EXPECTED none
- IDENTIFIER_TYPO none
|
|
| 737 CERT C Secure Coding Standard (2008) Chapter 4 - Expressions (EXP) |
- CONSTANT_EXPRESSION_RESULT missing_parentheses
- FORWARD_NULL deref_constant_null
- FORWARD_NULL deref_constant_zero
- FORWARD_NULL dynamic_cast
- FORWARD_NULL none
- FORWARD_NULL null_from_as
- FORWARD_NULL throws_on_null
- NULL_RETURNS none
- NULL_RETURNS unimpl
- REVERSE_INULL none
- SWAPPED_ARGUMENTS none
|
- BAD_COMPARE misuse_of_not
- BAD_COMPARE none
- BAD_SIZEOF none
- BAD_SIZEOF sizeof_ptr_expr
- CHAR_IO none
- CONSTANT_EXPRESSION_RESULT missing_parentheses
- FORWARD_NULL deref_constant_null
- FORWARD_NULL dynamic_cast
- FORWARD_NULL none
- FORWARD_NULL throws_on_null
- INCOMPATIBLE_CAST float_vs_integral
- INCOMPATIBLE_CAST none
- MISRA_CAST bitwise_op_bad_cast
- MISRA_CAST bitwise_op_no_cast
- MISRA_CAST float_complex_conversion
- MISRA_CAST float_narrowing_conversion
- MISRA_CAST float_non_constant_arg_conversion
- MISRA_CAST float_non_constant_conversion
- MISRA_CAST float_non_constant_rtn_conversion
- MISRA_CAST float_to_integer_cast
- MISRA_CAST float_to_integer_conversion
- MISRA_CAST float_widening_cast
- MISRA_CAST integer_complex_conversion
- MISRA_CAST integer_narrowing_conversion
- MISRA_CAST integer_non_constant_arg_conversion
- MISRA_CAST integer_non_constant_conversion
- MISRA_CAST integer_non_constant_rtn_conversion
- MISRA_CAST integer_signedness_changing_cast
- MISRA_CAST integer_signedness_changing_conversion
- MISRA_CAST integer_to_float_cast
- MISRA_CAST integer_to_float_conversion
- MISRA_CAST integer_widening_cast
- MISRA_CAST none
- NEGATIVE_RETURNS critical_argument
- NO_EFFECT bad_memset_truncated_fill
- NULL_RETURNS none
- NULL_RETURNS unimpl
- PRINTF_ARGS extra_printf_arg
- PRINTF_ARGS invalid_type_printf_arg
- PRINTF_ARGS missing_printf_arg
- PW.BAD_CAST none
- PW.BAD_PRINTF_FORMAT_STRING none
- PW.CONVERSION_TO_POINTER_LOSES_BITS none
- PW.TOO_FEW_PRINTF_ARGS none
- PW.TOO_MANY_PRINTF_ARGS none
- REVERSE_INULL none
- SIGN_EXTENSION none
- SIZEOF_MISMATCH missing_parentheses
- SIZEOF_MISMATCH sizeof_punning
- SWAPPED_ARGUMENTS none
- Y2K38_SAFETY declaration_with_small_time_t
- Y2K38_SAFETY truncation_of_time_t
|
- BAD_COMPARE misuse_of_not
- BAD_COMPARE none
- BAD_SIZEOF none
- BAD_SIZEOF sizeof_ptr_expr
- CHAR_IO none
- CONSTANT_EXPRESSION_RESULT missing_parentheses
- FORWARD_NULL deref_constant_null
- FORWARD_NULL dynamic_cast
- FORWARD_NULL none
- FORWARD_NULL throws_on_null
- INCOMPATIBLE_CAST float_vs_integral
- INCOMPATIBLE_CAST none
- MISRA_CAST bitwise_op_bad_cast
- MISRA_CAST bitwise_op_no_cast
- MISRA_CAST float_complex_conversion
- MISRA_CAST float_narrowing_conversion
- MISRA_CAST float_non_constant_arg_conversion
- MISRA_CAST float_non_constant_conversion
- MISRA_CAST float_non_constant_rtn_conversion
- MISRA_CAST float_to_integer_cast
- MISRA_CAST float_to_integer_conversion
- MISRA_CAST float_widening_cast
- MISRA_CAST integer_complex_conversion
- MISRA_CAST integer_narrowing_conversion
- MISRA_CAST integer_non_constant_arg_conversion
- MISRA_CAST integer_non_constant_conversion
- MISRA_CAST integer_non_constant_rtn_conversion
- MISRA_CAST integer_signedness_changing_cast
- MISRA_CAST integer_signedness_changing_conversion
- MISRA_CAST integer_to_float_cast
- MISRA_CAST integer_to_float_conversion
- MISRA_CAST integer_widening_cast
- MISRA_CAST none
- NEGATIVE_RETURNS critical_argument
- NO_EFFECT bad_memset_truncated_fill
- NULL_RETURNS none
- NULL_RETURNS unimpl
- PRINTF_ARGS extra_printf_arg
- PRINTF_ARGS invalid_type_printf_arg
- PRINTF_ARGS missing_printf_arg
- PW.BAD_CAST none
- PW.BAD_PRINTF_FORMAT_STRING none
- PW.CONVERSION_TO_POINTER_LOSES_BITS none
- PW.TOO_FEW_PRINTF_ARGS none
- PW.TOO_MANY_PRINTF_ARGS none
- REVERSE_INULL none
- SIGN_EXTENSION none
- SIZEOF_MISMATCH missing_parentheses
- SIZEOF_MISMATCH sizeof_punning
- SWAPPED_ARGUMENTS none
|
- CONSTANT_EXPRESSION_RESULT missing_parentheses
- FORWARD_NULL deref_constant_null
- FORWARD_NULL none
- NULL_RETURNS none
- NULL_RETURNS unimpl
- REVERSE_INULL none
|
- CONSTANT_EXPRESSION_RESULT missing_parentheses
- FB.BC_NULL_INSTANCEOF none
- FB.BX_BOXING_IMMEDIATELY_UNBOXED_TO_PERFORM_COERCION none
- FB.ICAST_BAD_SHIFT_AMOUNT none
- FB.ICAST_IDIV_CAST_TO_DOUBLE none
- FB.ICAST_INTEGER_MULTIPLY_CAST_TO_LONG none
- FB.ICAST_INT_2_LONG_AS_INSTANT none
- FB.ICAST_INT_CAST_TO_DOUBLE_PASSED_TO_CEIL none
- FB.ICAST_INT_CAST_TO_FLOAT_PASSED_TO_ROUND none
- FB.ICAST_QUESTIONABLE_UNSIGNED_RIGHT_SHIFT none
- FB.NP_ALWAYS_NULL none
- FB.NP_ALWAYS_NULL_EXCEPTION none
- FB.NP_ARGUMENT_MIGHT_BE_NULL none
- FB.NP_BOOLEAN_RETURN_NULL none
- FB.NP_CLONE_COULD_RETURN_NULL none
- FB.NP_CLOSING_NULL none
- FB.NP_DEREFERENCE_OF_READLINE_VALUE none
- FB.NP_DOES_NOT_HANDLE_NULL none
- FB.NP_EQUALS_SHOULD_HANDLE_NULL_ARGUMENT none
- FB.NP_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR none
- FB.NP_GUARANTEED_DEREF none
- FB.NP_GUARANTEED_DEREF_ON_EXCEPTION_PATH none
- FB.NP_IMMEDIATE_DEREFERENCE_OF_READLINE none
- FB.NP_LOAD_OF_KNOWN_NULL_VALUE none
- FB.NP_METHOD_PARAMETER_RELAXING_ANNOTATION none
- FB.NP_METHOD_PARAMETER_TIGHTENS_ANNOTATION none
- FB.NP_METHOD_RETURN_RELAXING_ANNOTATION none
- FB.NP_NONNULL_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR none
- FB.NP_NONNULL_PARAM_VIOLATION none
- FB.NP_NONNULL_RETURN_VIOLATION none
- FB.NP_NULL_INSTANCEOF none
- FB.NP_NULL_ON_SOME_PATH none
- FB.NP_NULL_ON_SOME_PATH_EXCEPTION none
- FB.NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE none
- FB.NP_NULL_ON_SOME_PATH_MIGHT_BE_INFEASIBLE none
- FB.NP_NULL_PARAM_DEREF none
- FB.NP_NULL_PARAM_DEREF_ALL_TARGETS_DANGEROUS none
- FB.NP_NULL_PARAM_DEREF_NONVIRTUAL none
- FB.NP_OPTIONAL_RETURN_NULL none
- FB.NP_PARAMETER_MUST_BE_NONNULL_BUT_MARKED_AS_NULLABLE none
- FB.NP_STORE_INTO_NONNULL_FIELD none
- FB.NP_TOSTRING_COULD_RETURN_NULL none
- FB.NP_UNWRITTEN_FIELD none
- FB.NP_UNWRITTEN_PUBLIC_OR_PROTECTED_FIELD none
- FB.RCN_REDUNDANT_COMPARISON_OF_NULL_AND_NONNULL_VALUE none
- FB.RCN_REDUNDANT_COMPARISON_TWO_NULL_VALUES none
- FB.RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE none
- FB.RCN_REDUNDANT_NULLCHECK_OF_NULL_VALUE none
- FB.RCN_REDUNDANT_NULLCHECK_WOULD_HAVE_BEEN_A_NPE none
- FORWARD_NULL deref_constant_null
- FORWARD_NULL deref_constant_zero
- FORWARD_NULL needs_null_check
- FORWARD_NULL none
- NULL_RETURNS none
- NULL_RETURNS unimpl
- REVERSE_INULL none
- SWAPPED_ARGUMENTS none
|
- CONSTANT_EXPRESSION_RESULT missing_parentheses
- EXPLICIT_THIS_EXPECTED none
- FORWARD_NULL bad_null_value_use
- IDENTIFIER_TYPO none
- NULL_RETURNS none
- REVERSE_INULL none
|
|
- BAD_COMPARE misuse_of_not
- BAD_COMPARE none
- BAD_SIZEOF none
- BAD_SIZEOF sizeof_ptr_expr
- CHAR_IO none
- CONSTANT_EXPRESSION_RESULT missing_parentheses
- FORWARD_NULL deref_constant_null
- FORWARD_NULL dynamic_cast
- FORWARD_NULL none
- FORWARD_NULL throws_on_null
- INCOMPATIBLE_CAST float_vs_integral
- INCOMPATIBLE_CAST none
- MISRA_CAST bitwise_op_bad_cast
- MISRA_CAST bitwise_op_no_cast
- MISRA_CAST float_complex_conversion
- MISRA_CAST float_narrowing_conversion
- MISRA_CAST float_non_constant_arg_conversion
- MISRA_CAST float_non_constant_conversion
- MISRA_CAST float_non_constant_rtn_conversion
- MISRA_CAST float_to_integer_cast
- MISRA_CAST float_to_integer_conversion
- MISRA_CAST float_widening_cast
- MISRA_CAST integer_complex_conversion
- MISRA_CAST integer_narrowing_conversion
- MISRA_CAST integer_non_constant_arg_conversion
- MISRA_CAST integer_non_constant_conversion
- MISRA_CAST integer_non_constant_rtn_conversion
- MISRA_CAST integer_signedness_changing_cast
- MISRA_CAST integer_signedness_changing_conversion
- MISRA_CAST integer_to_float_cast
- MISRA_CAST integer_to_float_conversion
- MISRA_CAST integer_widening_cast
- MISRA_CAST none
- NEGATIVE_RETURNS critical_argument
- NO_EFFECT bad_memset_truncated_fill
- NULL_RETURNS none
- NULL_RETURNS unimpl
- PRINTF_ARGS extra_printf_arg
- PRINTF_ARGS invalid_type_printf_arg
- PRINTF_ARGS missing_printf_arg
- REVERSE_INULL none
- SIGN_EXTENSION none
- SIZEOF_MISMATCH missing_parentheses
- SIZEOF_MISMATCH sizeof_punning
- SWAPPED_ARGUMENTS none
|
- CONSTANT_EXPRESSION_RESULT missing_parentheses
- FORWARD_NULL bad_null_value_use
- IDENTIFIER_TYPO none
|
- CONSTANT_EXPRESSION_RESULT missing_parentheses
- FORWARD_NULL bad_null_value_use
- IDENTIFIER_TYPO none
- REVERSE_INULL none
|
- CONSTANT_EXPRESSION_RESULT missing_parentheses
- FORWARD_NULL bad_null_value_use
- IDENTIFIER_TYPO none
- REVERSE_INULL none
- SQLI sql_injection_dynamic_finder_med
|
- CONSTANT_EXPRESSION_RESULT missing_parentheses
- FORWARD_NULL deref_constant_null
- FORWARD_NULL none
- REVERSE_INULL none
|
- FORWARD_NULL deref_constant_null
- FORWARD_NULL none
- REVERSE_INULL none
|
- CONSTANT_EXPRESSION_RESULT missing_parentheses
- EXPLICIT_THIS_EXPECTED none
- FORWARD_NULL bad_null_value_use
- IDENTIFIER_TYPO none
- NULL_RETURNS none
- REVERSE_INULL none
|
- FORWARD_NULL deref_constant_null
- FORWARD_NULL deref_constant_zero
- FORWARD_NULL dynamic_cast
- FORWARD_NULL none
- FORWARD_NULL null_from_as
- FORWARD_NULL throws_on_null
- NULL_RETURNS none
- REVERSE_INULL none
- SWAPPED_ARGUMENTS none
|
| 738 CERT C Secure Coding Standard (2008) Chapter 5 - Integers (INT) |
- DIVIDE_BY_ZERO float_divisor
- DIVIDE_BY_ZERO none
- HEADER_INJECTION none
- LDAP_INJECTION none
- LDAP_NOT_CONSTANT none
- LOG_INJECTION none
- NOSQL_QUERY_INJECTION none
- OPEN_REDIRECT none
- OS_CMD_INJECTION command_argument
- OS_CMD_INJECTION executable_file
- OS_CMD_INJECTION none
- OVERFLOW_BEFORE_WIDEN none
- PATH_MANIPULATION none
- REGEX_INJECTION none
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
- UNKNOWN_LANGUAGE_INJECTION none
- UNRESTRICTED_DISPATCH none
- UNSAFE_NAMED_QUERY none
- XML_INJECTION none
- XPATH_INJECTION none
- XSS none
- XSS stored_xss
|
- ARRAY_VS_SINGLETON none
- BAD_ALLOC_ARITHMETIC none
- BAD_ALLOC_STRLEN none
- BAD_SIZEOF none
- BAD_SIZEOF sizeof_ptr_expr
- BUFFER_SIZE fixed_size_dest
- BUFFER_SIZE likely_overflow
- BUFFER_SIZE no_null_terminator
- BUFFER_SIZE no_null_terminator_warn
- BUFFER_SIZE none
- BUFFER_SIZE overflow
- BUFFER_SIZE overlapping_buffer
- CHAR_IO none
- COM.BAD_FREE none
- COM.BSTR.ALLOC double_free
- COM.BSTR.ALLOC free_uninit
- COM.BSTR.ALLOC none
- COM.BSTR.ALLOC use_after_free
- COM.BSTR.ALLOC use_uninit
- COM.BSTR.CONV none
- DC.PREDICTABLE_KEY_PASSWORD none
- DC.STREAM_BUFFER none
- DC.STRING_BUFFER none
- DC.WEAK_CRYPTO none
- DIVIDE_BY_ZERO float_divisor
- DIVIDE_BY_ZERO none
- FORMAT_STRING_INJECTION none
- FORMAT_STRING_INJECTION paranoid
- HEADER_INJECTION none
- INCOMPATIBLE_CAST overrun
- INTEGER_OVERFLOW array_index_read
- INTEGER_OVERFLOW array_index_write
- INTEGER_OVERFLOW const_overflow
- INTEGER_OVERFLOW critical_argument
- INTEGER_OVERFLOW none
- INTEGER_OVERFLOW pointer_deref_read
- INTEGER_OVERFLOW pointer_deref_write
- INTEGER_OVERFLOW return_value_error
- INVALIDATE_ITERATOR none
- MISMATCHED_ITERATOR none
- MISMATCHED_ITERATOR splice_iterator_mismatch
- MISRA_CAST bitwise_op_bad_cast
- MISRA_CAST bitwise_op_no_cast
- MISRA_CAST float_complex_conversion
- MISRA_CAST float_narrowing_conversion
- MISRA_CAST float_non_constant_arg_conversion
- MISRA_CAST float_non_constant_conversion
- MISRA_CAST float_non_constant_rtn_conversion
- MISRA_CAST float_to_integer_cast
- MISRA_CAST float_to_integer_conversion
- MISRA_CAST float_widening_cast
- MISRA_CAST integer_complex_conversion
- MISRA_CAST integer_narrowing_conversion
- MISRA_CAST integer_non_constant_arg_conversion
- MISRA_CAST integer_non_constant_conversion
- MISRA_CAST integer_non_constant_rtn_conversion
- MISRA_CAST integer_signedness_changing_cast
- MISRA_CAST integer_signedness_changing_conversion
- MISRA_CAST integer_to_float_cast
- MISRA_CAST integer_to_float_conversion
- MISRA_CAST integer_widening_cast
- MISRA_CAST none
- MISSING_ASSIGN none
- MISSING_ASSIGN uncalled
- MISSING_COPY none
- MISSING_COPY uncalled
- NEGATIVE_RETURNS array_index_read
- NEGATIVE_RETURNS array_index_write
- NEGATIVE_RETURNS loop_bound
- NO_EFFECT bad_memset_truncated_fill
- OS_CMD_INJECTION none
- OVERFLOW_BEFORE_WIDEN none
- OVERRUN illegal_address
- OVERRUN none
- OVERRUN read
- OVERRUN strlen
- OVERRUN write
- PATH_MANIPULATION none
- PW.DIVIDE_BY_ZERO none
- PW.INTEGER_OVERFLOW none
- PW.INTEGER_TOO_LARGE none
- PW.NON_CONST_PRINTF_FORMAT_STRING none
- PW.SHIFT_COUNT_TOO_LARGE none
- READLINK none
- REVERSE_NEGATIVE array_index_read
- REVERSE_NEGATIVE array_index_write
- REVERSE_NEGATIVE critical_argument
- SECURE_CODING none
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SIGN_EXTENSION none
- SIZECHECK ampersand_in_size
- SIZECHECK improper_new
- SIZECHECK incorrect_multiplication
- SIZECHECK likely_overflow
- SIZECHECK no_null_terminator
- SIZECHECK none
- SIZEOF_MISMATCH sizeof_punning
- SQLI none
- STRING_NULL none
- STRING_OVERFLOW fixed_size_dest
- STRING_OVERFLOW likely_overflow
- STRING_OVERFLOW none
- STRING_SIZE none
- TAINTED_SCALAR allocation
- TAINTED_SCALAR array_index_read
- TAINTED_SCALAR array_index_write
- TAINTED_SCALAR critical_argument
- TAINTED_SCALAR divisor
- TAINTED_SCALAR loop_bound
- TAINTED_SCALAR none
- TAINTED_SCALAR pointer_deref_read
- TAINTED_SCALAR pointer_deref_write
- TAINTED_STRING none
- URL_MANIPULATION none
- USER_POINTER none
- USE_AFTER_FREE deref_read_after_free
- USE_AFTER_FREE deref_write_after_free
- USE_AFTER_FREE double_free
- USE_AFTER_FREE none
- WRAPPER_ESCAPE COM_deref_read_after_free
- WRAPPER_ESCAPE COM_deref_write_after_free
- WRAPPER_ESCAPE COM_use_after_free
- WRAPPER_ESCAPE deref_read_after_free
- WRAPPER_ESCAPE deref_write_after_free
- WRAPPER_ESCAPE none
- XPATH_INJECTION none
- Y2K38_SAFETY declaration_with_small_time_t
- Y2K38_SAFETY truncation_of_time_t
|
- ARRAY_VS_SINGLETON none
- BAD_ALLOC_ARITHMETIC none
- BAD_ALLOC_STRLEN none
- BAD_SIZEOF none
- BAD_SIZEOF sizeof_ptr_expr
- BUFFER_SIZE fixed_size_dest
- BUFFER_SIZE likely_overflow
- BUFFER_SIZE no_null_terminator
- BUFFER_SIZE no_null_terminator_warn
- BUFFER_SIZE none
- BUFFER_SIZE overflow
- BUFFER_SIZE overlapping_buffer
- CHAR_IO none
- DC.PREDICTABLE_KEY_PASSWORD none
- DC.STREAM_BUFFER none
- DC.STRING_BUFFER none
- DC.WEAK_CRYPTO none
- DIVIDE_BY_ZERO float_divisor
- DIVIDE_BY_ZERO none
- FORMAT_STRING_INJECTION none
- FORMAT_STRING_INJECTION paranoid
- HEADER_INJECTION none
- INCOMPATIBLE_CAST overrun
- INTEGER_OVERFLOW array_index_read
- INTEGER_OVERFLOW array_index_write
- INTEGER_OVERFLOW const_overflow
- INTEGER_OVERFLOW critical_argument
- INTEGER_OVERFLOW none
- INTEGER_OVERFLOW pointer_deref_read
- INTEGER_OVERFLOW pointer_deref_write
- INTEGER_OVERFLOW return_value_error
- INVALIDATE_ITERATOR none
- MISMATCHED_ITERATOR none
- MISMATCHED_ITERATOR splice_iterator_mismatch
- MISRA_CAST bitwise_op_bad_cast
- MISRA_CAST bitwise_op_no_cast
- MISRA_CAST float_complex_conversion
- MISRA_CAST float_narrowing_conversion
- MISRA_CAST float_non_constant_arg_conversion
- MISRA_CAST float_non_constant_conversion
- MISRA_CAST float_non_constant_rtn_conversion
- MISRA_CAST float_to_integer_cast
- MISRA_CAST float_to_integer_conversion
- MISRA_CAST float_widening_cast
- MISRA_CAST integer_complex_conversion
- MISRA_CAST integer_narrowing_conversion
- MISRA_CAST integer_non_constant_arg_conversion
- MISRA_CAST integer_non_constant_conversion
- MISRA_CAST integer_non_constant_rtn_conversion
- MISRA_CAST integer_signedness_changing_cast
- MISRA_CAST integer_signedness_changing_conversion
- MISRA_CAST integer_to_float_cast
- MISRA_CAST integer_to_float_conversion
- MISRA_CAST integer_widening_cast
- MISRA_CAST none
- MISSING_ASSIGN none
- MISSING_ASSIGN uncalled
- MISSING_COPY none
- MISSING_COPY uncalled
- NEGATIVE_RETURNS array_index_read
- NEGATIVE_RETURNS array_index_write
- NEGATIVE_RETURNS loop_bound
- NO_EFFECT bad_memset_truncated_fill
- OS_CMD_INJECTION none
- OVERFLOW_BEFORE_WIDEN none
- OVERRUN illegal_address
- OVERRUN none
- OVERRUN read
- OVERRUN strlen
- OVERRUN write
- PATH_MANIPULATION none
- PW.DIVIDE_BY_ZERO none
- PW.INTEGER_OVERFLOW none
- PW.INTEGER_TOO_LARGE none
- PW.NON_CONST_PRINTF_FORMAT_STRING none
- PW.SHIFT_COUNT_TOO_LARGE none
- READLINK none
- REVERSE_NEGATIVE array_index_read
- REVERSE_NEGATIVE array_index_write
- REVERSE_NEGATIVE critical_argument
- SECURE_CODING none
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SIGN_EXTENSION none
- SIZECHECK ampersand_in_size
- SIZECHECK improper_new
- SIZECHECK incorrect_multiplication
- SIZECHECK likely_overflow
- SIZECHECK no_null_terminator
- SIZECHECK none
- SIZEOF_MISMATCH sizeof_punning
- SQLI none
- STRING_NULL none
- STRING_OVERFLOW fixed_size_dest
- STRING_OVERFLOW likely_overflow
- STRING_OVERFLOW none
- STRING_SIZE none
- TAINTED_SCALAR allocation
- TAINTED_SCALAR array_index_read
- TAINTED_SCALAR array_index_write
- TAINTED_SCALAR critical_argument
- TAINTED_SCALAR divisor
- TAINTED_SCALAR loop_bound
- TAINTED_SCALAR none
- TAINTED_SCALAR pointer_deref_read
- TAINTED_SCALAR pointer_deref_write
- TAINTED_STRING none
- URL_MANIPULATION none
- USER_POINTER none
- USE_AFTER_FREE deref_read_after_free
- USE_AFTER_FREE deref_write_after_free
- USE_AFTER_FREE double_free
- USE_AFTER_FREE none
- WRAPPER_ESCAPE COM_deref_read_after_free
- WRAPPER_ESCAPE COM_deref_write_after_free
- WRAPPER_ESCAPE COM_use_after_free
- WRAPPER_ESCAPE deref_read_after_free
- WRAPPER_ESCAPE deref_write_after_free
- WRAPPER_ESCAPE none
- XPATH_INJECTION none
|
- DIVIDE_BY_ZERO float_divisor
- DIVIDE_BY_ZERO none
- HEADER_INJECTION none
- NOSQL_QUERY_INJECTION none
- OPEN_REDIRECT none
- OS_CMD_INJECTION command_as_one_string
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SQLI none
- SQLI nosink
- SQLI sink
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
- TEMPLATE_INJECTION none
- URL_MANIPULATION none
- XSS none
|
- CONFIG.MYBATIS_MAPPER_SQLI none
- CONFIG.SPRING_SECURITY_DEPRECATED_XSS_HEADER deprecated_xss_header
- CONFIG.STRUTS2_CONFIG_BROWSER_PLUGIN none
- CONFIG.STRUTS2_DYNAMIC_METHOD_INVOCATION none
- CONFIG.STRUTS2_ENABLED_DEV_MODE none
- DC.DANGEROUS none
- DIVIDE_BY_ZERO float_divisor
- DIVIDE_BY_ZERO none
- EL_INJECTION none
- FB.BX_BOXING_IMMEDIATELY_UNBOXED_TO_PERFORM_COERCION none
- FB.HRS_REQUEST_PARAMETER_TO_COOKIE none
- FB.HRS_REQUEST_PARAMETER_TO_HTTP_HEADER none
- FB.ICAST_BAD_SHIFT_AMOUNT none
- FB.ICAST_IDIV_CAST_TO_DOUBLE none
- FB.ICAST_INTEGER_MULTIPLY_CAST_TO_LONG none
- FB.ICAST_INT_2_LONG_AS_INSTANT none
- FB.ICAST_INT_CAST_TO_DOUBLE_PASSED_TO_CEIL none
- FB.ICAST_INT_CAST_TO_FLOAT_PASSED_TO_ROUND none
- FB.ICAST_QUESTIONABLE_UNSIGNED_RIGHT_SHIFT none
- FB.PT_ABSOLUTE_PATH_TRAVERSAL none
- FB.PT_RELATIVE_PATH_TRAVERSAL none
- FB.SQL_NONCONSTANT_STRING_PASSED_TO_EXECUTE none
- FB.SQL_PREPARED_STATEMENT_GENERATED_FROM_NONCONSTANT_STRING none
- FB.XSS_REQUEST_PARAMETER_TO_JSP_WRITER none
- FB.XSS_REQUEST_PARAMETER_TO_SEND_ERROR none
- FB.XSS_REQUEST_PARAMETER_TO_SERVLET_WRITER none
- HEADER_INJECTION none
- INVALIDATE_ITERATOR map_put
- INVALIDATE_ITERATOR none
- JAVA_CODE_INJECTION none
- JCR_INJECTION none
- JSP_DYNAMIC_INCLUDE none
- JSP_SQL_INJECTION none
- LDAP_INJECTION none
- LDAP_NOT_CONSTANT none
- LOG_INJECTION none
- MISSING_HEADER_VALIDATION missing_header_validation
- NOSQL_QUERY_INJECTION none
- OGNL_INJECTION none
- OPEN_REDIRECT none
- OS_CMD_INJECTION command_as_array_of_args
- OS_CMD_INJECTION command_as_one_string
- OS_CMD_INJECTION none
- OVERFLOW_BEFORE_WIDEN none
- PATH_MANIPULATION none
- REGEX_INJECTION none
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
- UNKNOWN_LANGUAGE_INJECTION none
- UNRESTRICTED_DISPATCH none
- UNSAFE_JNI none
- UNSAFE_NAMED_QUERY none
- UNSAFE_REFLECTION none
- URL_MANIPULATION bad_content_uri
- URL_MANIPULATION bad_intent_uri
- URL_MANIPULATION bad_web_uri
- XML_INJECTION none
- XPATH_INJECTION none
- XSS none
- XSS stored_xss
|
- ANGULAR_BYPASS_SECURITY none
- ANGULAR_ELEMENT_REFERENCE none
- ANGULAR_EXPRESSION_INJECTION none
- ANGULAR_SCE_DISABLED angular_sce_disabled
- AWS_VALIDATION_DISABLED aws_parameters_validation
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
- COOKIE_INJECTION none
- CSS_INJECTION none
- DOM_XSS none
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
- HEADER_INJECTION none
- LOCALSTORAGE_MANIPULATION none
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
- NOSQL_QUERY_INJECTION none
- OPEN_REDIRECT none
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- REACT_DANGEROUS_INNERHTML react_set_unsafe_html
- REGEX_INJECTION none
- REVERSE_TABNABBING react_target_blank
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SESSIONSTORAGE_MANIPULATION none
- SQLI none
- SQLI nosink
- SQLI sink
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
- TEMPLATE_INJECTION none
- URL_MANIPULATION none
- VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
- WEAK_URL_SANITIZATION url_substring
- XSS none
|
- HEADER_INJECTION none
- OS_CMD_INJECTION command_as_array_of_args
- OS_CMD_INJECTION command_as_one_string
- PATH_MANIPULATION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SQLI none
- SQLI nosink
- SQLI sink
- URL_MANIPULATION bad_content_uri
- URL_MANIPULATION bad_intent_uri
- URL_MANIPULATION bad_web_uri
|
- ARRAY_VS_SINGLETON none
- BAD_ALLOC_ARITHMETIC none
- BAD_ALLOC_STRLEN none
- BAD_SIZEOF none
- BAD_SIZEOF sizeof_ptr_expr
- BUFFER_SIZE fixed_size_dest
- BUFFER_SIZE likely_overflow
- BUFFER_SIZE no_null_terminator
- BUFFER_SIZE no_null_terminator_warn
- BUFFER_SIZE none
- BUFFER_SIZE overflow
- BUFFER_SIZE overlapping_buffer
- CHAR_IO none
- DC.PREDICTABLE_KEY_PASSWORD none
- DC.STREAM_BUFFER none
- DC.STRING_BUFFER none
- DC.WEAK_CRYPTO none
- DIVIDE_BY_ZERO float_divisor
- DIVIDE_BY_ZERO none
- FORMAT_STRING_INJECTION none
- FORMAT_STRING_INJECTION paranoid
- HEADER_INJECTION none
- INCOMPATIBLE_CAST overrun
- INTEGER_OVERFLOW array_index_read
- INTEGER_OVERFLOW array_index_write
- INTEGER_OVERFLOW const_overflow
- INTEGER_OVERFLOW critical_argument
- INTEGER_OVERFLOW none
- INTEGER_OVERFLOW pointer_deref_read
- INTEGER_OVERFLOW pointer_deref_write
- INTEGER_OVERFLOW return_value_error
- INVALIDATE_ITERATOR none
- MISMATCHED_ITERATOR none
- MISMATCHED_ITERATOR splice_iterator_mismatch
- MISRA_CAST bitwise_op_bad_cast
- MISRA_CAST bitwise_op_no_cast
- MISRA_CAST float_complex_conversion
- MISRA_CAST float_narrowing_conversion
- MISRA_CAST float_non_constant_arg_conversion
- MISRA_CAST float_non_constant_conversion
- MISRA_CAST float_non_constant_rtn_conversion
- MISRA_CAST float_to_integer_cast
- MISRA_CAST float_to_integer_conversion
- MISRA_CAST float_widening_cast
- MISRA_CAST integer_complex_conversion
- MISRA_CAST integer_narrowing_conversion
- MISRA_CAST integer_non_constant_arg_conversion
- MISRA_CAST integer_non_constant_conversion
- MISRA_CAST integer_non_constant_rtn_conversion
- MISRA_CAST integer_signedness_changing_cast
- MISRA_CAST integer_signedness_changing_conversion
- MISRA_CAST integer_to_float_cast
- MISRA_CAST integer_to_float_conversion
- MISRA_CAST integer_widening_cast
- MISRA_CAST none
- MISSING_ASSIGN none
- MISSING_ASSIGN uncalled
- MISSING_COPY none
- MISSING_COPY uncalled
- NEGATIVE_RETURNS array_index_read
- NEGATIVE_RETURNS array_index_write
- NEGATIVE_RETURNS loop_bound
- NO_EFFECT bad_memset_truncated_fill
- OS_CMD_INJECTION none
- OVERFLOW_BEFORE_WIDEN none
- OVERRUN illegal_address
- OVERRUN none
- OVERRUN read
- OVERRUN strlen
- OVERRUN write
- PATH_MANIPULATION none
- READLINK none
- REVERSE_NEGATIVE array_index_read
- REVERSE_NEGATIVE array_index_write
- REVERSE_NEGATIVE critical_argument
- SECURE_CODING none
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SIGN_EXTENSION none
- SIZECHECK ampersand_in_size
- SIZECHECK improper_new
- SIZECHECK incorrect_multiplication
- SIZECHECK likely_overflow
- SIZECHECK no_null_terminator
- SIZECHECK none
- SIZEOF_MISMATCH sizeof_punning
- SQLI none
- STRING_NULL none
- STRING_OVERFLOW fixed_size_dest
- STRING_OVERFLOW likely_overflow
- STRING_OVERFLOW none
- STRING_SIZE none
- TAINTED_SCALAR allocation
- TAINTED_SCALAR array_index_read
- TAINTED_SCALAR array_index_write
- TAINTED_SCALAR critical_argument
- TAINTED_SCALAR divisor
- TAINTED_SCALAR loop_bound
- TAINTED_SCALAR none
- TAINTED_SCALAR pointer_deref_read
- TAINTED_SCALAR pointer_deref_write
- TAINTED_STRING none
- URL_MANIPULATION none
- USER_POINTER none
- USE_AFTER_FREE deref_read_after_free
- USE_AFTER_FREE deref_write_after_free
- USE_AFTER_FREE double_free
- USE_AFTER_FREE none
- WRAPPER_ESCAPE COM_deref_read_after_free
- WRAPPER_ESCAPE COM_deref_write_after_free
- WRAPPER_ESCAPE COM_use_after_free
- WRAPPER_ESCAPE deref_read_after_free
- WRAPPER_ESCAPE deref_write_after_free
- WRAPPER_ESCAPE none
- XPATH_INJECTION none
|
- HEADER_INJECTION none
- NOSQL_QUERY_INJECTION none
- OPEN_REDIRECT none
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SQLI none
- SQLI nosink
- SQLI sink
- SYMFONY_EL_INJECTION none
- UNSAFE_REFLECTION none
- XSS none
|
- NOSQL_QUERY_INJECTION none
- OPEN_REDIRECT none
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SQLI none
- SQLI nosink
- SQLI sink
- XSS none
|
- DIVIDE_BY_ZERO divide_by_zero_low
- DIVIDE_BY_ZERO divide_by_zero_med
- DYNAMIC_OBJECT_ATTRIBUTES cve_2013_0276_hi
- OPEN_REDIRECT open_redirect_hi
- OPEN_REDIRECT open_redirect_low
- OS_CMD_INJECTION command_injection_hi
- OS_CMD_INJECTION command_injection_med
- PATH_MANIPULATION dynamic_render_path_hi
- PATH_MANIPULATION dynamic_render_path_low
- PATH_MANIPULATION dynamic_render_path_med
- PATH_MANIPULATION dynamic_render_path_rce_hi
- PATH_MANIPULATION file_access_hi
- PATH_MANIPULATION file_access_low
- PATH_MANIPULATION file_access_med
- REGEX_INJECTION regex_dos_hi
- REGEX_INJECTION regex_dos_low
- REGEX_INJECTION regex_dos_med
- REVERSE_TABNABBING reverse_tabnabbing_low
- RUBY_VULNERABLE_LIBRARY cve_2010_3933_hi
- RUBY_VULNERABLE_LIBRARY cve_2011_2929_hi
- RUBY_VULNERABLE_LIBRARY cve_2011_2930_med
- RUBY_VULNERABLE_LIBRARY cve_2011_2931_hi
- RUBY_VULNERABLE_LIBRARY cve_2011_2932_hi
- RUBY_VULNERABLE_LIBRARY cve_2011_3186_med
- RUBY_VULNERABLE_LIBRARY cve_2012_2660_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_2661_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_2695_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_3463_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_3465_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_5664_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_0155_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_1855_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_1857_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_4491_med
- RUBY_VULNERABLE_LIBRARY cve_2013_6416_call_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_6416_med
- RUBY_VULNERABLE_LIBRARY cve_2013_6417_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_0080_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_0081_call_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_0081_med
- RUBY_VULNERABLE_LIBRARY cve_2014_3482_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_3483_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_low
- RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_med
- RUBY_VULNERABLE_LIBRARY cve_2014_3514_med
- RUBY_VULNERABLE_LIBRARY cve_2014_7829_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_3226_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_3226_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7577_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7578_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_7578_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7579_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_7579_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7580_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_7580_med
- RUBY_VULNERABLE_LIBRARY cve_2016_6317_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_3741_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_3741_med
- RUBY_VULNERABLE_LIBRARY cve_2018_3760_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_3760_low
- RUBY_VULNERABLE_LIBRARY cve_2018_8048_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_8048_med
- RUBY_VULNERABLE_LIBRARY safe_buffer_vuln_med
- RUBY_VULNERABLE_LIBRARY select_options_vuln_low
- RUBY_VULNERABLE_LIBRARY select_options_vuln_med
- RUBY_VULNERABLE_LIBRARY translate_vuln_hi
- RUBY_VULNERABLE_LIBRARY translate_vuln_med
- SCRIPT_CODE_INJECTION code_eval_hi
- SCRIPT_CODE_INJECTION code_eval_low
- SQLI sql_injection_calculate_hi
- SQLI sql_injection_calculate_low
- SQLI sql_injection_calculate_med
- SQLI sql_injection_connection_hi
- SQLI sql_injection_connection_low
- SQLI sql_injection_connection_med
- SQLI sql_injection_delete_hi
- SQLI sql_injection_delete_low
- SQLI sql_injection_delete_med
- SQLI sql_injection_dynamic_finder_med
- SQLI sql_injection_exists_hi
- SQLI sql_injection_find_by_hi
- SQLI sql_injection_find_hi
- SQLI sql_injection_find_low
- SQLI sql_injection_find_med
- SQLI sql_injection_from_hi
- SQLI sql_injection_from_low
- SQLI sql_injection_from_med
- SQLI sql_injection_group_low
- SQLI sql_injection_group_med
- SQLI sql_injection_having_low
- SQLI sql_injection_having_med
- SQLI sql_injection_hi
- SQLI sql_injection_interp_hi
- SQLI sql_injection_interp_low
- SQLI sql_injection_interp_med
- SQLI sql_injection_joins_hi
- SQLI sql_injection_joins_low
- SQLI sql_injection_joins_med
- SQLI sql_injection_limit_offset_hi
- SQLI sql_injection_limit_offset_low
- SQLI sql_injection_low
- SQLI sql_injection_med
- SQLI sql_injection_not_low
- SQLI sql_injection_order_hi
- SQLI sql_injection_order_low
- SQLI sql_injection_order_med
- SQLI sql_injection_pluck_hi
- SQLI sql_injection_pluck_low
- SQLI sql_injection_pluck_med
- SQLI sql_injection_reorder_hi
- SQLI sql_injection_reorder_low
- SQLI sql_injection_reorder_med
- SQLI sql_injection_select_hi
- SQLI sql_injection_select_med
- SQLI sql_injection_where_hi
- SQLI sql_injection_where_low
- SQLI sql_injection_where_med
- UNESCAPED_HTML unescaped_output_low
- UNSAFE_REFLECTION dangerous_send_hi
- UNSAFE_REFLECTION unsafe_constantize_hi
- UNSAFE_REFLECTION unsafe_constantize_med
- XSS cross_site_scripting_hi
- XSS cross_site_scripting_inline_hi
- XSS cross_site_scripting_inline_med
- XSS cross_site_scripting_low
- XSS cross_site_scripting_med
- XSS cve_2011_0446_hi
- XSS cve_2012_3464_med
- XSS cve_2016_6316_hi
- XSS cve_2016_6316_med
- XSS unquoted_attribute_hi
- XSS unquoted_attribute_low
- XSS unquoted_attribute_med
- XSS xss_content_tag_hi
- XSS xss_content_tag_med
- XSS xss_link_to_hi
- XSS xss_link_to_href_hi
- XSS xss_link_to_href_low
- XSS xss_link_to_med
- XSS xss_to_json_hi
- XSS xss_to_json_med
|
- OVERFLOW_BEFORE_WIDEN none
|
- PATH_MANIPULATION none
- REGEX_INJECTION none
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SQLI none
- SQLI nosink
- SQLI sink
- XPATH_INJECTION none
|
- ANGULAR_BYPASS_SECURITY none
- ANGULAR_ELEMENT_REFERENCE none
- ANGULAR_EXPRESSION_INJECTION none
- ANGULAR_SCE_DISABLED angular_sce_disabled
- AWS_VALIDATION_DISABLED aws_parameters_validation
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
- COOKIE_INJECTION none
- CSS_INJECTION none
- DOM_XSS none
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
- HEADER_INJECTION none
- LOCALSTORAGE_MANIPULATION none
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
- NOSQL_QUERY_INJECTION none
- OPEN_REDIRECT none
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- REACT_DANGEROUS_INNERHTML react_set_unsafe_html
- REGEX_INJECTION none
- REVERSE_TABNABBING react_target_blank
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SESSIONSTORAGE_MANIPULATION none
- SQLI none
- SQLI nosink
- SQLI sink
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
- TEMPLATE_INJECTION none
- URL_MANIPULATION none
- VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
- WEAK_URL_SANITIZATION url_substring
- XSS none
|
- DIVIDE_BY_ZERO float_divisor
- DIVIDE_BY_ZERO none
- HEADER_INJECTION none
- LDAP_INJECTION none
- LDAP_NOT_CONSTANT none
- LOG_INJECTION none
- OPEN_REDIRECT none
- OS_CMD_INJECTION command_argument
- OS_CMD_INJECTION executable_file
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- REGEX_INJECTION none
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
- UNRESTRICTED_DISPATCH none
- UNSAFE_NAMED_QUERY none
- XML_INJECTION none
- XPATH_INJECTION none
- XSS none
- XSS stored_xss
|
| 739 CERT C Secure Coding Standard (2008) Chapter 6 - Floating Point (FLP) |
- DIVIDE_BY_ZERO float_divisor
- DIVIDE_BY_ZERO none
- OVERFLOW_BEFORE_WIDEN none
|
- BAD_ALLOC_STRLEN none
- BAD_SIZEOF none
- BAD_SIZEOF sizeof_ptr_expr
- CHAR_IO none
- COM.BSTR.CONV none
- DIVIDE_BY_ZERO float_divisor
- DIVIDE_BY_ZERO none
- INTEGER_OVERFLOW array_index_read
- INTEGER_OVERFLOW array_index_write
- INTEGER_OVERFLOW const_overflow
- INTEGER_OVERFLOW critical_argument
- INTEGER_OVERFLOW none
- INTEGER_OVERFLOW pointer_deref_read
- INTEGER_OVERFLOW pointer_deref_write
- INTEGER_OVERFLOW return_value_error
- MISRA_CAST bitwise_op_bad_cast
- MISRA_CAST bitwise_op_no_cast
- MISRA_CAST float_complex_conversion
- MISRA_CAST float_narrowing_conversion
- MISRA_CAST float_non_constant_arg_conversion
- MISRA_CAST float_non_constant_conversion
- MISRA_CAST float_non_constant_rtn_conversion
- MISRA_CAST float_to_integer_cast
- MISRA_CAST float_to_integer_conversion
- MISRA_CAST float_widening_cast
- MISRA_CAST integer_complex_conversion
- MISRA_CAST integer_narrowing_conversion
- MISRA_CAST integer_non_constant_arg_conversion
- MISRA_CAST integer_non_constant_conversion
- MISRA_CAST integer_non_constant_rtn_conversion
- MISRA_CAST integer_signedness_changing_cast
- MISRA_CAST integer_signedness_changing_conversion
- MISRA_CAST integer_to_float_cast
- MISRA_CAST integer_to_float_conversion
- MISRA_CAST integer_widening_cast
- MISRA_CAST none
- NO_EFFECT bad_memset_truncated_fill
- OVERFLOW_BEFORE_WIDEN none
- PRINTF_ARGS invalid_type_printf_arg
- PW.DIVIDE_BY_ZERO none
- PW.INTEGER_OVERFLOW none
- PW.INTEGER_TOO_LARGE none
- PW.SHIFT_COUNT_TOO_LARGE none
- SIGN_EXTENSION none
- SIZECHECK ampersand_in_size
- SIZECHECK improper_new
- SIZECHECK incorrect_multiplication
- SIZECHECK likely_overflow
- SIZECHECK none
- SIZEOF_MISMATCH sizeof_punning
- TAINTED_SCALAR divisor
- Y2K38_SAFETY declaration_with_small_time_t
- Y2K38_SAFETY truncation_of_time_t
|
- BAD_ALLOC_STRLEN none
- BAD_SIZEOF none
- BAD_SIZEOF sizeof_ptr_expr
- CHAR_IO none
- DIVIDE_BY_ZERO float_divisor
- DIVIDE_BY_ZERO none
- INTEGER_OVERFLOW array_index_read
- INTEGER_OVERFLOW array_index_write
- INTEGER_OVERFLOW const_overflow
- INTEGER_OVERFLOW critical_argument
- INTEGER_OVERFLOW none
- INTEGER_OVERFLOW pointer_deref_read
- INTEGER_OVERFLOW pointer_deref_write
- INTEGER_OVERFLOW return_value_error
- MISRA_CAST bitwise_op_bad_cast
- MISRA_CAST bitwise_op_no_cast
- MISRA_CAST float_complex_conversion
- MISRA_CAST float_narrowing_conversion
- MISRA_CAST float_non_constant_arg_conversion
- MISRA_CAST float_non_constant_conversion
- MISRA_CAST float_non_constant_rtn_conversion
- MISRA_CAST float_to_integer_cast
- MISRA_CAST float_to_integer_conversion
- MISRA_CAST float_widening_cast
- MISRA_CAST integer_complex_conversion
- MISRA_CAST integer_narrowing_conversion
- MISRA_CAST integer_non_constant_arg_conversion
- MISRA_CAST integer_non_constant_conversion
- MISRA_CAST integer_non_constant_rtn_conversion
- MISRA_CAST integer_signedness_changing_cast
- MISRA_CAST integer_signedness_changing_conversion
- MISRA_CAST integer_to_float_cast
- MISRA_CAST integer_to_float_conversion
- MISRA_CAST integer_widening_cast
- MISRA_CAST none
- NO_EFFECT bad_memset_truncated_fill
- OVERFLOW_BEFORE_WIDEN none
- PRINTF_ARGS invalid_type_printf_arg
- PW.DIVIDE_BY_ZERO none
- PW.INTEGER_OVERFLOW none
- PW.INTEGER_TOO_LARGE none
- PW.SHIFT_COUNT_TOO_LARGE none
- SIGN_EXTENSION none
- SIZECHECK ampersand_in_size
- SIZECHECK improper_new
- SIZECHECK incorrect_multiplication
- SIZECHECK likely_overflow
- SIZECHECK none
- SIZEOF_MISMATCH sizeof_punning
- TAINTED_SCALAR divisor
|
- DIVIDE_BY_ZERO float_divisor
- DIVIDE_BY_ZERO none
|
- DIVIDE_BY_ZERO float_divisor
- DIVIDE_BY_ZERO none
- FB.BX_BOXING_IMMEDIATELY_UNBOXED_TO_PERFORM_COERCION none
- FB.ICAST_BAD_SHIFT_AMOUNT none
- FB.ICAST_IDIV_CAST_TO_DOUBLE none
- FB.ICAST_INTEGER_MULTIPLY_CAST_TO_LONG none
- FB.ICAST_INT_2_LONG_AS_INSTANT none
- FB.ICAST_INT_CAST_TO_DOUBLE_PASSED_TO_CEIL none
- FB.ICAST_INT_CAST_TO_FLOAT_PASSED_TO_ROUND none
- FB.ICAST_QUESTIONABLE_UNSIGNED_RIGHT_SHIFT none
- OVERFLOW_BEFORE_WIDEN none
|
|
|
- BAD_ALLOC_STRLEN none
- BAD_SIZEOF none
- BAD_SIZEOF sizeof_ptr_expr
- CHAR_IO none
- DIVIDE_BY_ZERO float_divisor
- DIVIDE_BY_ZERO none
- INTEGER_OVERFLOW array_index_read
- INTEGER_OVERFLOW array_index_write
- INTEGER_OVERFLOW const_overflow
- INTEGER_OVERFLOW critical_argument
- INTEGER_OVERFLOW none
- INTEGER_OVERFLOW pointer_deref_read
- INTEGER_OVERFLOW pointer_deref_write
- INTEGER_OVERFLOW return_value_error
- MISRA_CAST bitwise_op_bad_cast
- MISRA_CAST bitwise_op_no_cast
- MISRA_CAST float_complex_conversion
- MISRA_CAST float_narrowing_conversion
- MISRA_CAST float_non_constant_arg_conversion
- MISRA_CAST float_non_constant_conversion
- MISRA_CAST float_non_constant_rtn_conversion
- MISRA_CAST float_to_integer_cast
- MISRA_CAST float_to_integer_conversion
- MISRA_CAST float_widening_cast
- MISRA_CAST integer_complex_conversion
- MISRA_CAST integer_narrowing_conversion
- MISRA_CAST integer_non_constant_arg_conversion
- MISRA_CAST integer_non_constant_conversion
- MISRA_CAST integer_non_constant_rtn_conversion
- MISRA_CAST integer_signedness_changing_cast
- MISRA_CAST integer_signedness_changing_conversion
- MISRA_CAST integer_to_float_cast
- MISRA_CAST integer_to_float_conversion
- MISRA_CAST integer_widening_cast
- MISRA_CAST none
- NO_EFFECT bad_memset_truncated_fill
- OVERFLOW_BEFORE_WIDEN none
- PRINTF_ARGS invalid_type_printf_arg
- SIGN_EXTENSION none
- SIZECHECK ampersand_in_size
- SIZECHECK improper_new
- SIZECHECK incorrect_multiplication
- SIZECHECK likely_overflow
- SIZECHECK none
- SIZEOF_MISMATCH sizeof_punning
- TAINTED_SCALAR divisor
|
|
|
- DIVIDE_BY_ZERO divide_by_zero_low
- DIVIDE_BY_ZERO divide_by_zero_med
|
- OVERFLOW_BEFORE_WIDEN none
|
|
|
- DIVIDE_BY_ZERO float_divisor
- DIVIDE_BY_ZERO none
|
| 740 CERT C Secure Coding Standard (2008) Chapter 7 - Arrays (ARR) |
|
- ARRAY_VS_SINGLETON none
- BAD_ALLOC_ARITHMETIC none
- BAD_SIZEOF none
- BAD_SIZEOF sizeof_ptr_expr
- BUFFER_SIZE fixed_size_dest
- BUFFER_SIZE likely_overflow
- BUFFER_SIZE none
- BUFFER_SIZE overflow
- BUFFER_SIZE overlapping_buffer
- COM.BAD_FREE none
- COM.BSTR.ALLOC double_free
- COM.BSTR.ALLOC free_uninit
- COM.BSTR.ALLOC none
- COM.BSTR.ALLOC use_after_free
- COM.BSTR.ALLOC use_uninit
- COM.BSTR.CONV none
- INCOMPATIBLE_CAST overrun
- INTEGER_OVERFLOW array_index_read
- INTEGER_OVERFLOW array_index_write
- INTEGER_OVERFLOW pointer_deref_read
- INTEGER_OVERFLOW pointer_deref_write
- INVALIDATE_ITERATOR none
- MISMATCHED_ITERATOR none
- MISMATCHED_ITERATOR splice_iterator_mismatch
- MISSING_ASSIGN none
- MISSING_ASSIGN uncalled
- MISSING_COPY none
- MISSING_COPY uncalled
- NEGATIVE_RETURNS array_index_read
- NEGATIVE_RETURNS array_index_write
- NO_EFFECT bad_memset_fill_value
- NO_EFFECT bad_memset_zero_size
- NO_EFFECT self_assign
- OVERRUN illegal_address
- OVERRUN none
- OVERRUN read
- OVERRUN strlen
- OVERRUN write
- PW.BRANCH_PAST_INITIALIZATION none
- REVERSE_NEGATIVE array_index_read
- REVERSE_NEGATIVE array_index_write
- REVERSE_NEGATIVE critical_argument
- SIZECHECK likely_overflow
- SIZEOF_MISMATCH sizeof_punning
- STRING_OVERFLOW fixed_size_dest
- STRING_OVERFLOW likely_overflow
- STRING_OVERFLOW none
- STRING_SIZE none
- TAINTED_SCALAR allocation
- TAINTED_SCALAR array_index_read
- TAINTED_SCALAR array_index_write
- TAINTED_SCALAR critical_argument
- TAINTED_SCALAR divisor
- TAINTED_SCALAR loop_bound
- TAINTED_SCALAR none
- TAINTED_SCALAR pointer_deref_read
- TAINTED_SCALAR pointer_deref_write
- UNINIT array_index_read
- UNINIT array_index_write
- UNINIT none
- UNINIT pointer_deref_read
- UNINIT pointer_deref_write
- UNINIT_CTOR none
- UNINIT_CTOR pointer
- USE_AFTER_FREE deref_read_after_free
- USE_AFTER_FREE deref_write_after_free
- USE_AFTER_FREE double_free
- USE_AFTER_FREE none
- WRAPPER_ESCAPE COM_deref_read_after_free
- WRAPPER_ESCAPE COM_deref_write_after_free
- WRAPPER_ESCAPE COM_use_after_free
- WRAPPER_ESCAPE deref_read_after_free
- WRAPPER_ESCAPE deref_write_after_free
- WRAPPER_ESCAPE none
|
- ARRAY_VS_SINGLETON none
- BAD_ALLOC_ARITHMETIC none
- BAD_SIZEOF none
- BAD_SIZEOF sizeof_ptr_expr
- BUFFER_SIZE fixed_size_dest
- BUFFER_SIZE likely_overflow
- BUFFER_SIZE none
- BUFFER_SIZE overflow
- BUFFER_SIZE overlapping_buffer
- INCOMPATIBLE_CAST overrun
- INTEGER_OVERFLOW array_index_read
- INTEGER_OVERFLOW array_index_write
- INTEGER_OVERFLOW pointer_deref_read
- INTEGER_OVERFLOW pointer_deref_write
- INVALIDATE_ITERATOR none
- MISMATCHED_ITERATOR none
- MISMATCHED_ITERATOR splice_iterator_mismatch
- MISSING_ASSIGN none
- MISSING_ASSIGN uncalled
- MISSING_COPY none
- MISSING_COPY uncalled
- NEGATIVE_RETURNS array_index_read
- NEGATIVE_RETURNS array_index_write
- NO_EFFECT bad_memset_fill_value
- NO_EFFECT bad_memset_zero_size
- NO_EFFECT self_assign
- OVERRUN illegal_address
- OVERRUN none
- OVERRUN read
- OVERRUN strlen
- OVERRUN write
- PW.BRANCH_PAST_INITIALIZATION none
- REVERSE_NEGATIVE array_index_read
- REVERSE_NEGATIVE array_index_write
- REVERSE_NEGATIVE critical_argument
- SIZECHECK likely_overflow
- SIZEOF_MISMATCH sizeof_punning
- STRING_OVERFLOW fixed_size_dest
- STRING_OVERFLOW likely_overflow
- STRING_OVERFLOW none
- STRING_SIZE none
- TAINTED_SCALAR allocation
- TAINTED_SCALAR array_index_read
- TAINTED_SCALAR array_index_write
- TAINTED_SCALAR critical_argument
- TAINTED_SCALAR divisor
- TAINTED_SCALAR loop_bound
- TAINTED_SCALAR none
- TAINTED_SCALAR pointer_deref_read
- TAINTED_SCALAR pointer_deref_write
- UNINIT array_index_read
- UNINIT array_index_write
- UNINIT none
- UNINIT pointer_deref_read
- UNINIT pointer_deref_write
- UNINIT_CTOR none
- UNINIT_CTOR pointer
- USE_AFTER_FREE deref_read_after_free
- USE_AFTER_FREE deref_write_after_free
- USE_AFTER_FREE double_free
- USE_AFTER_FREE none
- WRAPPER_ESCAPE COM_deref_read_after_free
- WRAPPER_ESCAPE COM_deref_write_after_free
- WRAPPER_ESCAPE COM_use_after_free
- WRAPPER_ESCAPE deref_read_after_free
- WRAPPER_ESCAPE deref_write_after_free
- WRAPPER_ESCAPE none
|
|
- INVALIDATE_ITERATOR map_put
- INVALIDATE_ITERATOR none
|
- EXPRESS_SESSION_UNSAFE_MEMORYSTORE express_session_unsafe_memorystore
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_count
- MULTER_MISCONFIGURATION multer_misconfiguration_of_limits
- NO_EFFECT self_assign
|
|
- ARRAY_VS_SINGLETON none
- BAD_ALLOC_ARITHMETIC none
- BAD_SIZEOF none
- BAD_SIZEOF sizeof_ptr_expr
- BUFFER_SIZE fixed_size_dest
- BUFFER_SIZE likely_overflow
- BUFFER_SIZE none
- BUFFER_SIZE overflow
- BUFFER_SIZE overlapping_buffer
- INCOMPATIBLE_CAST overrun
- INTEGER_OVERFLOW array_index_read
- INTEGER_OVERFLOW array_index_write
- INTEGER_OVERFLOW pointer_deref_read
- INTEGER_OVERFLOW pointer_deref_write
- INVALIDATE_ITERATOR none
- MISMATCHED_ITERATOR none
- MISMATCHED_ITERATOR splice_iterator_mismatch
- MISSING_ASSIGN none
- MISSING_ASSIGN uncalled
- MISSING_COPY none
- MISSING_COPY uncalled
- NEGATIVE_RETURNS array_index_read
- NEGATIVE_RETURNS array_index_write
- NO_EFFECT bad_memset_fill_value
- NO_EFFECT bad_memset_zero_size
- NO_EFFECT self_assign
- OVERRUN illegal_address
- OVERRUN none
- OVERRUN read
- OVERRUN strlen
- OVERRUN write
- REVERSE_NEGATIVE array_index_read
- REVERSE_NEGATIVE array_index_write
- REVERSE_NEGATIVE critical_argument
- SIZECHECK likely_overflow
- SIZEOF_MISMATCH sizeof_punning
- STRING_OVERFLOW fixed_size_dest
- STRING_OVERFLOW likely_overflow
- STRING_OVERFLOW none
- STRING_SIZE none
- TAINTED_SCALAR allocation
- TAINTED_SCALAR array_index_read
- TAINTED_SCALAR array_index_write
- TAINTED_SCALAR critical_argument
- TAINTED_SCALAR divisor
- TAINTED_SCALAR loop_bound
- TAINTED_SCALAR none
- TAINTED_SCALAR pointer_deref_read
- TAINTED_SCALAR pointer_deref_write
- UNINIT array_index_read
- UNINIT array_index_write
- UNINIT none
- UNINIT pointer_deref_read
- UNINIT pointer_deref_write
- UNINIT_CTOR none
- UNINIT_CTOR pointer
- USE_AFTER_FREE deref_read_after_free
- USE_AFTER_FREE deref_write_after_free
- USE_AFTER_FREE double_free
- USE_AFTER_FREE none
- WRAPPER_ESCAPE COM_deref_read_after_free
- WRAPPER_ESCAPE COM_deref_write_after_free
- WRAPPER_ESCAPE COM_use_after_free
- WRAPPER_ESCAPE deref_read_after_free
- WRAPPER_ESCAPE deref_write_after_free
- WRAPPER_ESCAPE none
|
|
|
|
|
|
- EXPRESS_SESSION_UNSAFE_MEMORYSTORE express_session_unsafe_memorystore
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_count
- MULTER_MISCONFIGURATION multer_misconfiguration_of_limits
- NO_EFFECT self_assign
|
|
| 741 CERT C Secure Coding Standard (2008) Chapter 8 - Characters and Strings (STR) |
- HEADER_INJECTION none
- OS_CMD_INJECTION command_argument
- OS_CMD_INJECTION executable_file
- OS_CMD_INJECTION none
|
- ARRAY_VS_SINGLETON none
- BAD_ALLOC_ARITHMETIC none
- BUFFER_SIZE fixed_size_dest
- BUFFER_SIZE likely_overflow
- BUFFER_SIZE no_null_terminator
- BUFFER_SIZE no_null_terminator_warn
- BUFFER_SIZE none
- BUFFER_SIZE overflow
- BUFFER_SIZE overlapping_buffer
- CHAR_IO none
- COM.BAD_FREE none
- COM.BSTR.ALLOC double_free
- COM.BSTR.ALLOC free_uninit
- COM.BSTR.ALLOC none
- COM.BSTR.ALLOC use_after_free
- COM.BSTR.ALLOC use_uninit
- COM.BSTR.CONV none
- HEADER_INJECTION none
- INCOMPATIBLE_CAST float_vs_integral
- INCOMPATIBLE_CAST none
- INCOMPATIBLE_CAST overrun
- INTEGER_OVERFLOW array_index_read
- INTEGER_OVERFLOW array_index_write
- INTEGER_OVERFLOW pointer_deref_read
- INTEGER_OVERFLOW pointer_deref_write
- INVALIDATE_ITERATOR none
- MISMATCHED_ITERATOR none
- MISMATCHED_ITERATOR splice_iterator_mismatch
- MISRA_CAST bitwise_op_bad_cast
- MISRA_CAST bitwise_op_no_cast
- MISRA_CAST float_complex_conversion
- MISRA_CAST float_narrowing_conversion
- MISRA_CAST float_non_constant_arg_conversion
- MISRA_CAST float_non_constant_conversion
- MISRA_CAST float_non_constant_rtn_conversion
- MISRA_CAST float_to_integer_cast
- MISRA_CAST float_to_integer_conversion
- MISRA_CAST float_widening_cast
- MISRA_CAST integer_complex_conversion
- MISRA_CAST integer_narrowing_conversion
- MISRA_CAST integer_non_constant_arg_conversion
- MISRA_CAST integer_non_constant_conversion
- MISRA_CAST integer_non_constant_rtn_conversion
- MISRA_CAST integer_signedness_changing_cast
- MISRA_CAST integer_signedness_changing_conversion
- MISRA_CAST integer_to_float_cast
- MISRA_CAST integer_to_float_conversion
- MISRA_CAST integer_widening_cast
- MISRA_CAST none
- MISSING_ASSIGN none
- MISSING_ASSIGN uncalled
- MISSING_COPY none
- MISSING_COPY uncalled
- NO_EFFECT bad_memset_truncated_fill
- OS_CMD_INJECTION none
- OVERRUN illegal_address
- OVERRUN none
- OVERRUN read
- OVERRUN strlen
- OVERRUN write
- PRINTF_ARGS invalid_type_printf_arg
- PW.BAD_CAST none
- PW.CONVERSION_TO_POINTER_LOSES_BITS none
- READLINK none
- REVERSE_NEGATIVE critical_argument
- SIGN_EXTENSION none
- SIZECHECK likely_overflow
- SIZECHECK no_null_terminator
- STRING_NULL none
- STRING_OVERFLOW fixed_size_dest
- STRING_OVERFLOW likely_overflow
- STRING_OVERFLOW none
- STRING_SIZE none
- TAINTED_SCALAR allocation
- TAINTED_SCALAR array_index_read
- TAINTED_SCALAR array_index_write
- TAINTED_SCALAR critical_argument
- TAINTED_SCALAR divisor
- TAINTED_SCALAR loop_bound
- TAINTED_SCALAR none
- TAINTED_SCALAR pointer_deref_read
- TAINTED_SCALAR pointer_deref_write
- USE_AFTER_FREE deref_read_after_free
- USE_AFTER_FREE deref_write_after_free
- USE_AFTER_FREE double_free
- USE_AFTER_FREE none
- WRAPPER_ESCAPE COM_deref_read_after_free
- WRAPPER_ESCAPE COM_deref_write_after_free
- WRAPPER_ESCAPE COM_use_after_free
- WRAPPER_ESCAPE deref_read_after_free
- WRAPPER_ESCAPE deref_write_after_free
- WRAPPER_ESCAPE none
- Y2K38_SAFETY declaration_with_small_time_t
- Y2K38_SAFETY truncation_of_time_t
|
- ARRAY_VS_SINGLETON none
- BAD_ALLOC_ARITHMETIC none
- BUFFER_SIZE fixed_size_dest
- BUFFER_SIZE likely_overflow
- BUFFER_SIZE no_null_terminator
- BUFFER_SIZE no_null_terminator_warn
- BUFFER_SIZE none
- BUFFER_SIZE overflow
- BUFFER_SIZE overlapping_buffer
- CHAR_IO none
- HEADER_INJECTION none
- INCOMPATIBLE_CAST float_vs_integral
- INCOMPATIBLE_CAST none
- INCOMPATIBLE_CAST overrun
- INTEGER_OVERFLOW array_index_read
- INTEGER_OVERFLOW array_index_write
- INTEGER_OVERFLOW pointer_deref_read
- INTEGER_OVERFLOW pointer_deref_write
- INVALIDATE_ITERATOR none
- MISMATCHED_ITERATOR none
- MISMATCHED_ITERATOR splice_iterator_mismatch
- MISRA_CAST bitwise_op_bad_cast
- MISRA_CAST bitwise_op_no_cast
- MISRA_CAST float_complex_conversion
- MISRA_CAST float_narrowing_conversion
- MISRA_CAST float_non_constant_arg_conversion
- MISRA_CAST float_non_constant_conversion
- MISRA_CAST float_non_constant_rtn_conversion
- MISRA_CAST float_to_integer_cast
- MISRA_CAST float_to_integer_conversion
- MISRA_CAST float_widening_cast
- MISRA_CAST integer_complex_conversion
- MISRA_CAST integer_narrowing_conversion
- MISRA_CAST integer_non_constant_arg_conversion
- MISRA_CAST integer_non_constant_conversion
- MISRA_CAST integer_non_constant_rtn_conversion
- MISRA_CAST integer_signedness_changing_cast
- MISRA_CAST integer_signedness_changing_conversion
- MISRA_CAST integer_to_float_cast
- MISRA_CAST integer_to_float_conversion
- MISRA_CAST integer_widening_cast
- MISRA_CAST none
- MISSING_ASSIGN none
- MISSING_ASSIGN uncalled
- MISSING_COPY none
- MISSING_COPY uncalled
- NO_EFFECT bad_memset_truncated_fill
- OS_CMD_INJECTION none
- OVERRUN illegal_address
- OVERRUN none
- OVERRUN read
- OVERRUN strlen
- OVERRUN write
- PRINTF_ARGS invalid_type_printf_arg
- PW.BAD_CAST none
- PW.CONVERSION_TO_POINTER_LOSES_BITS none
- READLINK none
- REVERSE_NEGATIVE critical_argument
- SIGN_EXTENSION none
- SIZECHECK likely_overflow
- SIZECHECK no_null_terminator
- STRING_NULL none
- STRING_OVERFLOW fixed_size_dest
- STRING_OVERFLOW likely_overflow
- STRING_OVERFLOW none
- STRING_SIZE none
- TAINTED_SCALAR allocation
- TAINTED_SCALAR array_index_read
- TAINTED_SCALAR array_index_write
- TAINTED_SCALAR critical_argument
- TAINTED_SCALAR divisor
- TAINTED_SCALAR loop_bound
- TAINTED_SCALAR none
- TAINTED_SCALAR pointer_deref_read
- TAINTED_SCALAR pointer_deref_write
- USE_AFTER_FREE deref_read_after_free
- USE_AFTER_FREE deref_write_after_free
- USE_AFTER_FREE double_free
- USE_AFTER_FREE none
- WRAPPER_ESCAPE COM_deref_read_after_free
- WRAPPER_ESCAPE COM_deref_write_after_free
- WRAPPER_ESCAPE COM_use_after_free
- WRAPPER_ESCAPE deref_read_after_free
- WRAPPER_ESCAPE deref_write_after_free
- WRAPPER_ESCAPE none
|
- HEADER_INJECTION none
- OS_CMD_INJECTION command_as_one_string
- OS_CMD_INJECTION none
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
|
- FB.BX_BOXING_IMMEDIATELY_UNBOXED_TO_PERFORM_COERCION none
- FB.ICAST_BAD_SHIFT_AMOUNT none
- FB.ICAST_IDIV_CAST_TO_DOUBLE none
- FB.ICAST_INTEGER_MULTIPLY_CAST_TO_LONG none
- FB.ICAST_INT_2_LONG_AS_INSTANT none
- FB.ICAST_INT_CAST_TO_DOUBLE_PASSED_TO_CEIL none
- FB.ICAST_INT_CAST_TO_FLOAT_PASSED_TO_ROUND none
- FB.ICAST_QUESTIONABLE_UNSIGNED_RIGHT_SHIFT none
- HEADER_INJECTION none
- INVALIDATE_ITERATOR map_put
- INVALIDATE_ITERATOR none
- MISSING_HEADER_VALIDATION missing_header_validation
- OS_CMD_INJECTION command_as_array_of_args
- OS_CMD_INJECTION command_as_one_string
- OS_CMD_INJECTION none
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
|
- HEADER_INJECTION none
- OS_CMD_INJECTION none
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
|
- HEADER_INJECTION none
- OS_CMD_INJECTION command_as_array_of_args
- OS_CMD_INJECTION command_as_one_string
|
- ARRAY_VS_SINGLETON none
- BAD_ALLOC_ARITHMETIC none
- BUFFER_SIZE fixed_size_dest
- BUFFER_SIZE likely_overflow
- BUFFER_SIZE no_null_terminator
- BUFFER_SIZE no_null_terminator_warn
- BUFFER_SIZE none
- BUFFER_SIZE overflow
- BUFFER_SIZE overlapping_buffer
- CHAR_IO none
- HEADER_INJECTION none
- INCOMPATIBLE_CAST float_vs_integral
- INCOMPATIBLE_CAST none
- INCOMPATIBLE_CAST overrun
- INTEGER_OVERFLOW array_index_read
- INTEGER_OVERFLOW array_index_write
- INTEGER_OVERFLOW pointer_deref_read
- INTEGER_OVERFLOW pointer_deref_write
- INVALIDATE_ITERATOR none
- MISMATCHED_ITERATOR none
- MISMATCHED_ITERATOR splice_iterator_mismatch
- MISRA_CAST bitwise_op_bad_cast
- MISRA_CAST bitwise_op_no_cast
- MISRA_CAST float_complex_conversion
- MISRA_CAST float_narrowing_conversion
- MISRA_CAST float_non_constant_arg_conversion
- MISRA_CAST float_non_constant_conversion
- MISRA_CAST float_non_constant_rtn_conversion
- MISRA_CAST float_to_integer_cast
- MISRA_CAST float_to_integer_conversion
- MISRA_CAST float_widening_cast
- MISRA_CAST integer_complex_conversion
- MISRA_CAST integer_narrowing_conversion
- MISRA_CAST integer_non_constant_arg_conversion
- MISRA_CAST integer_non_constant_conversion
- MISRA_CAST integer_non_constant_rtn_conversion
- MISRA_CAST integer_signedness_changing_cast
- MISRA_CAST integer_signedness_changing_conversion
- MISRA_CAST integer_to_float_cast
- MISRA_CAST integer_to_float_conversion
- MISRA_CAST integer_widening_cast
- MISRA_CAST none
- MISSING_ASSIGN none
- MISSING_ASSIGN uncalled
- MISSING_COPY none
- MISSING_COPY uncalled
- NO_EFFECT bad_memset_truncated_fill
- OS_CMD_INJECTION none
- OVERRUN illegal_address
- OVERRUN none
- OVERRUN read
- OVERRUN strlen
- OVERRUN write
- PRINTF_ARGS invalid_type_printf_arg
- READLINK none
- REVERSE_NEGATIVE critical_argument
- SIGN_EXTENSION none
- SIZECHECK likely_overflow
- SIZECHECK no_null_terminator
- STRING_NULL none
- STRING_OVERFLOW fixed_size_dest
- STRING_OVERFLOW likely_overflow
- STRING_OVERFLOW none
- STRING_SIZE none
- TAINTED_SCALAR allocation
- TAINTED_SCALAR array_index_read
- TAINTED_SCALAR array_index_write
- TAINTED_SCALAR critical_argument
- TAINTED_SCALAR divisor
- TAINTED_SCALAR loop_bound
- TAINTED_SCALAR none
- TAINTED_SCALAR pointer_deref_read
- TAINTED_SCALAR pointer_deref_write
- USE_AFTER_FREE deref_read_after_free
- USE_AFTER_FREE deref_write_after_free
- USE_AFTER_FREE double_free
- USE_AFTER_FREE none
- WRAPPER_ESCAPE COM_deref_read_after_free
- WRAPPER_ESCAPE COM_deref_write_after_free
- WRAPPER_ESCAPE COM_use_after_free
- WRAPPER_ESCAPE deref_read_after_free
- WRAPPER_ESCAPE deref_write_after_free
- WRAPPER_ESCAPE none
|
- HEADER_INJECTION none
- OS_CMD_INJECTION none
|
|
- OS_CMD_INJECTION command_injection_hi
- OS_CMD_INJECTION command_injection_med
- SQLI sql_injection_dynamic_finder_med
|
|
|
- HEADER_INJECTION none
- OS_CMD_INJECTION none
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
|
- HEADER_INJECTION none
- OS_CMD_INJECTION command_argument
- OS_CMD_INJECTION executable_file
- OS_CMD_INJECTION none
|
| 742 CERT C Secure Coding Standard (2008) Chapter 9 - Memory Management (MEM) |
- FORWARD_NULL deref_constant_null
- FORWARD_NULL deref_constant_zero
- FORWARD_NULL dynamic_cast
- FORWARD_NULL none
- FORWARD_NULL null_from_as
- FORWARD_NULL throws_on_null
- HEADER_INJECTION none
- LDAP_INJECTION none
- LDAP_NOT_CONSTANT none
- LOG_INJECTION none
- NOSQL_QUERY_INJECTION none
- NULL_RETURNS none
- NULL_RETURNS unimpl
- OPEN_REDIRECT none
- OS_CMD_INJECTION command_argument
- OS_CMD_INJECTION executable_file
- OS_CMD_INJECTION none
- OVERFLOW_BEFORE_WIDEN none
- PATH_MANIPULATION none
- REGEX_INJECTION none
- REVERSE_INULL none
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
- SWAPPED_ARGUMENTS none
- UNKNOWN_LANGUAGE_INJECTION none
- UNRESTRICTED_DISPATCH none
- UNSAFE_NAMED_QUERY none
- XML_INJECTION none
- XPATH_INJECTION none
- XSS none
- XSS stored_xss
|
- ARRAY_VS_SINGLETON none
- BAD_ALLOC_ARITHMETIC none
- BAD_ALLOC_STRLEN none
- BAD_COMPARE comparator_misuse
- BAD_COMPARE none
- BAD_FREE address
- BAD_FREE alloca
- BAD_FREE array
- BAD_FREE first_field_address
- BAD_FREE function_pointer
- BAD_FREE none
- BUFFER_SIZE fixed_size_dest
- BUFFER_SIZE likely_overflow
- BUFFER_SIZE no_null_terminator
- BUFFER_SIZE no_null_terminator_warn
- BUFFER_SIZE none
- BUFFER_SIZE overflow
- BUFFER_SIZE overlapping_buffer
- CHECKED_RETURN library_function
- CHECKED_RETURN none
- CHECKED_RETURN returns_error_info
- CHECKED_RETURN short_read
- CHECKED_RETURN unchecked_arg
- CHECKED_RETURN user_required
- COM.BAD_FREE none
- COM.BSTR.ALLOC double_free
- COM.BSTR.ALLOC free_uninit
- COM.BSTR.ALLOC none
- COM.BSTR.ALLOC use_after_free
- COM.BSTR.ALLOC use_uninit
- COM.BSTR.CONV none
- FORMAT_STRING_INJECTION none
- FORMAT_STRING_INJECTION paranoid
- FORWARD_NULL deref_constant_null
- FORWARD_NULL dynamic_cast
- FORWARD_NULL none
- FORWARD_NULL throws_on_null
- HEADER_INJECTION none
- INCOMPATIBLE_CAST overrun
- INTEGER_OVERFLOW array_index_read
- INTEGER_OVERFLOW array_index_write
- INTEGER_OVERFLOW const_overflow
- INTEGER_OVERFLOW critical_argument
- INTEGER_OVERFLOW none
- INTEGER_OVERFLOW pointer_deref_read
- INTEGER_OVERFLOW pointer_deref_write
- INTEGER_OVERFLOW return_value_error
- INVALIDATE_ITERATOR none
- MISMATCHED_ITERATOR none
- MISMATCHED_ITERATOR splice_iterator_mismatch
- MISSING_ASSIGN none
- MISSING_ASSIGN uncalled
- MISSING_COPY none
- MISSING_COPY uncalled
- NEGATIVE_RETURNS array_index_read
- NEGATIVE_RETURNS array_index_write
- NEGATIVE_RETURNS critical_argument
- NEGATIVE_RETURNS loop_bound
- NEGATIVE_RETURNS none
- NO_EFFECT bad_memset_fill_value
- NO_EFFECT bad_memset_zero_size
- NO_EFFECT self_assign
- NULL_RETURNS none
- NULL_RETURNS unimpl
- OS_CMD_INJECTION none
- OVERFLOW_BEFORE_WIDEN none
- OVERRUN illegal_address
- OVERRUN none
- OVERRUN read
- OVERRUN strlen
- OVERRUN write
- PATH_MANIPULATION none
- PRINTF_ARGS extra_printf_arg
- PRINTF_ARGS invalid_type_printf_arg
- PRINTF_ARGS missing_printf_arg
- PW.BAD_PRINTF_FORMAT_STRING none
- PW.BRANCH_PAST_INITIALIZATION none
- PW.INTEGER_OVERFLOW none
- PW.INTEGER_TOO_LARGE none
- PW.NON_CONST_PRINTF_FORMAT_STRING none
- PW.SHIFT_COUNT_TOO_LARGE none
- PW.TOO_FEW_PRINTF_ARGS none
- PW.TOO_MANY_PRINTF_ARGS none
- READLINK none
- REVERSE_INULL none
- REVERSE_NEGATIVE array_index_read
- REVERSE_NEGATIVE array_index_write
- REVERSE_NEGATIVE critical_argument
- REVERSE_NEGATIVE none
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SIZECHECK ampersand_in_size
- SIZECHECK improper_new
- SIZECHECK incorrect_multiplication
- SIZECHECK likely_overflow
- SIZECHECK no_null_terminator
- SIZECHECK none
- SQLI none
- STRING_NULL none
- STRING_OVERFLOW fixed_size_dest
- STRING_OVERFLOW likely_overflow
- STRING_OVERFLOW none
- STRING_SIZE none
- SWAPPED_ARGUMENTS none
- TAINTED_SCALAR allocation
- TAINTED_SCALAR array_index_read
- TAINTED_SCALAR array_index_write
- TAINTED_SCALAR critical_argument
- TAINTED_SCALAR divisor
- TAINTED_SCALAR loop_bound
- TAINTED_SCALAR none
- TAINTED_SCALAR pointer_deref_read
- TAINTED_SCALAR pointer_deref_write
- TAINTED_STRING none
- UNINIT array_index_read
- UNINIT array_index_write
- UNINIT none
- UNINIT pointer_deref_read
- UNINIT pointer_deref_write
- UNINIT_CTOR none
- UNINIT_CTOR pointer
- URL_MANIPULATION none
- USER_POINTER none
- USE_AFTER_FREE deref_read_after_free
- USE_AFTER_FREE deref_write_after_free
- USE_AFTER_FREE double_free
- USE_AFTER_FREE none
- WRAPPER_ESCAPE COM_deref_read_after_free
- WRAPPER_ESCAPE COM_deref_write_after_free
- WRAPPER_ESCAPE COM_use_after_free
- WRAPPER_ESCAPE deref_read_after_free
- WRAPPER_ESCAPE deref_write_after_free
- WRAPPER_ESCAPE none
- XPATH_INJECTION none
|
- ARRAY_VS_SINGLETON none
- BAD_ALLOC_ARITHMETIC none
- BAD_ALLOC_STRLEN none
- BAD_COMPARE comparator_misuse
- BAD_COMPARE none
- BAD_FREE address
- BAD_FREE alloca
- BAD_FREE array
- BAD_FREE first_field_address
- BAD_FREE function_pointer
- BAD_FREE none
- BUFFER_SIZE fixed_size_dest
- BUFFER_SIZE likely_overflow
- BUFFER_SIZE no_null_terminator
- BUFFER_SIZE no_null_terminator_warn
- BUFFER_SIZE none
- BUFFER_SIZE overflow
- BUFFER_SIZE overlapping_buffer
- CHECKED_RETURN library_function
- CHECKED_RETURN none
- CHECKED_RETURN returns_error_info
- CHECKED_RETURN short_read
- CHECKED_RETURN unchecked_arg
- CHECKED_RETURN user_required
- FORMAT_STRING_INJECTION none
- FORMAT_STRING_INJECTION paranoid
- FORWARD_NULL deref_constant_null
- FORWARD_NULL dynamic_cast
- FORWARD_NULL none
- FORWARD_NULL throws_on_null
- HEADER_INJECTION none
- INCOMPATIBLE_CAST overrun
- INTEGER_OVERFLOW array_index_read
- INTEGER_OVERFLOW array_index_write
- INTEGER_OVERFLOW const_overflow
- INTEGER_OVERFLOW critical_argument
- INTEGER_OVERFLOW none
- INTEGER_OVERFLOW pointer_deref_read
- INTEGER_OVERFLOW pointer_deref_write
- INTEGER_OVERFLOW return_value_error
- INVALIDATE_ITERATOR none
- MISMATCHED_ITERATOR none
- MISMATCHED_ITERATOR splice_iterator_mismatch
- MISSING_ASSIGN none
- MISSING_ASSIGN uncalled
- MISSING_COPY none
- MISSING_COPY uncalled
- NEGATIVE_RETURNS array_index_read
- NEGATIVE_RETURNS array_index_write
- NEGATIVE_RETURNS critical_argument
- NEGATIVE_RETURNS loop_bound
- NEGATIVE_RETURNS none
- NO_EFFECT bad_memset_fill_value
- NO_EFFECT bad_memset_zero_size
- NO_EFFECT self_assign
- NULL_RETURNS none
- NULL_RETURNS unimpl
- OS_CMD_INJECTION none
- OVERFLOW_BEFORE_WIDEN none
- OVERRUN illegal_address
- OVERRUN none
- OVERRUN read
- OVERRUN strlen
- OVERRUN write
- PATH_MANIPULATION none
- PRINTF_ARGS extra_printf_arg
- PRINTF_ARGS invalid_type_printf_arg
- PRINTF_ARGS missing_printf_arg
- PW.BAD_PRINTF_FORMAT_STRING none
- PW.BRANCH_PAST_INITIALIZATION none
- PW.INTEGER_OVERFLOW none
- PW.INTEGER_TOO_LARGE none
- PW.NON_CONST_PRINTF_FORMAT_STRING none
- PW.SHIFT_COUNT_TOO_LARGE none
- PW.TOO_FEW_PRINTF_ARGS none
- PW.TOO_MANY_PRINTF_ARGS none
- READLINK none
- REVERSE_INULL none
- REVERSE_NEGATIVE array_index_read
- REVERSE_NEGATIVE array_index_write
- REVERSE_NEGATIVE critical_argument
- REVERSE_NEGATIVE none
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SIZECHECK ampersand_in_size
- SIZECHECK improper_new
- SIZECHECK incorrect_multiplication
- SIZECHECK likely_overflow
- SIZECHECK no_null_terminator
- SIZECHECK none
- SQLI none
- STRING_NULL none
- STRING_OVERFLOW fixed_size_dest
- STRING_OVERFLOW likely_overflow
- STRING_OVERFLOW none
- STRING_SIZE none
- SWAPPED_ARGUMENTS none
- TAINTED_SCALAR allocation
- TAINTED_SCALAR array_index_read
- TAINTED_SCALAR array_index_write
- TAINTED_SCALAR critical_argument
- TAINTED_SCALAR divisor
- TAINTED_SCALAR loop_bound
- TAINTED_SCALAR none
- TAINTED_SCALAR pointer_deref_read
- TAINTED_SCALAR pointer_deref_write
- TAINTED_STRING none
- UNINIT array_index_read
- UNINIT array_index_write
- UNINIT none
- UNINIT pointer_deref_read
- UNINIT pointer_deref_write
- UNINIT_CTOR none
- UNINIT_CTOR pointer
- URL_MANIPULATION none
- USER_POINTER none
- USE_AFTER_FREE deref_read_after_free
- USE_AFTER_FREE deref_write_after_free
- USE_AFTER_FREE double_free
- USE_AFTER_FREE none
- WRAPPER_ESCAPE COM_deref_read_after_free
- WRAPPER_ESCAPE COM_deref_write_after_free
- WRAPPER_ESCAPE COM_use_after_free
- WRAPPER_ESCAPE deref_read_after_free
- WRAPPER_ESCAPE deref_write_after_free
- WRAPPER_ESCAPE none
- XPATH_INJECTION none
|
- CHECKED_RETURN none
- CHECKED_RETURN unchecked_arg
- FORWARD_NULL deref_constant_null
- FORWARD_NULL none
- HEADER_INJECTION none
- NOSQL_QUERY_INJECTION none
- NULL_RETURNS none
- NULL_RETURNS unimpl
- OPEN_REDIRECT none
- OS_CMD_INJECTION command_as_one_string
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- REVERSE_INULL none
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SQLI none
- SQLI nosink
- SQLI sink
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
- TEMPLATE_INJECTION none
- URL_MANIPULATION none
- XSS none
|
- CHECKED_RETURN library_function
- CHECKED_RETURN none
- CHECKED_RETURN short_read
- CHECKED_RETURN user_required
- CONFIG.MYBATIS_MAPPER_SQLI none
- CONFIG.SPRING_SECURITY_DEPRECATED_XSS_HEADER deprecated_xss_header
- CONFIG.STRUTS2_CONFIG_BROWSER_PLUGIN none
- CONFIG.STRUTS2_DYNAMIC_METHOD_INVOCATION none
- CONFIG.STRUTS2_ENABLED_DEV_MODE none
- EL_INJECTION none
- FB.BC_NULL_INSTANCEOF none
- FB.HRS_REQUEST_PARAMETER_TO_COOKIE none
- FB.HRS_REQUEST_PARAMETER_TO_HTTP_HEADER none
- FB.NP_ALWAYS_NULL none
- FB.NP_ALWAYS_NULL_EXCEPTION none
- FB.NP_ARGUMENT_MIGHT_BE_NULL none
- FB.NP_BOOLEAN_RETURN_NULL none
- FB.NP_CLONE_COULD_RETURN_NULL none
- FB.NP_CLOSING_NULL none
- FB.NP_DEREFERENCE_OF_READLINE_VALUE none
- FB.NP_DOES_NOT_HANDLE_NULL none
- FB.NP_EQUALS_SHOULD_HANDLE_NULL_ARGUMENT none
- FB.NP_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR none
- FB.NP_GUARANTEED_DEREF none
- FB.NP_GUARANTEED_DEREF_ON_EXCEPTION_PATH none
- FB.NP_IMMEDIATE_DEREFERENCE_OF_READLINE none
- FB.NP_LOAD_OF_KNOWN_NULL_VALUE none
- FB.NP_METHOD_PARAMETER_RELAXING_ANNOTATION none
- FB.NP_METHOD_PARAMETER_TIGHTENS_ANNOTATION none
- FB.NP_METHOD_RETURN_RELAXING_ANNOTATION none
- FB.NP_NONNULL_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR none
- FB.NP_NONNULL_PARAM_VIOLATION none
- FB.NP_NONNULL_RETURN_VIOLATION none
- FB.NP_NULL_INSTANCEOF none
- FB.NP_NULL_ON_SOME_PATH none
- FB.NP_NULL_ON_SOME_PATH_EXCEPTION none
- FB.NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE none
- FB.NP_NULL_ON_SOME_PATH_MIGHT_BE_INFEASIBLE none
- FB.NP_NULL_PARAM_DEREF none
- FB.NP_NULL_PARAM_DEREF_ALL_TARGETS_DANGEROUS none
- FB.NP_NULL_PARAM_DEREF_NONVIRTUAL none
- FB.NP_OPTIONAL_RETURN_NULL none
- FB.NP_PARAMETER_MUST_BE_NONNULL_BUT_MARKED_AS_NULLABLE none
- FB.NP_STORE_INTO_NONNULL_FIELD none
- FB.NP_TOSTRING_COULD_RETURN_NULL none
- FB.NP_UNWRITTEN_FIELD none
- FB.NP_UNWRITTEN_PUBLIC_OR_PROTECTED_FIELD none
- FB.PT_ABSOLUTE_PATH_TRAVERSAL none
- FB.PT_RELATIVE_PATH_TRAVERSAL none
- FB.RCN_REDUNDANT_COMPARISON_OF_NULL_AND_NONNULL_VALUE none
- FB.RCN_REDUNDANT_COMPARISON_TWO_NULL_VALUES none
- FB.RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE none
- FB.RCN_REDUNDANT_NULLCHECK_OF_NULL_VALUE none
- FB.RCN_REDUNDANT_NULLCHECK_WOULD_HAVE_BEEN_A_NPE none
- FB.RV_RETURN_VALUE_IGNORED_BAD_PRACTICE none
- FB.SQL_NONCONSTANT_STRING_PASSED_TO_EXECUTE none
- FB.SQL_PREPARED_STATEMENT_GENERATED_FROM_NONCONSTANT_STRING none
- FB.XSS_REQUEST_PARAMETER_TO_JSP_WRITER none
- FB.XSS_REQUEST_PARAMETER_TO_SEND_ERROR none
- FB.XSS_REQUEST_PARAMETER_TO_SERVLET_WRITER none
- FORWARD_NULL deref_constant_null
- FORWARD_NULL deref_constant_zero
- FORWARD_NULL needs_null_check
- FORWARD_NULL none
- HEADER_INJECTION none
- INVALIDATE_ITERATOR map_put
- INVALIDATE_ITERATOR none
- JAVA_CODE_INJECTION none
- JCR_INJECTION none
- JSP_DYNAMIC_INCLUDE none
- JSP_SQL_INJECTION none
- LDAP_INJECTION none
- LDAP_NOT_CONSTANT none
- LOG_INJECTION none
- MISSING_HEADER_VALIDATION missing_header_validation
- NOSQL_QUERY_INJECTION none
- NULL_RETURNS none
- NULL_RETURNS unimpl
- OGNL_INJECTION none
- OPEN_REDIRECT none
- ORM_LOAD_NULL_CHECK none
- OS_CMD_INJECTION command_as_array_of_args
- OS_CMD_INJECTION command_as_one_string
- OS_CMD_INJECTION none
- OVERFLOW_BEFORE_WIDEN none
- PATH_MANIPULATION none
- REGEX_INJECTION none
- REVERSE_INULL none
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
- SWAPPED_ARGUMENTS none
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
- UNKNOWN_LANGUAGE_INJECTION none
- UNRESTRICTED_DISPATCH none
- UNSAFE_JNI none
- UNSAFE_NAMED_QUERY none
- UNSAFE_REFLECTION none
- URL_MANIPULATION bad_content_uri
- URL_MANIPULATION bad_intent_uri
- URL_MANIPULATION bad_web_uri
- XML_INJECTION none
- XPATH_INJECTION none
- XSS none
- XSS stored_xss
|
- ANGULAR_BYPASS_SECURITY none
- ANGULAR_ELEMENT_REFERENCE none
- ANGULAR_EXPRESSION_INJECTION none
- ANGULAR_SCE_DISABLED angular_sce_disabled
- AWS_VALIDATION_DISABLED aws_parameters_validation
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
- COOKIE_INJECTION none
- CSS_INJECTION none
- DOM_XSS none
- EXPLICIT_THIS_EXPECTED none
- EXPRESS_SESSION_UNSAFE_MEMORYSTORE express_session_unsafe_memorystore
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
- FORWARD_NULL bad_null_value_use
- HEADER_INJECTION none
- IDENTIFIER_TYPO none
- LOCALSTORAGE_MANIPULATION none
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_count
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
- MULTER_MISCONFIGURATION multer_misconfiguration_of_limits
- NOSQL_QUERY_INJECTION none
- NO_EFFECT self_assign
- NULL_RETURNS none
- OPEN_REDIRECT none
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- REACT_DANGEROUS_INNERHTML react_set_unsafe_html
- REGEX_INJECTION none
- REVERSE_INULL none
- REVERSE_TABNABBING react_target_blank
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SESSIONSTORAGE_MANIPULATION none
- SQLI none
- SQLI nosink
- SQLI sink
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
- TEMPLATE_INJECTION none
- URL_MANIPULATION none
- VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
- WEAK_URL_SANITIZATION url_substring
- XSS none
|
- HEADER_INJECTION none
- OS_CMD_INJECTION command_as_array_of_args
- OS_CMD_INJECTION command_as_one_string
- PATH_MANIPULATION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SQLI none
- SQLI nosink
- SQLI sink
- URL_MANIPULATION bad_content_uri
- URL_MANIPULATION bad_intent_uri
- URL_MANIPULATION bad_web_uri
|
- ARRAY_VS_SINGLETON none
- BAD_ALLOC_ARITHMETIC none
- BAD_ALLOC_STRLEN none
- BAD_COMPARE comparator_misuse
- BAD_COMPARE none
- BAD_FREE address
- BAD_FREE alloca
- BAD_FREE array
- BAD_FREE first_field_address
- BAD_FREE function_pointer
- BAD_FREE none
- BUFFER_SIZE fixed_size_dest
- BUFFER_SIZE likely_overflow
- BUFFER_SIZE no_null_terminator
- BUFFER_SIZE no_null_terminator_warn
- BUFFER_SIZE none
- BUFFER_SIZE overflow
- BUFFER_SIZE overlapping_buffer
- CHECKED_RETURN library_function
- CHECKED_RETURN none
- CHECKED_RETURN short_read
- CHECKED_RETURN unchecked_arg
- CHECKED_RETURN user_required
- FORMAT_STRING_INJECTION none
- FORMAT_STRING_INJECTION paranoid
- FORWARD_NULL deref_constant_null
- FORWARD_NULL dynamic_cast
- FORWARD_NULL none
- FORWARD_NULL throws_on_null
- HEADER_INJECTION none
- INCOMPATIBLE_CAST overrun
- INTEGER_OVERFLOW array_index_read
- INTEGER_OVERFLOW array_index_write
- INTEGER_OVERFLOW const_overflow
- INTEGER_OVERFLOW critical_argument
- INTEGER_OVERFLOW none
- INTEGER_OVERFLOW pointer_deref_read
- INTEGER_OVERFLOW pointer_deref_write
- INTEGER_OVERFLOW return_value_error
- INVALIDATE_ITERATOR none
- MISMATCHED_ITERATOR none
- MISMATCHED_ITERATOR splice_iterator_mismatch
- MISSING_ASSIGN none
- MISSING_ASSIGN uncalled
- MISSING_COPY none
- MISSING_COPY uncalled
- NEGATIVE_RETURNS array_index_read
- NEGATIVE_RETURNS array_index_write
- NEGATIVE_RETURNS critical_argument
- NEGATIVE_RETURNS loop_bound
- NEGATIVE_RETURNS none
- NO_EFFECT bad_memset_fill_value
- NO_EFFECT bad_memset_zero_size
- NO_EFFECT self_assign
- NULL_RETURNS none
- NULL_RETURNS unimpl
- OS_CMD_INJECTION none
- OVERFLOW_BEFORE_WIDEN none
- OVERRUN illegal_address
- OVERRUN none
- OVERRUN read
- OVERRUN strlen
- OVERRUN write
- PATH_MANIPULATION none
- PRINTF_ARGS extra_printf_arg
- PRINTF_ARGS invalid_type_printf_arg
- PRINTF_ARGS missing_printf_arg
- READLINK none
- REVERSE_INULL none
- REVERSE_NEGATIVE array_index_read
- REVERSE_NEGATIVE array_index_write
- REVERSE_NEGATIVE critical_argument
- REVERSE_NEGATIVE none
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SIZECHECK ampersand_in_size
- SIZECHECK improper_new
- SIZECHECK incorrect_multiplication
- SIZECHECK likely_overflow
- SIZECHECK no_null_terminator
- SIZECHECK none
- SQLI none
- STRING_NULL none
- STRING_OVERFLOW fixed_size_dest
- STRING_OVERFLOW likely_overflow
- STRING_OVERFLOW none
- STRING_SIZE none
- SWAPPED_ARGUMENTS none
- TAINTED_SCALAR allocation
- TAINTED_SCALAR array_index_read
- TAINTED_SCALAR array_index_write
- TAINTED_SCALAR critical_argument
- TAINTED_SCALAR divisor
- TAINTED_SCALAR loop_bound
- TAINTED_SCALAR none
- TAINTED_SCALAR pointer_deref_read
- TAINTED_SCALAR pointer_deref_write
- TAINTED_STRING none
- UNINIT array_index_read
- UNINIT array_index_write
- UNINIT none
- UNINIT pointer_deref_read
- UNINIT pointer_deref_write
- UNINIT_CTOR none
- UNINIT_CTOR pointer
- URL_MANIPULATION none
- USER_POINTER none
- USE_AFTER_FREE deref_read_after_free
- USE_AFTER_FREE deref_write_after_free
- USE_AFTER_FREE double_free
- USE_AFTER_FREE none
- WRAPPER_ESCAPE COM_deref_read_after_free
- WRAPPER_ESCAPE COM_deref_write_after_free
- WRAPPER_ESCAPE COM_use_after_free
- WRAPPER_ESCAPE deref_read_after_free
- WRAPPER_ESCAPE deref_write_after_free
- WRAPPER_ESCAPE none
- XPATH_INJECTION none
|
- FORWARD_NULL bad_null_value_use
- HEADER_INJECTION none
- IDENTIFIER_TYPO none
- NOSQL_QUERY_INJECTION none
- NO_EFFECT self_assign
- OPEN_REDIRECT none
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SQLI none
- SQLI nosink
- SQLI sink
- SYMFONY_EL_INJECTION none
- UNSAFE_REFLECTION none
- XSS none
|
- FORWARD_NULL bad_null_value_use
- IDENTIFIER_TYPO none
- NOSQL_QUERY_INJECTION none
- OPEN_REDIRECT none
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- REVERSE_INULL none
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SQLI none
- SQLI nosink
- SQLI sink
- XSS none
|
- DYNAMIC_OBJECT_ATTRIBUTES cve_2013_0276_hi
- FORWARD_NULL bad_null_value_use
- IDENTIFIER_TYPO none
- NO_EFFECT self_assign
- OPEN_REDIRECT open_redirect_hi
- OPEN_REDIRECT open_redirect_low
- OS_CMD_INJECTION command_injection_hi
- OS_CMD_INJECTION command_injection_med
- PATH_MANIPULATION dynamic_render_path_hi
- PATH_MANIPULATION dynamic_render_path_low
- PATH_MANIPULATION dynamic_render_path_med
- PATH_MANIPULATION dynamic_render_path_rce_hi
- PATH_MANIPULATION file_access_hi
- PATH_MANIPULATION file_access_low
- PATH_MANIPULATION file_access_med
- REGEX_INJECTION regex_dos_hi
- REGEX_INJECTION regex_dos_low
- REGEX_INJECTION regex_dos_med
- REVERSE_INULL none
- REVERSE_TABNABBING reverse_tabnabbing_low
- RUBY_VULNERABLE_LIBRARY cve_2010_3933_hi
- RUBY_VULNERABLE_LIBRARY cve_2011_2929_hi
- RUBY_VULNERABLE_LIBRARY cve_2011_2930_med
- RUBY_VULNERABLE_LIBRARY cve_2011_2931_hi
- RUBY_VULNERABLE_LIBRARY cve_2011_2932_hi
- RUBY_VULNERABLE_LIBRARY cve_2011_3186_med
- RUBY_VULNERABLE_LIBRARY cve_2012_2660_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_2661_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_2695_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_3463_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_3465_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_5664_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_0155_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_1855_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_1857_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_4491_med
- RUBY_VULNERABLE_LIBRARY cve_2013_6416_call_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_6416_med
- RUBY_VULNERABLE_LIBRARY cve_2013_6417_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_0080_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_0081_call_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_0081_med
- RUBY_VULNERABLE_LIBRARY cve_2014_3482_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_3483_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_low
- RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_med
- RUBY_VULNERABLE_LIBRARY cve_2014_3514_med
- RUBY_VULNERABLE_LIBRARY cve_2014_7829_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_3226_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_3226_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7577_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7578_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_7578_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7579_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_7579_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7580_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_7580_med
- RUBY_VULNERABLE_LIBRARY cve_2016_6317_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_3741_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_3741_med
- RUBY_VULNERABLE_LIBRARY cve_2018_3760_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_3760_low
- RUBY_VULNERABLE_LIBRARY cve_2018_8048_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_8048_med
- RUBY_VULNERABLE_LIBRARY safe_buffer_vuln_med
- RUBY_VULNERABLE_LIBRARY select_options_vuln_low
- RUBY_VULNERABLE_LIBRARY select_options_vuln_med
- RUBY_VULNERABLE_LIBRARY translate_vuln_hi
- RUBY_VULNERABLE_LIBRARY translate_vuln_med
- SCRIPT_CODE_INJECTION code_eval_hi
- SCRIPT_CODE_INJECTION code_eval_low
- SQLI sql_injection_calculate_hi
- SQLI sql_injection_calculate_low
- SQLI sql_injection_calculate_med
- SQLI sql_injection_connection_hi
- SQLI sql_injection_connection_low
- SQLI sql_injection_connection_med
- SQLI sql_injection_delete_hi
- SQLI sql_injection_delete_low
- SQLI sql_injection_delete_med
- SQLI sql_injection_dynamic_finder_med
- SQLI sql_injection_exists_hi
- SQLI sql_injection_find_by_hi
- SQLI sql_injection_find_hi
- SQLI sql_injection_find_low
- SQLI sql_injection_find_med
- SQLI sql_injection_from_hi
- SQLI sql_injection_from_low
- SQLI sql_injection_from_med
- SQLI sql_injection_group_low
- SQLI sql_injection_group_med
- SQLI sql_injection_having_low
- SQLI sql_injection_having_med
- SQLI sql_injection_hi
- SQLI sql_injection_interp_hi
- SQLI sql_injection_interp_low
- SQLI sql_injection_interp_med
- SQLI sql_injection_joins_hi
- SQLI sql_injection_joins_low
- SQLI sql_injection_joins_med
- SQLI sql_injection_limit_offset_hi
- SQLI sql_injection_limit_offset_low
- SQLI sql_injection_low
- SQLI sql_injection_med
- SQLI sql_injection_not_low
- SQLI sql_injection_order_hi
- SQLI sql_injection_order_low
- SQLI sql_injection_order_med
- SQLI sql_injection_pluck_hi
- SQLI sql_injection_pluck_low
- SQLI sql_injection_pluck_med
- SQLI sql_injection_reorder_hi
- SQLI sql_injection_reorder_low
- SQLI sql_injection_reorder_med
- SQLI sql_injection_select_hi
- SQLI sql_injection_select_med
- SQLI sql_injection_where_hi
- SQLI sql_injection_where_low
- SQLI sql_injection_where_med
- UNESCAPED_HTML unescaped_output_low
- UNSAFE_REFLECTION dangerous_send_hi
- UNSAFE_REFLECTION unsafe_constantize_hi
- UNSAFE_REFLECTION unsafe_constantize_med
- XSS cross_site_scripting_hi
- XSS cross_site_scripting_inline_hi
- XSS cross_site_scripting_inline_med
- XSS cross_site_scripting_low
- XSS cross_site_scripting_med
- XSS cve_2011_0446_hi
- XSS cve_2012_3464_med
- XSS cve_2016_6316_hi
- XSS cve_2016_6316_med
- XSS unquoted_attribute_hi
- XSS unquoted_attribute_low
- XSS unquoted_attribute_med
- XSS xss_content_tag_hi
- XSS xss_content_tag_med
- XSS xss_link_to_hi
- XSS xss_link_to_href_hi
- XSS xss_link_to_href_low
- XSS xss_link_to_med
- XSS xss_to_json_hi
- XSS xss_to_json_med
|
- FORWARD_NULL deref_constant_null
- FORWARD_NULL none
- NO_EFFECT self_assign
- OVERFLOW_BEFORE_WIDEN none
- REVERSE_INULL none
|
- FORWARD_NULL deref_constant_null
- FORWARD_NULL none
- PATH_MANIPULATION none
- REGEX_INJECTION none
- REVERSE_INULL none
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SQLI none
- SQLI nosink
- SQLI sink
- XPATH_INJECTION none
|
- ANGULAR_BYPASS_SECURITY none
- ANGULAR_ELEMENT_REFERENCE none
- ANGULAR_EXPRESSION_INJECTION none
- ANGULAR_SCE_DISABLED angular_sce_disabled
- AWS_VALIDATION_DISABLED aws_parameters_validation
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
- COOKIE_INJECTION none
- CSS_INJECTION none
- DOM_XSS none
- EXPLICIT_THIS_EXPECTED none
- EXPRESS_SESSION_UNSAFE_MEMORYSTORE express_session_unsafe_memorystore
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
- FORWARD_NULL bad_null_value_use
- HEADER_INJECTION none
- IDENTIFIER_TYPO none
- LOCALSTORAGE_MANIPULATION none
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_count
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
- MULTER_MISCONFIGURATION multer_misconfiguration_of_limits
- NOSQL_QUERY_INJECTION none
- NO_EFFECT self_assign
- NULL_RETURNS none
- OPEN_REDIRECT none
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- REACT_DANGEROUS_INNERHTML react_set_unsafe_html
- REGEX_INJECTION none
- REVERSE_INULL none
- REVERSE_TABNABBING react_target_blank
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SESSIONSTORAGE_MANIPULATION none
- SQLI none
- SQLI nosink
- SQLI sink
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
- TEMPLATE_INJECTION none
- URL_MANIPULATION none
- VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
- WEAK_URL_SANITIZATION url_substring
- XSS none
|
- FORWARD_NULL deref_constant_null
- FORWARD_NULL deref_constant_zero
- FORWARD_NULL dynamic_cast
- FORWARD_NULL none
- FORWARD_NULL null_from_as
- FORWARD_NULL throws_on_null
- HEADER_INJECTION none
- LDAP_INJECTION none
- LDAP_NOT_CONSTANT none
- LOG_INJECTION none
- NULL_RETURNS none
- OPEN_REDIRECT none
- OS_CMD_INJECTION command_argument
- OS_CMD_INJECTION executable_file
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- REGEX_INJECTION none
- REVERSE_INULL none
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
- SWAPPED_ARGUMENTS none
- UNRESTRICTED_DISPATCH none
- UNSAFE_NAMED_QUERY none
- XML_INJECTION none
- XPATH_INJECTION none
- XSS none
- XSS stored_xss
|
| 743 CERT C Secure Coding Standard (2008) Chapter 10 - Input Output (FIO) |
- CONFIG.DYNAMIC_DATA_HTML_COMMENT none
- GUARDED_BY_VIOLATION none
- INSECURE_COOKIE dotnet
- NON_STATIC_GUARDING_STATIC none
- PATH_MANIPULATION none
- RESOURCE_LEAK channel
- RESOURCE_LEAK database
- RESOURCE_LEAK exceptional_path
- RESOURCE_LEAK none
- RESOURCE_LEAK socket
- RESOURCE_LEAK stream
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- VOLATILE_ATOMICITY compare
- VOLATILE_ATOMICITY none
- VOLATILE_ATOMICITY semantic
- VOLATILE_ATOMICITY threshold
|
- ALLOC_FREE_MISMATCH none
- ARRAY_VS_SINGLETON none
- BAD_ALLOC_ARITHMETIC none
- BAD_FREE address
- BAD_FREE alloca
- BAD_FREE array
- BAD_FREE first_field_address
- BAD_FREE function_pointer
- BAD_FREE none
- BUFFER_SIZE fixed_size_dest
- BUFFER_SIZE likely_overflow
- BUFFER_SIZE none
- BUFFER_SIZE overflow
- BUFFER_SIZE overlapping_buffer
- COM.ADDROF_LEAK none
- COM.BAD_FREE none
- COM.BSTR.ALLOC double_free
- COM.BSTR.ALLOC free_uninit
- COM.BSTR.ALLOC leak
- COM.BSTR.ALLOC none
- COM.BSTR.ALLOC use_after_free
- COM.BSTR.ALLOC use_uninit
- COM.BSTR.CONV none
- CTOR_DTOR_LEAK none
- DC.PREDICTABLE_KEY_PASSWORD none
- DC.STREAM_BUFFER none
- DC.STRING_BUFFER none
- DC.WEAK_CRYPTO none
- DELETE_ARRAY non_array_delete
- DELETE_ARRAY none
- DELETE_ARRAY object
- DELETE_ARRAY scalar
- FORMAT_STRING_INJECTION none
- FORMAT_STRING_INJECTION paranoid
- INCOMPATIBLE_CAST overrun
- INTEGER_OVERFLOW array_index_read
- INTEGER_OVERFLOW array_index_write
- INTEGER_OVERFLOW pointer_deref_read
- INTEGER_OVERFLOW pointer_deref_write
- INVALIDATE_ITERATOR none
- LOCK double_lock
- MISMATCHED_ITERATOR none
- MISMATCHED_ITERATOR splice_iterator_mismatch
- MISSING_ASSIGN none
- MISSING_ASSIGN uncalled
- MISSING_COPY none
- MISSING_COPY uncalled
- MISSING_LOCK none
- NO_EFFECT incomplete_delete
- OVERRUN illegal_address
- OVERRUN none
- OVERRUN read
- OVERRUN strlen
- OVERRUN write
- PATH_MANIPULATION none
- PRINTF_ARGS invalid_type_printf_arg
- PW.NON_CONST_PRINTF_FORMAT_STRING none
- RESOURCE_LEAK exceptional_path
- RESOURCE_LEAK fds_handles
- RESOURCE_LEAK none
- REVERSE_NEGATIVE critical_argument
- SECURE_CODING none
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SIZECHECK likely_overflow
- STRING_OVERFLOW fixed_size_dest
- STRING_OVERFLOW likely_overflow
- STRING_OVERFLOW none
- STRING_SIZE none
- TAINTED_SCALAR allocation
- TAINTED_SCALAR array_index_read
- TAINTED_SCALAR array_index_write
- TAINTED_SCALAR critical_argument
- TAINTED_SCALAR divisor
- TAINTED_SCALAR loop_bound
- TAINTED_SCALAR none
- TAINTED_SCALAR pointer_deref_read
- TAINTED_SCALAR pointer_deref_write
- TOCTOU none
- USE_AFTER_FREE deref_read_after_free
- USE_AFTER_FREE deref_write_after_free
- USE_AFTER_FREE double_free
- USE_AFTER_FREE none
- VIRTUAL_DTOR empty_dtor
- VIRTUAL_DTOR none
- WRAPPER_ESCAPE COM_deref_read_after_free
- WRAPPER_ESCAPE COM_deref_write_after_free
- WRAPPER_ESCAPE COM_use_after_free
- WRAPPER_ESCAPE deref_read_after_free
- WRAPPER_ESCAPE deref_write_after_free
- WRAPPER_ESCAPE none
|
- ALLOC_FREE_MISMATCH none
- ARRAY_VS_SINGLETON none
- BAD_ALLOC_ARITHMETIC none
- BAD_FREE address
- BAD_FREE alloca
- BAD_FREE array
- BAD_FREE first_field_address
- BAD_FREE function_pointer
- BAD_FREE none
- BUFFER_SIZE fixed_size_dest
- BUFFER_SIZE likely_overflow
- BUFFER_SIZE none
- BUFFER_SIZE overflow
- BUFFER_SIZE overlapping_buffer
- CTOR_DTOR_LEAK none
- DC.PREDICTABLE_KEY_PASSWORD none
- DC.STREAM_BUFFER none
- DC.STRING_BUFFER none
- DC.WEAK_CRYPTO none
- DELETE_ARRAY non_array_delete
- DELETE_ARRAY none
- DELETE_ARRAY object
- DELETE_ARRAY scalar
- FORMAT_STRING_INJECTION none
- FORMAT_STRING_INJECTION paranoid
- INCOMPATIBLE_CAST overrun
- INTEGER_OVERFLOW array_index_read
- INTEGER_OVERFLOW array_index_write
- INTEGER_OVERFLOW pointer_deref_read
- INTEGER_OVERFLOW pointer_deref_write
- INVALIDATE_ITERATOR none
- LOCK double_lock
- MISMATCHED_ITERATOR none
- MISMATCHED_ITERATOR splice_iterator_mismatch
- MISSING_ASSIGN none
- MISSING_ASSIGN uncalled
- MISSING_COPY none
- MISSING_COPY uncalled
- MISSING_LOCK none
- NO_EFFECT incomplete_delete
- OVERRUN illegal_address
- OVERRUN none
- OVERRUN read
- OVERRUN strlen
- OVERRUN write
- PATH_MANIPULATION none
- PRINTF_ARGS invalid_type_printf_arg
- PW.NON_CONST_PRINTF_FORMAT_STRING none
- RESOURCE_LEAK exceptional_path
- RESOURCE_LEAK fds_handles
- RESOURCE_LEAK none
- REVERSE_NEGATIVE critical_argument
- SECURE_CODING none
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SIZECHECK likely_overflow
- STRING_OVERFLOW fixed_size_dest
- STRING_OVERFLOW likely_overflow
- STRING_OVERFLOW none
- STRING_SIZE none
- TAINTED_SCALAR allocation
- TAINTED_SCALAR array_index_read
- TAINTED_SCALAR array_index_write
- TAINTED_SCALAR critical_argument
- TAINTED_SCALAR divisor
- TAINTED_SCALAR loop_bound
- TAINTED_SCALAR none
- TAINTED_SCALAR pointer_deref_read
- TAINTED_SCALAR pointer_deref_write
- TOCTOU none
- USE_AFTER_FREE deref_read_after_free
- USE_AFTER_FREE deref_write_after_free
- USE_AFTER_FREE double_free
- USE_AFTER_FREE none
- VIRTUAL_DTOR empty_dtor
- VIRTUAL_DTOR none
- WRAPPER_ESCAPE COM_deref_read_after_free
- WRAPPER_ESCAPE COM_deref_write_after_free
- WRAPPER_ESCAPE COM_use_after_free
- WRAPPER_ESCAPE deref_read_after_free
- WRAPPER_ESCAPE deref_write_after_free
- WRAPPER_ESCAPE none
|
- GUARDED_BY_VIOLATION none
- LOCK double_lock
- PATH_MANIPULATION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
|
- BAD_CERT_VERIFICATION bad_revocation_check
- CALL_SUPER finalize
- CONFIG.ANDROID_BACKUPS_ALLOWED android
- CONFIG.DYNAMIC_DATA_HTML_COMMENT none
- CONFIG.SPRING_BOOT_SENSITIVE_LOGGING spring_boot_logging
- DC.DANGEROUS none
- FB.DE_MIGHT_DROP none
- FB.DE_MIGHT_IGNORE none
- FB.IS2_INCONSISTENT_SYNC none
- FB.IS_FIELD_NOT_GUARDED none
- FB.IS_INCONSISTENT_SYNC none
- FB.PT_ABSOLUTE_PATH_TRAVERSAL none
- FB.PT_RELATIVE_PATH_TRAVERSAL none
- FB.STCAL_INVOKE_ON_STATIC_CALENDAR_INSTANCE none
- FB.STCAL_INVOKE_ON_STATIC_DATE_FORMAT_INSTANCE none
- FB.STCAL_STATIC_CALENDAR_INSTANCE none
- FB.STCAL_STATIC_SIMPLE_DATE_FORMAT_INSTANCE none
- GUARDED_BY_VIOLATION none
- GUARDED_BY_VIOLATION unlocked_read
- GUARDED_BY_VIOLATION unlocked_write
- INVALIDATE_ITERATOR map_put
- INVALIDATE_ITERATOR none
- JSP_DYNAMIC_INCLUDE none
- NON_STATIC_GUARDING_STATIC none
- PATH_MANIPULATION none
- RESOURCE_LEAK exceptional_path
- RESOURCE_LEAK none
- RESOURCE_LEAK socket
- RESOURCE_LEAK stream
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- VOLATILE_ATOMICITY compare
- VOLATILE_ATOMICITY none
- VOLATILE_ATOMICITY semantic
- VOLATILE_ATOMICITY threshold
|
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
- CONFIG.SEQUELIZE_ENABLED_LOGGING sequelize_logging_enabled
- EXPRESS_WINSTON_SENSITIVE_LOGGING error_logger
- EXPRESS_WINSTON_SENSITIVE_LOGGING meta_data
- EXPRESS_WINSTON_SENSITIVE_LOGGING request_logger
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
- INSECURE_ACL insecure_acl
- INSECURE_COOKIE client_sessions_express_session
- INSECURE_COOKIE hapi_server_session
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
- PATH_MANIPULATION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
|
- BAD_CERT_VERIFICATION bad_revocation_check
- CONFIG.ANDROID_BACKUPS_ALLOWED android
- PATH_MANIPULATION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
|
- ALLOC_FREE_MISMATCH none
- ARRAY_VS_SINGLETON none
- BAD_ALLOC_ARITHMETIC none
- BAD_FREE address
- BAD_FREE alloca
- BAD_FREE array
- BAD_FREE first_field_address
- BAD_FREE function_pointer
- BAD_FREE none
- BUFFER_SIZE fixed_size_dest
- BUFFER_SIZE likely_overflow
- BUFFER_SIZE none
- BUFFER_SIZE overflow
- BUFFER_SIZE overlapping_buffer
- CTOR_DTOR_LEAK none
- DC.PREDICTABLE_KEY_PASSWORD none
- DC.STREAM_BUFFER none
- DC.STRING_BUFFER none
- DC.WEAK_CRYPTO none
- DELETE_ARRAY non_array_delete
- DELETE_ARRAY none
- DELETE_ARRAY object
- DELETE_ARRAY scalar
- FORMAT_STRING_INJECTION none
- FORMAT_STRING_INJECTION paranoid
- INCOMPATIBLE_CAST overrun
- INTEGER_OVERFLOW array_index_read
- INTEGER_OVERFLOW array_index_write
- INTEGER_OVERFLOW pointer_deref_read
- INTEGER_OVERFLOW pointer_deref_write
- INVALIDATE_ITERATOR none
- LOCK double_lock
- MISMATCHED_ITERATOR none
- MISMATCHED_ITERATOR splice_iterator_mismatch
- MISSING_ASSIGN none
- MISSING_ASSIGN uncalled
- MISSING_COPY none
- MISSING_COPY uncalled
- MISSING_LOCK none
- NO_EFFECT incomplete_delete
- OVERRUN illegal_address
- OVERRUN none
- OVERRUN read
- OVERRUN strlen
- OVERRUN write
- PATH_MANIPULATION none
- PRINTF_ARGS invalid_type_printf_arg
- RESOURCE_LEAK exceptional_path
- RESOURCE_LEAK fds_handles
- RESOURCE_LEAK none
- REVERSE_NEGATIVE critical_argument
- SECURE_CODING none
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SIZECHECK likely_overflow
- STRING_OVERFLOW fixed_size_dest
- STRING_OVERFLOW likely_overflow
- STRING_OVERFLOW none
- STRING_SIZE none
- TAINTED_SCALAR allocation
- TAINTED_SCALAR array_index_read
- TAINTED_SCALAR array_index_write
- TAINTED_SCALAR critical_argument
- TAINTED_SCALAR divisor
- TAINTED_SCALAR loop_bound
- TAINTED_SCALAR none
- TAINTED_SCALAR pointer_deref_read
- TAINTED_SCALAR pointer_deref_write
- TOCTOU none
- USE_AFTER_FREE deref_read_after_free
- USE_AFTER_FREE deref_write_after_free
- USE_AFTER_FREE double_free
- USE_AFTER_FREE none
- VIRTUAL_DTOR empty_dtor
- VIRTUAL_DTOR none
- WRAPPER_ESCAPE COM_deref_read_after_free
- WRAPPER_ESCAPE COM_deref_write_after_free
- WRAPPER_ESCAPE COM_use_after_free
- WRAPPER_ESCAPE deref_read_after_free
- WRAPPER_ESCAPE deref_write_after_free
- WRAPPER_ESCAPE none
|
- PATH_MANIPULATION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
|
- PATH_MANIPULATION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
|
- INSECURE_COOKIE missing_httponly_low
- PATH_MANIPULATION dynamic_render_path_hi
- PATH_MANIPULATION dynamic_render_path_low
- PATH_MANIPULATION dynamic_render_path_med
- PATH_MANIPULATION dynamic_render_path_rce_hi
- PATH_MANIPULATION file_access_hi
- PATH_MANIPULATION file_access_low
- PATH_MANIPULATION file_access_med
- RAILS_DEVISE_CONFIG devise_reset_timeout_hi
- RESOURCE_LEAK unsafe_symbol_creation_low
- RUBY_VULNERABLE_LIBRARY cve_2011_2929_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_3760_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_3760_low
- UNSAFE_SESSION_SETTING http_cookies_hi
|
|
- PATH_MANIPULATION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- UNEXPECTED_CONTROL_FLOW ignored_exception_to_optional
|
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
- CONFIG.SEQUELIZE_ENABLED_LOGGING sequelize_logging_enabled
- EXPRESS_WINSTON_SENSITIVE_LOGGING error_logger
- EXPRESS_WINSTON_SENSITIVE_LOGGING meta_data
- EXPRESS_WINSTON_SENSITIVE_LOGGING request_logger
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
- INSECURE_ACL insecure_acl
- INSECURE_COOKIE client_sessions_express_session
- INSECURE_COOKIE hapi_server_session
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
- PATH_MANIPULATION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
|
- CONFIG.DYNAMIC_DATA_HTML_COMMENT none
- PATH_MANIPULATION none
- RESOURCE_LEAK channel
- RESOURCE_LEAK database
- RESOURCE_LEAK exceptional_path
- RESOURCE_LEAK none
- RESOURCE_LEAK socket
- RESOURCE_LEAK stream
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
|
| 744 CERT C Secure Coding Standard (2008) Chapter 11 - Environment (ENV) |
- HEADER_INJECTION none
- OS_CMD_INJECTION command_argument
- OS_CMD_INJECTION executable_file
- OS_CMD_INJECTION none
|
- ARRAY_VS_SINGLETON none
- BAD_ALLOC_ARITHMETIC none
- BUFFER_SIZE fixed_size_dest
- BUFFER_SIZE likely_overflow
- BUFFER_SIZE none
- BUFFER_SIZE overflow
- BUFFER_SIZE overlapping_buffer
- COM.BAD_FREE none
- COM.BSTR.ALLOC double_free
- COM.BSTR.ALLOC free_uninit
- COM.BSTR.ALLOC none
- COM.BSTR.ALLOC use_after_free
- COM.BSTR.ALLOC use_uninit
- COM.BSTR.CONV none
- HEADER_INJECTION none
- INCOMPATIBLE_CAST overrun
- INTEGER_OVERFLOW array_index_read
- INTEGER_OVERFLOW array_index_write
- INTEGER_OVERFLOW pointer_deref_read
- INTEGER_OVERFLOW pointer_deref_write
- INVALIDATE_ITERATOR none
- MISMATCHED_ITERATOR none
- MISMATCHED_ITERATOR splice_iterator_mismatch
- MISSING_ASSIGN none
- MISSING_ASSIGN uncalled
- MISSING_COPY none
- MISSING_COPY uncalled
- OS_CMD_INJECTION none
- OVERRUN illegal_address
- OVERRUN none
- OVERRUN read
- OVERRUN strlen
- OVERRUN write
- REVERSE_NEGATIVE critical_argument
- SIZECHECK likely_overflow
- STRING_OVERFLOW fixed_size_dest
- STRING_OVERFLOW likely_overflow
- STRING_OVERFLOW none
- STRING_SIZE none
- TAINTED_SCALAR allocation
- TAINTED_SCALAR array_index_read
- TAINTED_SCALAR array_index_write
- TAINTED_SCALAR critical_argument
- TAINTED_SCALAR divisor
- TAINTED_SCALAR loop_bound
- TAINTED_SCALAR none
- TAINTED_SCALAR pointer_deref_read
- TAINTED_SCALAR pointer_deref_write
- UNCAUGHT_EXCEPT none
- USE_AFTER_FREE deref_read_after_free
- USE_AFTER_FREE deref_write_after_free
- USE_AFTER_FREE double_free
- USE_AFTER_FREE none
- WRAPPER_ESCAPE COM_deref_read_after_free
- WRAPPER_ESCAPE COM_deref_write_after_free
- WRAPPER_ESCAPE COM_use_after_free
- WRAPPER_ESCAPE deref_read_after_free
- WRAPPER_ESCAPE deref_write_after_free
- WRAPPER_ESCAPE none
|
- ARRAY_VS_SINGLETON none
- BAD_ALLOC_ARITHMETIC none
- BUFFER_SIZE fixed_size_dest
- BUFFER_SIZE likely_overflow
- BUFFER_SIZE none
- BUFFER_SIZE overflow
- BUFFER_SIZE overlapping_buffer
- HEADER_INJECTION none
- INCOMPATIBLE_CAST overrun
- INTEGER_OVERFLOW array_index_read
- INTEGER_OVERFLOW array_index_write
- INTEGER_OVERFLOW pointer_deref_read
- INTEGER_OVERFLOW pointer_deref_write
- INVALIDATE_ITERATOR none
- MISMATCHED_ITERATOR none
- MISMATCHED_ITERATOR splice_iterator_mismatch
- MISSING_ASSIGN none
- MISSING_ASSIGN uncalled
- MISSING_COPY none
- MISSING_COPY uncalled
- OS_CMD_INJECTION none
- OVERRUN illegal_address
- OVERRUN none
- OVERRUN read
- OVERRUN strlen
- OVERRUN write
- REVERSE_NEGATIVE critical_argument
- SIZECHECK likely_overflow
- STRING_OVERFLOW fixed_size_dest
- STRING_OVERFLOW likely_overflow
- STRING_OVERFLOW none
- STRING_SIZE none
- TAINTED_SCALAR allocation
- TAINTED_SCALAR array_index_read
- TAINTED_SCALAR array_index_write
- TAINTED_SCALAR critical_argument
- TAINTED_SCALAR divisor
- TAINTED_SCALAR loop_bound
- TAINTED_SCALAR none
- TAINTED_SCALAR pointer_deref_read
- TAINTED_SCALAR pointer_deref_write
- UNCAUGHT_EXCEPT none
- USE_AFTER_FREE deref_read_after_free
- USE_AFTER_FREE deref_write_after_free
- USE_AFTER_FREE double_free
- USE_AFTER_FREE none
- WRAPPER_ESCAPE COM_deref_read_after_free
- WRAPPER_ESCAPE COM_deref_write_after_free
- WRAPPER_ESCAPE COM_use_after_free
- WRAPPER_ESCAPE deref_read_after_free
- WRAPPER_ESCAPE deref_write_after_free
- WRAPPER_ESCAPE none
|
- HEADER_INJECTION none
- OS_CMD_INJECTION command_as_one_string
- OS_CMD_INJECTION none
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
|
- FB.DM_EXIT none
- FB.REC_CATCH_EXCEPTION none
- HEADER_INJECTION none
- INVALIDATE_ITERATOR map_put
- INVALIDATE_ITERATOR none
- MISSING_HEADER_VALIDATION missing_header_validation
- OS_CMD_INJECTION command_as_array_of_args
- OS_CMD_INJECTION command_as_one_string
- OS_CMD_INJECTION none
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
|
- HEADER_INJECTION none
- OS_CMD_INJECTION none
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
|
- HEADER_INJECTION none
- OS_CMD_INJECTION command_as_array_of_args
- OS_CMD_INJECTION command_as_one_string
|
- ARRAY_VS_SINGLETON none
- BAD_ALLOC_ARITHMETIC none
- BUFFER_SIZE fixed_size_dest
- BUFFER_SIZE likely_overflow
- BUFFER_SIZE none
- BUFFER_SIZE overflow
- BUFFER_SIZE overlapping_buffer
- HEADER_INJECTION none
- INCOMPATIBLE_CAST overrun
- INTEGER_OVERFLOW array_index_read
- INTEGER_OVERFLOW array_index_write
- INTEGER_OVERFLOW pointer_deref_read
- INTEGER_OVERFLOW pointer_deref_write
- INVALIDATE_ITERATOR none
- MISMATCHED_ITERATOR none
- MISMATCHED_ITERATOR splice_iterator_mismatch
- MISSING_ASSIGN none
- MISSING_ASSIGN uncalled
- MISSING_COPY none
- MISSING_COPY uncalled
- OS_CMD_INJECTION none
- OVERRUN illegal_address
- OVERRUN none
- OVERRUN read
- OVERRUN strlen
- OVERRUN write
- REVERSE_NEGATIVE critical_argument
- SIZECHECK likely_overflow
- STRING_OVERFLOW fixed_size_dest
- STRING_OVERFLOW likely_overflow
- STRING_OVERFLOW none
- STRING_SIZE none
- TAINTED_SCALAR allocation
- TAINTED_SCALAR array_index_read
- TAINTED_SCALAR array_index_write
- TAINTED_SCALAR critical_argument
- TAINTED_SCALAR divisor
- TAINTED_SCALAR loop_bound
- TAINTED_SCALAR none
- TAINTED_SCALAR pointer_deref_read
- TAINTED_SCALAR pointer_deref_write
- UNCAUGHT_EXCEPT none
- USE_AFTER_FREE deref_read_after_free
- USE_AFTER_FREE deref_write_after_free
- USE_AFTER_FREE double_free
- USE_AFTER_FREE none
- WRAPPER_ESCAPE COM_deref_read_after_free
- WRAPPER_ESCAPE COM_deref_write_after_free
- WRAPPER_ESCAPE COM_use_after_free
- WRAPPER_ESCAPE deref_read_after_free
- WRAPPER_ESCAPE deref_write_after_free
- WRAPPER_ESCAPE none
|
- HEADER_INJECTION none
- OS_CMD_INJECTION none
|
|
- OS_CMD_INJECTION command_injection_hi
- OS_CMD_INJECTION command_injection_med
|
|
|
- HEADER_INJECTION none
- OS_CMD_INJECTION none
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
|
- HEADER_INJECTION none
- OS_CMD_INJECTION command_argument
- OS_CMD_INJECTION executable_file
- OS_CMD_INJECTION none
|
| 745 CERT C Secure Coding Standard (2008) Chapter 12 - Signals (SIG) |
- BAD_LOCK_OBJECT boxed_lock
- BAD_LOCK_OBJECT interned_string_lock
- BAD_LOCK_OBJECT none
- BAD_LOCK_OBJECT single_thread_lock
- BAD_LOCK_OBJECT unsafe_assign_to_locked_field
- GUARDED_BY_VIOLATION none
- LOCK_EVASION none
- LOCK_INVERSION none
- NON_STATIC_GUARDING_STATIC none
|
- ATOMICITY none
- LOCK double_lock
- LOCK missing_unlock
- LOCK none
- MISSING_LOCK none
- ORDER_REVERSAL none
- SLEEP none
|
- ATOMICITY none
- LOCK double_lock
- LOCK missing_unlock
- LOCK none
- MISSING_LOCK none
- ORDER_REVERSAL none
- SLEEP none
|
- ATOMICITY none
- GUARDED_BY_VIOLATION none
- LOCK double_lock
- LOCK missing_unlock
- LOCK none
- LOCK_INVERSION none
- SLEEP none
|
- ATOMICITY none
- BAD_LOCK_OBJECT boxed_lock
- BAD_LOCK_OBJECT interned_string_lock
- BAD_LOCK_OBJECT none
- BAD_LOCK_OBJECT single_thread_lock
- BAD_LOCK_OBJECT unsafe_assign_to_locked_field
- DC.DEADLOCK none
- FB.DC_DOUBLECHECK none
- FB.DC_PARTIALLY_CONSTRUCTED none
- FB.LI_LAZY_INIT_STATIC none
- FB.LI_LAZY_INIT_UPDATE_STATIC none
- FB.RU_INVOKE_RUN none
- GUARDED_BY_VIOLATION none
- GUARDED_BY_VIOLATION unlocked_read
- GUARDED_BY_VIOLATION unlocked_write
- LOCK_EVASION none
- LOCK_INVERSION none
- NON_STATIC_GUARDING_STATIC none
- SERVLET_ATOMICITY attribute_init_race
- SERVLET_ATOMICITY none
- SERVLET_ATOMICITY violation_on_session_object
- SINGLETON_RACE none
|
|
|
- ATOMICITY none
- LOCK double_lock
- LOCK missing_unlock
- LOCK none
- MISSING_LOCK none
- ORDER_REVERSAL none
- SLEEP none
|
|
|
|
|
|
|
|
| 746 CERT C Secure Coding Standard (2008) Chapter 13 - Error Handling (ERR) |
- HEADER_INJECTION none
- LDAP_INJECTION none
- LDAP_NOT_CONSTANT none
- LOG_INJECTION none
- NOSQL_QUERY_INJECTION none
- OPEN_REDIRECT none
- OS_CMD_INJECTION command_argument
- OS_CMD_INJECTION executable_file
- OS_CMD_INJECTION none
- OVERFLOW_BEFORE_WIDEN none
- PATH_MANIPULATION none
- REGEX_INJECTION none
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
- UNKNOWN_LANGUAGE_INJECTION none
- UNRESTRICTED_DISPATCH none
- UNSAFE_NAMED_QUERY none
- XML_INJECTION none
- XPATH_INJECTION none
- XSS none
- XSS stored_xss
|
- ARRAY_VS_SINGLETON none
- BAD_ALLOC_ARITHMETIC none
- BUFFER_SIZE fixed_size_dest
- BUFFER_SIZE likely_overflow
- BUFFER_SIZE no_null_terminator
- BUFFER_SIZE no_null_terminator_warn
- BUFFER_SIZE none
- BUFFER_SIZE overflow
- BUFFER_SIZE overlapping_buffer
- COM.BAD_FREE none
- COM.BSTR.ALLOC double_free
- COM.BSTR.ALLOC free_uninit
- COM.BSTR.ALLOC none
- COM.BSTR.ALLOC use_after_free
- COM.BSTR.ALLOC use_uninit
- COM.BSTR.CONV none
- DC.PREDICTABLE_KEY_PASSWORD none
- DC.STREAM_BUFFER none
- DC.STRING_BUFFER none
- DC.WEAK_CRYPTO none
- FORMAT_STRING_INJECTION none
- FORMAT_STRING_INJECTION paranoid
- HEADER_INJECTION none
- INCOMPATIBLE_CAST overrun
- INTEGER_OVERFLOW array_index_read
- INTEGER_OVERFLOW array_index_write
- INTEGER_OVERFLOW const_overflow
- INTEGER_OVERFLOW critical_argument
- INTEGER_OVERFLOW none
- INTEGER_OVERFLOW pointer_deref_read
- INTEGER_OVERFLOW pointer_deref_write
- INTEGER_OVERFLOW return_value_error
- INVALIDATE_ITERATOR none
- MISMATCHED_ITERATOR none
- MISMATCHED_ITERATOR splice_iterator_mismatch
- MISSING_ASSIGN none
- MISSING_ASSIGN uncalled
- MISSING_COPY none
- MISSING_COPY uncalled
- NEGATIVE_RETURNS array_index_read
- NEGATIVE_RETURNS array_index_write
- NEGATIVE_RETURNS loop_bound
- OS_CMD_INJECTION none
- OVERFLOW_BEFORE_WIDEN none
- OVERRUN illegal_address
- OVERRUN none
- OVERRUN read
- OVERRUN strlen
- OVERRUN write
- PATH_MANIPULATION none
- PW.INTEGER_OVERFLOW none
- PW.INTEGER_TOO_LARGE none
- PW.NON_CONST_PRINTF_FORMAT_STRING none
- PW.SHIFT_COUNT_TOO_LARGE none
- READLINK none
- REVERSE_NEGATIVE array_index_read
- REVERSE_NEGATIVE array_index_write
- REVERSE_NEGATIVE critical_argument
- SECURE_CODING none
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SIZECHECK likely_overflow
- SIZECHECK no_null_terminator
- SQLI none
- STRING_NULL none
- STRING_OVERFLOW fixed_size_dest
- STRING_OVERFLOW likely_overflow
- STRING_OVERFLOW none
- STRING_SIZE none
- TAINTED_SCALAR allocation
- TAINTED_SCALAR array_index_read
- TAINTED_SCALAR array_index_write
- TAINTED_SCALAR critical_argument
- TAINTED_SCALAR divisor
- TAINTED_SCALAR loop_bound
- TAINTED_SCALAR none
- TAINTED_SCALAR pointer_deref_read
- TAINTED_SCALAR pointer_deref_write
- TAINTED_STRING none
- UNCAUGHT_EXCEPT none
- URL_MANIPULATION none
- USER_POINTER none
- USE_AFTER_FREE deref_read_after_free
- USE_AFTER_FREE deref_write_after_free
- USE_AFTER_FREE double_free
- USE_AFTER_FREE none
- WRAPPER_ESCAPE COM_deref_read_after_free
- WRAPPER_ESCAPE COM_deref_write_after_free
- WRAPPER_ESCAPE COM_use_after_free
- WRAPPER_ESCAPE deref_read_after_free
- WRAPPER_ESCAPE deref_write_after_free
- WRAPPER_ESCAPE none
- XPATH_INJECTION none
|
- ARRAY_VS_SINGLETON none
- BAD_ALLOC_ARITHMETIC none
- BUFFER_SIZE fixed_size_dest
- BUFFER_SIZE likely_overflow
- BUFFER_SIZE no_null_terminator
- BUFFER_SIZE no_null_terminator_warn
- BUFFER_SIZE none
- BUFFER_SIZE overflow
- BUFFER_SIZE overlapping_buffer
- DC.PREDICTABLE_KEY_PASSWORD none
- DC.STREAM_BUFFER none
- DC.STRING_BUFFER none
- DC.WEAK_CRYPTO none
- FORMAT_STRING_INJECTION none
- FORMAT_STRING_INJECTION paranoid
- HEADER_INJECTION none
- INCOMPATIBLE_CAST overrun
- INTEGER_OVERFLOW array_index_read
- INTEGER_OVERFLOW array_index_write
- INTEGER_OVERFLOW const_overflow
- INTEGER_OVERFLOW critical_argument
- INTEGER_OVERFLOW none
- INTEGER_OVERFLOW pointer_deref_read
- INTEGER_OVERFLOW pointer_deref_write
- INTEGER_OVERFLOW return_value_error
- INVALIDATE_ITERATOR none
- MISMATCHED_ITERATOR none
- MISMATCHED_ITERATOR splice_iterator_mismatch
- MISSING_ASSIGN none
- MISSING_ASSIGN uncalled
- MISSING_COPY none
- MISSING_COPY uncalled
- NEGATIVE_RETURNS array_index_read
- NEGATIVE_RETURNS array_index_write
- NEGATIVE_RETURNS loop_bound
- OS_CMD_INJECTION none
- OVERFLOW_BEFORE_WIDEN none
- OVERRUN illegal_address
- OVERRUN none
- OVERRUN read
- OVERRUN strlen
- OVERRUN write
- PATH_MANIPULATION none
- PW.INTEGER_OVERFLOW none
- PW.INTEGER_TOO_LARGE none
- PW.NON_CONST_PRINTF_FORMAT_STRING none
- PW.SHIFT_COUNT_TOO_LARGE none
- READLINK none
- REVERSE_NEGATIVE array_index_read
- REVERSE_NEGATIVE array_index_write
- REVERSE_NEGATIVE critical_argument
- SECURE_CODING none
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SIZECHECK likely_overflow
- SIZECHECK no_null_terminator
- SQLI none
- STRING_NULL none
- STRING_OVERFLOW fixed_size_dest
- STRING_OVERFLOW likely_overflow
- STRING_OVERFLOW none
- STRING_SIZE none
- TAINTED_SCALAR allocation
- TAINTED_SCALAR array_index_read
- TAINTED_SCALAR array_index_write
- TAINTED_SCALAR critical_argument
- TAINTED_SCALAR divisor
- TAINTED_SCALAR loop_bound
- TAINTED_SCALAR none
- TAINTED_SCALAR pointer_deref_read
- TAINTED_SCALAR pointer_deref_write
- TAINTED_STRING none
- UNCAUGHT_EXCEPT none
- URL_MANIPULATION none
- USER_POINTER none
- USE_AFTER_FREE deref_read_after_free
- USE_AFTER_FREE deref_write_after_free
- USE_AFTER_FREE double_free
- USE_AFTER_FREE none
- WRAPPER_ESCAPE COM_deref_read_after_free
- WRAPPER_ESCAPE COM_deref_write_after_free
- WRAPPER_ESCAPE COM_use_after_free
- WRAPPER_ESCAPE deref_read_after_free
- WRAPPER_ESCAPE deref_write_after_free
- WRAPPER_ESCAPE none
- XPATH_INJECTION none
|
- HEADER_INJECTION none
- NOSQL_QUERY_INJECTION none
- OPEN_REDIRECT none
- OS_CMD_INJECTION command_as_one_string
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SQLI none
- SQLI nosink
- SQLI sink
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
- TEMPLATE_INJECTION none
- URL_MANIPULATION none
- XSS none
|
- CONFIG.MYBATIS_MAPPER_SQLI none
- CONFIG.SPRING_SECURITY_DEPRECATED_XSS_HEADER deprecated_xss_header
- CONFIG.STRUTS2_CONFIG_BROWSER_PLUGIN none
- CONFIG.STRUTS2_DYNAMIC_METHOD_INVOCATION none
- CONFIG.STRUTS2_ENABLED_DEV_MODE none
- DC.DANGEROUS none
- EL_INJECTION none
- FB.DE_MIGHT_DROP none
- FB.DE_MIGHT_IGNORE none
- FB.DM_EXIT none
- FB.HRS_REQUEST_PARAMETER_TO_COOKIE none
- FB.HRS_REQUEST_PARAMETER_TO_HTTP_HEADER none
- FB.PT_ABSOLUTE_PATH_TRAVERSAL none
- FB.PT_RELATIVE_PATH_TRAVERSAL none
- FB.REC_CATCH_EXCEPTION none
- FB.SQL_NONCONSTANT_STRING_PASSED_TO_EXECUTE none
- FB.SQL_PREPARED_STATEMENT_GENERATED_FROM_NONCONSTANT_STRING none
- FB.XSS_REQUEST_PARAMETER_TO_JSP_WRITER none
- FB.XSS_REQUEST_PARAMETER_TO_SEND_ERROR none
- FB.XSS_REQUEST_PARAMETER_TO_SERVLET_WRITER none
- HEADER_INJECTION none
- INVALIDATE_ITERATOR map_put
- INVALIDATE_ITERATOR none
- JAVA_CODE_INJECTION none
- JCR_INJECTION none
- JSP_DYNAMIC_INCLUDE none
- JSP_SQL_INJECTION none
- LDAP_INJECTION none
- LDAP_NOT_CONSTANT none
- LOG_INJECTION none
- MISSING_HEADER_VALIDATION missing_header_validation
- NOSQL_QUERY_INJECTION none
- OGNL_INJECTION none
- OPEN_REDIRECT none
- OS_CMD_INJECTION command_as_array_of_args
- OS_CMD_INJECTION command_as_one_string
- OS_CMD_INJECTION none
- OVERFLOW_BEFORE_WIDEN none
- PATH_MANIPULATION none
- REGEX_INJECTION none
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
- UNKNOWN_LANGUAGE_INJECTION none
- UNRESTRICTED_DISPATCH none
- UNSAFE_JNI none
- UNSAFE_NAMED_QUERY none
- UNSAFE_REFLECTION none
- URL_MANIPULATION bad_content_uri
- URL_MANIPULATION bad_intent_uri
- URL_MANIPULATION bad_web_uri
- XML_INJECTION none
- XPATH_INJECTION none
- XSS none
- XSS stored_xss
|
- ANGULAR_BYPASS_SECURITY none
- ANGULAR_ELEMENT_REFERENCE none
- ANGULAR_EXPRESSION_INJECTION none
- ANGULAR_SCE_DISABLED angular_sce_disabled
- AWS_VALIDATION_DISABLED aws_parameters_validation
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
- COOKIE_INJECTION none
- CSS_INJECTION none
- DOM_XSS none
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
- HEADER_INJECTION none
- LOCALSTORAGE_MANIPULATION none
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
- NOSQL_QUERY_INJECTION none
- OPEN_REDIRECT none
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- REACT_DANGEROUS_INNERHTML react_set_unsafe_html
- REGEX_INJECTION none
- REVERSE_TABNABBING react_target_blank
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SESSIONSTORAGE_MANIPULATION none
- SQLI none
- SQLI nosink
- SQLI sink
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
- TEMPLATE_INJECTION none
- URL_MANIPULATION none
- VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
- WEAK_URL_SANITIZATION url_substring
- XSS none
|
- HEADER_INJECTION none
- OS_CMD_INJECTION command_as_array_of_args
- OS_CMD_INJECTION command_as_one_string
- PATH_MANIPULATION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SQLI none
- SQLI nosink
- SQLI sink
- URL_MANIPULATION bad_content_uri
- URL_MANIPULATION bad_intent_uri
- URL_MANIPULATION bad_web_uri
|
- ARRAY_VS_SINGLETON none
- BAD_ALLOC_ARITHMETIC none
- BUFFER_SIZE fixed_size_dest
- BUFFER_SIZE likely_overflow
- BUFFER_SIZE no_null_terminator
- BUFFER_SIZE no_null_terminator_warn
- BUFFER_SIZE none
- BUFFER_SIZE overflow
- BUFFER_SIZE overlapping_buffer
- DC.PREDICTABLE_KEY_PASSWORD none
- DC.STREAM_BUFFER none
- DC.STRING_BUFFER none
- DC.WEAK_CRYPTO none
- FORMAT_STRING_INJECTION none
- FORMAT_STRING_INJECTION paranoid
- HEADER_INJECTION none
- INCOMPATIBLE_CAST overrun
- INTEGER_OVERFLOW array_index_read
- INTEGER_OVERFLOW array_index_write
- INTEGER_OVERFLOW const_overflow
- INTEGER_OVERFLOW critical_argument
- INTEGER_OVERFLOW none
- INTEGER_OVERFLOW pointer_deref_read
- INTEGER_OVERFLOW pointer_deref_write
- INTEGER_OVERFLOW return_value_error
- INVALIDATE_ITERATOR none
- MISMATCHED_ITERATOR none
- MISMATCHED_ITERATOR splice_iterator_mismatch
- MISSING_ASSIGN none
- MISSING_ASSIGN uncalled
- MISSING_COPY none
- MISSING_COPY uncalled
- NEGATIVE_RETURNS array_index_read
- NEGATIVE_RETURNS array_index_write
- NEGATIVE_RETURNS loop_bound
- OS_CMD_INJECTION none
- OVERFLOW_BEFORE_WIDEN none
- OVERRUN illegal_address
- OVERRUN none
- OVERRUN read
- OVERRUN strlen
- OVERRUN write
- PATH_MANIPULATION none
- READLINK none
- REVERSE_NEGATIVE array_index_read
- REVERSE_NEGATIVE array_index_write
- REVERSE_NEGATIVE critical_argument
- SECURE_CODING none
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SIZECHECK likely_overflow
- SIZECHECK no_null_terminator
- SQLI none
- STRING_NULL none
- STRING_OVERFLOW fixed_size_dest
- STRING_OVERFLOW likely_overflow
- STRING_OVERFLOW none
- STRING_SIZE none
- TAINTED_SCALAR allocation
- TAINTED_SCALAR array_index_read
- TAINTED_SCALAR array_index_write
- TAINTED_SCALAR critical_argument
- TAINTED_SCALAR divisor
- TAINTED_SCALAR loop_bound
- TAINTED_SCALAR none
- TAINTED_SCALAR pointer_deref_read
- TAINTED_SCALAR pointer_deref_write
- TAINTED_STRING none
- UNCAUGHT_EXCEPT none
- URL_MANIPULATION none
- USER_POINTER none
- USE_AFTER_FREE deref_read_after_free
- USE_AFTER_FREE deref_write_after_free
- USE_AFTER_FREE double_free
- USE_AFTER_FREE none
- WRAPPER_ESCAPE COM_deref_read_after_free
- WRAPPER_ESCAPE COM_deref_write_after_free
- WRAPPER_ESCAPE COM_use_after_free
- WRAPPER_ESCAPE deref_read_after_free
- WRAPPER_ESCAPE deref_write_after_free
- WRAPPER_ESCAPE none
- XPATH_INJECTION none
|
- HEADER_INJECTION none
- NOSQL_QUERY_INJECTION none
- OPEN_REDIRECT none
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SQLI none
- SQLI nosink
- SQLI sink
- SYMFONY_EL_INJECTION none
- UNSAFE_REFLECTION none
- XSS none
|
- NOSQL_QUERY_INJECTION none
- OPEN_REDIRECT none
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SQLI none
- SQLI nosink
- SQLI sink
- XSS none
|
- DYNAMIC_OBJECT_ATTRIBUTES cve_2013_0276_hi
- OPEN_REDIRECT open_redirect_hi
- OPEN_REDIRECT open_redirect_low
- OS_CMD_INJECTION command_injection_hi
- OS_CMD_INJECTION command_injection_med
- PATH_MANIPULATION dynamic_render_path_hi
- PATH_MANIPULATION dynamic_render_path_low
- PATH_MANIPULATION dynamic_render_path_med
- PATH_MANIPULATION dynamic_render_path_rce_hi
- PATH_MANIPULATION file_access_hi
- PATH_MANIPULATION file_access_low
- PATH_MANIPULATION file_access_med
- REGEX_INJECTION regex_dos_hi
- REGEX_INJECTION regex_dos_low
- REGEX_INJECTION regex_dos_med
- REVERSE_TABNABBING reverse_tabnabbing_low
- RUBY_VULNERABLE_LIBRARY cve_2010_3933_hi
- RUBY_VULNERABLE_LIBRARY cve_2011_2929_hi
- RUBY_VULNERABLE_LIBRARY cve_2011_2930_med
- RUBY_VULNERABLE_LIBRARY cve_2011_2931_hi
- RUBY_VULNERABLE_LIBRARY cve_2011_2932_hi
- RUBY_VULNERABLE_LIBRARY cve_2011_3186_med
- RUBY_VULNERABLE_LIBRARY cve_2012_2660_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_2661_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_2695_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_3463_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_3465_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_5664_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_0155_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_1855_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_1857_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_4491_med
- RUBY_VULNERABLE_LIBRARY cve_2013_6416_call_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_6416_med
- RUBY_VULNERABLE_LIBRARY cve_2013_6417_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_0080_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_0081_call_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_0081_med
- RUBY_VULNERABLE_LIBRARY cve_2014_3482_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_3483_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_low
- RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_med
- RUBY_VULNERABLE_LIBRARY cve_2014_3514_med
- RUBY_VULNERABLE_LIBRARY cve_2014_7829_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_3226_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_3226_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7577_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7578_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_7578_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7579_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_7579_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7580_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_7580_med
- RUBY_VULNERABLE_LIBRARY cve_2016_6317_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_3741_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_3741_med
- RUBY_VULNERABLE_LIBRARY cve_2018_3760_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_3760_low
- RUBY_VULNERABLE_LIBRARY cve_2018_8048_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_8048_med
- RUBY_VULNERABLE_LIBRARY safe_buffer_vuln_med
- RUBY_VULNERABLE_LIBRARY select_options_vuln_low
- RUBY_VULNERABLE_LIBRARY select_options_vuln_med
- RUBY_VULNERABLE_LIBRARY translate_vuln_hi
- RUBY_VULNERABLE_LIBRARY translate_vuln_med
- SCRIPT_CODE_INJECTION code_eval_hi
- SCRIPT_CODE_INJECTION code_eval_low
- SQLI sql_injection_calculate_hi
- SQLI sql_injection_calculate_low
- SQLI sql_injection_calculate_med
- SQLI sql_injection_connection_hi
- SQLI sql_injection_connection_low
- SQLI sql_injection_connection_med
- SQLI sql_injection_delete_hi
- SQLI sql_injection_delete_low
- SQLI sql_injection_delete_med
- SQLI sql_injection_dynamic_finder_med
- SQLI sql_injection_exists_hi
- SQLI sql_injection_find_by_hi
- SQLI sql_injection_find_hi
- SQLI sql_injection_find_low
- SQLI sql_injection_find_med
- SQLI sql_injection_from_hi
- SQLI sql_injection_from_low
- SQLI sql_injection_from_med
- SQLI sql_injection_group_low
- SQLI sql_injection_group_med
- SQLI sql_injection_having_low
- SQLI sql_injection_having_med
- SQLI sql_injection_hi
- SQLI sql_injection_interp_hi
- SQLI sql_injection_interp_low
- SQLI sql_injection_interp_med
- SQLI sql_injection_joins_hi
- SQLI sql_injection_joins_low
- SQLI sql_injection_joins_med
- SQLI sql_injection_limit_offset_hi
- SQLI sql_injection_limit_offset_low
- SQLI sql_injection_low
- SQLI sql_injection_med
- SQLI sql_injection_not_low
- SQLI sql_injection_order_hi
- SQLI sql_injection_order_low
- SQLI sql_injection_order_med
- SQLI sql_injection_pluck_hi
- SQLI sql_injection_pluck_low
- SQLI sql_injection_pluck_med
- SQLI sql_injection_reorder_hi
- SQLI sql_injection_reorder_low
- SQLI sql_injection_reorder_med
- SQLI sql_injection_select_hi
- SQLI sql_injection_select_med
- SQLI sql_injection_where_hi
- SQLI sql_injection_where_low
- SQLI sql_injection_where_med
- UNESCAPED_HTML unescaped_output_low
- UNSAFE_REFLECTION dangerous_send_hi
- UNSAFE_REFLECTION unsafe_constantize_hi
- UNSAFE_REFLECTION unsafe_constantize_med
- XSS cross_site_scripting_hi
- XSS cross_site_scripting_inline_hi
- XSS cross_site_scripting_inline_med
- XSS cross_site_scripting_low
- XSS cross_site_scripting_med
- XSS cve_2011_0446_hi
- XSS cve_2012_3464_med
- XSS cve_2016_6316_hi
- XSS cve_2016_6316_med
- XSS unquoted_attribute_hi
- XSS unquoted_attribute_low
- XSS unquoted_attribute_med
- XSS xss_content_tag_hi
- XSS xss_content_tag_med
- XSS xss_link_to_hi
- XSS xss_link_to_href_hi
- XSS xss_link_to_href_low
- XSS xss_link_to_med
- XSS xss_to_json_hi
- XSS xss_to_json_med
|
- OVERFLOW_BEFORE_WIDEN none
|
- PATH_MANIPULATION none
- REGEX_INJECTION none
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SQLI none
- SQLI nosink
- SQLI sink
- UNEXPECTED_CONTROL_FLOW ignored_exception_to_optional
- XPATH_INJECTION none
|
- ANGULAR_BYPASS_SECURITY none
- ANGULAR_ELEMENT_REFERENCE none
- ANGULAR_EXPRESSION_INJECTION none
- ANGULAR_SCE_DISABLED angular_sce_disabled
- AWS_VALIDATION_DISABLED aws_parameters_validation
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
- COOKIE_INJECTION none
- CSS_INJECTION none
- DOM_XSS none
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
- HEADER_INJECTION none
- LOCALSTORAGE_MANIPULATION none
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
- NOSQL_QUERY_INJECTION none
- OPEN_REDIRECT none
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- REACT_DANGEROUS_INNERHTML react_set_unsafe_html
- REGEX_INJECTION none
- REVERSE_TABNABBING react_target_blank
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SESSIONSTORAGE_MANIPULATION none
- SQLI none
- SQLI nosink
- SQLI sink
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
- TEMPLATE_INJECTION none
- URL_MANIPULATION none
- VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
- WEAK_URL_SANITIZATION url_substring
- XSS none
|
- HEADER_INJECTION none
- LDAP_INJECTION none
- LDAP_NOT_CONSTANT none
- LOG_INJECTION none
- OPEN_REDIRECT none
- OS_CMD_INJECTION command_argument
- OS_CMD_INJECTION executable_file
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- REGEX_INJECTION none
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
- UNRESTRICTED_DISPATCH none
- UNSAFE_NAMED_QUERY none
- XML_INJECTION none
- XPATH_INJECTION none
- XSS none
- XSS stored_xss
|
| 747 CERT C Secure Coding Standard (2008) Chapter 14 - Miscellaneous (MSC) |
- BAD_EQ referential
- BAD_EQ_TYPES none
- CONFIG.CONNECTION_STRING_PASSWORD none
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- DEADCODE dead_case_in_switch
- DEADCODE dead_default_in_switch
- DEADCODE effectively_constant
- DEADCODE none
- DEADCODE redundant_test
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HEADER_INJECTION none
- INSECURE_RANDOM insecure_random_used
- INSECURE_RANDOM insecure_random_value
- LDAP_INJECTION none
- LDAP_NOT_CONSTANT none
- LOG_INJECTION none
- NOSQL_QUERY_INJECTION none
- OPEN_REDIRECT none
- OS_CMD_INJECTION command_argument
- OS_CMD_INJECTION executable_file
- OS_CMD_INJECTION none
- OVERFLOW_BEFORE_WIDEN none
- PATH_MANIPULATION none
- REGEX_INJECTION none
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
- UNKNOWN_LANGUAGE_INJECTION none
- UNREACHABLE none
- UNRESTRICTED_DISPATCH none
- UNSAFE_NAMED_QUERY none
- UNUSED_VALUE adjacent
- UNUSED_VALUE none
- XML_INJECTION none
- XPATH_INJECTION none
- XSS none
- XSS stored_xss
|
- ARRAY_VS_SINGLETON none
- BAD_ALLOC_ARITHMETIC none
- BAD_COMPARE string_lit_comparison
- BUFFER_SIZE fixed_size_dest
- BUFFER_SIZE likely_overflow
- BUFFER_SIZE no_null_terminator
- BUFFER_SIZE no_null_terminator_warn
- BUFFER_SIZE none
- BUFFER_SIZE overflow
- BUFFER_SIZE overlapping_buffer
- CHAR_IO none
- COM.BAD_FREE none
- COM.BSTR.ALLOC double_free
- COM.BSTR.ALLOC free_uninit
- COM.BSTR.ALLOC none
- COM.BSTR.ALLOC use_after_free
- COM.BSTR.ALLOC use_uninit
- COM.BSTR.CONV none
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- DEADCODE dead_case_in_switch
- DEADCODE dead_default_in_switch
- DEADCODE effectively_constant
- DEADCODE none
- DEADCODE redundant_test
- FORMAT_STRING_INJECTION none
- FORMAT_STRING_INJECTION paranoid
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HEADER_INJECTION none
- INCOMPATIBLE_CAST float_vs_integral
- INCOMPATIBLE_CAST none
- INCOMPATIBLE_CAST overrun
- INTEGER_OVERFLOW array_index_read
- INTEGER_OVERFLOW array_index_write
- INTEGER_OVERFLOW const_overflow
- INTEGER_OVERFLOW critical_argument
- INTEGER_OVERFLOW none
- INTEGER_OVERFLOW pointer_deref_read
- INTEGER_OVERFLOW pointer_deref_write
- INTEGER_OVERFLOW return_value_error
- INVALIDATE_ITERATOR none
- MISMATCHED_ITERATOR none
- MISMATCHED_ITERATOR splice_iterator_mismatch
- MISRA_CAST bitwise_op_bad_cast
- MISRA_CAST bitwise_op_no_cast
- MISRA_CAST float_complex_conversion
- MISRA_CAST float_narrowing_conversion
- MISRA_CAST float_non_constant_arg_conversion
- MISRA_CAST float_non_constant_conversion
- MISRA_CAST float_non_constant_rtn_conversion
- MISRA_CAST float_to_integer_cast
- MISRA_CAST float_to_integer_conversion
- MISRA_CAST float_widening_cast
- MISRA_CAST integer_complex_conversion
- MISRA_CAST integer_narrowing_conversion
- MISRA_CAST integer_non_constant_arg_conversion
- MISRA_CAST integer_non_constant_conversion
- MISRA_CAST integer_non_constant_rtn_conversion
- MISRA_CAST integer_signedness_changing_cast
- MISRA_CAST integer_signedness_changing_conversion
- MISRA_CAST integer_to_float_cast
- MISRA_CAST integer_to_float_conversion
- MISRA_CAST integer_widening_cast
- MISRA_CAST none
- MISSING_ASSIGN none
- MISSING_ASSIGN uncalled
- MISSING_COPY none
- MISSING_COPY uncalled
- NEGATIVE_RETURNS array_index_read
- NEGATIVE_RETURNS array_index_write
- NEGATIVE_RETURNS loop_bound
- NO_EFFECT bad_memset_truncated_fill
- NO_EFFECT extra_comma
- NO_EFFECT no_effect_test
- NO_EFFECT unsigned_compare
- NO_EFFECT unsigned_compare_macros
- NO_EFFECT unsigned_enums
- OS_CMD_INJECTION none
- OVERFLOW_BEFORE_WIDEN none
- OVERRUN illegal_address
- OVERRUN none
- OVERRUN read
- OVERRUN strlen
- OVERRUN write
- PATH_MANIPULATION none
- PW.ASSIGN_WHERE_COMPARE_MEANT none
- PW.BAD_CAST none
- PW.CONVERSION_TO_POINTER_LOSES_BITS none
- PW.INTEGER_OVERFLOW none
- PW.INTEGER_TOO_LARGE none
- PW.NON_CONST_PRINTF_FORMAT_STRING none
- PW.SHIFT_COUNT_TOO_LARGE none
- PW.UNSIGNED_COMPARE_WITH_NEGATIVE none
- READLINK none
- REVERSE_NEGATIVE array_index_read
- REVERSE_NEGATIVE array_index_write
- REVERSE_NEGATIVE critical_argument
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SIGN_EXTENSION none
- SIZECHECK likely_overflow
- SIZECHECK no_null_terminator
- SQLI none
- STRING_NULL none
- STRING_OVERFLOW fixed_size_dest
- STRING_OVERFLOW likely_overflow
- STRING_OVERFLOW none
- STRING_SIZE none
- TAINTED_SCALAR allocation
- TAINTED_SCALAR array_index_read
- TAINTED_SCALAR array_index_write
- TAINTED_SCALAR critical_argument
- TAINTED_SCALAR divisor
- TAINTED_SCALAR loop_bound
- TAINTED_SCALAR none
- TAINTED_SCALAR pointer_deref_read
- TAINTED_SCALAR pointer_deref_write
- TAINTED_STRING none
- UNREACHABLE none
- UNUSED_VALUE adjacent
- UNUSED_VALUE none
- URL_MANIPULATION none
- USER_POINTER none
- USE_AFTER_FREE deref_read_after_free
- USE_AFTER_FREE deref_write_after_free
- USE_AFTER_FREE double_free
- USE_AFTER_FREE none
- WRAPPER_ESCAPE COM_deref_read_after_free
- WRAPPER_ESCAPE COM_deref_write_after_free
- WRAPPER_ESCAPE COM_use_after_free
- WRAPPER_ESCAPE deref_read_after_free
- WRAPPER_ESCAPE deref_write_after_free
- WRAPPER_ESCAPE none
- XPATH_INJECTION none
- Y2K38_SAFETY declaration_with_small_time_t
- Y2K38_SAFETY truncation_of_time_t
|
- ARRAY_VS_SINGLETON none
- BAD_ALLOC_ARITHMETIC none
- BAD_COMPARE string_lit_comparison
- BUFFER_SIZE fixed_size_dest
- BUFFER_SIZE likely_overflow
- BUFFER_SIZE no_null_terminator
- BUFFER_SIZE no_null_terminator_warn
- BUFFER_SIZE none
- BUFFER_SIZE overflow
- BUFFER_SIZE overlapping_buffer
- CHAR_IO none
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- DEADCODE dead_case_in_switch
- DEADCODE dead_default_in_switch
- DEADCODE effectively_constant
- DEADCODE none
- DEADCODE redundant_test
- FORMAT_STRING_INJECTION none
- FORMAT_STRING_INJECTION paranoid
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HEADER_INJECTION none
- INCOMPATIBLE_CAST float_vs_integral
- INCOMPATIBLE_CAST none
- INCOMPATIBLE_CAST overrun
- INTEGER_OVERFLOW array_index_read
- INTEGER_OVERFLOW array_index_write
- INTEGER_OVERFLOW const_overflow
- INTEGER_OVERFLOW critical_argument
- INTEGER_OVERFLOW none
- INTEGER_OVERFLOW pointer_deref_read
- INTEGER_OVERFLOW pointer_deref_write
- INTEGER_OVERFLOW return_value_error
- INVALIDATE_ITERATOR none
- MISMATCHED_ITERATOR none
- MISMATCHED_ITERATOR splice_iterator_mismatch
- MISRA_CAST bitwise_op_bad_cast
- MISRA_CAST bitwise_op_no_cast
- MISRA_CAST float_complex_conversion
- MISRA_CAST float_narrowing_conversion
- MISRA_CAST float_non_constant_arg_conversion
- MISRA_CAST float_non_constant_conversion
- MISRA_CAST float_non_constant_rtn_conversion
- MISRA_CAST float_to_integer_cast
- MISRA_CAST float_to_integer_conversion
- MISRA_CAST float_widening_cast
- MISRA_CAST integer_complex_conversion
- MISRA_CAST integer_narrowing_conversion
- MISRA_CAST integer_non_constant_arg_conversion
- MISRA_CAST integer_non_constant_conversion
- MISRA_CAST integer_non_constant_rtn_conversion
- MISRA_CAST integer_signedness_changing_cast
- MISRA_CAST integer_signedness_changing_conversion
- MISRA_CAST integer_to_float_cast
- MISRA_CAST integer_to_float_conversion
- MISRA_CAST integer_widening_cast
- MISRA_CAST none
- MISSING_ASSIGN none
- MISSING_ASSIGN uncalled
- MISSING_COPY none
- MISSING_COPY uncalled
- NEGATIVE_RETURNS array_index_read
- NEGATIVE_RETURNS array_index_write
- NEGATIVE_RETURNS loop_bound
- NO_EFFECT bad_memset_truncated_fill
- NO_EFFECT extra_comma
- NO_EFFECT no_effect_test
- NO_EFFECT unsigned_compare
- NO_EFFECT unsigned_compare_macros
- NO_EFFECT unsigned_enums
- OS_CMD_INJECTION none
- OVERFLOW_BEFORE_WIDEN none
- OVERRUN illegal_address
- OVERRUN none
- OVERRUN read
- OVERRUN strlen
- OVERRUN write
- PATH_MANIPULATION none
- PW.ASSIGN_WHERE_COMPARE_MEANT none
- PW.BAD_CAST none
- PW.CONVERSION_TO_POINTER_LOSES_BITS none
- PW.INTEGER_OVERFLOW none
- PW.INTEGER_TOO_LARGE none
- PW.NON_CONST_PRINTF_FORMAT_STRING none
- PW.SHIFT_COUNT_TOO_LARGE none
- PW.UNSIGNED_COMPARE_WITH_NEGATIVE none
- READLINK none
- REVERSE_NEGATIVE array_index_read
- REVERSE_NEGATIVE array_index_write
- REVERSE_NEGATIVE critical_argument
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SIGN_EXTENSION none
- SIZECHECK likely_overflow
- SIZECHECK no_null_terminator
- SQLI none
- STRING_NULL none
- STRING_OVERFLOW fixed_size_dest
- STRING_OVERFLOW likely_overflow
- STRING_OVERFLOW none
- STRING_SIZE none
- TAINTED_SCALAR allocation
- TAINTED_SCALAR array_index_read
- TAINTED_SCALAR array_index_write
- TAINTED_SCALAR critical_argument
- TAINTED_SCALAR divisor
- TAINTED_SCALAR loop_bound
- TAINTED_SCALAR none
- TAINTED_SCALAR pointer_deref_read
- TAINTED_SCALAR pointer_deref_write
- TAINTED_STRING none
- UNREACHABLE none
- UNUSED_VALUE adjacent
- UNUSED_VALUE none
- URL_MANIPULATION none
- USER_POINTER none
- USE_AFTER_FREE deref_read_after_free
- USE_AFTER_FREE deref_write_after_free
- USE_AFTER_FREE double_free
- USE_AFTER_FREE none
- WRAPPER_ESCAPE COM_deref_read_after_free
- WRAPPER_ESCAPE COM_deref_write_after_free
- WRAPPER_ESCAPE COM_use_after_free
- WRAPPER_ESCAPE deref_read_after_free
- WRAPPER_ESCAPE deref_write_after_free
- WRAPPER_ESCAPE none
- XPATH_INJECTION none
|
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- DEADCODE dead_case_in_switch
- DEADCODE dead_default_in_switch
- DEADCODE effectively_constant
- DEADCODE none
- DEADCODE redundant_test
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HEADER_INJECTION none
- NOSQL_QUERY_INJECTION none
- OPEN_REDIRECT none
- OS_CMD_INJECTION command_as_one_string
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SQLI none
- SQLI nosink
- SQLI sink
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
- TEMPLATE_INJECTION none
- UNUSED_VALUE adjacent
- UNUSED_VALUE none
- URL_MANIPULATION none
- XSS none
|
- CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
- CONFIG.MYBATIS_MAPPER_SQLI none
- CONFIG.SPRING_SECURITY_DEPRECATED_XSS_HEADER deprecated_xss_header
- CONFIG.SPRING_SECURITY_HARDCODED_CREDENTIALS none
- CONFIG.SPRING_SECURITY_REMEMBER_ME_HARDCODED_KEY none
- CONFIG.STRUTS2_CONFIG_BROWSER_PLUGIN none
- CONFIG.STRUTS2_DYNAMIC_METHOD_INVOCATION none
- CONFIG.STRUTS2_ENABLED_DEV_MODE none
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
- DEADCODE dead_case_in_switch
- DEADCODE dead_default_in_switch
- DEADCODE effectively_constant
- DEADCODE none
- DEADCODE redundant_test
- EL_INJECTION none
- FB.BC_IMPOSSIBLE_CAST none
- FB.BC_IMPOSSIBLE_DOWNCAST none
- FB.BC_IMPOSSIBLE_DOWNCAST_OF_TOARRAY none
- FB.BC_IMPOSSIBLE_INSTANCEOF none
- FB.BC_VACUOUS_INSTANCEOF none
- FB.BX_BOXING_IMMEDIATELY_UNBOXED_TO_PERFORM_COERCION none
- FB.DLS_DEAD_LOCAL_INCREMENT_IN_RETURN none
- FB.DLS_DEAD_LOCAL_STORE none
- FB.DLS_DEAD_LOCAL_STORE_IN_RETURN none
- FB.DLS_DEAD_LOCAL_STORE_OF_NULL none
- FB.DLS_DEAD_LOCAL_STORE_SHADOWS_FIELD none
- FB.DLS_DEAD_STORE_OF_CLASS_LITERAL none
- FB.DLS_OVERWRITTEN_INCREMENT none
- FB.DMI_CONSTANT_DB_PASSWORD none
- FB.DMI_EMPTY_DB_PASSWORD none
- FB.EQ_ABSTRACT_SELF none
- FB.EQ_ALWAYS_FALSE none
- FB.EQ_ALWAYS_TRUE none
- FB.EQ_CHECK_FOR_OPERAND_NOT_COMPATIBLE_WITH_THIS none
- FB.EQ_COMPARETO_USE_OBJECT_EQUALS none
- FB.EQ_COMPARING_CLASS_NAMES none
- FB.EQ_DOESNT_OVERRIDE_EQUALS none
- FB.EQ_DONT_DEFINE_EQUALS_FOR_ENUM none
- FB.EQ_GETCLASS_AND_CLASS_CONSTANT none
- FB.EQ_OTHER_NO_OBJECT none
- FB.EQ_OTHER_USE_OBJECT none
- FB.EQ_OVERRIDING_EQUALS_NOT_SYMMETRIC none
- FB.EQ_SELF_NO_OBJECT none
- FB.EQ_SELF_USE_OBJECT none
- FB.EQ_UNUSUAL none
- FB.ES_COMPARING_PARAMETER_STRING_WITH_EQ none
- FB.ES_COMPARING_STRINGS_WITH_EQ none
- FB.HRS_REQUEST_PARAMETER_TO_COOKIE none
- FB.HRS_REQUEST_PARAMETER_TO_HTTP_HEADER none
- FB.ICAST_BAD_SHIFT_AMOUNT none
- FB.ICAST_IDIV_CAST_TO_DOUBLE none
- FB.ICAST_INTEGER_MULTIPLY_CAST_TO_LONG none
- FB.ICAST_INT_2_LONG_AS_INSTANT none
- FB.ICAST_INT_CAST_TO_DOUBLE_PASSED_TO_CEIL none
- FB.ICAST_INT_CAST_TO_FLOAT_PASSED_TO_ROUND none
- FB.ICAST_QUESTIONABLE_UNSIGNED_RIGHT_SHIFT none
- FB.IP_PARAMETER_IS_DEAD_BUT_OVERWRITTEN none
- FB.PT_ABSOLUTE_PATH_TRAVERSAL none
- FB.PT_RELATIVE_PATH_TRAVERSAL none
- FB.QBA_QUESTIONABLE_BOOLEAN_ASSIGNMENT none
- FB.RE_BAD_SYNTAX_FOR_REGULAR_EXPRESSION none
- FB.RE_CANT_USE_FILE_SEPARATOR_AS_REGULAR_EXPRESSION none
- FB.RE_POSSIBLE_UNINTENDED_PATTERN none
- FB.SQL_NONCONSTANT_STRING_PASSED_TO_EXECUTE none
- FB.SQL_PREPARED_STATEMENT_GENERATED_FROM_NONCONSTANT_STRING none
- FB.XSS_REQUEST_PARAMETER_TO_JSP_WRITER none
- FB.XSS_REQUEST_PARAMETER_TO_SEND_ERROR none
- FB.XSS_REQUEST_PARAMETER_TO_SERVLET_WRITER none
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HEADER_INJECTION none
- HIBERNATE_BAD_HASHCODE bad_equals
- INSECURE_HTTP_FIREWALL spring_security
- INSECURE_RANDOM insecure_random_used
- INSECURE_RANDOM insecure_random_value
- INSECURE_REMEMBER_ME_COOKIE remember_me_cookie
- INVALIDATE_ITERATOR map_put
- INVALIDATE_ITERATOR none
- JAVA_CODE_INJECTION none
- JCR_INJECTION none
- JSP_DYNAMIC_INCLUDE none
- JSP_SQL_INJECTION none
- LDAP_INJECTION none
- LDAP_NOT_CONSTANT none
- LOG_INJECTION none
- MISSING_HEADER_VALIDATION missing_header_validation
- MOBILE_ID_MISUSE none
- NOSQL_QUERY_INJECTION none
- OGNL_INJECTION none
- OPEN_REDIRECT none
- OS_CMD_INJECTION command_as_array_of_args
- OS_CMD_INJECTION command_as_one_string
- OS_CMD_INJECTION none
- OVERFLOW_BEFORE_WIDEN none
- PATH_MANIPULATION none
- PREDICTABLE_RANDOM_SEED random_seed
- PREDICTABLE_RANDOM_SEED secure_random_seed_const
- PREDICTABLE_RANDOM_SEED secure_random_seed_sys_time
- REGEX_CONFUSION none
- REGEX_INJECTION none
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
- UNKNOWN_LANGUAGE_INJECTION none
- UNREACHABLE none
- UNRESTRICTED_DISPATCH none
- UNSAFE_JNI none
- UNSAFE_NAMED_QUERY none
- UNSAFE_REFLECTION none
- UNUSED_VALUE adjacent
- UNUSED_VALUE none
- URL_MANIPULATION bad_content_uri
- URL_MANIPULATION bad_intent_uri
- URL_MANIPULATION bad_web_uri
- XML_INJECTION none
- XPATH_INJECTION none
- XSS none
- XSS stored_xss
|
- ANGULAR_BYPASS_SECURITY none
- ANGULAR_ELEMENT_REFERENCE none
- ANGULAR_EXPRESSION_INJECTION none
- ANGULAR_SCE_DISABLED angular_sce_disabled
- AWS_VALIDATION_DISABLED aws_parameters_validation
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
- CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_intent_whitelist
- CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_navigation_whitelist
- CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_network_request_whitelist
- CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
- CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- COOKIE_INJECTION none
- CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
- CSS_INJECTION none
- DEADCODE none
- DEADCODE redundant_test
- DOM_XSS none
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HEADER_INJECTION none
- INSECURE_COOKIE client_sessions_express_session
- INSECURE_COOKIE hapi_server_session
- INSECURE_RANDOM insecure_random_used
- INSECURE_RANDOM insecure_random_value
- LOCALSTORAGE_MANIPULATION none
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
- NOSQL_QUERY_INJECTION none
- OPEN_REDIRECT none
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- REACT_DANGEROUS_INNERHTML react_set_unsafe_html
- REGEX_INJECTION none
- REVERSE_TABNABBING react_target_blank
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SESSIONSTORAGE_MANIPULATION none
- SQLI none
- SQLI nosink
- SQLI sink
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
- TEMPLATE_INJECTION none
- UNREACHABLE none
- URL_MANIPULATION none
- VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
- WEAK_URL_SANITIZATION hostname_regular_expression
- WEAK_URL_SANITIZATION regular_expression_anchor
- WEAK_URL_SANITIZATION url_substring
- XSS none
|
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HEADER_INJECTION none
- INSECURE_RANDOM insecure_random_used
- INSECURE_RANDOM insecure_random_value
- MOBILE_ID_MISUSE none
- OS_CMD_INJECTION command_as_array_of_args
- OS_CMD_INJECTION command_as_one_string
- PATH_MANIPULATION none
- PREDICTABLE_RANDOM_SEED random_seed
- PREDICTABLE_RANDOM_SEED secure_random_seed_const
- PREDICTABLE_RANDOM_SEED secure_random_seed_sys_time
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SQLI none
- SQLI nosink
- SQLI sink
- URL_MANIPULATION bad_content_uri
- URL_MANIPULATION bad_intent_uri
- URL_MANIPULATION bad_web_uri
|
- ARRAY_VS_SINGLETON none
- BAD_ALLOC_ARITHMETIC none
- BAD_COMPARE string_lit_comparison
- BUFFER_SIZE fixed_size_dest
- BUFFER_SIZE likely_overflow
- BUFFER_SIZE no_null_terminator
- BUFFER_SIZE no_null_terminator_warn
- BUFFER_SIZE none
- BUFFER_SIZE overflow
- BUFFER_SIZE overlapping_buffer
- CHAR_IO none
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- DEADCODE dead_case_in_switch
- DEADCODE dead_default_in_switch
- DEADCODE effectively_constant
- DEADCODE none
- DEADCODE redundant_test
- FORMAT_STRING_INJECTION none
- FORMAT_STRING_INJECTION paranoid
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HEADER_INJECTION none
- INCOMPATIBLE_CAST float_vs_integral
- INCOMPATIBLE_CAST none
- INCOMPATIBLE_CAST overrun
- INTEGER_OVERFLOW array_index_read
- INTEGER_OVERFLOW array_index_write
- INTEGER_OVERFLOW const_overflow
- INTEGER_OVERFLOW critical_argument
- INTEGER_OVERFLOW none
- INTEGER_OVERFLOW pointer_deref_read
- INTEGER_OVERFLOW pointer_deref_write
- INTEGER_OVERFLOW return_value_error
- INVALIDATE_ITERATOR none
- MISMATCHED_ITERATOR none
- MISMATCHED_ITERATOR splice_iterator_mismatch
- MISRA_CAST bitwise_op_bad_cast
- MISRA_CAST bitwise_op_no_cast
- MISRA_CAST float_complex_conversion
- MISRA_CAST float_narrowing_conversion
- MISRA_CAST float_non_constant_arg_conversion
- MISRA_CAST float_non_constant_conversion
- MISRA_CAST float_non_constant_rtn_conversion
- MISRA_CAST float_to_integer_cast
- MISRA_CAST float_to_integer_conversion
- MISRA_CAST float_widening_cast
- MISRA_CAST integer_complex_conversion
- MISRA_CAST integer_narrowing_conversion
- MISRA_CAST integer_non_constant_arg_conversion
- MISRA_CAST integer_non_constant_conversion
- MISRA_CAST integer_non_constant_rtn_conversion
- MISRA_CAST integer_signedness_changing_cast
- MISRA_CAST integer_signedness_changing_conversion
- MISRA_CAST integer_to_float_cast
- MISRA_CAST integer_to_float_conversion
- MISRA_CAST integer_widening_cast
- MISRA_CAST none
- MISSING_ASSIGN none
- MISSING_ASSIGN uncalled
- MISSING_COPY none
- MISSING_COPY uncalled
- NEGATIVE_RETURNS array_index_read
- NEGATIVE_RETURNS array_index_write
- NEGATIVE_RETURNS loop_bound
- NO_EFFECT bad_memset_truncated_fill
- NO_EFFECT extra_comma
- NO_EFFECT no_effect_test
- NO_EFFECT unsigned_compare
- NO_EFFECT unsigned_compare_macros
- NO_EFFECT unsigned_enums
- OS_CMD_INJECTION none
- OVERFLOW_BEFORE_WIDEN none
- OVERRUN illegal_address
- OVERRUN none
- OVERRUN read
- OVERRUN strlen
- OVERRUN write
- PATH_MANIPULATION none
- READLINK none
- REVERSE_NEGATIVE array_index_read
- REVERSE_NEGATIVE array_index_write
- REVERSE_NEGATIVE critical_argument
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SIGN_EXTENSION none
- SIZECHECK likely_overflow
- SIZECHECK no_null_terminator
- SQLI none
- STRING_NULL none
- STRING_OVERFLOW fixed_size_dest
- STRING_OVERFLOW likely_overflow
- STRING_OVERFLOW none
- STRING_SIZE none
- TAINTED_SCALAR allocation
- TAINTED_SCALAR array_index_read
- TAINTED_SCALAR array_index_write
- TAINTED_SCALAR critical_argument
- TAINTED_SCALAR divisor
- TAINTED_SCALAR loop_bound
- TAINTED_SCALAR none
- TAINTED_SCALAR pointer_deref_read
- TAINTED_SCALAR pointer_deref_write
- TAINTED_STRING none
- UNREACHABLE none
- UNUSED_VALUE adjacent
- UNUSED_VALUE none
- URL_MANIPULATION none
- USER_POINTER none
- USE_AFTER_FREE deref_read_after_free
- USE_AFTER_FREE deref_write_after_free
- USE_AFTER_FREE double_free
- USE_AFTER_FREE none
- WRAPPER_ESCAPE COM_deref_read_after_free
- WRAPPER_ESCAPE COM_deref_write_after_free
- WRAPPER_ESCAPE COM_use_after_free
- WRAPPER_ESCAPE deref_read_after_free
- WRAPPER_ESCAPE deref_write_after_free
- WRAPPER_ESCAPE none
- XPATH_INJECTION none
|
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- DEADCODE none
- DEADCODE redundant_test
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HEADER_INJECTION none
- NOSQL_QUERY_INJECTION none
- OPEN_REDIRECT none
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SQLI none
- SQLI nosink
- SQLI sink
- SYMFONY_EL_INJECTION none
- UNREACHABLE none
- UNSAFE_REFLECTION none
- XSS none
|
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- DEADCODE none
- DEADCODE redundant_test
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- NOSQL_QUERY_INJECTION none
- OPEN_REDIRECT none
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SQLI none
- SQLI nosink
- SQLI sink
- UNREACHABLE none
- XSS none
|
- BLACKLIST_FOR_AUTHN auth_blacklist_med
- BLACKLIST_FOR_AUTHN csrf_blacklist_med
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- DEADCODE none
- DEADCODE redundant_test
- DYNAMIC_OBJECT_ATTRIBUTES cve_2013_0276_hi
- DYNAMIC_OBJECT_ATTRIBUTES dangerous_attr_accessible_hi
- DYNAMIC_OBJECT_ATTRIBUTES dangerous_attr_accessible_low
- DYNAMIC_OBJECT_ATTRIBUTES dangerous_attr_accessible_med
- DYNAMIC_OBJECT_ATTRIBUTES dangerous_permit_key_hi
- DYNAMIC_OBJECT_ATTRIBUTES dangerous_permit_key_med
- HARDCODED_CREDENTIALS secret_in_source_med
- OPEN_REDIRECT open_redirect_hi
- OPEN_REDIRECT open_redirect_low
- OS_CMD_INJECTION command_injection_hi
- OS_CMD_INJECTION command_injection_med
- PATH_MANIPULATION dynamic_render_path_hi
- PATH_MANIPULATION dynamic_render_path_low
- PATH_MANIPULATION dynamic_render_path_med
- PATH_MANIPULATION dynamic_render_path_rce_hi
- PATH_MANIPULATION file_access_hi
- PATH_MANIPULATION file_access_low
- PATH_MANIPULATION file_access_med
- REGEX_INJECTION regex_dos_hi
- REGEX_INJECTION regex_dos_low
- REGEX_INJECTION regex_dos_med
- REGEX_MISSING_ANCHOR validation_regex_hi
- REVERSE_TABNABBING reverse_tabnabbing_low
- RUBY_VULNERABLE_LIBRARY cve_2010_3933_hi
- RUBY_VULNERABLE_LIBRARY cve_2011_2929_hi
- RUBY_VULNERABLE_LIBRARY cve_2011_2930_med
- RUBY_VULNERABLE_LIBRARY cve_2011_2931_hi
- RUBY_VULNERABLE_LIBRARY cve_2011_2932_hi
- RUBY_VULNERABLE_LIBRARY cve_2011_3186_med
- RUBY_VULNERABLE_LIBRARY cve_2012_2660_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_2661_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_2695_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_3463_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_3465_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_5664_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_0155_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_1855_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_1857_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_4491_med
- RUBY_VULNERABLE_LIBRARY cve_2013_6416_call_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_6416_med
- RUBY_VULNERABLE_LIBRARY cve_2013_6417_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_0080_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_0081_call_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_0081_med
- RUBY_VULNERABLE_LIBRARY cve_2014_3482_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_3483_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_low
- RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_med
- RUBY_VULNERABLE_LIBRARY cve_2014_3514_med
- RUBY_VULNERABLE_LIBRARY cve_2014_7829_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_3226_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_3226_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7577_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7578_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_7578_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7579_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_7579_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7580_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_7580_med
- RUBY_VULNERABLE_LIBRARY cve_2016_6317_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_3741_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_3741_med
- RUBY_VULNERABLE_LIBRARY cve_2018_3760_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_3760_low
- RUBY_VULNERABLE_LIBRARY cve_2018_8048_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_8048_med
- RUBY_VULNERABLE_LIBRARY safe_buffer_vuln_med
- RUBY_VULNERABLE_LIBRARY select_options_vuln_low
- RUBY_VULNERABLE_LIBRARY select_options_vuln_med
- RUBY_VULNERABLE_LIBRARY translate_vuln_hi
- RUBY_VULNERABLE_LIBRARY translate_vuln_med
- SCRIPT_CODE_INJECTION code_eval_hi
- SCRIPT_CODE_INJECTION code_eval_low
- SQLI sql_injection_calculate_hi
- SQLI sql_injection_calculate_low
- SQLI sql_injection_calculate_med
- SQLI sql_injection_connection_hi
- SQLI sql_injection_connection_low
- SQLI sql_injection_connection_med
- SQLI sql_injection_delete_hi
- SQLI sql_injection_delete_low
- SQLI sql_injection_delete_med
- SQLI sql_injection_dynamic_finder_med
- SQLI sql_injection_exists_hi
- SQLI sql_injection_find_by_hi
- SQLI sql_injection_find_hi
- SQLI sql_injection_find_low
- SQLI sql_injection_find_med
- SQLI sql_injection_from_hi
- SQLI sql_injection_from_low
- SQLI sql_injection_from_med
- SQLI sql_injection_group_low
- SQLI sql_injection_group_med
- SQLI sql_injection_having_low
- SQLI sql_injection_having_med
- SQLI sql_injection_hi
- SQLI sql_injection_interp_hi
- SQLI sql_injection_interp_low
- SQLI sql_injection_interp_med
- SQLI sql_injection_joins_hi
- SQLI sql_injection_joins_low
- SQLI sql_injection_joins_med
- SQLI sql_injection_limit_offset_hi
- SQLI sql_injection_limit_offset_low
- SQLI sql_injection_low
- SQLI sql_injection_med
- SQLI sql_injection_not_low
- SQLI sql_injection_order_hi
- SQLI sql_injection_order_low
- SQLI sql_injection_order_med
- SQLI sql_injection_pluck_hi
- SQLI sql_injection_pluck_low
- SQLI sql_injection_pluck_med
- SQLI sql_injection_reorder_hi
- SQLI sql_injection_reorder_low
- SQLI sql_injection_reorder_med
- SQLI sql_injection_select_hi
- SQLI sql_injection_select_med
- SQLI sql_injection_where_hi
- SQLI sql_injection_where_low
- SQLI sql_injection_where_med
- UNESCAPED_HTML unescaped_output_low
- UNREACHABLE none
- UNSAFE_BASIC_AUTH basic_auth_password_hi
- UNSAFE_REFLECTION dangerous_send_hi
- UNSAFE_REFLECTION unsafe_constantize_hi
- UNSAFE_REFLECTION unsafe_constantize_med
- UNSAFE_SESSION_SETTING session_secret_hi
- XSS cross_site_scripting_hi
- XSS cross_site_scripting_inline_hi
- XSS cross_site_scripting_inline_med
- XSS cross_site_scripting_low
- XSS cross_site_scripting_med
- XSS cve_2011_0446_hi
- XSS cve_2012_3464_med
- XSS cve_2016_6316_hi
- XSS cve_2016_6316_med
- XSS unquoted_attribute_hi
- XSS unquoted_attribute_low
- XSS unquoted_attribute_med
- XSS xss_content_tag_hi
- XSS xss_content_tag_med
- XSS xss_link_to_hi
- XSS xss_link_to_href_hi
- XSS xss_link_to_href_low
- XSS xss_link_to_med
- XSS xss_to_json_hi
- XSS xss_to_json_med
|
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- DEADCODE dead_case_in_switch
- DEADCODE dead_default_in_switch
- DEADCODE effectively_constant
- DEADCODE none
- DEADCODE redundant_test
- OVERFLOW_BEFORE_WIDEN none
- UNREACHABLE none
|
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- DEADCODE dead_case_in_switch
- DEADCODE dead_default_in_switch
- DEADCODE effectively_constant
- DEADCODE none
- DEADCODE redundant_test
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- PATH_MANIPULATION none
- REGEX_INJECTION none
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SQLI none
- SQLI nosink
- SQLI sink
- XPATH_INJECTION none
|
- ANGULAR_BYPASS_SECURITY none
- ANGULAR_ELEMENT_REFERENCE none
- ANGULAR_EXPRESSION_INJECTION none
- ANGULAR_SCE_DISABLED angular_sce_disabled
- AWS_VALIDATION_DISABLED aws_parameters_validation
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
- CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_intent_whitelist
- CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_navigation_whitelist
- CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_network_request_whitelist
- CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
- CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- COOKIE_INJECTION none
- CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
- CSS_INJECTION none
- DEADCODE none
- DEADCODE redundant_test
- DOM_XSS none
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HEADER_INJECTION none
- INSECURE_COOKIE client_sessions_express_session
- INSECURE_COOKIE hapi_server_session
- INSECURE_RANDOM insecure_random_used
- INSECURE_RANDOM insecure_random_value
- LOCALSTORAGE_MANIPULATION none
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
- NOSQL_QUERY_INJECTION none
- OPEN_REDIRECT none
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- REACT_DANGEROUS_INNERHTML react_set_unsafe_html
- REGEX_INJECTION none
- REVERSE_TABNABBING react_target_blank
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SESSIONSTORAGE_MANIPULATION none
- SQLI none
- SQLI nosink
- SQLI sink
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
- TEMPLATE_INJECTION none
- UNREACHABLE none
- URL_MANIPULATION none
- VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
- WEAK_URL_SANITIZATION hostname_regular_expression
- WEAK_URL_SANITIZATION regular_expression_anchor
- WEAK_URL_SANITIZATION url_substring
- XSS none
|
- DEADCODE dead_case_in_switch
- DEADCODE dead_default_in_switch
- DEADCODE effectively_constant
- DEADCODE none
- DEADCODE redundant_test
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HEADER_INJECTION none
- INSECURE_RANDOM insecure_random_used
- INSECURE_RANDOM insecure_random_value
- LDAP_INJECTION none
- LDAP_NOT_CONSTANT none
- LOG_INJECTION none
- OPEN_REDIRECT none
- OS_CMD_INJECTION command_argument
- OS_CMD_INJECTION executable_file
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- REGEX_INJECTION none
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
- UNREACHABLE none
- UNRESTRICTED_DISPATCH none
- UNSAFE_NAMED_QUERY none
- XML_INJECTION none
- XPATH_INJECTION none
- XSS none
- XSS stored_xss
|
| 748 CERT C Secure Coding Standard (2008) Appendix - POSIX (POS) |
- GUARDED_BY_VIOLATION none
- LOCK_INVERSION none
- NON_STATIC_GUARDING_STATIC none
- VOLATILE_ATOMICITY compare
- VOLATILE_ATOMICITY none
- VOLATILE_ATOMICITY semantic
- VOLATILE_ATOMICITY threshold
|
- BUFFER_SIZE no_null_terminator
- BUFFER_SIZE no_null_terminator_warn
- LOCK double_lock
- LOCK missing_unlock
- LOCK none
- MISSING_LOCK none
- ORDER_REVERSAL none
- PRINTF_ARGS invalid_type_printf_arg
- PW.RETURN_PTR_TO_LOCAL_TEMP none
- READLINK none
- RETURN_LOCAL escape_local_addr_to_fields_or_globals
- RETURN_LOCAL none
- SIZECHECK no_null_terminator
- SLEEP none
- STRING_NULL none
|
- BUFFER_SIZE no_null_terminator
- BUFFER_SIZE no_null_terminator_warn
- LOCK double_lock
- LOCK missing_unlock
- LOCK none
- MISSING_LOCK none
- ORDER_REVERSAL none
- PRINTF_ARGS invalid_type_printf_arg
- PW.RETURN_PTR_TO_LOCAL_TEMP none
- READLINK none
- RETURN_LOCAL escape_local_addr_to_fields_or_globals
- RETURN_LOCAL none
- SIZECHECK no_null_terminator
- SLEEP none
- STRING_NULL none
|
- GUARDED_BY_VIOLATION none
- LOCK double_lock
- LOCK missing_unlock
- LOCK none
- LOCK_INVERSION none
- SLEEP none
|
- DC.DANGEROUS none
- DC.DEADLOCK none
- FB.DC_DOUBLECHECK none
- FB.DC_PARTIALLY_CONSTRUCTED none
- FB.IS2_INCONSISTENT_SYNC none
- FB.IS_FIELD_NOT_GUARDED none
- FB.IS_INCONSISTENT_SYNC none
- FB.STCAL_INVOKE_ON_STATIC_CALENDAR_INSTANCE none
- FB.STCAL_INVOKE_ON_STATIC_DATE_FORMAT_INSTANCE none
- FB.STCAL_STATIC_CALENDAR_INSTANCE none
- FB.STCAL_STATIC_SIMPLE_DATE_FORMAT_INSTANCE none
- GUARDED_BY_VIOLATION none
- GUARDED_BY_VIOLATION unlocked_read
- GUARDED_BY_VIOLATION unlocked_write
- LOCK_INVERSION none
- NON_STATIC_GUARDING_STATIC none
- VOLATILE_ATOMICITY compare
- VOLATILE_ATOMICITY none
- VOLATILE_ATOMICITY semantic
- VOLATILE_ATOMICITY threshold
|
|
|
- BUFFER_SIZE no_null_terminator
- BUFFER_SIZE no_null_terminator_warn
- LOCK double_lock
- LOCK missing_unlock
- LOCK none
- MISSING_LOCK none
- ORDER_REVERSAL none
- PRINTF_ARGS invalid_type_printf_arg
- READLINK none
- RETURN_LOCAL escape_local_addr_to_fields_or_globals
- RETURN_LOCAL none
- SIZECHECK no_null_terminator
- SLEEP none
- STRING_NULL none
|
|
|
|
|
|
|
|
| 749 Exposed Dangerous Method or Function |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 750 Weaknesses in the 2009 CWE/SANS Top 25 Most Dangerous Programming Errors |
- CONFIG.CONNECTION_STRING_PASSWORD none
- CONFIG.DEAD_AUTHORIZATION_RULE dead_allow_rule
- CONFIG.DEAD_AUTHORIZATION_RULE dead_deny_rule
- CSRF database_update
- CSRF filesystem_modification
- CSRF none
- DIVIDE_BY_ZERO float_divisor
- DIVIDE_BY_ZERO none
- GUARDED_BY_VIOLATION none
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HEADER_INJECTION none
- INSECURE_COOKIE dotnet
- INSECURE_RANDOM insecure_random_used
- INSECURE_RANDOM insecure_random_value
- LDAP_INJECTION none
- LDAP_NOT_CONSTANT none
- LOG_INJECTION none
- MISSING_AUTHZ none
- NON_STATIC_GUARDING_STATIC none
- NOSQL_QUERY_INJECTION none
- OPEN_REDIRECT none
- OS_CMD_INJECTION command_argument
- OS_CMD_INJECTION executable_file
- OS_CMD_INJECTION none
- OVERFLOW_BEFORE_WIDEN none
- PATH_MANIPULATION none
- REGEX_INJECTION none
- RESOURCE_LEAK channel
- RESOURCE_LEAK database
- RESOURCE_LEAK exceptional_path
- RESOURCE_LEAK none
- RESOURCE_LEAK socket
- RESOURCE_LEAK stream
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- UNKNOWN_LANGUAGE_INJECTION none
- UNRESTRICTED_DISPATCH none
- UNSAFE_NAMED_QUERY none
- VOLATILE_ATOMICITY compare
- VOLATILE_ATOMICITY none
- VOLATILE_ATOMICITY semantic
- VOLATILE_ATOMICITY threshold
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
- XML_INJECTION none
- XPATH_INJECTION none
- XSS none
- XSS stored_xss
|
- ALLOC_FREE_MISMATCH none
- ARRAY_VS_SINGLETON none
- AUTOSAR C++14 A15-3-3 none
- BAD_ALLOC_ARITHMETIC none
- BAD_ALLOC_STRLEN none
- BAD_FREE address
- BAD_FREE alloca
- BAD_FREE array
- BAD_FREE first_field_address
- BAD_FREE function_pointer
- BAD_FREE none
- BAD_SIZEOF none
- BAD_SIZEOF sizeof_ptr_expr
- BUFFER_SIZE fixed_size_dest
- BUFFER_SIZE likely_overflow
- BUFFER_SIZE no_null_terminator
- BUFFER_SIZE no_null_terminator_warn
- BUFFER_SIZE none
- BUFFER_SIZE overflow
- BUFFER_SIZE overlapping_buffer
- COM.ADDROF_LEAK none
- COM.BAD_FREE none
- COM.BSTR.ALLOC double_free
- COM.BSTR.ALLOC free_uninit
- COM.BSTR.ALLOC leak
- COM.BSTR.ALLOC none
- COM.BSTR.ALLOC use_after_free
- COM.BSTR.ALLOC use_uninit
- COM.BSTR.CONV none
- CTOR_DTOR_LEAK none
- DELETE_ARRAY non_array_delete
- DELETE_ARRAY none
- DELETE_ARRAY object
- DELETE_ARRAY scalar
- DIVIDE_BY_ZERO float_divisor
- DIVIDE_BY_ZERO none
- FORMAT_STRING_INJECTION none
- FORMAT_STRING_INJECTION paranoid
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HEADER_INJECTION none
- INCOMPATIBLE_CAST overrun
- INTEGER_OVERFLOW array_index_read
- INTEGER_OVERFLOW array_index_write
- INTEGER_OVERFLOW const_overflow
- INTEGER_OVERFLOW critical_argument
- INTEGER_OVERFLOW none
- INTEGER_OVERFLOW pointer_deref_read
- INTEGER_OVERFLOW pointer_deref_write
- INTEGER_OVERFLOW return_value_error
- INVALIDATE_ITERATOR none
- MISMATCHED_ITERATOR none
- MISMATCHED_ITERATOR splice_iterator_mismatch
- MISRA C++-2008 Rule 15-3-2 none
- MISSING_ASSIGN none
- MISSING_ASSIGN uncalled
- MISSING_COPY none
- MISSING_COPY uncalled
- MISSING_LOCK none
- NEGATIVE_RETURNS array_index_read
- NEGATIVE_RETURNS array_index_write
- NEGATIVE_RETURNS loop_bound
- NO_EFFECT bad_memset_fill_value
- NO_EFFECT bad_memset_zero_size
- NO_EFFECT incomplete_delete
- NO_EFFECT self_assign
- OS_CMD_INJECTION none
- OVERFLOW_BEFORE_WIDEN none
- OVERRUN illegal_address
- OVERRUN none
- OVERRUN read
- OVERRUN strlen
- OVERRUN write
- PATH_MANIPULATION none
- PW.BRANCH_PAST_INITIALIZATION none
- PW.DIVIDE_BY_ZERO none
- PW.INTEGER_OVERFLOW none
- PW.INTEGER_TOO_LARGE none
- PW.NON_CONST_PRINTF_FORMAT_STRING none
- PW.SHIFT_COUNT_TOO_LARGE none
- READLINK none
- RESOURCE_LEAK exceptional_path
- RESOURCE_LEAK fds_handles
- RESOURCE_LEAK none
- REVERSE_NEGATIVE array_index_read
- REVERSE_NEGATIVE array_index_write
- REVERSE_NEGATIVE critical_argument
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_transmission
- SIZECHECK ampersand_in_size
- SIZECHECK improper_new
- SIZECHECK incorrect_multiplication
- SIZECHECK likely_overflow
- SIZECHECK no_null_terminator
- SIZECHECK none
- SIZEOF_MISMATCH sizeof_punning
- SQLI none
- STRING_NULL none
- STRING_OVERFLOW fixed_size_dest
- STRING_OVERFLOW likely_overflow
- STRING_OVERFLOW none
- STRING_SIZE none
- TAINTED_SCALAR allocation
- TAINTED_SCALAR array_index_read
- TAINTED_SCALAR array_index_write
- TAINTED_SCALAR critical_argument
- TAINTED_SCALAR divisor
- TAINTED_SCALAR loop_bound
- TAINTED_SCALAR none
- TAINTED_SCALAR pointer_deref_read
- TAINTED_SCALAR pointer_deref_write
- TAINTED_STRING none
- TOCTOU none
- UNCAUGHT_EXCEPT none
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- UNINIT array_index_read
- UNINIT array_index_write
- UNINIT none
- UNINIT pointer_deref_read
- UNINIT pointer_deref_write
- UNINIT_CTOR none
- UNINIT_CTOR pointer
- URL_MANIPULATION none
- USER_POINTER none
- USE_AFTER_FREE deref_read_after_free
- USE_AFTER_FREE deref_write_after_free
- USE_AFTER_FREE double_free
- USE_AFTER_FREE none
- VIRTUAL_DTOR empty_dtor
- VIRTUAL_DTOR none
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
- WRAPPER_ESCAPE COM_deref_read_after_free
- WRAPPER_ESCAPE COM_deref_write_after_free
- WRAPPER_ESCAPE COM_use_after_free
- WRAPPER_ESCAPE deref_read_after_free
- WRAPPER_ESCAPE deref_write_after_free
- WRAPPER_ESCAPE none
- XPATH_INJECTION none
|
- ALLOC_FREE_MISMATCH none
- ARRAY_VS_SINGLETON none
- AUTOSAR C++14 A15-3-3 none
- BAD_ALLOC_ARITHMETIC none
- BAD_ALLOC_STRLEN none
- BAD_FREE address
- BAD_FREE alloca
- BAD_FREE array
- BAD_FREE first_field_address
- BAD_FREE function_pointer
- BAD_FREE none
- BAD_SIZEOF none
- BAD_SIZEOF sizeof_ptr_expr
- BUFFER_SIZE fixed_size_dest
- BUFFER_SIZE likely_overflow
- BUFFER_SIZE no_null_terminator
- BUFFER_SIZE no_null_terminator_warn
- BUFFER_SIZE none
- BUFFER_SIZE overflow
- BUFFER_SIZE overlapping_buffer
- CTOR_DTOR_LEAK none
- DELETE_ARRAY non_array_delete
- DELETE_ARRAY none
- DELETE_ARRAY object
- DELETE_ARRAY scalar
- DIVIDE_BY_ZERO float_divisor
- DIVIDE_BY_ZERO none
- FORMAT_STRING_INJECTION none
- FORMAT_STRING_INJECTION paranoid
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HEADER_INJECTION none
- INCOMPATIBLE_CAST overrun
- INTEGER_OVERFLOW array_index_read
- INTEGER_OVERFLOW array_index_write
- INTEGER_OVERFLOW const_overflow
- INTEGER_OVERFLOW critical_argument
- INTEGER_OVERFLOW none
- INTEGER_OVERFLOW pointer_deref_read
- INTEGER_OVERFLOW pointer_deref_write
- INTEGER_OVERFLOW return_value_error
- INVALIDATE_ITERATOR none
- MISMATCHED_ITERATOR none
- MISMATCHED_ITERATOR splice_iterator_mismatch
- MISRA C++-2008 Rule 15-3-2 none
- MISSING_ASSIGN none
- MISSING_ASSIGN uncalled
- MISSING_COPY none
- MISSING_COPY uncalled
- MISSING_LOCK none
- NEGATIVE_RETURNS array_index_read
- NEGATIVE_RETURNS array_index_write
- NEGATIVE_RETURNS loop_bound
- NO_EFFECT bad_memset_fill_value
- NO_EFFECT bad_memset_zero_size
- NO_EFFECT incomplete_delete
- NO_EFFECT self_assign
- OS_CMD_INJECTION none
- OVERFLOW_BEFORE_WIDEN none
- OVERRUN illegal_address
- OVERRUN none
- OVERRUN read
- OVERRUN strlen
- OVERRUN write
- PATH_MANIPULATION none
- PW.BRANCH_PAST_INITIALIZATION none
- PW.DIVIDE_BY_ZERO none
- PW.INTEGER_OVERFLOW none
- PW.INTEGER_TOO_LARGE none
- PW.NON_CONST_PRINTF_FORMAT_STRING none
- PW.SHIFT_COUNT_TOO_LARGE none
- READLINK none
- RESOURCE_LEAK exceptional_path
- RESOURCE_LEAK fds_handles
- RESOURCE_LEAK none
- REVERSE_NEGATIVE array_index_read
- REVERSE_NEGATIVE array_index_write
- REVERSE_NEGATIVE critical_argument
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_transmission
- SIZECHECK ampersand_in_size
- SIZECHECK improper_new
- SIZECHECK incorrect_multiplication
- SIZECHECK likely_overflow
- SIZECHECK no_null_terminator
- SIZECHECK none
- SIZEOF_MISMATCH sizeof_punning
- SQLI none
- STRING_NULL none
- STRING_OVERFLOW fixed_size_dest
- STRING_OVERFLOW likely_overflow
- STRING_OVERFLOW none
- STRING_SIZE none
- TAINTED_SCALAR allocation
- TAINTED_SCALAR array_index_read
- TAINTED_SCALAR array_index_write
- TAINTED_SCALAR critical_argument
- TAINTED_SCALAR divisor
- TAINTED_SCALAR loop_bound
- TAINTED_SCALAR none
- TAINTED_SCALAR pointer_deref_read
- TAINTED_SCALAR pointer_deref_write
- TAINTED_STRING none
- TOCTOU none
- UNCAUGHT_EXCEPT none
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- UNINIT array_index_read
- UNINIT array_index_write
- UNINIT none
- UNINIT pointer_deref_read
- UNINIT pointer_deref_write
- UNINIT_CTOR none
- UNINIT_CTOR pointer
- URL_MANIPULATION none
- USER_POINTER none
- USE_AFTER_FREE deref_read_after_free
- USE_AFTER_FREE deref_write_after_free
- USE_AFTER_FREE double_free
- USE_AFTER_FREE none
- VIRTUAL_DTOR empty_dtor
- VIRTUAL_DTOR none
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
- WRAPPER_ESCAPE COM_deref_read_after_free
- WRAPPER_ESCAPE COM_deref_write_after_free
- WRAPPER_ESCAPE COM_use_after_free
- WRAPPER_ESCAPE deref_read_after_free
- WRAPPER_ESCAPE deref_write_after_free
- WRAPPER_ESCAPE none
- XPATH_INJECTION none
|
- DIVIDE_BY_ZERO float_divisor
- DIVIDE_BY_ZERO none
- GUARDED_BY_VIOLATION none
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HEADER_INJECTION none
- NOSQL_QUERY_INJECTION none
- OPEN_REDIRECT none
- OS_CMD_INJECTION command_as_one_string
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
- TEMPLATE_INJECTION none
- URL_MANIPULATION none
- XSS none
|
- ANDROID_CAPABILITY_LEAK none
- BAD_CERT_VERIFICATION bad_revocation_check
- CALL_SUPER finalize
- CONFIG.DWR_DEBUG_MODE none
- CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
- CONFIG.JAVAEE_MISSING_SERVLET_MAPPING javaee
- CONFIG.MISSING_JSF2_SECURITY_CONSTRAINT none
- CONFIG.MYBATIS_MAPPER_SQLI none
- CONFIG.SPRING_BOOT_SSL_DISABLED spring_boot_certificate_validation_skipped
- CONFIG.SPRING_SECURITY_CSRF_PROTECTION_DISABLED spring_security
- CONFIG.SPRING_SECURITY_DEPRECATED_XSS_HEADER deprecated_xss_header
- CONFIG.SPRING_SECURITY_DISABLE_AUTH_TAGS none
- CONFIG.SPRING_SECURITY_HARDCODED_CREDENTIALS none
- CONFIG.SPRING_SECURITY_LOGIN_OVER_HTTP spring_security_login_over_http
- CONFIG.SPRING_SECURITY_REMEMBER_ME_HARDCODED_KEY none
- CONFIG.SPRING_SECURITY_WEAK_PASSWORD_HASH weak_encoding_for_password
- CONFIG.STRUTS2_CONFIG_BROWSER_PLUGIN none
- CONFIG.STRUTS2_DYNAMIC_METHOD_INVOCATION none
- CONFIG.STRUTS2_ENABLED_DEV_MODE none
- CORS_MISCONFIGURATION cors_with_credentials_null_origin
- CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
- CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
- CSRF database_update
- CSRF filesystem_modification
- CSRF none
- DISABLED_ENCRYPTION text_encryptor
- DIVIDE_BY_ZERO float_divisor
- DIVIDE_BY_ZERO none
- EL_INJECTION none
- FB.BX_BOXING_IMMEDIATELY_UNBOXED_TO_PERFORM_COERCION none
- FB.DMI_CONSTANT_DB_PASSWORD none
- FB.DMI_EMPTY_DB_PASSWORD none
- FB.HRS_REQUEST_PARAMETER_TO_COOKIE none
- FB.HRS_REQUEST_PARAMETER_TO_HTTP_HEADER none
- FB.ICAST_BAD_SHIFT_AMOUNT none
- FB.ICAST_IDIV_CAST_TO_DOUBLE none
- FB.ICAST_INTEGER_MULTIPLY_CAST_TO_LONG none
- FB.ICAST_INT_2_LONG_AS_INSTANT none
- FB.ICAST_INT_CAST_TO_DOUBLE_PASSED_TO_CEIL none
- FB.ICAST_INT_CAST_TO_FLOAT_PASSED_TO_ROUND none
- FB.ICAST_QUESTIONABLE_UNSIGNED_RIGHT_SHIFT none
- FB.IS2_INCONSISTENT_SYNC none
- FB.IS_FIELD_NOT_GUARDED none
- FB.IS_INCONSISTENT_SYNC none
- FB.PT_ABSOLUTE_PATH_TRAVERSAL none
- FB.PT_RELATIVE_PATH_TRAVERSAL none
- FB.SQL_NONCONSTANT_STRING_PASSED_TO_EXECUTE none
- FB.SQL_PREPARED_STATEMENT_GENERATED_FROM_NONCONSTANT_STRING none
- FB.STCAL_INVOKE_ON_STATIC_CALENDAR_INSTANCE none
- FB.STCAL_INVOKE_ON_STATIC_DATE_FORMAT_INSTANCE none
- FB.STCAL_STATIC_CALENDAR_INSTANCE none
- FB.STCAL_STATIC_SIMPLE_DATE_FORMAT_INSTANCE none
- FB.XSS_REQUEST_PARAMETER_TO_JSP_WRITER none
- FB.XSS_REQUEST_PARAMETER_TO_SEND_ERROR none
- FB.XSS_REQUEST_PARAMETER_TO_SERVLET_WRITER none
- GUARDED_BY_VIOLATION none
- GUARDED_BY_VIOLATION unlocked_read
- GUARDED_BY_VIOLATION unlocked_write
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HEADER_INJECTION none
- IMPLICIT_INTENT none
- INSECURE_COMMUNICATION insecure_communication
- INSECURE_COMMUNICATION none
- INSECURE_COMMUNICATION unencrypted_connection
- INSECURE_RANDOM insecure_random_used
- INSECURE_RANDOM insecure_random_value
- INVALIDATE_ITERATOR map_put
- INVALIDATE_ITERATOR none
- JAVA_CODE_INJECTION none
- JCR_INJECTION none
- JSP_DYNAMIC_INCLUDE none
- JSP_SQL_INJECTION none
- LDAP_INJECTION none
- LDAP_NOT_CONSTANT none
- LOG_INJECTION none
- MISSING_AUTHZ none
- MISSING_HEADER_VALIDATION missing_header_validation
- MISSING_PERMISSION_FOR_BROADCAST none
- MISSING_PERMISSION_ON_EXPORTED_COMPONENT none
- MOBILE_ID_MISUSE none
- NON_STATIC_GUARDING_STATIC none
- NOSQL_QUERY_INJECTION none
- OGNL_INJECTION none
- OPEN_REDIRECT none
- OS_CMD_INJECTION command_as_array_of_args
- OS_CMD_INJECTION command_as_one_string
- OS_CMD_INJECTION none
- OVERFLOW_BEFORE_WIDEN none
- PATH_MANIPULATION none
- PREDICTABLE_RANDOM_SEED random_seed
- PREDICTABLE_RANDOM_SEED secure_random_seed_const
- PREDICTABLE_RANDOM_SEED secure_random_seed_sys_time
- REGEX_INJECTION none
- RESOURCE_LEAK exceptional_path
- RESOURCE_LEAK none
- RESOURCE_LEAK socket
- RESOURCE_LEAK stream
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_intent
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- UNKNOWN_LANGUAGE_INJECTION none
- UNRESTRICTED_DISPATCH none
- UNSAFE_JNI none
- UNSAFE_NAMED_QUERY none
- UNSAFE_REFLECTION none
- URL_MANIPULATION bad_content_uri
- URL_MANIPULATION bad_intent_uri
- URL_MANIPULATION bad_web_uri
- VERBOSE_ERROR_REPORTING exception_information
- VERBOSE_ERROR_REPORTING stack_trace
- VOLATILE_ATOMICITY compare
- VOLATILE_ATOMICITY none
- VOLATILE_ATOMICITY semantic
- VOLATILE_ATOMICITY threshold
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
- XML_INJECTION none
- XPATH_INJECTION none
- XSS none
- XSS stored_xss
|
- ANGULAR_BYPASS_SECURITY none
- ANGULAR_ELEMENT_REFERENCE none
- ANGULAR_EXPRESSION_INJECTION none
- ANGULAR_SCE_DISABLED angular_sce_disabled
- AWS_SSL_DISABLED aws_ssl_disabled
- AWS_VALIDATION_DISABLED aws_credentials_validation
- AWS_VALIDATION_DISABLED aws_parameters_validation
- BAD_CERT_VERIFICATION bad_cert_verification
- BAD_CERT_VERIFICATION certificate_validation_disabled
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
- CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
- CONFIG.CSURF_IGNORE_METHODS csurf_ignore_methods
- CONFIG.HANA_XS_PREVENT_XSRF_DISABLED none
- CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
- CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
- CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
- COOKIE_INJECTION none
- CORS_MISCONFIGURATION cors_with_credentials_all_origin
- CORS_MISCONFIGURATION cors_with_credentials_null_origin
- CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
- CORS_MISCONFIGURATION_AUDIT cors_headers_allowed
- CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_all_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_null_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
- CSRF database_update
- CSRF filesystem_modification
- CSRF none
- CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_cookie_name
- CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_no_validation
- CSRF_MISCONFIGURATION_HAPI_CRUMB insecure_cookie
- CSRF_MISCONFIGURATION_HAPI_CRUMB insufficient_token_entropy
- CSS_INJECTION none
- DOM_XSS none
- EXPRESS_SESSION_UNSAFE_MEMORYSTORE express_session_unsafe_memorystore
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HEADER_INJECTION none
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_set_if
- INSECURE_ACL insecure_acl
- INSECURE_COMMUNICATION insecure_connection
- INSECURE_COOKIE client_sessions_express_session
- INSECURE_COOKIE hapi_server_session
- INSECURE_RANDOM insecure_random_used
- INSECURE_RANDOM insecure_random_value
- INSECURE_SALT hardcoded
- LOCALSTORAGE_MANIPULATION none
- MISSING_AUTHZ none
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_count
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
- MULTER_MISCONFIGURATION multer_misconfiguration_of_limits
- NOSQL_QUERY_INJECTION none
- NO_EFFECT self_assign
- OPEN_REDIRECT none
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- REACT_DANGEROUS_INNERHTML react_set_unsafe_html
- REGEX_INJECTION none
- REVERSE_TABNABBING react_target_blank
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO insecure_cipher
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SA.RISKY_CRYPTO ssl_protocol
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_transmission
- SESSIONSTORAGE_MANIPULATION none
- SQLI none
- SQLI nosink
- SQLI sink
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
- TEMPLATE_INJECTION none
- URL_MANIPULATION none
- VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
- WEAK_URL_SANITIZATION url_substring
- XSS none
|
- ANDROID_CAPABILITY_LEAK none
- BAD_CERT_VERIFICATION bad_revocation_check
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HEADER_INJECTION none
- IMPLICIT_INTENT none
- INSECURE_COMMUNICATION none
- INSECURE_RANDOM insecure_random_used
- INSECURE_RANDOM insecure_random_value
- MISSING_PERMISSION_FOR_BROADCAST none
- MOBILE_ID_MISUSE none
- OS_CMD_INJECTION command_as_array_of_args
- OS_CMD_INJECTION command_as_one_string
- PATH_MANIPULATION none
- PREDICTABLE_RANDOM_SEED random_seed
- PREDICTABLE_RANDOM_SEED secure_random_seed_const
- PREDICTABLE_RANDOM_SEED secure_random_seed_sys_time
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_intent
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- URL_MANIPULATION bad_content_uri
- URL_MANIPULATION bad_intent_uri
- URL_MANIPULATION bad_web_uri
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
|
- ALLOC_FREE_MISMATCH none
- ARRAY_VS_SINGLETON none
- BAD_ALLOC_ARITHMETIC none
- BAD_ALLOC_STRLEN none
- BAD_FREE address
- BAD_FREE alloca
- BAD_FREE array
- BAD_FREE first_field_address
- BAD_FREE function_pointer
- BAD_FREE none
- BAD_SIZEOF none
- BAD_SIZEOF sizeof_ptr_expr
- BUFFER_SIZE fixed_size_dest
- BUFFER_SIZE likely_overflow
- BUFFER_SIZE no_null_terminator
- BUFFER_SIZE no_null_terminator_warn
- BUFFER_SIZE none
- BUFFER_SIZE overflow
- BUFFER_SIZE overlapping_buffer
- CTOR_DTOR_LEAK none
- DELETE_ARRAY non_array_delete
- DELETE_ARRAY none
- DELETE_ARRAY object
- DELETE_ARRAY scalar
- DIVIDE_BY_ZERO float_divisor
- DIVIDE_BY_ZERO none
- FORMAT_STRING_INJECTION none
- FORMAT_STRING_INJECTION paranoid
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HEADER_INJECTION none
- INCOMPATIBLE_CAST overrun
- INTEGER_OVERFLOW array_index_read
- INTEGER_OVERFLOW array_index_write
- INTEGER_OVERFLOW const_overflow
- INTEGER_OVERFLOW critical_argument
- INTEGER_OVERFLOW none
- INTEGER_OVERFLOW pointer_deref_read
- INTEGER_OVERFLOW pointer_deref_write
- INTEGER_OVERFLOW return_value_error
- INVALIDATE_ITERATOR none
- MISMATCHED_ITERATOR none
- MISMATCHED_ITERATOR splice_iterator_mismatch
- MISSING_ASSIGN none
- MISSING_ASSIGN uncalled
- MISSING_COPY none
- MISSING_COPY uncalled
- MISSING_LOCK none
- NEGATIVE_RETURNS array_index_read
- NEGATIVE_RETURNS array_index_write
- NEGATIVE_RETURNS loop_bound
- NO_EFFECT bad_memset_fill_value
- NO_EFFECT bad_memset_zero_size
- NO_EFFECT incomplete_delete
- NO_EFFECT self_assign
- OS_CMD_INJECTION none
- OVERFLOW_BEFORE_WIDEN none
- OVERRUN illegal_address
- OVERRUN none
- OVERRUN read
- OVERRUN strlen
- OVERRUN write
- PATH_MANIPULATION none
- READLINK none
- RESOURCE_LEAK exceptional_path
- RESOURCE_LEAK fds_handles
- RESOURCE_LEAK none
- REVERSE_NEGATIVE array_index_read
- REVERSE_NEGATIVE array_index_write
- REVERSE_NEGATIVE critical_argument
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_transmission
- SIZECHECK ampersand_in_size
- SIZECHECK improper_new
- SIZECHECK incorrect_multiplication
- SIZECHECK likely_overflow
- SIZECHECK no_null_terminator
- SIZECHECK none
- SIZEOF_MISMATCH sizeof_punning
- SQLI none
- STRING_NULL none
- STRING_OVERFLOW fixed_size_dest
- STRING_OVERFLOW likely_overflow
- STRING_OVERFLOW none
- STRING_SIZE none
- TAINTED_SCALAR allocation
- TAINTED_SCALAR array_index_read
- TAINTED_SCALAR array_index_write
- TAINTED_SCALAR critical_argument
- TAINTED_SCALAR divisor
- TAINTED_SCALAR loop_bound
- TAINTED_SCALAR none
- TAINTED_SCALAR pointer_deref_read
- TAINTED_SCALAR pointer_deref_write
- TAINTED_STRING none
- TOCTOU none
- UNCAUGHT_EXCEPT none
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- UNINIT array_index_read
- UNINIT array_index_write
- UNINIT none
- UNINIT pointer_deref_read
- UNINIT pointer_deref_write
- UNINIT_CTOR none
- UNINIT_CTOR pointer
- URL_MANIPULATION none
- USER_POINTER none
- USE_AFTER_FREE deref_read_after_free
- USE_AFTER_FREE deref_write_after_free
- USE_AFTER_FREE double_free
- USE_AFTER_FREE none
- VIRTUAL_DTOR empty_dtor
- VIRTUAL_DTOR none
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
- WRAPPER_ESCAPE COM_deref_read_after_free
- WRAPPER_ESCAPE COM_deref_write_after_free
- WRAPPER_ESCAPE COM_use_after_free
- WRAPPER_ESCAPE deref_read_after_free
- WRAPPER_ESCAPE deref_write_after_free
- WRAPPER_ESCAPE none
- XPATH_INJECTION none
|
- CONFIG.SYMFONY_CSRF_PROTECTION_DISABLED none
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HEADER_INJECTION none
- MISSING_AUTHZ none
- NOSQL_QUERY_INJECTION none
- NO_EFFECT self_assign
- OPEN_REDIRECT none
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- SYMFONY_EL_INJECTION none
- UNSAFE_REFLECTION none
- XSS none
|
- CSRF database_update
- CSRF none
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- MISSING_AUTHZ none
- NOSQL_QUERY_INJECTION none
- OPEN_REDIRECT none
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- XSS none
|
- CSRF csrf_not_protected_by_raising_exception_med
- CSRF csrf_protection_disabled_hi
- CSRF csrf_protection_missing_hi
- CSRF cve_2011_0447_hi
- DIVIDE_BY_ZERO divide_by_zero_low
- DIVIDE_BY_ZERO divide_by_zero_med
- DYNAMIC_OBJECT_ATTRIBUTES cve_2013_0276_hi
- HARDCODED_CREDENTIALS secret_in_source_med
- INSECURE_COOKIE missing_httponly_low
- INSECURE_DIRECT_OBJECT_REFERENCE unscoped_find_low
- NO_EFFECT self_assign
- OPEN_REDIRECT open_redirect_hi
- OPEN_REDIRECT open_redirect_low
- OS_CMD_INJECTION command_injection_hi
- OS_CMD_INJECTION command_injection_med
- PATH_MANIPULATION dynamic_render_path_hi
- PATH_MANIPULATION dynamic_render_path_low
- PATH_MANIPULATION dynamic_render_path_med
- PATH_MANIPULATION dynamic_render_path_rce_hi
- PATH_MANIPULATION file_access_hi
- PATH_MANIPULATION file_access_low
- PATH_MANIPULATION file_access_med
- RAILS_DEFAULT_ROUTES all_default_routes_hi
- RAILS_DEFAULT_ROUTES controller_default_routes_med
- RAILS_DEVISE_CONFIG devise_encryptor_hi
- RAILS_DEVISE_CONFIG devise_reset_timeout_hi
- RAILS_MISSING_FILTER_ACTION missing_action_filter_low
- REGEX_INJECTION regex_dos_hi
- REGEX_INJECTION regex_dos_low
- REGEX_INJECTION regex_dos_med
- RESOURCE_LEAK unsafe_symbol_creation_low
- REVERSE_TABNABBING reverse_tabnabbing_low
- RUBY_VULNERABLE_LIBRARY cve_2010_3933_hi
- RUBY_VULNERABLE_LIBRARY cve_2011_2929_hi
- RUBY_VULNERABLE_LIBRARY cve_2011_2930_med
- RUBY_VULNERABLE_LIBRARY cve_2011_2931_hi
- RUBY_VULNERABLE_LIBRARY cve_2011_2932_hi
- RUBY_VULNERABLE_LIBRARY cve_2011_3186_med
- RUBY_VULNERABLE_LIBRARY cve_2012_2660_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_2661_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_2695_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_3463_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_3465_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_5664_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_0155_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_1855_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_1857_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_4491_med
- RUBY_VULNERABLE_LIBRARY cve_2013_6416_call_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_6416_med
- RUBY_VULNERABLE_LIBRARY cve_2013_6417_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_0080_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_0081_call_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_0081_med
- RUBY_VULNERABLE_LIBRARY cve_2014_3482_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_3483_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_low
- RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_med
- RUBY_VULNERABLE_LIBRARY cve_2014_3514_med
- RUBY_VULNERABLE_LIBRARY cve_2014_7829_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_3226_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_3226_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7577_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7578_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_7578_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7579_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_7579_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7580_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_7580_med
- RUBY_VULNERABLE_LIBRARY cve_2016_6317_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_3741_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_3741_med
- RUBY_VULNERABLE_LIBRARY cve_2018_3760_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_3760_low
- RUBY_VULNERABLE_LIBRARY cve_2018_8048_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_8048_med
- RUBY_VULNERABLE_LIBRARY safe_buffer_vuln_med
- RUBY_VULNERABLE_LIBRARY select_options_vuln_low
- RUBY_VULNERABLE_LIBRARY select_options_vuln_med
- RUBY_VULNERABLE_LIBRARY translate_vuln_hi
- RUBY_VULNERABLE_LIBRARY translate_vuln_med
- SCRIPT_CODE_INJECTION code_eval_hi
- SCRIPT_CODE_INJECTION code_eval_low
- SENSITIVE_DATA_LEAK detailed_exceptions_hi
- SENSITIVE_DATA_LEAK detailed_exceptions_med
- SESSION_MANIPULATION session_key_manipulation_hi
- SESSION_MANIPULATION session_key_manipulation_med
- SQLI sql_injection_calculate_hi
- SQLI sql_injection_calculate_low
- SQLI sql_injection_calculate_med
- SQLI sql_injection_connection_hi
- SQLI sql_injection_connection_low
- SQLI sql_injection_connection_med
- SQLI sql_injection_delete_hi
- SQLI sql_injection_delete_low
- SQLI sql_injection_delete_med
- SQLI sql_injection_dynamic_finder_med
- SQLI sql_injection_exists_hi
- SQLI sql_injection_find_by_hi
- SQLI sql_injection_find_hi
- SQLI sql_injection_find_low
- SQLI sql_injection_find_med
- SQLI sql_injection_from_hi
- SQLI sql_injection_from_low
- SQLI sql_injection_from_med
- SQLI sql_injection_group_low
- SQLI sql_injection_group_med
- SQLI sql_injection_having_low
- SQLI sql_injection_having_med
- SQLI sql_injection_hi
- SQLI sql_injection_interp_hi
- SQLI sql_injection_interp_low
- SQLI sql_injection_interp_med
- SQLI sql_injection_joins_hi
- SQLI sql_injection_joins_low
- SQLI sql_injection_joins_med
- SQLI sql_injection_limit_offset_hi
- SQLI sql_injection_limit_offset_low
- SQLI sql_injection_low
- SQLI sql_injection_med
- SQLI sql_injection_not_low
- SQLI sql_injection_order_hi
- SQLI sql_injection_order_low
- SQLI sql_injection_order_med
- SQLI sql_injection_pluck_hi
- SQLI sql_injection_pluck_low
- SQLI sql_injection_pluck_med
- SQLI sql_injection_reorder_hi
- SQLI sql_injection_reorder_low
- SQLI sql_injection_reorder_med
- SQLI sql_injection_select_hi
- SQLI sql_injection_select_med
- SQLI sql_injection_where_hi
- SQLI sql_injection_where_low
- SQLI sql_injection_where_med
- STRICT_TRANSPORT_SECURITY force_ssl_disabled_med
- UNESCAPED_HTML unescaped_output_low
- UNSAFE_BASIC_AUTH basic_auth_password_hi
- UNSAFE_REFLECTION dangerous_send_hi
- UNSAFE_REFLECTION unsafe_constantize_hi
- UNSAFE_REFLECTION unsafe_constantize_med
- UNSAFE_SESSION_SETTING http_cookies_hi
- UNSAFE_SESSION_SETTING session_secret_hi
- WEAK_PASSWORD_HASH weak_hash_digest_hi
- WEAK_PASSWORD_HASH weak_hash_digest_med
- WEAK_PASSWORD_HASH weak_hash_hmac_med
- XSS cross_site_scripting_hi
- XSS cross_site_scripting_inline_hi
- XSS cross_site_scripting_inline_med
- XSS cross_site_scripting_low
- XSS cross_site_scripting_med
- XSS cve_2011_0446_hi
- XSS cve_2012_3464_med
- XSS cve_2016_6316_hi
- XSS cve_2016_6316_med
- XSS unquoted_attribute_hi
- XSS unquoted_attribute_low
- XSS unquoted_attribute_med
- XSS xss_content_tag_hi
- XSS xss_content_tag_med
- XSS xss_link_to_hi
- XSS xss_link_to_href_hi
- XSS xss_link_to_href_low
- XSS xss_link_to_med
- XSS xss_to_json_hi
- XSS xss_to_json_med
|
- NO_EFFECT self_assign
- OVERFLOW_BEFORE_WIDEN none
|
- CONFIG.ATS_INSECURE none
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- INSECURE_COMMUNICATION none
- INSECURE_MULTIPEER_CONNECTION none
- PATH_MANIPULATION none
- REGEX_INJECTION none
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- XPATH_INJECTION none
|
- ANGULAR_BYPASS_SECURITY none
- ANGULAR_ELEMENT_REFERENCE none
- ANGULAR_EXPRESSION_INJECTION none
- ANGULAR_SCE_DISABLED angular_sce_disabled
- AWS_SSL_DISABLED aws_ssl_disabled
- AWS_VALIDATION_DISABLED aws_credentials_validation
- AWS_VALIDATION_DISABLED aws_parameters_validation
- BAD_CERT_VERIFICATION bad_cert_verification
- BAD_CERT_VERIFICATION certificate_validation_disabled
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
- CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
- CONFIG.CSURF_IGNORE_METHODS csurf_ignore_methods
- CONFIG.HANA_XS_PREVENT_XSRF_DISABLED none
- CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
- CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
- CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
- COOKIE_INJECTION none
- CORS_MISCONFIGURATION cors_with_credentials_all_origin
- CORS_MISCONFIGURATION cors_with_credentials_null_origin
- CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
- CORS_MISCONFIGURATION_AUDIT cors_headers_allowed
- CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_all_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_null_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
- CSRF database_update
- CSRF filesystem_modification
- CSRF none
- CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_cookie_name
- CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_no_validation
- CSRF_MISCONFIGURATION_HAPI_CRUMB insecure_cookie
- CSRF_MISCONFIGURATION_HAPI_CRUMB insufficient_token_entropy
- CSS_INJECTION none
- DOM_XSS none
- EXPRESS_SESSION_UNSAFE_MEMORYSTORE express_session_unsafe_memorystore
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HEADER_INJECTION none
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_set_if
- INSECURE_ACL insecure_acl
- INSECURE_COMMUNICATION insecure_connection
- INSECURE_COOKIE client_sessions_express_session
- INSECURE_COOKIE hapi_server_session
- INSECURE_RANDOM insecure_random_used
- INSECURE_RANDOM insecure_random_value
- INSECURE_SALT hardcoded
- LOCALSTORAGE_MANIPULATION none
- MISSING_AUTHZ none
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_count
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
- MULTER_MISCONFIGURATION multer_misconfiguration_of_limits
- NOSQL_QUERY_INJECTION none
- NO_EFFECT self_assign
- OPEN_REDIRECT none
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- REACT_DANGEROUS_INNERHTML react_set_unsafe_html
- REGEX_INJECTION none
- REVERSE_TABNABBING react_target_blank
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO insecure_cipher
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SA.RISKY_CRYPTO ssl_protocol
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_transmission
- SESSIONSTORAGE_MANIPULATION none
- SQLI none
- SQLI nosink
- SQLI sink
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
- TEMPLATE_INJECTION none
- URL_MANIPULATION none
- VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
- WEAK_URL_SANITIZATION url_substring
- XSS none
|
- CSRF database_update
- CSRF filesystem_modification
- CSRF none
- DIVIDE_BY_ZERO float_divisor
- DIVIDE_BY_ZERO none
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HEADER_INJECTION none
- INSECURE_RANDOM insecure_random_used
- INSECURE_RANDOM insecure_random_value
- LDAP_INJECTION none
- LDAP_NOT_CONSTANT none
- LOG_INJECTION none
- MISSING_AUTHZ none
- OPEN_REDIRECT none
- OS_CMD_INJECTION command_argument
- OS_CMD_INJECTION executable_file
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- REGEX_INJECTION none
- RESOURCE_LEAK channel
- RESOURCE_LEAK database
- RESOURCE_LEAK exceptional_path
- RESOURCE_LEAK none
- RESOURCE_LEAK socket
- RESOURCE_LEAK stream
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
- UNRESTRICTED_DISPATCH none
- UNSAFE_NAMED_QUERY none
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
- XML_INJECTION none
- XPATH_INJECTION none
- XSS none
- XSS stored_xss
|
| 751 2009 Top 25 - Insecure Interaction Between Components |
- CSRF database_update
- CSRF filesystem_modification
- CSRF none
- GUARDED_BY_VIOLATION none
- HEADER_INJECTION none
- LDAP_INJECTION none
- LDAP_NOT_CONSTANT none
- LOG_INJECTION none
- NON_STATIC_GUARDING_STATIC none
- NOSQL_QUERY_INJECTION none
- OPEN_REDIRECT none
- OS_CMD_INJECTION command_argument
- OS_CMD_INJECTION executable_file
- OS_CMD_INJECTION none
- OVERFLOW_BEFORE_WIDEN none
- PATH_MANIPULATION none
- REGEX_INJECTION none
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- UNKNOWN_LANGUAGE_INJECTION none
- UNRESTRICTED_DISPATCH none
- UNSAFE_NAMED_QUERY none
- VOLATILE_ATOMICITY compare
- VOLATILE_ATOMICITY none
- VOLATILE_ATOMICITY semantic
- VOLATILE_ATOMICITY threshold
- XML_INJECTION none
- XPATH_INJECTION none
- XSS none
- XSS stored_xss
|
- ARRAY_VS_SINGLETON none
- AUTOSAR C++14 A15-3-3 none
- BAD_ALLOC_ARITHMETIC none
- BUFFER_SIZE fixed_size_dest
- BUFFER_SIZE likely_overflow
- BUFFER_SIZE no_null_terminator
- BUFFER_SIZE no_null_terminator_warn
- BUFFER_SIZE none
- BUFFER_SIZE overflow
- BUFFER_SIZE overlapping_buffer
- COM.BAD_FREE none
- COM.BSTR.ALLOC double_free
- COM.BSTR.ALLOC free_uninit
- COM.BSTR.ALLOC none
- COM.BSTR.ALLOC use_after_free
- COM.BSTR.ALLOC use_uninit
- COM.BSTR.CONV none
- FORMAT_STRING_INJECTION none
- FORMAT_STRING_INJECTION paranoid
- HEADER_INJECTION none
- INCOMPATIBLE_CAST overrun
- INTEGER_OVERFLOW array_index_read
- INTEGER_OVERFLOW array_index_write
- INTEGER_OVERFLOW const_overflow
- INTEGER_OVERFLOW critical_argument
- INTEGER_OVERFLOW none
- INTEGER_OVERFLOW pointer_deref_read
- INTEGER_OVERFLOW pointer_deref_write
- INTEGER_OVERFLOW return_value_error
- INVALIDATE_ITERATOR none
- MISMATCHED_ITERATOR none
- MISMATCHED_ITERATOR splice_iterator_mismatch
- MISRA C++-2008 Rule 15-3-2 none
- MISSING_ASSIGN none
- MISSING_ASSIGN uncalled
- MISSING_COPY none
- MISSING_COPY uncalled
- MISSING_LOCK none
- NEGATIVE_RETURNS array_index_read
- NEGATIVE_RETURNS array_index_write
- NEGATIVE_RETURNS loop_bound
- OS_CMD_INJECTION none
- OVERFLOW_BEFORE_WIDEN none
- OVERRUN illegal_address
- OVERRUN none
- OVERRUN read
- OVERRUN strlen
- OVERRUN write
- PATH_MANIPULATION none
- PW.INTEGER_OVERFLOW none
- PW.INTEGER_TOO_LARGE none
- PW.NON_CONST_PRINTF_FORMAT_STRING none
- PW.SHIFT_COUNT_TOO_LARGE none
- READLINK none
- REVERSE_NEGATIVE array_index_read
- REVERSE_NEGATIVE array_index_write
- REVERSE_NEGATIVE critical_argument
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_transmission
- SIZECHECK likely_overflow
- SIZECHECK no_null_terminator
- SQLI none
- STRING_NULL none
- STRING_OVERFLOW fixed_size_dest
- STRING_OVERFLOW likely_overflow
- STRING_OVERFLOW none
- STRING_SIZE none
- TAINTED_SCALAR allocation
- TAINTED_SCALAR array_index_read
- TAINTED_SCALAR array_index_write
- TAINTED_SCALAR critical_argument
- TAINTED_SCALAR divisor
- TAINTED_SCALAR loop_bound
- TAINTED_SCALAR none
- TAINTED_SCALAR pointer_deref_read
- TAINTED_SCALAR pointer_deref_write
- TAINTED_STRING none
- TOCTOU none
- UNCAUGHT_EXCEPT none
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- URL_MANIPULATION none
- USER_POINTER none
- USE_AFTER_FREE deref_read_after_free
- USE_AFTER_FREE deref_write_after_free
- USE_AFTER_FREE double_free
- USE_AFTER_FREE none
- WRAPPER_ESCAPE COM_deref_read_after_free
- WRAPPER_ESCAPE COM_deref_write_after_free
- WRAPPER_ESCAPE COM_use_after_free
- WRAPPER_ESCAPE deref_read_after_free
- WRAPPER_ESCAPE deref_write_after_free
- WRAPPER_ESCAPE none
- XPATH_INJECTION none
|
- ARRAY_VS_SINGLETON none
- AUTOSAR C++14 A15-3-3 none
- BAD_ALLOC_ARITHMETIC none
- BUFFER_SIZE fixed_size_dest
- BUFFER_SIZE likely_overflow
- BUFFER_SIZE no_null_terminator
- BUFFER_SIZE no_null_terminator_warn
- BUFFER_SIZE none
- BUFFER_SIZE overflow
- BUFFER_SIZE overlapping_buffer
- FORMAT_STRING_INJECTION none
- FORMAT_STRING_INJECTION paranoid
- HEADER_INJECTION none
- INCOMPATIBLE_CAST overrun
- INTEGER_OVERFLOW array_index_read
- INTEGER_OVERFLOW array_index_write
- INTEGER_OVERFLOW const_overflow
- INTEGER_OVERFLOW critical_argument
- INTEGER_OVERFLOW none
- INTEGER_OVERFLOW pointer_deref_read
- INTEGER_OVERFLOW pointer_deref_write
- INTEGER_OVERFLOW return_value_error
- INVALIDATE_ITERATOR none
- MISMATCHED_ITERATOR none
- MISMATCHED_ITERATOR splice_iterator_mismatch
- MISRA C++-2008 Rule 15-3-2 none
- MISSING_ASSIGN none
- MISSING_ASSIGN uncalled
- MISSING_COPY none
- MISSING_COPY uncalled
- MISSING_LOCK none
- NEGATIVE_RETURNS array_index_read
- NEGATIVE_RETURNS array_index_write
- NEGATIVE_RETURNS loop_bound
- OS_CMD_INJECTION none
- OVERFLOW_BEFORE_WIDEN none
- OVERRUN illegal_address
- OVERRUN none
- OVERRUN read
- OVERRUN strlen
- OVERRUN write
- PATH_MANIPULATION none
- PW.INTEGER_OVERFLOW none
- PW.INTEGER_TOO_LARGE none
- PW.NON_CONST_PRINTF_FORMAT_STRING none
- PW.SHIFT_COUNT_TOO_LARGE none
- READLINK none
- REVERSE_NEGATIVE array_index_read
- REVERSE_NEGATIVE array_index_write
- REVERSE_NEGATIVE critical_argument
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_transmission
- SIZECHECK likely_overflow
- SIZECHECK no_null_terminator
- SQLI none
- STRING_NULL none
- STRING_OVERFLOW fixed_size_dest
- STRING_OVERFLOW likely_overflow
- STRING_OVERFLOW none
- STRING_SIZE none
- TAINTED_SCALAR allocation
- TAINTED_SCALAR array_index_read
- TAINTED_SCALAR array_index_write
- TAINTED_SCALAR critical_argument
- TAINTED_SCALAR divisor
- TAINTED_SCALAR loop_bound
- TAINTED_SCALAR none
- TAINTED_SCALAR pointer_deref_read
- TAINTED_SCALAR pointer_deref_write
- TAINTED_STRING none
- TOCTOU none
- UNCAUGHT_EXCEPT none
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- URL_MANIPULATION none
- USER_POINTER none
- USE_AFTER_FREE deref_read_after_free
- USE_AFTER_FREE deref_write_after_free
- USE_AFTER_FREE double_free
- USE_AFTER_FREE none
- WRAPPER_ESCAPE COM_deref_read_after_free
- WRAPPER_ESCAPE COM_deref_write_after_free
- WRAPPER_ESCAPE COM_use_after_free
- WRAPPER_ESCAPE deref_read_after_free
- WRAPPER_ESCAPE deref_write_after_free
- WRAPPER_ESCAPE none
- XPATH_INJECTION none
|
- GUARDED_BY_VIOLATION none
- HEADER_INJECTION none
- NOSQL_QUERY_INJECTION none
- OPEN_REDIRECT none
- OS_CMD_INJECTION command_as_one_string
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
- TEMPLATE_INJECTION none
- URL_MANIPULATION none
- XSS none
|
- CONFIG.MYBATIS_MAPPER_SQLI none
- CONFIG.SPRING_SECURITY_CSRF_PROTECTION_DISABLED spring_security
- CONFIG.SPRING_SECURITY_DEPRECATED_XSS_HEADER deprecated_xss_header
- CONFIG.SPRING_SECURITY_LOGIN_OVER_HTTP spring_security_login_over_http
- CONFIG.STRUTS2_CONFIG_BROWSER_PLUGIN none
- CONFIG.STRUTS2_DYNAMIC_METHOD_INVOCATION none
- CONFIG.STRUTS2_ENABLED_DEV_MODE none
- CSRF database_update
- CSRF filesystem_modification
- CSRF none
- DISABLED_ENCRYPTION text_encryptor
- EL_INJECTION none
- FB.HRS_REQUEST_PARAMETER_TO_COOKIE none
- FB.HRS_REQUEST_PARAMETER_TO_HTTP_HEADER none
- FB.IS2_INCONSISTENT_SYNC none
- FB.IS_FIELD_NOT_GUARDED none
- FB.IS_INCONSISTENT_SYNC none
- FB.PT_ABSOLUTE_PATH_TRAVERSAL none
- FB.PT_RELATIVE_PATH_TRAVERSAL none
- FB.SQL_NONCONSTANT_STRING_PASSED_TO_EXECUTE none
- FB.SQL_PREPARED_STATEMENT_GENERATED_FROM_NONCONSTANT_STRING none
- FB.STCAL_INVOKE_ON_STATIC_CALENDAR_INSTANCE none
- FB.STCAL_INVOKE_ON_STATIC_DATE_FORMAT_INSTANCE none
- FB.STCAL_STATIC_CALENDAR_INSTANCE none
- FB.STCAL_STATIC_SIMPLE_DATE_FORMAT_INSTANCE none
- FB.XSS_REQUEST_PARAMETER_TO_JSP_WRITER none
- FB.XSS_REQUEST_PARAMETER_TO_SEND_ERROR none
- FB.XSS_REQUEST_PARAMETER_TO_SERVLET_WRITER none
- GUARDED_BY_VIOLATION none
- GUARDED_BY_VIOLATION unlocked_read
- GUARDED_BY_VIOLATION unlocked_write
- HEADER_INJECTION none
- INSECURE_COMMUNICATION insecure_communication
- INSECURE_COMMUNICATION none
- INSECURE_COMMUNICATION unencrypted_connection
- INVALIDATE_ITERATOR map_put
- INVALIDATE_ITERATOR none
- JAVA_CODE_INJECTION none
- JCR_INJECTION none
- JSP_DYNAMIC_INCLUDE none
- JSP_SQL_INJECTION none
- LDAP_INJECTION none
- LDAP_NOT_CONSTANT none
- LOG_INJECTION none
- MISSING_HEADER_VALIDATION missing_header_validation
- NON_STATIC_GUARDING_STATIC none
- NOSQL_QUERY_INJECTION none
- OGNL_INJECTION none
- OPEN_REDIRECT none
- OS_CMD_INJECTION command_as_array_of_args
- OS_CMD_INJECTION command_as_one_string
- OS_CMD_INJECTION none
- OVERFLOW_BEFORE_WIDEN none
- PATH_MANIPULATION none
- REGEX_INJECTION none
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- UNKNOWN_LANGUAGE_INJECTION none
- UNRESTRICTED_DISPATCH none
- UNSAFE_JNI none
- UNSAFE_NAMED_QUERY none
- UNSAFE_REFLECTION none
- URL_MANIPULATION bad_content_uri
- URL_MANIPULATION bad_intent_uri
- URL_MANIPULATION bad_web_uri
- VERBOSE_ERROR_REPORTING exception_information
- VERBOSE_ERROR_REPORTING stack_trace
- VOLATILE_ATOMICITY compare
- VOLATILE_ATOMICITY none
- VOLATILE_ATOMICITY semantic
- VOLATILE_ATOMICITY threshold
- XML_INJECTION none
- XPATH_INJECTION none
- XSS none
- XSS stored_xss
|
- ANGULAR_BYPASS_SECURITY none
- ANGULAR_ELEMENT_REFERENCE none
- ANGULAR_EXPRESSION_INJECTION none
- ANGULAR_SCE_DISABLED angular_sce_disabled
- AWS_SSL_DISABLED aws_ssl_disabled
- AWS_VALIDATION_DISABLED aws_parameters_validation
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
- CONFIG.CSURF_IGNORE_METHODS csurf_ignore_methods
- CONFIG.HANA_XS_PREVENT_XSRF_DISABLED none
- CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
- COOKIE_INJECTION none
- CSRF database_update
- CSRF filesystem_modification
- CSRF none
- CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_cookie_name
- CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_no_validation
- CSRF_MISCONFIGURATION_HAPI_CRUMB insecure_cookie
- CSRF_MISCONFIGURATION_HAPI_CRUMB insufficient_token_entropy
- CSS_INJECTION none
- DOM_XSS none
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
- HEADER_INJECTION none
- INSECURE_COMMUNICATION insecure_connection
- LOCALSTORAGE_MANIPULATION none
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
- NOSQL_QUERY_INJECTION none
- OPEN_REDIRECT none
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- REACT_DANGEROUS_INNERHTML react_set_unsafe_html
- REGEX_INJECTION none
- REVERSE_TABNABBING react_target_blank
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_transmission
- SESSIONSTORAGE_MANIPULATION none
- SQLI none
- SQLI nosink
- SQLI sink
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
- TEMPLATE_INJECTION none
- URL_MANIPULATION none
- VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
- WEAK_URL_SANITIZATION url_substring
- XSS none
|
- HEADER_INJECTION none
- INSECURE_COMMUNICATION none
- OS_CMD_INJECTION command_as_array_of_args
- OS_CMD_INJECTION command_as_one_string
- PATH_MANIPULATION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- URL_MANIPULATION bad_content_uri
- URL_MANIPULATION bad_intent_uri
- URL_MANIPULATION bad_web_uri
|
- ARRAY_VS_SINGLETON none
- BAD_ALLOC_ARITHMETIC none
- BUFFER_SIZE fixed_size_dest
- BUFFER_SIZE likely_overflow
- BUFFER_SIZE no_null_terminator
- BUFFER_SIZE no_null_terminator_warn
- BUFFER_SIZE none
- BUFFER_SIZE overflow
- BUFFER_SIZE overlapping_buffer
- FORMAT_STRING_INJECTION none
- FORMAT_STRING_INJECTION paranoid
- HEADER_INJECTION none
- INCOMPATIBLE_CAST overrun
- INTEGER_OVERFLOW array_index_read
- INTEGER_OVERFLOW array_index_write
- INTEGER_OVERFLOW const_overflow
- INTEGER_OVERFLOW critical_argument
- INTEGER_OVERFLOW none
- INTEGER_OVERFLOW pointer_deref_read
- INTEGER_OVERFLOW pointer_deref_write
- INTEGER_OVERFLOW return_value_error
- INVALIDATE_ITERATOR none
- MISMATCHED_ITERATOR none
- MISMATCHED_ITERATOR splice_iterator_mismatch
- MISSING_ASSIGN none
- MISSING_ASSIGN uncalled
- MISSING_COPY none
- MISSING_COPY uncalled
- MISSING_LOCK none
- NEGATIVE_RETURNS array_index_read
- NEGATIVE_RETURNS array_index_write
- NEGATIVE_RETURNS loop_bound
- OS_CMD_INJECTION none
- OVERFLOW_BEFORE_WIDEN none
- OVERRUN illegal_address
- OVERRUN none
- OVERRUN read
- OVERRUN strlen
- OVERRUN write
- PATH_MANIPULATION none
- READLINK none
- REVERSE_NEGATIVE array_index_read
- REVERSE_NEGATIVE array_index_write
- REVERSE_NEGATIVE critical_argument
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_transmission
- SIZECHECK likely_overflow
- SIZECHECK no_null_terminator
- SQLI none
- STRING_NULL none
- STRING_OVERFLOW fixed_size_dest
- STRING_OVERFLOW likely_overflow
- STRING_OVERFLOW none
- STRING_SIZE none
- TAINTED_SCALAR allocation
- TAINTED_SCALAR array_index_read
- TAINTED_SCALAR array_index_write
- TAINTED_SCALAR critical_argument
- TAINTED_SCALAR divisor
- TAINTED_SCALAR loop_bound
- TAINTED_SCALAR none
- TAINTED_SCALAR pointer_deref_read
- TAINTED_SCALAR pointer_deref_write
- TAINTED_STRING none
- TOCTOU none
- UNCAUGHT_EXCEPT none
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- URL_MANIPULATION none
- USER_POINTER none
- USE_AFTER_FREE deref_read_after_free
- USE_AFTER_FREE deref_write_after_free
- USE_AFTER_FREE double_free
- USE_AFTER_FREE none
- WRAPPER_ESCAPE COM_deref_read_after_free
- WRAPPER_ESCAPE COM_deref_write_after_free
- WRAPPER_ESCAPE COM_use_after_free
- WRAPPER_ESCAPE deref_read_after_free
- WRAPPER_ESCAPE deref_write_after_free
- WRAPPER_ESCAPE none
- XPATH_INJECTION none
|
- CONFIG.SYMFONY_CSRF_PROTECTION_DISABLED none
- HEADER_INJECTION none
- NOSQL_QUERY_INJECTION none
- OPEN_REDIRECT none
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- SYMFONY_EL_INJECTION none
- UNSAFE_REFLECTION none
- XSS none
|
- CSRF database_update
- CSRF none
- NOSQL_QUERY_INJECTION none
- OPEN_REDIRECT none
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- XSS none
|
- CSRF csrf_not_protected_by_raising_exception_med
- CSRF csrf_protection_disabled_hi
- CSRF csrf_protection_missing_hi
- CSRF cve_2011_0447_hi
- DYNAMIC_OBJECT_ATTRIBUTES cve_2013_0276_hi
- OPEN_REDIRECT open_redirect_hi
- OPEN_REDIRECT open_redirect_low
- OS_CMD_INJECTION command_injection_hi
- OS_CMD_INJECTION command_injection_med
- PATH_MANIPULATION dynamic_render_path_hi
- PATH_MANIPULATION dynamic_render_path_low
- PATH_MANIPULATION dynamic_render_path_med
- PATH_MANIPULATION dynamic_render_path_rce_hi
- PATH_MANIPULATION file_access_hi
- PATH_MANIPULATION file_access_low
- PATH_MANIPULATION file_access_med
- REGEX_INJECTION regex_dos_hi
- REGEX_INJECTION regex_dos_low
- REGEX_INJECTION regex_dos_med
- REVERSE_TABNABBING reverse_tabnabbing_low
- RUBY_VULNERABLE_LIBRARY cve_2010_3933_hi
- RUBY_VULNERABLE_LIBRARY cve_2011_2929_hi
- RUBY_VULNERABLE_LIBRARY cve_2011_2930_med
- RUBY_VULNERABLE_LIBRARY cve_2011_2931_hi
- RUBY_VULNERABLE_LIBRARY cve_2011_2932_hi
- RUBY_VULNERABLE_LIBRARY cve_2011_3186_med
- RUBY_VULNERABLE_LIBRARY cve_2012_2660_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_2661_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_2695_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_3463_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_3465_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_5664_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_0155_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_1855_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_1857_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_4491_med
- RUBY_VULNERABLE_LIBRARY cve_2013_6416_call_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_6416_med
- RUBY_VULNERABLE_LIBRARY cve_2013_6417_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_0080_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_0081_call_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_0081_med
- RUBY_VULNERABLE_LIBRARY cve_2014_3482_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_3483_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_low
- RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_med
- RUBY_VULNERABLE_LIBRARY cve_2014_3514_med
- RUBY_VULNERABLE_LIBRARY cve_2014_7829_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_3226_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_3226_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7577_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7578_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_7578_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7579_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_7579_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7580_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_7580_med
- RUBY_VULNERABLE_LIBRARY cve_2016_6317_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_3741_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_3741_med
- RUBY_VULNERABLE_LIBRARY cve_2018_3760_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_3760_low
- RUBY_VULNERABLE_LIBRARY cve_2018_8048_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_8048_med
- RUBY_VULNERABLE_LIBRARY safe_buffer_vuln_med
- RUBY_VULNERABLE_LIBRARY select_options_vuln_low
- RUBY_VULNERABLE_LIBRARY select_options_vuln_med
- RUBY_VULNERABLE_LIBRARY translate_vuln_hi
- RUBY_VULNERABLE_LIBRARY translate_vuln_med
- SCRIPT_CODE_INJECTION code_eval_hi
- SCRIPT_CODE_INJECTION code_eval_low
- SENSITIVE_DATA_LEAK detailed_exceptions_hi
- SENSITIVE_DATA_LEAK detailed_exceptions_med
- SQLI sql_injection_calculate_hi
- SQLI sql_injection_calculate_low
- SQLI sql_injection_calculate_med
- SQLI sql_injection_connection_hi
- SQLI sql_injection_connection_low
- SQLI sql_injection_connection_med
- SQLI sql_injection_delete_hi
- SQLI sql_injection_delete_low
- SQLI sql_injection_delete_med
- SQLI sql_injection_dynamic_finder_med
- SQLI sql_injection_exists_hi
- SQLI sql_injection_find_by_hi
- SQLI sql_injection_find_hi
- SQLI sql_injection_find_low
- SQLI sql_injection_find_med
- SQLI sql_injection_from_hi
- SQLI sql_injection_from_low
- SQLI sql_injection_from_med
- SQLI sql_injection_group_low
- SQLI sql_injection_group_med
- SQLI sql_injection_having_low
- SQLI sql_injection_having_med
- SQLI sql_injection_hi
- SQLI sql_injection_interp_hi
- SQLI sql_injection_interp_low
- SQLI sql_injection_interp_med
- SQLI sql_injection_joins_hi
- SQLI sql_injection_joins_low
- SQLI sql_injection_joins_med
- SQLI sql_injection_limit_offset_hi
- SQLI sql_injection_limit_offset_low
- SQLI sql_injection_low
- SQLI sql_injection_med
- SQLI sql_injection_not_low
- SQLI sql_injection_order_hi
- SQLI sql_injection_order_low
- SQLI sql_injection_order_med
- SQLI sql_injection_pluck_hi
- SQLI sql_injection_pluck_low
- SQLI sql_injection_pluck_med
- SQLI sql_injection_reorder_hi
- SQLI sql_injection_reorder_low
- SQLI sql_injection_reorder_med
- SQLI sql_injection_select_hi
- SQLI sql_injection_select_med
- SQLI sql_injection_where_hi
- SQLI sql_injection_where_low
- SQLI sql_injection_where_med
- STRICT_TRANSPORT_SECURITY force_ssl_disabled_med
- UNESCAPED_HTML unescaped_output_low
- UNSAFE_REFLECTION dangerous_send_hi
- UNSAFE_REFLECTION unsafe_constantize_hi
- UNSAFE_REFLECTION unsafe_constantize_med
- XSS cross_site_scripting_hi
- XSS cross_site_scripting_inline_hi
- XSS cross_site_scripting_inline_med
- XSS cross_site_scripting_low
- XSS cross_site_scripting_med
- XSS cve_2011_0446_hi
- XSS cve_2012_3464_med
- XSS cve_2016_6316_hi
- XSS cve_2016_6316_med
- XSS unquoted_attribute_hi
- XSS unquoted_attribute_low
- XSS unquoted_attribute_med
- XSS xss_content_tag_hi
- XSS xss_content_tag_med
- XSS xss_link_to_hi
- XSS xss_link_to_href_hi
- XSS xss_link_to_href_low
- XSS xss_link_to_med
- XSS xss_to_json_hi
- XSS xss_to_json_med
|
- OVERFLOW_BEFORE_WIDEN none
|
- CONFIG.ATS_INSECURE none
- INSECURE_COMMUNICATION none
- INSECURE_MULTIPEER_CONNECTION none
- PATH_MANIPULATION none
- REGEX_INJECTION none
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- XPATH_INJECTION none
|
- ANGULAR_BYPASS_SECURITY none
- ANGULAR_ELEMENT_REFERENCE none
- ANGULAR_EXPRESSION_INJECTION none
- ANGULAR_SCE_DISABLED angular_sce_disabled
- AWS_SSL_DISABLED aws_ssl_disabled
- AWS_VALIDATION_DISABLED aws_parameters_validation
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
- CONFIG.CSURF_IGNORE_METHODS csurf_ignore_methods
- CONFIG.HANA_XS_PREVENT_XSRF_DISABLED none
- CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
- COOKIE_INJECTION none
- CSRF database_update
- CSRF filesystem_modification
- CSRF none
- CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_cookie_name
- CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_no_validation
- CSRF_MISCONFIGURATION_HAPI_CRUMB insecure_cookie
- CSRF_MISCONFIGURATION_HAPI_CRUMB insufficient_token_entropy
- CSS_INJECTION none
- DOM_XSS none
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
- HEADER_INJECTION none
- INSECURE_COMMUNICATION insecure_connection
- LOCALSTORAGE_MANIPULATION none
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
- NOSQL_QUERY_INJECTION none
- OPEN_REDIRECT none
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- REACT_DANGEROUS_INNERHTML react_set_unsafe_html
- REGEX_INJECTION none
- REVERSE_TABNABBING react_target_blank
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_transmission
- SESSIONSTORAGE_MANIPULATION none
- SQLI none
- SQLI nosink
- SQLI sink
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
- TEMPLATE_INJECTION none
- URL_MANIPULATION none
- VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
- WEAK_URL_SANITIZATION url_substring
- XSS none
|
- CSRF database_update
- CSRF filesystem_modification
- CSRF none
- HEADER_INJECTION none
- LDAP_INJECTION none
- LDAP_NOT_CONSTANT none
- LOG_INJECTION none
- OPEN_REDIRECT none
- OS_CMD_INJECTION command_argument
- OS_CMD_INJECTION executable_file
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- REGEX_INJECTION none
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
- UNRESTRICTED_DISPATCH none
- UNSAFE_NAMED_QUERY none
- XML_INJECTION none
- XPATH_INJECTION none
- XSS none
- XSS stored_xss
|
| 752 2009 Top 25 - Risky Resource Management |
- DIVIDE_BY_ZERO float_divisor
- DIVIDE_BY_ZERO none
- NOSQL_QUERY_INJECTION none
- OVERFLOW_BEFORE_WIDEN none
- REGEX_INJECTION none
- RESOURCE_LEAK channel
- RESOURCE_LEAK database
- RESOURCE_LEAK exceptional_path
- RESOURCE_LEAK none
- RESOURCE_LEAK socket
- RESOURCE_LEAK stream
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- UNKNOWN_LANGUAGE_INJECTION none
- UNRESTRICTED_DISPATCH none
- XPATH_INJECTION none
|
- ALLOC_FREE_MISMATCH none
- ARRAY_VS_SINGLETON none
- BAD_ALLOC_ARITHMETIC none
- BAD_ALLOC_STRLEN none
- BAD_FREE address
- BAD_FREE alloca
- BAD_FREE array
- BAD_FREE first_field_address
- BAD_FREE function_pointer
- BAD_FREE none
- BAD_SIZEOF none
- BAD_SIZEOF sizeof_ptr_expr
- BUFFER_SIZE fixed_size_dest
- BUFFER_SIZE likely_overflow
- BUFFER_SIZE none
- BUFFER_SIZE overflow
- BUFFER_SIZE overlapping_buffer
- COM.ADDROF_LEAK none
- COM.BAD_FREE none
- COM.BSTR.ALLOC double_free
- COM.BSTR.ALLOC free_uninit
- COM.BSTR.ALLOC leak
- COM.BSTR.ALLOC none
- COM.BSTR.ALLOC use_after_free
- COM.BSTR.ALLOC use_uninit
- COM.BSTR.CONV none
- CTOR_DTOR_LEAK none
- DELETE_ARRAY non_array_delete
- DELETE_ARRAY none
- DELETE_ARRAY object
- DELETE_ARRAY scalar
- DIVIDE_BY_ZERO float_divisor
- DIVIDE_BY_ZERO none
- INCOMPATIBLE_CAST overrun
- INTEGER_OVERFLOW array_index_read
- INTEGER_OVERFLOW array_index_write
- INTEGER_OVERFLOW const_overflow
- INTEGER_OVERFLOW critical_argument
- INTEGER_OVERFLOW none
- INTEGER_OVERFLOW pointer_deref_read
- INTEGER_OVERFLOW pointer_deref_write
- INTEGER_OVERFLOW return_value_error
- INVALIDATE_ITERATOR none
- MISMATCHED_ITERATOR none
- MISMATCHED_ITERATOR splice_iterator_mismatch
- MISSING_ASSIGN none
- MISSING_ASSIGN uncalled
- MISSING_COPY none
- MISSING_COPY uncalled
- NO_EFFECT bad_memset_fill_value
- NO_EFFECT bad_memset_zero_size
- NO_EFFECT incomplete_delete
- NO_EFFECT self_assign
- OVERFLOW_BEFORE_WIDEN none
- OVERRUN illegal_address
- OVERRUN none
- OVERRUN read
- OVERRUN strlen
- OVERRUN write
- PW.BRANCH_PAST_INITIALIZATION none
- PW.DIVIDE_BY_ZERO none
- PW.INTEGER_OVERFLOW none
- PW.INTEGER_TOO_LARGE none
- PW.SHIFT_COUNT_TOO_LARGE none
- RESOURCE_LEAK exceptional_path
- RESOURCE_LEAK fds_handles
- RESOURCE_LEAK none
- REVERSE_NEGATIVE critical_argument
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SIZECHECK ampersand_in_size
- SIZECHECK improper_new
- SIZECHECK incorrect_multiplication
- SIZECHECK likely_overflow
- SIZECHECK none
- SIZEOF_MISMATCH sizeof_punning
- STRING_OVERFLOW fixed_size_dest
- STRING_OVERFLOW likely_overflow
- STRING_OVERFLOW none
- STRING_SIZE none
- TAINTED_SCALAR allocation
- TAINTED_SCALAR array_index_read
- TAINTED_SCALAR array_index_write
- TAINTED_SCALAR critical_argument
- TAINTED_SCALAR divisor
- TAINTED_SCALAR loop_bound
- TAINTED_SCALAR none
- TAINTED_SCALAR pointer_deref_read
- TAINTED_SCALAR pointer_deref_write
- UNINIT array_index_read
- UNINIT array_index_write
- UNINIT none
- UNINIT pointer_deref_read
- UNINIT pointer_deref_write
- UNINIT_CTOR none
- UNINIT_CTOR pointer
- USE_AFTER_FREE deref_read_after_free
- USE_AFTER_FREE deref_write_after_free
- USE_AFTER_FREE double_free
- USE_AFTER_FREE none
- VIRTUAL_DTOR empty_dtor
- VIRTUAL_DTOR none
- WRAPPER_ESCAPE COM_deref_read_after_free
- WRAPPER_ESCAPE COM_deref_write_after_free
- WRAPPER_ESCAPE COM_use_after_free
- WRAPPER_ESCAPE deref_read_after_free
- WRAPPER_ESCAPE deref_write_after_free
- WRAPPER_ESCAPE none
- XPATH_INJECTION none
|
- ALLOC_FREE_MISMATCH none
- ARRAY_VS_SINGLETON none
- BAD_ALLOC_ARITHMETIC none
- BAD_ALLOC_STRLEN none
- BAD_FREE address
- BAD_FREE alloca
- BAD_FREE array
- BAD_FREE first_field_address
- BAD_FREE function_pointer
- BAD_FREE none
- BAD_SIZEOF none
- BAD_SIZEOF sizeof_ptr_expr
- BUFFER_SIZE fixed_size_dest
- BUFFER_SIZE likely_overflow
- BUFFER_SIZE none
- BUFFER_SIZE overflow
- BUFFER_SIZE overlapping_buffer
- CTOR_DTOR_LEAK none
- DELETE_ARRAY non_array_delete
- DELETE_ARRAY none
- DELETE_ARRAY object
- DELETE_ARRAY scalar
- DIVIDE_BY_ZERO float_divisor
- DIVIDE_BY_ZERO none
- INCOMPATIBLE_CAST overrun
- INTEGER_OVERFLOW array_index_read
- INTEGER_OVERFLOW array_index_write
- INTEGER_OVERFLOW const_overflow
- INTEGER_OVERFLOW critical_argument
- INTEGER_OVERFLOW none
- INTEGER_OVERFLOW pointer_deref_read
- INTEGER_OVERFLOW pointer_deref_write
- INTEGER_OVERFLOW return_value_error
- INVALIDATE_ITERATOR none
- MISMATCHED_ITERATOR none
- MISMATCHED_ITERATOR splice_iterator_mismatch
- MISSING_ASSIGN none
- MISSING_ASSIGN uncalled
- MISSING_COPY none
- MISSING_COPY uncalled
- NO_EFFECT bad_memset_fill_value
- NO_EFFECT bad_memset_zero_size
- NO_EFFECT incomplete_delete
- NO_EFFECT self_assign
- OVERFLOW_BEFORE_WIDEN none
- OVERRUN illegal_address
- OVERRUN none
- OVERRUN read
- OVERRUN strlen
- OVERRUN write
- PW.BRANCH_PAST_INITIALIZATION none
- PW.DIVIDE_BY_ZERO none
- PW.INTEGER_OVERFLOW none
- PW.INTEGER_TOO_LARGE none
- PW.SHIFT_COUNT_TOO_LARGE none
- RESOURCE_LEAK exceptional_path
- RESOURCE_LEAK fds_handles
- RESOURCE_LEAK none
- REVERSE_NEGATIVE critical_argument
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SIZECHECK ampersand_in_size
- SIZECHECK improper_new
- SIZECHECK incorrect_multiplication
- SIZECHECK likely_overflow
- SIZECHECK none
- SIZEOF_MISMATCH sizeof_punning
- STRING_OVERFLOW fixed_size_dest
- STRING_OVERFLOW likely_overflow
- STRING_OVERFLOW none
- STRING_SIZE none
- TAINTED_SCALAR allocation
- TAINTED_SCALAR array_index_read
- TAINTED_SCALAR array_index_write
- TAINTED_SCALAR critical_argument
- TAINTED_SCALAR divisor
- TAINTED_SCALAR loop_bound
- TAINTED_SCALAR none
- TAINTED_SCALAR pointer_deref_read
- TAINTED_SCALAR pointer_deref_write
- UNINIT array_index_read
- UNINIT array_index_write
- UNINIT none
- UNINIT pointer_deref_read
- UNINIT pointer_deref_write
- UNINIT_CTOR none
- UNINIT_CTOR pointer
- USE_AFTER_FREE deref_read_after_free
- USE_AFTER_FREE deref_write_after_free
- USE_AFTER_FREE double_free
- USE_AFTER_FREE none
- VIRTUAL_DTOR empty_dtor
- VIRTUAL_DTOR none
- WRAPPER_ESCAPE COM_deref_read_after_free
- WRAPPER_ESCAPE COM_deref_write_after_free
- WRAPPER_ESCAPE COM_use_after_free
- WRAPPER_ESCAPE deref_read_after_free
- WRAPPER_ESCAPE deref_write_after_free
- WRAPPER_ESCAPE none
- XPATH_INJECTION none
|
- DIVIDE_BY_ZERO float_divisor
- DIVIDE_BY_ZERO none
- NOSQL_QUERY_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- TEMPLATE_INJECTION none
|
- BAD_CERT_VERIFICATION bad_revocation_check
- CALL_SUPER finalize
- DIVIDE_BY_ZERO float_divisor
- DIVIDE_BY_ZERO none
- FB.BX_BOXING_IMMEDIATELY_UNBOXED_TO_PERFORM_COERCION none
- FB.ICAST_BAD_SHIFT_AMOUNT none
- FB.ICAST_IDIV_CAST_TO_DOUBLE none
- FB.ICAST_INTEGER_MULTIPLY_CAST_TO_LONG none
- FB.ICAST_INT_2_LONG_AS_INSTANT none
- FB.ICAST_INT_CAST_TO_DOUBLE_PASSED_TO_CEIL none
- FB.ICAST_INT_CAST_TO_FLOAT_PASSED_TO_ROUND none
- FB.ICAST_QUESTIONABLE_UNSIGNED_RIGHT_SHIFT none
- INVALIDATE_ITERATOR map_put
- INVALIDATE_ITERATOR none
- JAVA_CODE_INJECTION none
- JCR_INJECTION none
- JSP_DYNAMIC_INCLUDE none
- NOSQL_QUERY_INJECTION none
- OGNL_INJECTION none
- OVERFLOW_BEFORE_WIDEN none
- REGEX_INJECTION none
- RESOURCE_LEAK exceptional_path
- RESOURCE_LEAK none
- RESOURCE_LEAK socket
- RESOURCE_LEAK stream
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- UNKNOWN_LANGUAGE_INJECTION none
- UNRESTRICTED_DISPATCH none
- XPATH_INJECTION none
|
- ANGULAR_EXPRESSION_INJECTION none
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
- CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
- EXPRESS_SESSION_UNSAFE_MEMORYSTORE express_session_unsafe_memorystore
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_count
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
- MULTER_MISCONFIGURATION multer_misconfiguration_of_limits
- NOSQL_QUERY_INJECTION none
- NO_EFFECT self_assign
- REGEX_INJECTION none
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- TEMPLATE_INJECTION none
|
- BAD_CERT_VERIFICATION bad_revocation_check
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
|
- ALLOC_FREE_MISMATCH none
- ARRAY_VS_SINGLETON none
- BAD_ALLOC_ARITHMETIC none
- BAD_ALLOC_STRLEN none
- BAD_FREE address
- BAD_FREE alloca
- BAD_FREE array
- BAD_FREE first_field_address
- BAD_FREE function_pointer
- BAD_FREE none
- BAD_SIZEOF none
- BAD_SIZEOF sizeof_ptr_expr
- BUFFER_SIZE fixed_size_dest
- BUFFER_SIZE likely_overflow
- BUFFER_SIZE none
- BUFFER_SIZE overflow
- BUFFER_SIZE overlapping_buffer
- CTOR_DTOR_LEAK none
- DELETE_ARRAY non_array_delete
- DELETE_ARRAY none
- DELETE_ARRAY object
- DELETE_ARRAY scalar
- DIVIDE_BY_ZERO float_divisor
- DIVIDE_BY_ZERO none
- INCOMPATIBLE_CAST overrun
- INTEGER_OVERFLOW array_index_read
- INTEGER_OVERFLOW array_index_write
- INTEGER_OVERFLOW const_overflow
- INTEGER_OVERFLOW critical_argument
- INTEGER_OVERFLOW none
- INTEGER_OVERFLOW pointer_deref_read
- INTEGER_OVERFLOW pointer_deref_write
- INTEGER_OVERFLOW return_value_error
- INVALIDATE_ITERATOR none
- MISMATCHED_ITERATOR none
- MISMATCHED_ITERATOR splice_iterator_mismatch
- MISSING_ASSIGN none
- MISSING_ASSIGN uncalled
- MISSING_COPY none
- MISSING_COPY uncalled
- NO_EFFECT bad_memset_fill_value
- NO_EFFECT bad_memset_zero_size
- NO_EFFECT incomplete_delete
- NO_EFFECT self_assign
- OVERFLOW_BEFORE_WIDEN none
- OVERRUN illegal_address
- OVERRUN none
- OVERRUN read
- OVERRUN strlen
- OVERRUN write
- RESOURCE_LEAK exceptional_path
- RESOURCE_LEAK fds_handles
- RESOURCE_LEAK none
- REVERSE_NEGATIVE critical_argument
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SIZECHECK ampersand_in_size
- SIZECHECK improper_new
- SIZECHECK incorrect_multiplication
- SIZECHECK likely_overflow
- SIZECHECK none
- SIZEOF_MISMATCH sizeof_punning
- STRING_OVERFLOW fixed_size_dest
- STRING_OVERFLOW likely_overflow
- STRING_OVERFLOW none
- STRING_SIZE none
- TAINTED_SCALAR allocation
- TAINTED_SCALAR array_index_read
- TAINTED_SCALAR array_index_write
- TAINTED_SCALAR critical_argument
- TAINTED_SCALAR divisor
- TAINTED_SCALAR loop_bound
- TAINTED_SCALAR none
- TAINTED_SCALAR pointer_deref_read
- TAINTED_SCALAR pointer_deref_write
- UNINIT array_index_read
- UNINIT array_index_write
- UNINIT none
- UNINIT pointer_deref_read
- UNINIT pointer_deref_write
- UNINIT_CTOR none
- UNINIT_CTOR pointer
- USE_AFTER_FREE deref_read_after_free
- USE_AFTER_FREE deref_write_after_free
- USE_AFTER_FREE double_free
- USE_AFTER_FREE none
- VIRTUAL_DTOR empty_dtor
- VIRTUAL_DTOR none
- WRAPPER_ESCAPE COM_deref_read_after_free
- WRAPPER_ESCAPE COM_deref_write_after_free
- WRAPPER_ESCAPE COM_use_after_free
- WRAPPER_ESCAPE deref_read_after_free
- WRAPPER_ESCAPE deref_write_after_free
- WRAPPER_ESCAPE none
- XPATH_INJECTION none
|
- NOSQL_QUERY_INJECTION none
- NO_EFFECT self_assign
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
|
- NOSQL_QUERY_INJECTION none
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
|
- DIVIDE_BY_ZERO divide_by_zero_low
- DIVIDE_BY_ZERO divide_by_zero_med
- NO_EFFECT self_assign
- PATH_MANIPULATION dynamic_render_path_rce_hi
- RAILS_DEVISE_CONFIG devise_reset_timeout_hi
- REGEX_INJECTION regex_dos_hi
- REGEX_INJECTION regex_dos_low
- REGEX_INJECTION regex_dos_med
- RESOURCE_LEAK unsafe_symbol_creation_low
- RUBY_VULNERABLE_LIBRARY cve_2014_7829_hi
- SCRIPT_CODE_INJECTION code_eval_hi
- SCRIPT_CODE_INJECTION code_eval_low
- SESSION_MANIPULATION session_key_manipulation_hi
- SESSION_MANIPULATION session_key_manipulation_med
|
- NO_EFFECT self_assign
- OVERFLOW_BEFORE_WIDEN none
|
- REGEX_INJECTION none
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- XPATH_INJECTION none
|
- ANGULAR_EXPRESSION_INJECTION none
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
- CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
- EXPRESS_SESSION_UNSAFE_MEMORYSTORE express_session_unsafe_memorystore
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_count
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
- MULTER_MISCONFIGURATION multer_misconfiguration_of_limits
- NOSQL_QUERY_INJECTION none
- NO_EFFECT self_assign
- REGEX_INJECTION none
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- TEMPLATE_INJECTION none
|
- DIVIDE_BY_ZERO float_divisor
- DIVIDE_BY_ZERO none
- REGEX_INJECTION none
- RESOURCE_LEAK channel
- RESOURCE_LEAK database
- RESOURCE_LEAK exceptional_path
- RESOURCE_LEAK none
- RESOURCE_LEAK socket
- RESOURCE_LEAK stream
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- UNRESTRICTED_DISPATCH none
- XPATH_INJECTION none
|
| 753 2009 Top 25 - Porous Defenses |
- CONFIG.CONNECTION_STRING_PASSWORD none
- CONFIG.DEAD_AUTHORIZATION_RULE dead_allow_rule
- CONFIG.DEAD_AUTHORIZATION_RULE dead_deny_rule
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- INSECURE_COOKIE dotnet
- INSECURE_RANDOM insecure_random_used
- INSECURE_RANDOM insecure_random_value
- MISSING_AUTHZ none
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
|
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SQLI none
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
|
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SQLI none
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
|
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SQLI none
- SQLI nosink
- SQLI sink
|
- ANDROID_CAPABILITY_LEAK none
- CONFIG.DWR_DEBUG_MODE none
- CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
- CONFIG.JAVAEE_MISSING_SERVLET_MAPPING javaee
- CONFIG.MISSING_JSF2_SECURITY_CONSTRAINT none
- CONFIG.MYBATIS_MAPPER_SQLI none
- CONFIG.SPRING_BOOT_SSL_DISABLED spring_boot_certificate_validation_skipped
- CONFIG.SPRING_SECURITY_DISABLE_AUTH_TAGS none
- CONFIG.SPRING_SECURITY_HARDCODED_CREDENTIALS none
- CONFIG.SPRING_SECURITY_REMEMBER_ME_HARDCODED_KEY none
- CONFIG.SPRING_SECURITY_WEAK_PASSWORD_HASH weak_encoding_for_password
- CONFIG.STRUTS2_CONFIG_BROWSER_PLUGIN none
- CONFIG.STRUTS2_DYNAMIC_METHOD_INVOCATION none
- CONFIG.STRUTS2_ENABLED_DEV_MODE none
- CORS_MISCONFIGURATION cors_with_credentials_null_origin
- CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
- CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
- FB.DMI_CONSTANT_DB_PASSWORD none
- FB.DMI_EMPTY_DB_PASSWORD none
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- IMPLICIT_INTENT none
- INSECURE_RANDOM insecure_random_used
- INSECURE_RANDOM insecure_random_value
- JSP_SQL_INJECTION none
- MISSING_AUTHZ none
- MISSING_PERMISSION_FOR_BROADCAST none
- MISSING_PERMISSION_ON_EXPORTED_COMPONENT none
- MOBILE_ID_MISUSE none
- PREDICTABLE_RANDOM_SEED random_seed
- PREDICTABLE_RANDOM_SEED secure_random_seed_const
- PREDICTABLE_RANDOM_SEED secure_random_seed_sys_time
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_storage_in_intent
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
|
- AWS_VALIDATION_DISABLED aws_credentials_validation
- AWS_VALIDATION_DISABLED aws_parameters_validation
- BAD_CERT_VERIFICATION bad_cert_verification
- BAD_CERT_VERIFICATION certificate_validation_disabled
- CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
- CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
- CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
- CORS_MISCONFIGURATION cors_with_credentials_all_origin
- CORS_MISCONFIGURATION cors_with_credentials_null_origin
- CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
- CORS_MISCONFIGURATION_AUDIT cors_headers_allowed
- CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_all_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_null_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_set_if
- INSECURE_ACL insecure_acl
- INSECURE_COOKIE client_sessions_express_session
- INSECURE_COOKIE hapi_server_session
- INSECURE_RANDOM insecure_random_used
- INSECURE_RANDOM insecure_random_value
- INSECURE_SALT hardcoded
- MISSING_AUTHZ none
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO insecure_cipher
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SA.RISKY_CRYPTO ssl_protocol
- SQLI none
- SQLI nosink
- SQLI sink
|
- ANDROID_CAPABILITY_LEAK none
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- IMPLICIT_INTENT none
- INSECURE_RANDOM insecure_random_used
- INSECURE_RANDOM insecure_random_value
- MISSING_PERMISSION_FOR_BROADCAST none
- MOBILE_ID_MISUSE none
- PREDICTABLE_RANDOM_SEED random_seed
- PREDICTABLE_RANDOM_SEED secure_random_seed_const
- PREDICTABLE_RANDOM_SEED secure_random_seed_sys_time
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_storage_in_intent
- SQLI none
- SQLI nosink
- SQLI sink
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
|
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SQLI none
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
|
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- MISSING_AUTHZ none
- SQLI none
- SQLI nosink
- SQLI sink
|
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- MISSING_AUTHZ none
- SQLI none
- SQLI nosink
- SQLI sink
|
- HARDCODED_CREDENTIALS secret_in_source_med
- INSECURE_COOKIE missing_httponly_low
- INSECURE_DIRECT_OBJECT_REFERENCE unscoped_find_low
- RAILS_DEFAULT_ROUTES all_default_routes_hi
- RAILS_DEFAULT_ROUTES controller_default_routes_med
- RAILS_DEVISE_CONFIG devise_encryptor_hi
- RAILS_MISSING_FILTER_ACTION missing_action_filter_low
- UNSAFE_BASIC_AUTH basic_auth_password_hi
- UNSAFE_SESSION_SETTING http_cookies_hi
- UNSAFE_SESSION_SETTING session_secret_hi
- WEAK_PASSWORD_HASH weak_hash_digest_hi
- WEAK_PASSWORD_HASH weak_hash_digest_med
- WEAK_PASSWORD_HASH weak_hash_hmac_med
|
|
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SQLI none
- SQLI nosink
- SQLI sink
|
- AWS_VALIDATION_DISABLED aws_credentials_validation
- AWS_VALIDATION_DISABLED aws_parameters_validation
- BAD_CERT_VERIFICATION bad_cert_verification
- BAD_CERT_VERIFICATION certificate_validation_disabled
- CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
- CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
- CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
- CORS_MISCONFIGURATION cors_with_credentials_all_origin
- CORS_MISCONFIGURATION cors_with_credentials_null_origin
- CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
- CORS_MISCONFIGURATION_AUDIT cors_headers_allowed
- CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_all_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_null_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_set_if
- INSECURE_ACL insecure_acl
- INSECURE_COOKIE client_sessions_express_session
- INSECURE_COOKIE hapi_server_session
- INSECURE_RANDOM insecure_random_used
- INSECURE_RANDOM insecure_random_value
- INSECURE_SALT hardcoded
- MISSING_AUTHZ none
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO insecure_cipher
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SA.RISKY_CRYPTO ssl_protocol
- SQLI none
- SQLI nosink
- SQLI sink
|
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- INSECURE_RANDOM insecure_random_used
- INSECURE_RANDOM insecure_random_value
- MISSING_AUTHZ none
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
|
| 754 Improper Check for Unusual or Exceptional Conditions |
|
- BAD_COMPARE comparator_misuse
- CHECKED_RETURN library_function
- CHECKED_RETURN none
- CHECKED_RETURN returns_error_info
- CHECKED_RETURN short_read
- CHECKED_RETURN unchecked_arg
- CHECKED_RETURN user_required
- NEGATIVE_RETURNS none
- REVERSE_NEGATIVE none
|
- BAD_COMPARE comparator_misuse
- CHECKED_RETURN library_function
- CHECKED_RETURN none
- CHECKED_RETURN returns_error_info
- CHECKED_RETURN short_read
- CHECKED_RETURN unchecked_arg
- CHECKED_RETURN user_required
- NEGATIVE_RETURNS none
- REVERSE_NEGATIVE none
|
- CHECKED_RETURN none
- CHECKED_RETURN unchecked_arg
|
- CHECKED_RETURN library_function
- CHECKED_RETURN none
- CHECKED_RETURN short_read
- CHECKED_RETURN user_required
- FB.RV_RETURN_VALUE_IGNORED_BAD_PRACTICE none
- ORM_LOAD_NULL_CHECK none
|
|
|
- BAD_COMPARE comparator_misuse
- CHECKED_RETURN library_function
- CHECKED_RETURN none
- CHECKED_RETURN short_read
- CHECKED_RETURN unchecked_arg
- CHECKED_RETURN user_required
- NEGATIVE_RETURNS none
- REVERSE_NEGATIVE none
|
|
|
|
|
|
|
|
| 755 Improper Handling of Exceptional Conditions |
- CONFIG.MISSING_CUSTOM_ERROR_PAGE none
- MISSING_THROW none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
|
- AUTOSAR C++14 A15-3-3 none
- MISRA C++-2008 Rule 15-3-2 none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- UNCAUGHT_EXCEPT none
|
- AUTOSAR C++14 A15-3-3 none
- MISRA C++-2008 Rule 15-3-2 none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- UNCAUGHT_EXCEPT none
|
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
|
- CONFIG.MISSING_GLOBAL_EXCEPTION_HANDLER none
- FB.REC_CATCH_EXCEPTION none
- MISSING_THROW none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- VERBOSE_ERROR_REPORTING exception_information
- VERBOSE_ERROR_REPORTING stack_trace
|
- CONFIG.MISSING_GLOBAL_EXCEPTION_HANDLER winston_exception_handling
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
|
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
|
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- UNCAUGHT_EXCEPT none
|
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
|
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
|
- SENSITIVE_DATA_LEAK detailed_exceptions_hi
- SENSITIVE_DATA_LEAK detailed_exceptions_med
|
|
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
|
- CONFIG.MISSING_GLOBAL_EXCEPTION_HANDLER winston_exception_handling
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
|
- CONFIG.MISSING_CUSTOM_ERROR_PAGE none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
|
| 756 Missing Custom Error Page |
- CONFIG.MISSING_CUSTOM_ERROR_PAGE none
|
|
|
|
- CONFIG.MISSING_GLOBAL_EXCEPTION_HANDLER none
|
- CONFIG.MISSING_GLOBAL_EXCEPTION_HANDLER winston_exception_handling
|
|
|
|
|
|
|
|
- CONFIG.MISSING_GLOBAL_EXCEPTION_HANDLER winston_exception_handling
|
- CONFIG.MISSING_CUSTOM_ERROR_PAGE none
|
| 757 Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade') |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 758 Reliance on Undefined, Unspecified, or Implementation-Defined Behavior |
|
- DELETE_VOID none
- EVALUATION_ORDER none
- INCOMPATIBLE_CAST endianness
|
- DELETE_VOID none
- EVALUATION_ORDER none
- INCOMPATIBLE_CAST endianness
|
|
|
|
|
- DELETE_VOID none
- EVALUATION_ORDER none
- INCOMPATIBLE_CAST endianness
|
|
|
|
|
|
|
|
| 759 Use of a One-Way Hash without a Salt |
- WEAK_PASSWORD_HASH weak_hash_no_salt
|
- WEAK_PASSWORD_HASH weak_hash_no_salt
|
- WEAK_PASSWORD_HASH weak_hash_no_salt
|
|
- WEAK_PASSWORD_HASH weak_hash_no_salt
|
|
- WEAK_PASSWORD_HASH weak_hash_no_salt
|
- WEAK_PASSWORD_HASH weak_hash_no_salt
|
|
|
|
|
|
|
- WEAK_PASSWORD_HASH weak_hash_no_salt
|
| 760 Use of a One-Way Hash with a Predictable Salt |
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
|
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
|
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
|
|
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
|
|
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
|
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
|
|
|
|
|
|
|
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
|
| 761 Free of Pointer not at Start of Buffer |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 762 Mismatched Memory Management Routines |
|
- ALLOC_FREE_MISMATCH none
- BAD_FREE address
- BAD_FREE alloca
- BAD_FREE array
- BAD_FREE first_field_address
- BAD_FREE function_pointer
- BAD_FREE none
- COM.BAD_FREE none
|
- ALLOC_FREE_MISMATCH none
- BAD_FREE address
- BAD_FREE alloca
- BAD_FREE array
- BAD_FREE first_field_address
- BAD_FREE function_pointer
- BAD_FREE none
|
|
|
|
|
- ALLOC_FREE_MISMATCH none
- BAD_FREE address
- BAD_FREE alloca
- BAD_FREE array
- BAD_FREE first_field_address
- BAD_FREE function_pointer
- BAD_FREE none
|
|
|
|
|
|
|
|
| 763 Release of Invalid Pointer or Reference |
|
- ALLOC_FREE_MISMATCH none
- BAD_FREE address
- BAD_FREE alloca
- BAD_FREE array
- BAD_FREE first_field_address
- BAD_FREE function_pointer
- BAD_FREE none
- COM.BAD_FREE none
|
- ALLOC_FREE_MISMATCH none
- BAD_FREE address
- BAD_FREE alloca
- BAD_FREE array
- BAD_FREE first_field_address
- BAD_FREE function_pointer
- BAD_FREE none
|
|
|
|
|
- ALLOC_FREE_MISMATCH none
- BAD_FREE address
- BAD_FREE alloca
- BAD_FREE array
- BAD_FREE first_field_address
- BAD_FREE function_pointer
- BAD_FREE none
|
|
|
|
|
|
|
|
| 764 Multiple Locks of a Critical Resource |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 765 Multiple Unlocks of a Critical Resource |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 766 Critical Data Element Declared Public |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 767 Access to Critical Private Variable via Public Method |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 768 Incorrect Short Circuit Evaluation |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 769 DEPRECATED: Uncontrolled File Descriptor Consumption |
|
- RESOURCE_LEAK fds_handles
|
- RESOURCE_LEAK fds_handles
|
|
|
|
|
- RESOURCE_LEAK fds_handles
|
|
|
|
|
|
|
|
| 770 Allocation of Resources Without Limits or Throttling |
|
- TAINTED_SCALAR allocation
|
- TAINTED_SCALAR allocation
|
|
|
- EXPRESS_SESSION_UNSAFE_MEMORYSTORE express_session_unsafe_memorystore
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_count
- MULTER_MISCONFIGURATION multer_misconfiguration_of_limits
|
|
- TAINTED_SCALAR allocation
|
|
|
|
|
|
- EXPRESS_SESSION_UNSAFE_MEMORYSTORE express_session_unsafe_memorystore
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_count
- MULTER_MISCONFIGURATION multer_misconfiguration_of_limits
|
|
| 771 Missing Reference to Active Allocated Resource |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 772 Missing Release of Resource after Effective Lifetime |
|
- COM.ADDROF_LEAK none
- COM.BSTR.ALLOC leak
- CTOR_DTOR_LEAK none
- NO_EFFECT incomplete_delete
- RESOURCE_LEAK fds_handles
- VIRTUAL_DTOR empty_dtor
- VIRTUAL_DTOR none
|
- CTOR_DTOR_LEAK none
- NO_EFFECT incomplete_delete
- RESOURCE_LEAK fds_handles
- VIRTUAL_DTOR empty_dtor
- VIRTUAL_DTOR none
|
|
|
|
|
- CTOR_DTOR_LEAK none
- NO_EFFECT incomplete_delete
- RESOURCE_LEAK fds_handles
- VIRTUAL_DTOR empty_dtor
- VIRTUAL_DTOR none
|
|
|
|
|
|
|
|
| 773 Missing Reference to Active File Descriptor or Handle |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 774 Allocation of File Descriptors or Handles Without Limits or Throttling |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 775 Missing Release of File Descriptor or Handle after Effective Lifetime |
|
- RESOURCE_LEAK fds_handles
|
- RESOURCE_LEAK fds_handles
|
|
|
|
|
- RESOURCE_LEAK fds_handles
|
|
|
|
|
|
|
|
| 776 Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion') |
- XML_EXTERNAL_ENTITY entity_expansion
- XML_EXTERNAL_ENTITY unrestricted_dtds
|
|
|
- XML_EXTERNAL_ENTITY entity_expansion
|
- XML_EXTERNAL_ENTITY entity_expansion
- XML_EXTERNAL_ENTITY unrestricted_dtds
|
- XML_EXTERNAL_ENTITY entity_expansion
|
- XML_EXTERNAL_ENTITY entity_expansion
- XML_EXTERNAL_ENTITY unrestricted_dtds
|
|
|
|
|
|
|
- XML_EXTERNAL_ENTITY entity_expansion
|
- XML_EXTERNAL_ENTITY entity_expansion
- XML_EXTERNAL_ENTITY unrestricted_dtds
|
| 777 Regular Expression without Anchors |
|
|
|
|
|
|
|
|
|
|
- REGEX_MISSING_ANCHOR validation_regex_hi
|
|
|
|
|
| 778 Insufficient Logging |
- UNLOGGED_SECURITY_EXCEPTION unlogged_security_exception
|
|
|
- INSUFFICIENT_LOGGING logging_obligation
|
- UNLOGGED_SECURITY_EXCEPTION unlogged_security_exception
|
- INSUFFICIENT_LOGGING logging_obligation
|
|
|
|
|
|
|
|
- INSUFFICIENT_LOGGING logging_obligation
|
- UNLOGGED_SECURITY_EXCEPTION unlogged_security_exception
|
| 779 Logging of Excessive Data |
|
|
|
|
|
- CONFIG.CORDOVA_EXCESSIVE_LOGGING cordova
|
|
|
|
|
|
|
|
- CONFIG.CORDOVA_EXCESSIVE_LOGGING cordova
|
|
| 780 Use of RSA Algorithm without OAEP |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 781 Improper Address Validation in IOCTL with METHOD_NEITHER I/O Control Code |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 782 Exposed IOCTL with Insufficient Access Control |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 783 Operator Precedence Logic Error |
- CONSTANT_EXPRESSION_RESULT missing_parentheses
|
- BAD_COMPARE misuse_of_not
- CONSTANT_EXPRESSION_RESULT missing_parentheses
- SIZEOF_MISMATCH missing_parentheses
|
- BAD_COMPARE misuse_of_not
- CONSTANT_EXPRESSION_RESULT missing_parentheses
- SIZEOF_MISMATCH missing_parentheses
|
- CONSTANT_EXPRESSION_RESULT missing_parentheses
|
- CONSTANT_EXPRESSION_RESULT missing_parentheses
|
- CONSTANT_EXPRESSION_RESULT missing_parentheses
|
|
- BAD_COMPARE misuse_of_not
- CONSTANT_EXPRESSION_RESULT missing_parentheses
- SIZEOF_MISMATCH missing_parentheses
|
- CONSTANT_EXPRESSION_RESULT missing_parentheses
|
- CONSTANT_EXPRESSION_RESULT missing_parentheses
|
- CONSTANT_EXPRESSION_RESULT missing_parentheses
|
- CONSTANT_EXPRESSION_RESULT missing_parentheses
|
|
- CONSTANT_EXPRESSION_RESULT missing_parentheses
|
|
| 784 Reliance on Cookies without Validation and Integrity Checking in a Security Decision |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 785 Use of Path Manipulation Function without Maximum-sized Buffer |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 786 Access of Memory Location Before Start of Buffer |
|
- ARRAY_VS_SINGLETON none
- BAD_ALLOC_ARITHMETIC none
- BUFFER_SIZE none
- INTEGER_OVERFLOW array_index_read
- INTEGER_OVERFLOW pointer_deref_read
- OVERRUN illegal_address
- OVERRUN none
- OVERRUN read
- OVERRUN strlen
- OVERRUN write
|
- ARRAY_VS_SINGLETON none
- BAD_ALLOC_ARITHMETIC none
- BUFFER_SIZE none
- INTEGER_OVERFLOW array_index_read
- INTEGER_OVERFLOW pointer_deref_read
- OVERRUN illegal_address
- OVERRUN none
- OVERRUN read
- OVERRUN strlen
- OVERRUN write
|
|
|
|
|
- ARRAY_VS_SINGLETON none
- BAD_ALLOC_ARITHMETIC none
- BUFFER_SIZE none
- INTEGER_OVERFLOW array_index_read
- INTEGER_OVERFLOW pointer_deref_read
- OVERRUN illegal_address
- OVERRUN none
- OVERRUN read
- OVERRUN strlen
- OVERRUN write
|
|
|
|
|
|
|
|
| 787 Out-of-bounds Write |
|
- ARRAY_VS_SINGLETON none
- BAD_ALLOC_ARITHMETIC none
- BUFFER_SIZE none
- OVERRUN illegal_address
- OVERRUN none
- OVERRUN read
- OVERRUN strlen
- OVERRUN write
|
- ARRAY_VS_SINGLETON none
- BAD_ALLOC_ARITHMETIC none
- BUFFER_SIZE none
- OVERRUN illegal_address
- OVERRUN none
- OVERRUN read
- OVERRUN strlen
- OVERRUN write
|
|
|
|
|
- ARRAY_VS_SINGLETON none
- BAD_ALLOC_ARITHMETIC none
- BUFFER_SIZE none
- OVERRUN illegal_address
- OVERRUN none
- OVERRUN read
- OVERRUN strlen
- OVERRUN write
|
|
|
|
|
|
|
|
| 788 Access of Memory Location After End of Buffer |
|
- ARRAY_VS_SINGLETON none
- BAD_ALLOC_ARITHMETIC none
- BUFFER_SIZE none
- INTEGER_OVERFLOW array_index_read
- INTEGER_OVERFLOW pointer_deref_read
- OVERRUN illegal_address
- OVERRUN none
- OVERRUN read
- OVERRUN strlen
- OVERRUN write
|
- ARRAY_VS_SINGLETON none
- BAD_ALLOC_ARITHMETIC none
- BUFFER_SIZE none
- INTEGER_OVERFLOW array_index_read
- INTEGER_OVERFLOW pointer_deref_read
- OVERRUN illegal_address
- OVERRUN none
- OVERRUN read
- OVERRUN strlen
- OVERRUN write
|
|
|
|
|
- ARRAY_VS_SINGLETON none
- BAD_ALLOC_ARITHMETIC none
- BUFFER_SIZE none
- INTEGER_OVERFLOW array_index_read
- INTEGER_OVERFLOW pointer_deref_read
- OVERRUN illegal_address
- OVERRUN none
- OVERRUN read
- OVERRUN strlen
- OVERRUN write
|
|
|
|
|
|
|
|
| 789 Uncontrolled Memory Allocation |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 790 Improper Filtering of Special Elements |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 791 Incomplete Filtering of Special Elements |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 792 Incomplete Filtering of One or More Instances of Special Elements |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 793 Only Filtering One Instance of a Special Element |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 794 Incomplete Filtering of Multiple Instances of Special Elements |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 795 Only Filtering Special Elements at a Specified Location |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 796 Only Filtering Special Elements Relative to a Marker |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 797 Only Filtering Special Elements at an Absolute Position |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 798 Use of Hard-coded Credentials |
- CONFIG.CONNECTION_STRING_PASSWORD none
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
|
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
|
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
|
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
|
- CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
- CONFIG.SPRING_SECURITY_HARDCODED_CREDENTIALS none
- CONFIG.SPRING_SECURITY_REMEMBER_ME_HARDCODED_KEY none
- FB.DMI_CONSTANT_DB_PASSWORD none
- FB.DMI_EMPTY_DB_PASSWORD none
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
|
- CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
- CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
|
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
|
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
|
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
|
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
|
- HARDCODED_CREDENTIALS secret_in_source_med
- UNSAFE_BASIC_AUTH basic_auth_password_hi
- UNSAFE_SESSION_SETTING session_secret_hi
|
|
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
|
- CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
- CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
|
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
|
| 799 Improper Control of Interaction Frequency |
|
|
|
|
|
|
|
|
|
|
- RAILS_DEVISE_CONFIG devise_lock_strategy_low
|
|
|
|
|
| 800 Weaknesses in the 2010 CWE/SANS Top 25 Most Dangerous Programming Errors |
- CONFIG.CONNECTION_STRING_PASSWORD none
- CONFIG.DEAD_AUTHORIZATION_RULE dead_allow_rule
- CONFIG.DEAD_AUTHORIZATION_RULE dead_deny_rule
- CSRF database_update
- CSRF filesystem_modification
- CSRF none
- FORWARD_NULL deref_constant_null
- FORWARD_NULL deref_constant_zero
- FORWARD_NULL dynamic_cast
- FORWARD_NULL none
- FORWARD_NULL null_from_as
- FORWARD_NULL throws_on_null
- GUARDED_BY_VIOLATION none
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- INSECURE_COOKIE dotnet
- INSECURE_RANDOM insecure_random_used
- INSECURE_RANDOM insecure_random_value
- MISSING_AUTHZ none
- NON_STATIC_GUARDING_STATIC none
- NULL_RETURNS none
- NULL_RETURNS unimpl
- OPEN_REDIRECT none
- OS_CMD_INJECTION command_argument
- OS_CMD_INJECTION executable_file
- OS_CMD_INJECTION none
- OVERFLOW_BEFORE_WIDEN none
- PATH_MANIPULATION none
- REVERSE_INULL none
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- VOLATILE_ATOMICITY compare
- VOLATILE_ATOMICITY none
- VOLATILE_ATOMICITY semantic
- VOLATILE_ATOMICITY threshold
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
- XSS none
- XSS stored_xss
|
- AUTOSAR C++14 A15-3-3 none
- BAD_ALLOC_STRLEN none
- BAD_COMPARE comparator_misuse
- BUFFER_SIZE fixed_size_dest
- BUFFER_SIZE likely_overflow
- BUFFER_SIZE none
- BUFFER_SIZE overflow
- BUFFER_SIZE overlapping_buffer
- CHAR_IO none
- CHECKED_RETURN library_function
- CHECKED_RETURN none
- CHECKED_RETURN returns_error_info
- CHECKED_RETURN short_read
- CHECKED_RETURN unchecked_arg
- CHECKED_RETURN user_required
- COM.ADDROF_LEAK none
- COM.BAD_FREE none
- COM.BSTR.ALLOC double_free
- COM.BSTR.ALLOC free_uninit
- COM.BSTR.ALLOC leak
- COM.BSTR.ALLOC none
- COM.BSTR.ALLOC use_after_free
- COM.BSTR.ALLOC use_uninit
- CTOR_DTOR_LEAK none
- FORMAT_STRING_INJECTION none
- FORMAT_STRING_INJECTION paranoid
- FORWARD_NULL deref_constant_null
- FORWARD_NULL dynamic_cast
- FORWARD_NULL none
- FORWARD_NULL throws_on_null
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- INTEGER_OVERFLOW array_index_read
- INTEGER_OVERFLOW array_index_write
- INTEGER_OVERFLOW const_overflow
- INTEGER_OVERFLOW critical_argument
- INTEGER_OVERFLOW none
- INTEGER_OVERFLOW pointer_deref_read
- INTEGER_OVERFLOW pointer_deref_write
- INTEGER_OVERFLOW return_value_error
- MISRA C++-2008 Rule 15-3-2 none
- MISRA_CAST bitwise_op_bad_cast
- MISRA_CAST bitwise_op_no_cast
- MISRA_CAST float_complex_conversion
- MISRA_CAST float_narrowing_conversion
- MISRA_CAST float_non_constant_arg_conversion
- MISRA_CAST float_non_constant_conversion
- MISRA_CAST float_non_constant_rtn_conversion
- MISRA_CAST float_to_integer_cast
- MISRA_CAST float_to_integer_conversion
- MISRA_CAST float_widening_cast
- MISRA_CAST integer_complex_conversion
- MISRA_CAST integer_narrowing_conversion
- MISRA_CAST integer_non_constant_arg_conversion
- MISRA_CAST integer_non_constant_conversion
- MISRA_CAST integer_non_constant_rtn_conversion
- MISRA_CAST integer_signedness_changing_cast
- MISRA_CAST integer_signedness_changing_conversion
- MISRA_CAST integer_to_float_cast
- MISRA_CAST integer_to_float_conversion
- MISRA_CAST integer_widening_cast
- MISRA_CAST none
- MISSING_ASSIGN none
- MISSING_ASSIGN uncalled
- MISSING_COPY none
- MISSING_COPY uncalled
- MISSING_LOCK none
- NEGATIVE_RETURNS array_index_read
- NEGATIVE_RETURNS array_index_write
- NEGATIVE_RETURNS none
- NO_EFFECT bad_memset_truncated_fill
- NO_EFFECT bad_memset_zero_size
- NO_EFFECT incomplete_delete
- NULL_RETURNS none
- NULL_RETURNS unimpl
- OS_CMD_INJECTION none
- OVERFLOW_BEFORE_WIDEN none
- PATH_MANIPULATION none
- PW.INTEGER_OVERFLOW none
- PW.INTEGER_TOO_LARGE none
- PW.NON_CONST_PRINTF_FORMAT_STRING none
- PW.RETURN_PTR_TO_LOCAL_TEMP none
- PW.SHIFT_COUNT_TOO_LARGE none
- RESOURCE_LEAK fds_handles
- RETURN_LOCAL escape_local_addr_to_fields_or_globals
- RETURN_LOCAL none
- REVERSE_INULL none
- REVERSE_NEGATIVE array_index_read
- REVERSE_NEGATIVE array_index_write
- REVERSE_NEGATIVE none
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SIGN_EXTENSION none
- SIZECHECK ampersand_in_size
- SIZECHECK improper_new
- SIZECHECK incorrect_multiplication
- SIZECHECK likely_overflow
- SIZECHECK none
- SQLI none
- STRING_OVERFLOW fixed_size_dest
- STRING_OVERFLOW likely_overflow
- STRING_OVERFLOW none
- STRING_SIZE none
- TAINTED_SCALAR allocation
- TAINTED_SCALAR array_index_read
- TAINTED_SCALAR array_index_write
- TAINTED_SCALAR pointer_deref_read
- TAINTED_SCALAR pointer_deref_write
- TOCTOU none
- UNCAUGHT_EXCEPT none
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- USE_AFTER_FREE deref_read_after_free
- USE_AFTER_FREE deref_write_after_free
- USE_AFTER_FREE double_close
- USE_AFTER_FREE double_free
- USE_AFTER_FREE none
- USE_AFTER_FREE use_after_close
- VIRTUAL_DTOR empty_dtor
- VIRTUAL_DTOR none
- WEAK_GUARD dns
- WEAK_GUARD dns_sensitive_op
- WEAK_GUARD http_referer
- WEAK_GUARD http_referer_sensitive_op
- WEAK_GUARD ip_address
- WEAK_GUARD ip_address_sensitive_op
- WEAK_GUARD none
- WEAK_GUARD os_login
- WEAK_GUARD os_login_sensitive_op
- WEAK_GUARD principal_name
- WEAK_GUARD principal_name_sensitive_op
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
- WRAPPER_ESCAPE COM_deref_read_after_free
- WRAPPER_ESCAPE COM_deref_write_after_free
- WRAPPER_ESCAPE COM_use_after_free
- WRAPPER_ESCAPE deref_read_after_free
- WRAPPER_ESCAPE deref_write_after_free
- WRAPPER_ESCAPE none
- Y2K38_SAFETY declaration_with_small_time_t
- Y2K38_SAFETY truncation_of_time_t
|
- AUTOSAR C++14 A15-3-3 none
- BAD_ALLOC_STRLEN none
- BAD_COMPARE comparator_misuse
- BUFFER_SIZE fixed_size_dest
- BUFFER_SIZE likely_overflow
- BUFFER_SIZE none
- BUFFER_SIZE overflow
- BUFFER_SIZE overlapping_buffer
- CHAR_IO none
- CHECKED_RETURN library_function
- CHECKED_RETURN none
- CHECKED_RETURN returns_error_info
- CHECKED_RETURN short_read
- CHECKED_RETURN unchecked_arg
- CHECKED_RETURN user_required
- CTOR_DTOR_LEAK none
- FORMAT_STRING_INJECTION none
- FORMAT_STRING_INJECTION paranoid
- FORWARD_NULL deref_constant_null
- FORWARD_NULL dynamic_cast
- FORWARD_NULL none
- FORWARD_NULL throws_on_null
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- INTEGER_OVERFLOW array_index_read
- INTEGER_OVERFLOW array_index_write
- INTEGER_OVERFLOW const_overflow
- INTEGER_OVERFLOW critical_argument
- INTEGER_OVERFLOW none
- INTEGER_OVERFLOW pointer_deref_read
- INTEGER_OVERFLOW pointer_deref_write
- INTEGER_OVERFLOW return_value_error
- MISRA C++-2008 Rule 15-3-2 none
- MISRA_CAST bitwise_op_bad_cast
- MISRA_CAST bitwise_op_no_cast
- MISRA_CAST float_complex_conversion
- MISRA_CAST float_narrowing_conversion
- MISRA_CAST float_non_constant_arg_conversion
- MISRA_CAST float_non_constant_conversion
- MISRA_CAST float_non_constant_rtn_conversion
- MISRA_CAST float_to_integer_cast
- MISRA_CAST float_to_integer_conversion
- MISRA_CAST float_widening_cast
- MISRA_CAST integer_complex_conversion
- MISRA_CAST integer_narrowing_conversion
- MISRA_CAST integer_non_constant_arg_conversion
- MISRA_CAST integer_non_constant_conversion
- MISRA_CAST integer_non_constant_rtn_conversion
- MISRA_CAST integer_signedness_changing_cast
- MISRA_CAST integer_signedness_changing_conversion
- MISRA_CAST integer_to_float_cast
- MISRA_CAST integer_to_float_conversion
- MISRA_CAST integer_widening_cast
- MISRA_CAST none
- MISSING_ASSIGN none
- MISSING_ASSIGN uncalled
- MISSING_COPY none
- MISSING_COPY uncalled
- MISSING_LOCK none
- NEGATIVE_RETURNS array_index_read
- NEGATIVE_RETURNS array_index_write
- NEGATIVE_RETURNS none
- NO_EFFECT bad_memset_truncated_fill
- NO_EFFECT bad_memset_zero_size
- NO_EFFECT incomplete_delete
- NULL_RETURNS none
- NULL_RETURNS unimpl
- OS_CMD_INJECTION none
- OVERFLOW_BEFORE_WIDEN none
- PATH_MANIPULATION none
- PW.INTEGER_OVERFLOW none
- PW.INTEGER_TOO_LARGE none
- PW.NON_CONST_PRINTF_FORMAT_STRING none
- PW.RETURN_PTR_TO_LOCAL_TEMP none
- PW.SHIFT_COUNT_TOO_LARGE none
- RESOURCE_LEAK fds_handles
- RETURN_LOCAL escape_local_addr_to_fields_or_globals
- RETURN_LOCAL none
- REVERSE_INULL none
- REVERSE_NEGATIVE array_index_read
- REVERSE_NEGATIVE array_index_write
- REVERSE_NEGATIVE none
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SIGN_EXTENSION none
- SIZECHECK ampersand_in_size
- SIZECHECK improper_new
- SIZECHECK incorrect_multiplication
- SIZECHECK likely_overflow
- SIZECHECK none
- SQLI none
- STRING_OVERFLOW fixed_size_dest
- STRING_OVERFLOW likely_overflow
- STRING_OVERFLOW none
- STRING_SIZE none
- TAINTED_SCALAR allocation
- TAINTED_SCALAR array_index_read
- TAINTED_SCALAR array_index_write
- TAINTED_SCALAR pointer_deref_read
- TAINTED_SCALAR pointer_deref_write
- TOCTOU none
- UNCAUGHT_EXCEPT none
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- USE_AFTER_FREE deref_read_after_free
- USE_AFTER_FREE deref_write_after_free
- USE_AFTER_FREE double_close
- USE_AFTER_FREE double_free
- USE_AFTER_FREE none
- USE_AFTER_FREE use_after_close
- VIRTUAL_DTOR empty_dtor
- VIRTUAL_DTOR none
- WEAK_GUARD dns
- WEAK_GUARD dns_sensitive_op
- WEAK_GUARD http_referer
- WEAK_GUARD http_referer_sensitive_op
- WEAK_GUARD ip_address
- WEAK_GUARD ip_address_sensitive_op
- WEAK_GUARD none
- WEAK_GUARD os_login
- WEAK_GUARD os_login_sensitive_op
- WEAK_GUARD principal_name
- WEAK_GUARD principal_name_sensitive_op
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
- WRAPPER_ESCAPE COM_deref_read_after_free
- WRAPPER_ESCAPE COM_deref_write_after_free
- WRAPPER_ESCAPE COM_use_after_free
- WRAPPER_ESCAPE deref_read_after_free
- WRAPPER_ESCAPE deref_write_after_free
- WRAPPER_ESCAPE none
|
- CHECKED_RETURN none
- CHECKED_RETURN unchecked_arg
- FORWARD_NULL deref_constant_null
- FORWARD_NULL none
- GUARDED_BY_VIOLATION none
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- NULL_RETURNS none
- NULL_RETURNS unimpl
- OPEN_REDIRECT none
- OS_CMD_INJECTION command_as_one_string
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- REVERSE_INULL none
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
- XSS none
|
- ANDROID_CAPABILITY_LEAK none
- CHECKED_RETURN library_function
- CHECKED_RETURN none
- CHECKED_RETURN short_read
- CHECKED_RETURN user_required
- CONFIG.DWR_DEBUG_MODE none
- CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
- CONFIG.JAVAEE_MISSING_SERVLET_MAPPING javaee
- CONFIG.MISSING_JSF2_SECURITY_CONSTRAINT none
- CONFIG.MYBATIS_MAPPER_SQLI none
- CONFIG.SPRING_BOOT_SSL_DISABLED spring_boot_certificate_validation_skipped
- CONFIG.SPRING_BOOT_SSL_DISABLED spring_boot_ssl_disabled
- CONFIG.SPRING_SECURITY_CSRF_PROTECTION_DISABLED spring_security
- CONFIG.SPRING_SECURITY_DEPRECATED_XSS_HEADER deprecated_xss_header
- CONFIG.SPRING_SECURITY_DISABLE_AUTH_TAGS none
- CONFIG.SPRING_SECURITY_HARDCODED_CREDENTIALS none
- CONFIG.SPRING_SECURITY_LOGIN_OVER_HTTP spring_security_login_over_http
- CONFIG.SPRING_SECURITY_REMEMBER_ME_HARDCODED_KEY none
- CONFIG.SPRING_SECURITY_WEAK_PASSWORD_HASH weak_encoding_for_password
- CONFIG.STRUTS2_CONFIG_BROWSER_PLUGIN none
- CONFIG.STRUTS2_DYNAMIC_METHOD_INVOCATION none
- CONFIG.STRUTS2_ENABLED_DEV_MODE none
- CONFIG.UNSAFE_SESSION_TIMEOUT none
- CORS_MISCONFIGURATION cors_with_credentials_null_origin
- CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
- CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
- CSRF database_update
- CSRF filesystem_modification
- CSRF none
- DISABLED_ENCRYPTION text_encryptor
- FB.BC_NULL_INSTANCEOF none
- FB.BX_BOXING_IMMEDIATELY_UNBOXED_TO_PERFORM_COERCION none
- FB.DMI_CONSTANT_DB_PASSWORD none
- FB.DMI_EMPTY_DB_PASSWORD none
- FB.ICAST_BAD_SHIFT_AMOUNT none
- FB.ICAST_IDIV_CAST_TO_DOUBLE none
- FB.ICAST_INTEGER_MULTIPLY_CAST_TO_LONG none
- FB.ICAST_INT_2_LONG_AS_INSTANT none
- FB.ICAST_INT_CAST_TO_DOUBLE_PASSED_TO_CEIL none
- FB.ICAST_INT_CAST_TO_FLOAT_PASSED_TO_ROUND none
- FB.ICAST_QUESTIONABLE_UNSIGNED_RIGHT_SHIFT none
- FB.IS2_INCONSISTENT_SYNC none
- FB.IS_FIELD_NOT_GUARDED none
- FB.IS_INCONSISTENT_SYNC none
- FB.NP_ALWAYS_NULL none
- FB.NP_ALWAYS_NULL_EXCEPTION none
- FB.NP_ARGUMENT_MIGHT_BE_NULL none
- FB.NP_BOOLEAN_RETURN_NULL none
- FB.NP_CLONE_COULD_RETURN_NULL none
- FB.NP_CLOSING_NULL none
- FB.NP_DEREFERENCE_OF_READLINE_VALUE none
- FB.NP_DOES_NOT_HANDLE_NULL none
- FB.NP_EQUALS_SHOULD_HANDLE_NULL_ARGUMENT none
- FB.NP_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR none
- FB.NP_GUARANTEED_DEREF none
- FB.NP_GUARANTEED_DEREF_ON_EXCEPTION_PATH none
- FB.NP_IMMEDIATE_DEREFERENCE_OF_READLINE none
- FB.NP_LOAD_OF_KNOWN_NULL_VALUE none
- FB.NP_METHOD_PARAMETER_RELAXING_ANNOTATION none
- FB.NP_METHOD_PARAMETER_TIGHTENS_ANNOTATION none
- FB.NP_METHOD_RETURN_RELAXING_ANNOTATION none
- FB.NP_NONNULL_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR none
- FB.NP_NONNULL_PARAM_VIOLATION none
- FB.NP_NONNULL_RETURN_VIOLATION none
- FB.NP_NULL_INSTANCEOF none
- FB.NP_NULL_ON_SOME_PATH none
- FB.NP_NULL_ON_SOME_PATH_EXCEPTION none
- FB.NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE none
- FB.NP_NULL_ON_SOME_PATH_MIGHT_BE_INFEASIBLE none
- FB.NP_NULL_PARAM_DEREF none
- FB.NP_NULL_PARAM_DEREF_ALL_TARGETS_DANGEROUS none
- FB.NP_NULL_PARAM_DEREF_NONVIRTUAL none
- FB.NP_OPTIONAL_RETURN_NULL none
- FB.NP_PARAMETER_MUST_BE_NONNULL_BUT_MARKED_AS_NULLABLE none
- FB.NP_STORE_INTO_NONNULL_FIELD none
- FB.NP_TOSTRING_COULD_RETURN_NULL none
- FB.NP_UNWRITTEN_FIELD none
- FB.NP_UNWRITTEN_PUBLIC_OR_PROTECTED_FIELD none
- FB.PT_ABSOLUTE_PATH_TRAVERSAL none
- FB.PT_RELATIVE_PATH_TRAVERSAL none
- FB.RCN_REDUNDANT_COMPARISON_OF_NULL_AND_NONNULL_VALUE none
- FB.RCN_REDUNDANT_COMPARISON_TWO_NULL_VALUES none
- FB.RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE none
- FB.RCN_REDUNDANT_NULLCHECK_OF_NULL_VALUE none
- FB.RCN_REDUNDANT_NULLCHECK_WOULD_HAVE_BEEN_A_NPE none
- FB.RV_RETURN_VALUE_IGNORED_BAD_PRACTICE none
- FB.SQL_NONCONSTANT_STRING_PASSED_TO_EXECUTE none
- FB.SQL_PREPARED_STATEMENT_GENERATED_FROM_NONCONSTANT_STRING none
- FB.STCAL_INVOKE_ON_STATIC_CALENDAR_INSTANCE none
- FB.STCAL_INVOKE_ON_STATIC_DATE_FORMAT_INSTANCE none
- FB.STCAL_STATIC_CALENDAR_INSTANCE none
- FB.STCAL_STATIC_SIMPLE_DATE_FORMAT_INSTANCE none
- FB.XSS_REQUEST_PARAMETER_TO_JSP_WRITER none
- FB.XSS_REQUEST_PARAMETER_TO_SEND_ERROR none
- FB.XSS_REQUEST_PARAMETER_TO_SERVLET_WRITER none
- FORWARD_NULL deref_constant_null
- FORWARD_NULL deref_constant_zero
- FORWARD_NULL needs_null_check
- FORWARD_NULL none
- GUARDED_BY_VIOLATION none
- GUARDED_BY_VIOLATION unlocked_read
- GUARDED_BY_VIOLATION unlocked_write
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- IMPLICIT_INTENT none
- INSECURE_COMMUNICATION insecure_communication
- INSECURE_COMMUNICATION none
- INSECURE_COMMUNICATION unencrypted_connection
- INSECURE_COOKIE java
- INSECURE_RANDOM insecure_random_used
- INSECURE_RANDOM insecure_random_value
- INSECURE_REMEMBER_ME_COOKIE remember_me_cookie
- JSP_DYNAMIC_INCLUDE none
- JSP_SQL_INJECTION none
- MISSING_AUTHZ none
- MISSING_PERMISSION_FOR_BROADCAST none
- MISSING_PERMISSION_ON_EXPORTED_COMPONENT none
- MOBILE_ID_MISUSE none
- NON_STATIC_GUARDING_STATIC none
- NULL_RETURNS none
- NULL_RETURNS unimpl
- OPEN_REDIRECT none
- ORM_LOAD_NULL_CHECK none
- OS_CMD_INJECTION command_as_array_of_args
- OS_CMD_INJECTION command_as_one_string
- OS_CMD_INJECTION none
- OVERFLOW_BEFORE_WIDEN none
- PATH_MANIPULATION none
- PREDICTABLE_RANDOM_SEED random_seed
- PREDICTABLE_RANDOM_SEED secure_random_seed_const
- PREDICTABLE_RANDOM_SEED secure_random_seed_sys_time
- REVERSE_INULL none
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_intent
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- USE_AFTER_FREE none
- VERBOSE_ERROR_REPORTING exception_information
- VERBOSE_ERROR_REPORTING stack_trace
- VOLATILE_ATOMICITY compare
- VOLATILE_ATOMICITY none
- VOLATILE_ATOMICITY semantic
- VOLATILE_ATOMICITY threshold
- WEAK_GUARD dns
- WEAK_GUARD dns_sensitive_op
- WEAK_GUARD http_referer
- WEAK_GUARD http_referer_sensitive_op
- WEAK_GUARD ip_address
- WEAK_GUARD ip_address_sensitive_op
- WEAK_GUARD none
- WEAK_GUARD os_login
- WEAK_GUARD os_login_sensitive_op
- WEAK_GUARD principal_name
- WEAK_GUARD principal_name_sensitive_op
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
- XSS none
- XSS stored_xss
|
- ANGULAR_BYPASS_SECURITY none
- ANGULAR_ELEMENT_REFERENCE none
- ANGULAR_SCE_DISABLED angular_sce_disabled
- AWS_SSL_DISABLED aws_ssl_disabled
- AWS_VALIDATION_DISABLED aws_credentials_validation
- AWS_VALIDATION_DISABLED aws_parameters_validation
- BAD_CERT_VERIFICATION bad_cert_verification
- BAD_CERT_VERIFICATION certificate_validation_disabled
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
- CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
- CONFIG.CSURF_IGNORE_METHODS csurf_ignore_methods
- CONFIG.HANA_XS_PREVENT_XSRF_DISABLED none
- CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
- CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
- CONFIG.JSONWEBTOKEN_NON_EXPIRING_TOKEN jwt_non_expiring_token
- CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
- CONFIG.UNSAFE_SESSION_TIMEOUT client_sessions_unsafe_session_timeout
- CONFIG.UNSAFE_SESSION_TIMEOUT connect_mongo_session_timeout_too_long
- CONFIG.UNSAFE_SESSION_TIMEOUT connect_redis_session_timeout_too_long
- CONFIG.UNSAFE_SESSION_TIMEOUT google_cloud_connect_datastore_unsafe_session_timeout
- CORS_MISCONFIGURATION cors_with_credentials_all_origin
- CORS_MISCONFIGURATION cors_with_credentials_null_origin
- CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
- CORS_MISCONFIGURATION_AUDIT cors_headers_allowed
- CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
- CORS_MISCONFIGURATION_AUDIT cors_preflight_age_too_long
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_all_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_null_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
- CSRF database_update
- CSRF filesystem_modification
- CSRF none
- CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_cookie_name
- CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_no_validation
- CSRF_MISCONFIGURATION_HAPI_CRUMB insecure_cookie
- CSRF_MISCONFIGURATION_HAPI_CRUMB insufficient_token_entropy
- DOM_XSS none
- EXPRESS_SESSION_UNSAFE_MEMORYSTORE express_session_unsafe_memorystore
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
- FORWARD_NULL bad_null_value_use
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_max_age
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_set_if
- INSECURE_ACL insecure_acl
- INSECURE_COMMUNICATION insecure_connection
- INSECURE_COOKIE client_sessions_express_session
- INSECURE_COOKIE hapi_server_session
- INSECURE_RANDOM insecure_random_used
- INSECURE_RANDOM insecure_random_value
- INSECURE_SALT hardcoded
- INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_aws
- INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_google
- JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_exipration
- JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_not_before
- MISSING_AUTHZ none
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_count
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
- MULTER_MISCONFIGURATION multer_misconfiguration_of_limits
- NULL_RETURNS none
- OPEN_REDIRECT none
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- REACT_DANGEROUS_INNERHTML react_set_unsafe_html
- REVERSE_INULL none
- REVERSE_TABNABBING react_target_blank
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO insecure_cipher
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SA.RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
- TEMPORARY_CREDENTIALS_DURATION temporary_credentials_duration
- VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
- WEAK_URL_SANITIZATION hostname_regular_expression
- WEAK_URL_SANITIZATION regular_expression_anchor
- WEAK_URL_SANITIZATION url_substring
- XSS none
|
- ANDROID_CAPABILITY_LEAK none
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- IMPLICIT_INTENT none
- INSECURE_COMMUNICATION none
- INSECURE_RANDOM insecure_random_used
- INSECURE_RANDOM insecure_random_value
- MISSING_PERMISSION_FOR_BROADCAST none
- MOBILE_ID_MISUSE none
- OS_CMD_INJECTION command_as_array_of_args
- OS_CMD_INJECTION command_as_one_string
- PATH_MANIPULATION none
- PREDICTABLE_RANDOM_SEED random_seed
- PREDICTABLE_RANDOM_SEED secure_random_seed_const
- PREDICTABLE_RANDOM_SEED secure_random_seed_sys_time
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_intent
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
|
- BAD_ALLOC_STRLEN none
- BAD_COMPARE comparator_misuse
- BUFFER_SIZE fixed_size_dest
- BUFFER_SIZE likely_overflow
- BUFFER_SIZE none
- BUFFER_SIZE overflow
- BUFFER_SIZE overlapping_buffer
- CHAR_IO none
- CHECKED_RETURN library_function
- CHECKED_RETURN none
- CHECKED_RETURN short_read
- CHECKED_RETURN unchecked_arg
- CHECKED_RETURN user_required
- CTOR_DTOR_LEAK none
- FORMAT_STRING_INJECTION none
- FORMAT_STRING_INJECTION paranoid
- FORWARD_NULL deref_constant_null
- FORWARD_NULL dynamic_cast
- FORWARD_NULL none
- FORWARD_NULL throws_on_null
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- INTEGER_OVERFLOW array_index_read
- INTEGER_OVERFLOW array_index_write
- INTEGER_OVERFLOW const_overflow
- INTEGER_OVERFLOW critical_argument
- INTEGER_OVERFLOW none
- INTEGER_OVERFLOW pointer_deref_read
- INTEGER_OVERFLOW pointer_deref_write
- INTEGER_OVERFLOW return_value_error
- MISRA_CAST bitwise_op_bad_cast
- MISRA_CAST bitwise_op_no_cast
- MISRA_CAST float_complex_conversion
- MISRA_CAST float_narrowing_conversion
- MISRA_CAST float_non_constant_arg_conversion
- MISRA_CAST float_non_constant_conversion
- MISRA_CAST float_non_constant_rtn_conversion
- MISRA_CAST float_to_integer_cast
- MISRA_CAST float_to_integer_conversion
- MISRA_CAST float_widening_cast
- MISRA_CAST integer_complex_conversion
- MISRA_CAST integer_narrowing_conversion
- MISRA_CAST integer_non_constant_arg_conversion
- MISRA_CAST integer_non_constant_conversion
- MISRA_CAST integer_non_constant_rtn_conversion
- MISRA_CAST integer_signedness_changing_cast
- MISRA_CAST integer_signedness_changing_conversion
- MISRA_CAST integer_to_float_cast
- MISRA_CAST integer_to_float_conversion
- MISRA_CAST integer_widening_cast
- MISRA_CAST none
- MISSING_ASSIGN none
- MISSING_ASSIGN uncalled
- MISSING_COPY none
- MISSING_COPY uncalled
- MISSING_LOCK none
- NEGATIVE_RETURNS array_index_read
- NEGATIVE_RETURNS array_index_write
- NEGATIVE_RETURNS none
- NO_EFFECT bad_memset_truncated_fill
- NO_EFFECT bad_memset_zero_size
- NO_EFFECT incomplete_delete
- NULL_RETURNS none
- NULL_RETURNS unimpl
- OS_CMD_INJECTION none
- OVERFLOW_BEFORE_WIDEN none
- PATH_MANIPULATION none
- RESOURCE_LEAK fds_handles
- RETURN_LOCAL escape_local_addr_to_fields_or_globals
- RETURN_LOCAL none
- REVERSE_INULL none
- REVERSE_NEGATIVE array_index_read
- REVERSE_NEGATIVE array_index_write
- REVERSE_NEGATIVE none
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SIGN_EXTENSION none
- SIZECHECK ampersand_in_size
- SIZECHECK improper_new
- SIZECHECK incorrect_multiplication
- SIZECHECK likely_overflow
- SIZECHECK none
- SQLI none
- STRING_OVERFLOW fixed_size_dest
- STRING_OVERFLOW likely_overflow
- STRING_OVERFLOW none
- STRING_SIZE none
- TAINTED_SCALAR allocation
- TAINTED_SCALAR array_index_read
- TAINTED_SCALAR array_index_write
- TAINTED_SCALAR pointer_deref_read
- TAINTED_SCALAR pointer_deref_write
- TOCTOU none
- UNCAUGHT_EXCEPT none
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- USE_AFTER_FREE deref_read_after_free
- USE_AFTER_FREE deref_write_after_free
- USE_AFTER_FREE double_close
- USE_AFTER_FREE double_free
- USE_AFTER_FREE none
- USE_AFTER_FREE use_after_close
- VIRTUAL_DTOR empty_dtor
- VIRTUAL_DTOR none
- WEAK_GUARD dns
- WEAK_GUARD dns_sensitive_op
- WEAK_GUARD http_referer
- WEAK_GUARD http_referer_sensitive_op
- WEAK_GUARD ip_address
- WEAK_GUARD ip_address_sensitive_op
- WEAK_GUARD none
- WEAK_GUARD os_login
- WEAK_GUARD os_login_sensitive_op
- WEAK_GUARD principal_name
- WEAK_GUARD principal_name_sensitive_op
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
- WRAPPER_ESCAPE COM_deref_read_after_free
- WRAPPER_ESCAPE COM_deref_write_after_free
- WRAPPER_ESCAPE COM_use_after_free
- WRAPPER_ESCAPE deref_read_after_free
- WRAPPER_ESCAPE deref_write_after_free
- WRAPPER_ESCAPE none
|
- CONFIG.SYMFONY_CSRF_PROTECTION_DISABLED none
- FORWARD_NULL bad_null_value_use
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- MISSING_AUTHZ none
- OPEN_REDIRECT none
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- XSS none
|
- CSRF database_update
- CSRF none
- FORWARD_NULL bad_null_value_use
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- MISSING_AUTHZ none
- OPEN_REDIRECT none
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- REVERSE_INULL none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- XSS none
|
- CSRF csrf_not_protected_by_raising_exception_med
- CSRF csrf_protection_disabled_hi
- CSRF csrf_protection_missing_hi
- CSRF cve_2011_0447_hi
- DYNAMIC_OBJECT_ATTRIBUTES cve_2013_0276_hi
- FORWARD_NULL bad_null_value_use
- HARDCODED_CREDENTIALS secret_in_source_med
- INSECURE_COOKIE cookie_missing_secure_flag_low
- INSECURE_COOKIE missing_httponly_low
- INSECURE_DIRECT_OBJECT_REFERENCE unscoped_find_low
- OPEN_REDIRECT open_redirect_hi
- OPEN_REDIRECT open_redirect_low
- OS_CMD_INJECTION command_injection_hi
- OS_CMD_INJECTION command_injection_med
- PATH_MANIPULATION dynamic_render_path_hi
- PATH_MANIPULATION dynamic_render_path_low
- PATH_MANIPULATION dynamic_render_path_med
- PATH_MANIPULATION dynamic_render_path_rce_hi
- PATH_MANIPULATION file_access_hi
- PATH_MANIPULATION file_access_low
- PATH_MANIPULATION file_access_med
- RAILS_DEFAULT_ROUTES all_default_routes_hi
- RAILS_DEFAULT_ROUTES controller_default_routes_med
- RAILS_DEVISE_CONFIG devise_encryptor_hi
- RAILS_DEVISE_CONFIG devise_lock_strategy_low
- RAILS_MISSING_FILTER_ACTION missing_action_filter_low
- REVERSE_INULL none
- REVERSE_TABNABBING reverse_tabnabbing_low
- RUBY_VULNERABLE_LIBRARY cve_2010_3933_hi
- RUBY_VULNERABLE_LIBRARY cve_2011_2929_hi
- RUBY_VULNERABLE_LIBRARY cve_2011_2930_med
- RUBY_VULNERABLE_LIBRARY cve_2011_2931_hi
- RUBY_VULNERABLE_LIBRARY cve_2011_2932_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_2660_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_2661_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_2695_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_3463_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_3465_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_5664_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_0155_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_1855_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_1857_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_4491_med
- RUBY_VULNERABLE_LIBRARY cve_2013_6416_call_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_6416_med
- RUBY_VULNERABLE_LIBRARY cve_2013_6417_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_0080_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_0081_call_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_0081_med
- RUBY_VULNERABLE_LIBRARY cve_2014_3482_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_3483_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_low
- RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_med
- RUBY_VULNERABLE_LIBRARY cve_2014_3514_med
- RUBY_VULNERABLE_LIBRARY cve_2015_3226_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_3226_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7577_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7578_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_7578_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7579_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_7579_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7580_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_7580_med
- RUBY_VULNERABLE_LIBRARY cve_2016_6317_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_3741_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_3741_med
- RUBY_VULNERABLE_LIBRARY cve_2018_3760_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_3760_low
- RUBY_VULNERABLE_LIBRARY cve_2018_8048_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_8048_med
- RUBY_VULNERABLE_LIBRARY safe_buffer_vuln_med
- RUBY_VULNERABLE_LIBRARY select_options_vuln_low
- RUBY_VULNERABLE_LIBRARY select_options_vuln_med
- RUBY_VULNERABLE_LIBRARY translate_vuln_hi
- RUBY_VULNERABLE_LIBRARY translate_vuln_med
- SENSITIVE_DATA_LEAK detailed_exceptions_hi
- SENSITIVE_DATA_LEAK detailed_exceptions_med
- SQLI sql_injection_calculate_hi
- SQLI sql_injection_calculate_low
- SQLI sql_injection_calculate_med
- SQLI sql_injection_connection_hi
- SQLI sql_injection_connection_low
- SQLI sql_injection_connection_med
- SQLI sql_injection_delete_hi
- SQLI sql_injection_delete_low
- SQLI sql_injection_delete_med
- SQLI sql_injection_dynamic_finder_med
- SQLI sql_injection_exists_hi
- SQLI sql_injection_find_by_hi
- SQLI sql_injection_find_hi
- SQLI sql_injection_find_low
- SQLI sql_injection_find_med
- SQLI sql_injection_from_hi
- SQLI sql_injection_from_low
- SQLI sql_injection_from_med
- SQLI sql_injection_group_low
- SQLI sql_injection_group_med
- SQLI sql_injection_having_low
- SQLI sql_injection_having_med
- SQLI sql_injection_hi
- SQLI sql_injection_interp_hi
- SQLI sql_injection_interp_low
- SQLI sql_injection_interp_med
- SQLI sql_injection_joins_hi
- SQLI sql_injection_joins_low
- SQLI sql_injection_joins_med
- SQLI sql_injection_limit_offset_hi
- SQLI sql_injection_limit_offset_low
- SQLI sql_injection_low
- SQLI sql_injection_med
- SQLI sql_injection_not_low
- SQLI sql_injection_order_hi
- SQLI sql_injection_order_low
- SQLI sql_injection_order_med
- SQLI sql_injection_pluck_hi
- SQLI sql_injection_pluck_low
- SQLI sql_injection_pluck_med
- SQLI sql_injection_reorder_hi
- SQLI sql_injection_reorder_low
- SQLI sql_injection_reorder_med
- SQLI sql_injection_select_hi
- SQLI sql_injection_select_med
- SQLI sql_injection_where_hi
- SQLI sql_injection_where_low
- SQLI sql_injection_where_med
- STRICT_TRANSPORT_SECURITY force_ssl_disabled_med
- UNESCAPED_HTML unescaped_output_low
- UNSAFE_BASIC_AUTH basic_auth_password_hi
- UNSAFE_SESSION_SETTING http_cookies_hi
- UNSAFE_SESSION_SETTING secure_cookies_hi
- UNSAFE_SESSION_SETTING session_secret_hi
- WEAK_PASSWORD_HASH weak_hash_digest_hi
- WEAK_PASSWORD_HASH weak_hash_digest_med
- WEAK_PASSWORD_HASH weak_hash_hmac_med
- XSS cross_site_scripting_hi
- XSS cross_site_scripting_inline_hi
- XSS cross_site_scripting_inline_med
- XSS cross_site_scripting_low
- XSS cross_site_scripting_med
- XSS cve_2011_0446_hi
- XSS cve_2012_3464_med
- XSS cve_2016_6316_hi
- XSS cve_2016_6316_med
- XSS unquoted_attribute_hi
- XSS unquoted_attribute_low
- XSS unquoted_attribute_med
- XSS xss_content_tag_hi
- XSS xss_content_tag_med
- XSS xss_link_to_hi
- XSS xss_link_to_href_hi
- XSS xss_link_to_href_low
- XSS xss_link_to_med
- XSS xss_to_json_hi
- XSS xss_to_json_med
|
- FORWARD_NULL deref_constant_null
- FORWARD_NULL none
- OVERFLOW_BEFORE_WIDEN none
- REVERSE_INULL none
|
- CONFIG.ATS_INSECURE none
- FORWARD_NULL deref_constant_null
- FORWARD_NULL none
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- INSECURE_COMMUNICATION none
- INSECURE_MULTIPEER_CONNECTION none
- PATH_MANIPULATION none
- REVERSE_INULL none
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
|
- ANGULAR_BYPASS_SECURITY none
- ANGULAR_ELEMENT_REFERENCE none
- ANGULAR_SCE_DISABLED angular_sce_disabled
- AWS_SSL_DISABLED aws_ssl_disabled
- AWS_VALIDATION_DISABLED aws_credentials_validation
- AWS_VALIDATION_DISABLED aws_parameters_validation
- BAD_CERT_VERIFICATION bad_cert_verification
- BAD_CERT_VERIFICATION certificate_validation_disabled
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
- CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
- CONFIG.CSURF_IGNORE_METHODS csurf_ignore_methods
- CONFIG.HANA_XS_PREVENT_XSRF_DISABLED none
- CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
- CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
- CONFIG.JSONWEBTOKEN_NON_EXPIRING_TOKEN jwt_non_expiring_token
- CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
- CONFIG.UNSAFE_SESSION_TIMEOUT client_sessions_unsafe_session_timeout
- CONFIG.UNSAFE_SESSION_TIMEOUT connect_mongo_session_timeout_too_long
- CONFIG.UNSAFE_SESSION_TIMEOUT connect_redis_session_timeout_too_long
- CONFIG.UNSAFE_SESSION_TIMEOUT google_cloud_connect_datastore_unsafe_session_timeout
- CORS_MISCONFIGURATION cors_with_credentials_all_origin
- CORS_MISCONFIGURATION cors_with_credentials_null_origin
- CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
- CORS_MISCONFIGURATION_AUDIT cors_headers_allowed
- CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
- CORS_MISCONFIGURATION_AUDIT cors_preflight_age_too_long
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_all_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_null_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
- CSRF database_update
- CSRF filesystem_modification
- CSRF none
- CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_cookie_name
- CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_no_validation
- CSRF_MISCONFIGURATION_HAPI_CRUMB insecure_cookie
- CSRF_MISCONFIGURATION_HAPI_CRUMB insufficient_token_entropy
- DOM_XSS none
- EXPRESS_SESSION_UNSAFE_MEMORYSTORE express_session_unsafe_memorystore
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
- FORWARD_NULL bad_null_value_use
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_max_age
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_set_if
- INSECURE_ACL insecure_acl
- INSECURE_COMMUNICATION insecure_connection
- INSECURE_COOKIE client_sessions_express_session
- INSECURE_COOKIE hapi_server_session
- INSECURE_RANDOM insecure_random_used
- INSECURE_RANDOM insecure_random_value
- INSECURE_SALT hardcoded
- INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_aws
- INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_google
- JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_exipration
- JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_not_before
- MISSING_AUTHZ none
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_count
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
- MULTER_MISCONFIGURATION multer_misconfiguration_of_limits
- NULL_RETURNS none
- OPEN_REDIRECT none
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- REACT_DANGEROUS_INNERHTML react_set_unsafe_html
- REVERSE_INULL none
- REVERSE_TABNABBING react_target_blank
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO insecure_cipher
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SA.RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
- TEMPORARY_CREDENTIALS_DURATION temporary_credentials_duration
- VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
- WEAK_URL_SANITIZATION hostname_regular_expression
- WEAK_URL_SANITIZATION regular_expression_anchor
- WEAK_URL_SANITIZATION url_substring
- XSS none
|
- CSRF database_update
- CSRF filesystem_modification
- CSRF none
- FORWARD_NULL deref_constant_null
- FORWARD_NULL deref_constant_zero
- FORWARD_NULL dynamic_cast
- FORWARD_NULL none
- FORWARD_NULL null_from_as
- FORWARD_NULL throws_on_null
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- INSECURE_RANDOM insecure_random_used
- INSECURE_RANDOM insecure_random_value
- MISSING_AUTHZ none
- NULL_RETURNS none
- OPEN_REDIRECT none
- OS_CMD_INJECTION command_argument
- OS_CMD_INJECTION executable_file
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- REVERSE_INULL none
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
- XSS none
- XSS stored_xss
|
| 801 2010 Top 25 - Insecure Interaction Between Components |
- CSRF database_update
- CSRF filesystem_modification
- CSRF none
- GUARDED_BY_VIOLATION none
- NON_STATIC_GUARDING_STATIC none
- OPEN_REDIRECT none
- OS_CMD_INJECTION command_argument
- OS_CMD_INJECTION executable_file
- OS_CMD_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
- VOLATILE_ATOMICITY compare
- VOLATILE_ATOMICITY none
- VOLATILE_ATOMICITY semantic
- VOLATILE_ATOMICITY threshold
- XSS none
- XSS stored_xss
|
- AUTOSAR C++14 A15-3-3 none
- MISRA C++-2008 Rule 15-3-2 none
- MISSING_LOCK none
- OS_CMD_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SQLI none
- TOCTOU none
- UNCAUGHT_EXCEPT none
|
- AUTOSAR C++14 A15-3-3 none
- MISRA C++-2008 Rule 15-3-2 none
- MISSING_LOCK none
- OS_CMD_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SQLI none
- TOCTOU none
- UNCAUGHT_EXCEPT none
|
- GUARDED_BY_VIOLATION none
- OPEN_REDIRECT none
- OS_CMD_INJECTION command_as_one_string
- OS_CMD_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SQLI none
- SQLI nosink
- SQLI sink
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
- XSS none
|
- CONFIG.MYBATIS_MAPPER_SQLI none
- CONFIG.SPRING_SECURITY_CSRF_PROTECTION_DISABLED spring_security
- CONFIG.SPRING_SECURITY_DEPRECATED_XSS_HEADER deprecated_xss_header
- CSRF database_update
- CSRF filesystem_modification
- CSRF none
- FB.IS2_INCONSISTENT_SYNC none
- FB.IS_FIELD_NOT_GUARDED none
- FB.IS_INCONSISTENT_SYNC none
- FB.SQL_NONCONSTANT_STRING_PASSED_TO_EXECUTE none
- FB.SQL_PREPARED_STATEMENT_GENERATED_FROM_NONCONSTANT_STRING none
- FB.STCAL_INVOKE_ON_STATIC_CALENDAR_INSTANCE none
- FB.STCAL_INVOKE_ON_STATIC_DATE_FORMAT_INSTANCE none
- FB.STCAL_STATIC_CALENDAR_INSTANCE none
- FB.STCAL_STATIC_SIMPLE_DATE_FORMAT_INSTANCE none
- FB.XSS_REQUEST_PARAMETER_TO_JSP_WRITER none
- FB.XSS_REQUEST_PARAMETER_TO_SEND_ERROR none
- FB.XSS_REQUEST_PARAMETER_TO_SERVLET_WRITER none
- GUARDED_BY_VIOLATION none
- GUARDED_BY_VIOLATION unlocked_read
- GUARDED_BY_VIOLATION unlocked_write
- JSP_SQL_INJECTION none
- NON_STATIC_GUARDING_STATIC none
- OPEN_REDIRECT none
- OS_CMD_INJECTION command_as_array_of_args
- OS_CMD_INJECTION command_as_one_string
- OS_CMD_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
- VERBOSE_ERROR_REPORTING exception_information
- VERBOSE_ERROR_REPORTING stack_trace
- VOLATILE_ATOMICITY compare
- VOLATILE_ATOMICITY none
- VOLATILE_ATOMICITY semantic
- VOLATILE_ATOMICITY threshold
- XSS none
- XSS stored_xss
|
- ANGULAR_BYPASS_SECURITY none
- ANGULAR_ELEMENT_REFERENCE none
- ANGULAR_SCE_DISABLED angular_sce_disabled
- CONFIG.CSURF_IGNORE_METHODS csurf_ignore_methods
- CONFIG.HANA_XS_PREVENT_XSRF_DISABLED none
- CSRF database_update
- CSRF filesystem_modification
- CSRF none
- CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_cookie_name
- CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_no_validation
- CSRF_MISCONFIGURATION_HAPI_CRUMB insecure_cookie
- CSRF_MISCONFIGURATION_HAPI_CRUMB insufficient_token_entropy
- DOM_XSS none
- OPEN_REDIRECT none
- OS_CMD_INJECTION none
- REACT_DANGEROUS_INNERHTML react_set_unsafe_html
- REVERSE_TABNABBING react_target_blank
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SQLI none
- SQLI nosink
- SQLI sink
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
- VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
- XSS none
|
- OS_CMD_INJECTION command_as_array_of_args
- OS_CMD_INJECTION command_as_one_string
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SQLI none
- SQLI nosink
- SQLI sink
|
- MISSING_LOCK none
- OS_CMD_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SQLI none
- TOCTOU none
- UNCAUGHT_EXCEPT none
|
- CONFIG.SYMFONY_CSRF_PROTECTION_DISABLED none
- OPEN_REDIRECT none
- OS_CMD_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SQLI none
- SQLI nosink
- SQLI sink
- XSS none
|
- CSRF database_update
- CSRF none
- OPEN_REDIRECT none
- OS_CMD_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SQLI none
- SQLI nosink
- SQLI sink
- XSS none
|
- CSRF csrf_not_protected_by_raising_exception_med
- CSRF csrf_protection_disabled_hi
- CSRF csrf_protection_missing_hi
- CSRF cve_2011_0447_hi
- DYNAMIC_OBJECT_ATTRIBUTES cve_2013_0276_hi
- OPEN_REDIRECT open_redirect_hi
- OPEN_REDIRECT open_redirect_low
- OS_CMD_INJECTION command_injection_hi
- OS_CMD_INJECTION command_injection_med
- REVERSE_TABNABBING reverse_tabnabbing_low
- RUBY_VULNERABLE_LIBRARY cve_2010_3933_hi
- RUBY_VULNERABLE_LIBRARY cve_2011_2930_med
- RUBY_VULNERABLE_LIBRARY cve_2011_2931_hi
- RUBY_VULNERABLE_LIBRARY cve_2011_2932_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_2660_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_2661_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_2695_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_3463_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_3465_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_5664_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_0155_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_1855_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_1857_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_4491_med
- RUBY_VULNERABLE_LIBRARY cve_2013_6416_call_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_6416_med
- RUBY_VULNERABLE_LIBRARY cve_2013_6417_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_0080_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_0081_call_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_0081_med
- RUBY_VULNERABLE_LIBRARY cve_2014_3482_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_3483_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_low
- RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_med
- RUBY_VULNERABLE_LIBRARY cve_2014_3514_med
- RUBY_VULNERABLE_LIBRARY cve_2015_3226_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_3226_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7577_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7578_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_7578_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7579_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_7579_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7580_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_7580_med
- RUBY_VULNERABLE_LIBRARY cve_2016_6317_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_3741_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_3741_med
- RUBY_VULNERABLE_LIBRARY cve_2018_8048_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_8048_med
- RUBY_VULNERABLE_LIBRARY safe_buffer_vuln_med
- RUBY_VULNERABLE_LIBRARY select_options_vuln_low
- RUBY_VULNERABLE_LIBRARY select_options_vuln_med
- RUBY_VULNERABLE_LIBRARY translate_vuln_hi
- RUBY_VULNERABLE_LIBRARY translate_vuln_med
- SENSITIVE_DATA_LEAK detailed_exceptions_hi
- SENSITIVE_DATA_LEAK detailed_exceptions_med
- SQLI sql_injection_calculate_hi
- SQLI sql_injection_calculate_low
- SQLI sql_injection_calculate_med
- SQLI sql_injection_connection_hi
- SQLI sql_injection_connection_low
- SQLI sql_injection_connection_med
- SQLI sql_injection_delete_hi
- SQLI sql_injection_delete_low
- SQLI sql_injection_delete_med
- SQLI sql_injection_dynamic_finder_med
- SQLI sql_injection_exists_hi
- SQLI sql_injection_find_by_hi
- SQLI sql_injection_find_hi
- SQLI sql_injection_find_low
- SQLI sql_injection_find_med
- SQLI sql_injection_from_hi
- SQLI sql_injection_from_low
- SQLI sql_injection_from_med
- SQLI sql_injection_group_low
- SQLI sql_injection_group_med
- SQLI sql_injection_having_low
- SQLI sql_injection_having_med
- SQLI sql_injection_hi
- SQLI sql_injection_interp_hi
- SQLI sql_injection_interp_low
- SQLI sql_injection_interp_med
- SQLI sql_injection_joins_hi
- SQLI sql_injection_joins_low
- SQLI sql_injection_joins_med
- SQLI sql_injection_limit_offset_hi
- SQLI sql_injection_limit_offset_low
- SQLI sql_injection_low
- SQLI sql_injection_med
- SQLI sql_injection_not_low
- SQLI sql_injection_order_hi
- SQLI sql_injection_order_low
- SQLI sql_injection_order_med
- SQLI sql_injection_pluck_hi
- SQLI sql_injection_pluck_low
- SQLI sql_injection_pluck_med
- SQLI sql_injection_reorder_hi
- SQLI sql_injection_reorder_low
- SQLI sql_injection_reorder_med
- SQLI sql_injection_select_hi
- SQLI sql_injection_select_med
- SQLI sql_injection_where_hi
- SQLI sql_injection_where_low
- SQLI sql_injection_where_med
- UNESCAPED_HTML unescaped_output_low
- XSS cross_site_scripting_hi
- XSS cross_site_scripting_inline_hi
- XSS cross_site_scripting_inline_med
- XSS cross_site_scripting_low
- XSS cross_site_scripting_med
- XSS cve_2011_0446_hi
- XSS cve_2012_3464_med
- XSS cve_2016_6316_hi
- XSS cve_2016_6316_med
- XSS unquoted_attribute_hi
- XSS unquoted_attribute_low
- XSS unquoted_attribute_med
- XSS xss_content_tag_hi
- XSS xss_content_tag_med
- XSS xss_link_to_hi
- XSS xss_link_to_href_hi
- XSS xss_link_to_href_low
- XSS xss_link_to_med
- XSS xss_to_json_hi
- XSS xss_to_json_med
|
|
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SQLI none
- SQLI nosink
- SQLI sink
|
- ANGULAR_BYPASS_SECURITY none
- ANGULAR_ELEMENT_REFERENCE none
- ANGULAR_SCE_DISABLED angular_sce_disabled
- CONFIG.CSURF_IGNORE_METHODS csurf_ignore_methods
- CONFIG.HANA_XS_PREVENT_XSRF_DISABLED none
- CSRF database_update
- CSRF filesystem_modification
- CSRF none
- CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_cookie_name
- CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_no_validation
- CSRF_MISCONFIGURATION_HAPI_CRUMB insecure_cookie
- CSRF_MISCONFIGURATION_HAPI_CRUMB insufficient_token_entropy
- DOM_XSS none
- OPEN_REDIRECT none
- OS_CMD_INJECTION none
- REACT_DANGEROUS_INNERHTML react_set_unsafe_html
- REVERSE_TABNABBING react_target_blank
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SQLI none
- SQLI nosink
- SQLI sink
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
- VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
- XSS none
|
- CSRF database_update
- CSRF filesystem_modification
- CSRF none
- OPEN_REDIRECT none
- OS_CMD_INJECTION command_argument
- OS_CMD_INJECTION executable_file
- OS_CMD_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
- XSS none
- XSS stored_xss
|
| 802 2010 Top 25 - Risky Resource Management |
- OVERFLOW_BEFORE_WIDEN none
- PATH_MANIPULATION none
|
- BAD_ALLOC_STRLEN none
- BAD_COMPARE comparator_misuse
- BUFFER_SIZE fixed_size_dest
- BUFFER_SIZE likely_overflow
- BUFFER_SIZE none
- BUFFER_SIZE overflow
- BUFFER_SIZE overlapping_buffer
- CHECKED_RETURN library_function
- CHECKED_RETURN none
- CHECKED_RETURN returns_error_info
- CHECKED_RETURN short_read
- CHECKED_RETURN unchecked_arg
- CHECKED_RETURN user_required
- INTEGER_OVERFLOW array_index_read
- INTEGER_OVERFLOW array_index_write
- INTEGER_OVERFLOW const_overflow
- INTEGER_OVERFLOW critical_argument
- INTEGER_OVERFLOW none
- INTEGER_OVERFLOW pointer_deref_read
- INTEGER_OVERFLOW pointer_deref_write
- INTEGER_OVERFLOW return_value_error
- NEGATIVE_RETURNS array_index_read
- NEGATIVE_RETURNS array_index_write
- NEGATIVE_RETURNS none
- OVERFLOW_BEFORE_WIDEN none
- PATH_MANIPULATION none
- PW.INTEGER_OVERFLOW none
- PW.INTEGER_TOO_LARGE none
- PW.SHIFT_COUNT_TOO_LARGE none
- REVERSE_NEGATIVE array_index_read
- REVERSE_NEGATIVE array_index_write
- REVERSE_NEGATIVE none
- SIZECHECK ampersand_in_size
- SIZECHECK improper_new
- SIZECHECK incorrect_multiplication
- SIZECHECK likely_overflow
- SIZECHECK none
- STRING_OVERFLOW fixed_size_dest
- STRING_OVERFLOW likely_overflow
- STRING_OVERFLOW none
- STRING_SIZE none
- TAINTED_SCALAR allocation
- TAINTED_SCALAR array_index_read
- TAINTED_SCALAR array_index_write
- TAINTED_SCALAR pointer_deref_read
- TAINTED_SCALAR pointer_deref_write
|
- BAD_ALLOC_STRLEN none
- BAD_COMPARE comparator_misuse
- BUFFER_SIZE fixed_size_dest
- BUFFER_SIZE likely_overflow
- BUFFER_SIZE none
- BUFFER_SIZE overflow
- BUFFER_SIZE overlapping_buffer
- CHECKED_RETURN library_function
- CHECKED_RETURN none
- CHECKED_RETURN returns_error_info
- CHECKED_RETURN short_read
- CHECKED_RETURN unchecked_arg
- CHECKED_RETURN user_required
- INTEGER_OVERFLOW array_index_read
- INTEGER_OVERFLOW array_index_write
- INTEGER_OVERFLOW const_overflow
- INTEGER_OVERFLOW critical_argument
- INTEGER_OVERFLOW none
- INTEGER_OVERFLOW pointer_deref_read
- INTEGER_OVERFLOW pointer_deref_write
- INTEGER_OVERFLOW return_value_error
- NEGATIVE_RETURNS array_index_read
- NEGATIVE_RETURNS array_index_write
- NEGATIVE_RETURNS none
- OVERFLOW_BEFORE_WIDEN none
- PATH_MANIPULATION none
- PW.INTEGER_OVERFLOW none
- PW.INTEGER_TOO_LARGE none
- PW.SHIFT_COUNT_TOO_LARGE none
- REVERSE_NEGATIVE array_index_read
- REVERSE_NEGATIVE array_index_write
- REVERSE_NEGATIVE none
- SIZECHECK ampersand_in_size
- SIZECHECK improper_new
- SIZECHECK incorrect_multiplication
- SIZECHECK likely_overflow
- SIZECHECK none
- STRING_OVERFLOW fixed_size_dest
- STRING_OVERFLOW likely_overflow
- STRING_OVERFLOW none
- STRING_SIZE none
- TAINTED_SCALAR allocation
- TAINTED_SCALAR array_index_read
- TAINTED_SCALAR array_index_write
- TAINTED_SCALAR pointer_deref_read
- TAINTED_SCALAR pointer_deref_write
|
- CHECKED_RETURN none
- CHECKED_RETURN unchecked_arg
- PATH_MANIPULATION none
|
- CHECKED_RETURN library_function
- CHECKED_RETURN none
- CHECKED_RETURN short_read
- CHECKED_RETURN user_required
- FB.PT_ABSOLUTE_PATH_TRAVERSAL none
- FB.PT_RELATIVE_PATH_TRAVERSAL none
- FB.RV_RETURN_VALUE_IGNORED_BAD_PRACTICE none
- JSP_DYNAMIC_INCLUDE none
- ORM_LOAD_NULL_CHECK none
- OVERFLOW_BEFORE_WIDEN none
- PATH_MANIPULATION none
|
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
- EXPRESS_SESSION_UNSAFE_MEMORYSTORE express_session_unsafe_memorystore
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_count
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
- MULTER_MISCONFIGURATION multer_misconfiguration_of_limits
- PATH_MANIPULATION none
|
|
- BAD_ALLOC_STRLEN none
- BAD_COMPARE comparator_misuse
- BUFFER_SIZE fixed_size_dest
- BUFFER_SIZE likely_overflow
- BUFFER_SIZE none
- BUFFER_SIZE overflow
- BUFFER_SIZE overlapping_buffer
- CHECKED_RETURN library_function
- CHECKED_RETURN none
- CHECKED_RETURN short_read
- CHECKED_RETURN unchecked_arg
- CHECKED_RETURN user_required
- INTEGER_OVERFLOW array_index_read
- INTEGER_OVERFLOW array_index_write
- INTEGER_OVERFLOW const_overflow
- INTEGER_OVERFLOW critical_argument
- INTEGER_OVERFLOW none
- INTEGER_OVERFLOW pointer_deref_read
- INTEGER_OVERFLOW pointer_deref_write
- INTEGER_OVERFLOW return_value_error
- NEGATIVE_RETURNS array_index_read
- NEGATIVE_RETURNS array_index_write
- NEGATIVE_RETURNS none
- OVERFLOW_BEFORE_WIDEN none
- PATH_MANIPULATION none
- REVERSE_NEGATIVE array_index_read
- REVERSE_NEGATIVE array_index_write
- REVERSE_NEGATIVE none
- SIZECHECK ampersand_in_size
- SIZECHECK improper_new
- SIZECHECK incorrect_multiplication
- SIZECHECK likely_overflow
- SIZECHECK none
- STRING_OVERFLOW fixed_size_dest
- STRING_OVERFLOW likely_overflow
- STRING_OVERFLOW none
- STRING_SIZE none
- TAINTED_SCALAR allocation
- TAINTED_SCALAR array_index_read
- TAINTED_SCALAR array_index_write
- TAINTED_SCALAR pointer_deref_read
- TAINTED_SCALAR pointer_deref_write
|
|
|
- PATH_MANIPULATION dynamic_render_path_hi
- PATH_MANIPULATION dynamic_render_path_low
- PATH_MANIPULATION dynamic_render_path_med
- PATH_MANIPULATION dynamic_render_path_rce_hi
- PATH_MANIPULATION file_access_hi
- PATH_MANIPULATION file_access_low
- PATH_MANIPULATION file_access_med
- RUBY_VULNERABLE_LIBRARY cve_2011_2929_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_3760_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_3760_low
|
- OVERFLOW_BEFORE_WIDEN none
|
|
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
- EXPRESS_SESSION_UNSAFE_MEMORYSTORE express_session_unsafe_memorystore
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_count
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
- MULTER_MISCONFIGURATION multer_misconfiguration_of_limits
- PATH_MANIPULATION none
|
|
| 803 2010 Top 25 - Porous Defenses |
- CONFIG.CONNECTION_STRING_PASSWORD none
- CONFIG.DEAD_AUTHORIZATION_RULE dead_allow_rule
- CONFIG.DEAD_AUTHORIZATION_RULE dead_deny_rule
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- INSECURE_COOKIE dotnet
- MISSING_AUTHZ none
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
|
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- WEAK_GUARD dns
- WEAK_GUARD dns_sensitive_op
- WEAK_GUARD http_referer
- WEAK_GUARD http_referer_sensitive_op
- WEAK_GUARD ip_address
- WEAK_GUARD ip_address_sensitive_op
- WEAK_GUARD none
- WEAK_GUARD os_login
- WEAK_GUARD os_login_sensitive_op
- WEAK_GUARD principal_name
- WEAK_GUARD principal_name_sensitive_op
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
|
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- WEAK_GUARD dns
- WEAK_GUARD dns_sensitive_op
- WEAK_GUARD http_referer
- WEAK_GUARD http_referer_sensitive_op
- WEAK_GUARD ip_address
- WEAK_GUARD ip_address_sensitive_op
- WEAK_GUARD none
- WEAK_GUARD os_login
- WEAK_GUARD os_login_sensitive_op
- WEAK_GUARD principal_name
- WEAK_GUARD principal_name_sensitive_op
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
|
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
|
- ANDROID_CAPABILITY_LEAK none
- CONFIG.DWR_DEBUG_MODE none
- CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
- CONFIG.JAVAEE_MISSING_SERVLET_MAPPING javaee
- CONFIG.MISSING_JSF2_SECURITY_CONSTRAINT none
- CONFIG.MYBATIS_MAPPER_SQLI none
- CONFIG.SPRING_BOOT_SSL_DISABLED spring_boot_certificate_validation_skipped
- CONFIG.SPRING_BOOT_SSL_DISABLED spring_boot_ssl_disabled
- CONFIG.SPRING_SECURITY_DISABLE_AUTH_TAGS none
- CONFIG.SPRING_SECURITY_HARDCODED_CREDENTIALS none
- CONFIG.SPRING_SECURITY_LOGIN_OVER_HTTP spring_security_login_over_http
- CONFIG.SPRING_SECURITY_REMEMBER_ME_HARDCODED_KEY none
- CONFIG.SPRING_SECURITY_WEAK_PASSWORD_HASH weak_encoding_for_password
- CONFIG.STRUTS2_CONFIG_BROWSER_PLUGIN none
- CONFIG.STRUTS2_DYNAMIC_METHOD_INVOCATION none
- CONFIG.STRUTS2_ENABLED_DEV_MODE none
- CORS_MISCONFIGURATION cors_with_credentials_null_origin
- CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
- CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
- DISABLED_ENCRYPTION text_encryptor
- FB.DMI_CONSTANT_DB_PASSWORD none
- FB.DMI_EMPTY_DB_PASSWORD none
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- IMPLICIT_INTENT none
- INSECURE_COMMUNICATION insecure_communication
- INSECURE_COMMUNICATION none
- INSECURE_COMMUNICATION unencrypted_connection
- INSECURE_COOKIE java
- INSECURE_REMEMBER_ME_COOKIE remember_me_cookie
- JSP_SQL_INJECTION none
- MISSING_AUTHZ none
- MISSING_PERMISSION_FOR_BROADCAST none
- MISSING_PERMISSION_ON_EXPORTED_COMPONENT none
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_intent
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- WEAK_GUARD dns
- WEAK_GUARD dns_sensitive_op
- WEAK_GUARD http_referer
- WEAK_GUARD http_referer_sensitive_op
- WEAK_GUARD ip_address
- WEAK_GUARD ip_address_sensitive_op
- WEAK_GUARD none
- WEAK_GUARD os_login
- WEAK_GUARD os_login_sensitive_op
- WEAK_GUARD principal_name
- WEAK_GUARD principal_name_sensitive_op
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
|
- AWS_SSL_DISABLED aws_ssl_disabled
- AWS_VALIDATION_DISABLED aws_credentials_validation
- AWS_VALIDATION_DISABLED aws_parameters_validation
- BAD_CERT_VERIFICATION bad_cert_verification
- BAD_CERT_VERIFICATION certificate_validation_disabled
- CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
- CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
- CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
- CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
- CORS_MISCONFIGURATION cors_with_credentials_all_origin
- CORS_MISCONFIGURATION cors_with_credentials_null_origin
- CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
- CORS_MISCONFIGURATION_AUDIT cors_headers_allowed
- CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_all_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_null_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_set_if
- INSECURE_ACL insecure_acl
- INSECURE_COMMUNICATION insecure_connection
- INSECURE_COOKIE client_sessions_express_session
- INSECURE_COOKIE hapi_server_session
- INSECURE_SALT hardcoded
- MISSING_AUTHZ none
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO insecure_cipher
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SA.RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- WEAK_URL_SANITIZATION hostname_regular_expression
- WEAK_URL_SANITIZATION regular_expression_anchor
- WEAK_URL_SANITIZATION url_substring
|
- ANDROID_CAPABILITY_LEAK none
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- IMPLICIT_INTENT none
- INSECURE_COMMUNICATION none
- MISSING_PERMISSION_FOR_BROADCAST none
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_intent
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
|
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- WEAK_GUARD dns
- WEAK_GUARD dns_sensitive_op
- WEAK_GUARD http_referer
- WEAK_GUARD http_referer_sensitive_op
- WEAK_GUARD ip_address
- WEAK_GUARD ip_address_sensitive_op
- WEAK_GUARD none
- WEAK_GUARD os_login
- WEAK_GUARD os_login_sensitive_op
- WEAK_GUARD principal_name
- WEAK_GUARD principal_name_sensitive_op
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
|
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- MISSING_AUTHZ none
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
|
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- MISSING_AUTHZ none
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
|
- HARDCODED_CREDENTIALS secret_in_source_med
- INSECURE_COOKIE cookie_missing_secure_flag_low
- INSECURE_COOKIE missing_httponly_low
- INSECURE_DIRECT_OBJECT_REFERENCE unscoped_find_low
- RAILS_DEFAULT_ROUTES all_default_routes_hi
- RAILS_DEFAULT_ROUTES controller_default_routes_med
- RAILS_DEVISE_CONFIG devise_encryptor_hi
- RAILS_MISSING_FILTER_ACTION missing_action_filter_low
- STRICT_TRANSPORT_SECURITY force_ssl_disabled_med
- UNSAFE_BASIC_AUTH basic_auth_password_hi
- UNSAFE_SESSION_SETTING http_cookies_hi
- UNSAFE_SESSION_SETTING secure_cookies_hi
- UNSAFE_SESSION_SETTING session_secret_hi
- WEAK_PASSWORD_HASH weak_hash_digest_hi
- WEAK_PASSWORD_HASH weak_hash_digest_med
- WEAK_PASSWORD_HASH weak_hash_hmac_med
|
|
- CONFIG.ATS_INSECURE none
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- INSECURE_COMMUNICATION none
- INSECURE_MULTIPEER_CONNECTION none
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
|
- AWS_SSL_DISABLED aws_ssl_disabled
- AWS_VALIDATION_DISABLED aws_credentials_validation
- AWS_VALIDATION_DISABLED aws_parameters_validation
- BAD_CERT_VERIFICATION bad_cert_verification
- BAD_CERT_VERIFICATION certificate_validation_disabled
- CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
- CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
- CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
- CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
- CORS_MISCONFIGURATION cors_with_credentials_all_origin
- CORS_MISCONFIGURATION cors_with_credentials_null_origin
- CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
- CORS_MISCONFIGURATION_AUDIT cors_headers_allowed
- CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_all_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_null_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_set_if
- INSECURE_ACL insecure_acl
- INSECURE_COMMUNICATION insecure_connection
- INSECURE_COOKIE client_sessions_express_session
- INSECURE_COOKIE hapi_server_session
- INSECURE_SALT hardcoded
- MISSING_AUTHZ none
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO insecure_cipher
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SA.RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- WEAK_URL_SANITIZATION hostname_regular_expression
- WEAK_URL_SANITIZATION regular_expression_anchor
- WEAK_URL_SANITIZATION url_substring
|
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- MISSING_AUTHZ none
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
|
| 804 Guessable CAPTCHA |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 805 Buffer Access with Incorrect Length Value |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 806 Buffer Access Using Size of Source Buffer |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 807 Reliance on Untrusted Inputs in a Security Decision |
|
- WEAK_GUARD dns
- WEAK_GUARD dns_sensitive_op
- WEAK_GUARD http_referer
- WEAK_GUARD http_referer_sensitive_op
- WEAK_GUARD ip_address
- WEAK_GUARD ip_address_sensitive_op
- WEAK_GUARD none
- WEAK_GUARD os_login
- WEAK_GUARD os_login_sensitive_op
- WEAK_GUARD principal_name
- WEAK_GUARD principal_name_sensitive_op
|
- WEAK_GUARD dns
- WEAK_GUARD dns_sensitive_op
- WEAK_GUARD http_referer
- WEAK_GUARD http_referer_sensitive_op
- WEAK_GUARD ip_address
- WEAK_GUARD ip_address_sensitive_op
- WEAK_GUARD none
- WEAK_GUARD os_login
- WEAK_GUARD os_login_sensitive_op
- WEAK_GUARD principal_name
- WEAK_GUARD principal_name_sensitive_op
|
|
- WEAK_GUARD dns
- WEAK_GUARD dns_sensitive_op
- WEAK_GUARD http_referer
- WEAK_GUARD http_referer_sensitive_op
- WEAK_GUARD ip_address
- WEAK_GUARD ip_address_sensitive_op
- WEAK_GUARD none
- WEAK_GUARD os_login
- WEAK_GUARD os_login_sensitive_op
- WEAK_GUARD principal_name
- WEAK_GUARD principal_name_sensitive_op
|
- WEAK_URL_SANITIZATION hostname_regular_expression
- WEAK_URL_SANITIZATION regular_expression_anchor
- WEAK_URL_SANITIZATION url_substring
|
|
- WEAK_GUARD dns
- WEAK_GUARD dns_sensitive_op
- WEAK_GUARD http_referer
- WEAK_GUARD http_referer_sensitive_op
- WEAK_GUARD ip_address
- WEAK_GUARD ip_address_sensitive_op
- WEAK_GUARD none
- WEAK_GUARD os_login
- WEAK_GUARD os_login_sensitive_op
- WEAK_GUARD principal_name
- WEAK_GUARD principal_name_sensitive_op
|
|
|
|
|
|
- WEAK_URL_SANITIZATION hostname_regular_expression
- WEAK_URL_SANITIZATION regular_expression_anchor
- WEAK_URL_SANITIZATION url_substring
|
|
| 808 2010 Top 25 - Weaknesses On the Cusp |
- CONFIG.CONNECTION_STRING_PASSWORD none
- FORWARD_NULL deref_constant_null
- FORWARD_NULL deref_constant_zero
- FORWARD_NULL dynamic_cast
- FORWARD_NULL none
- FORWARD_NULL null_from_as
- FORWARD_NULL throws_on_null
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- INSECURE_RANDOM insecure_random_used
- INSECURE_RANDOM insecure_random_value
- NULL_RETURNS none
- NULL_RETURNS unimpl
- REVERSE_INULL none
|
- CHAR_IO none
- COM.ADDROF_LEAK none
- COM.BAD_FREE none
- COM.BSTR.ALLOC double_free
- COM.BSTR.ALLOC free_uninit
- COM.BSTR.ALLOC leak
- COM.BSTR.ALLOC none
- COM.BSTR.ALLOC use_after_free
- COM.BSTR.ALLOC use_uninit
- CTOR_DTOR_LEAK none
- FORMAT_STRING_INJECTION none
- FORMAT_STRING_INJECTION paranoid
- FORWARD_NULL deref_constant_null
- FORWARD_NULL dynamic_cast
- FORWARD_NULL none
- FORWARD_NULL throws_on_null
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- MISRA_CAST bitwise_op_bad_cast
- MISRA_CAST bitwise_op_no_cast
- MISRA_CAST float_complex_conversion
- MISRA_CAST float_narrowing_conversion
- MISRA_CAST float_non_constant_arg_conversion
- MISRA_CAST float_non_constant_conversion
- MISRA_CAST float_non_constant_rtn_conversion
- MISRA_CAST float_to_integer_cast
- MISRA_CAST float_to_integer_conversion
- MISRA_CAST float_widening_cast
- MISRA_CAST integer_complex_conversion
- MISRA_CAST integer_narrowing_conversion
- MISRA_CAST integer_non_constant_arg_conversion
- MISRA_CAST integer_non_constant_conversion
- MISRA_CAST integer_non_constant_rtn_conversion
- MISRA_CAST integer_signedness_changing_cast
- MISRA_CAST integer_signedness_changing_conversion
- MISRA_CAST integer_to_float_cast
- MISRA_CAST integer_to_float_conversion
- MISRA_CAST integer_widening_cast
- MISRA_CAST none
- MISSING_ASSIGN none
- MISSING_ASSIGN uncalled
- MISSING_COPY none
- MISSING_COPY uncalled
- NO_EFFECT bad_memset_truncated_fill
- NO_EFFECT bad_memset_zero_size
- NO_EFFECT incomplete_delete
- NULL_RETURNS none
- NULL_RETURNS unimpl
- PW.NON_CONST_PRINTF_FORMAT_STRING none
- PW.RETURN_PTR_TO_LOCAL_TEMP none
- RESOURCE_LEAK fds_handles
- RETURN_LOCAL escape_local_addr_to_fields_or_globals
- RETURN_LOCAL none
- REVERSE_INULL none
- SIGN_EXTENSION none
- USE_AFTER_FREE deref_read_after_free
- USE_AFTER_FREE deref_write_after_free
- USE_AFTER_FREE double_close
- USE_AFTER_FREE double_free
- USE_AFTER_FREE none
- USE_AFTER_FREE use_after_close
- VIRTUAL_DTOR empty_dtor
- VIRTUAL_DTOR none
- WRAPPER_ESCAPE COM_deref_read_after_free
- WRAPPER_ESCAPE COM_deref_write_after_free
- WRAPPER_ESCAPE COM_use_after_free
- WRAPPER_ESCAPE deref_read_after_free
- WRAPPER_ESCAPE deref_write_after_free
- WRAPPER_ESCAPE none
- Y2K38_SAFETY declaration_with_small_time_t
- Y2K38_SAFETY truncation_of_time_t
|
- CHAR_IO none
- CTOR_DTOR_LEAK none
- FORMAT_STRING_INJECTION none
- FORMAT_STRING_INJECTION paranoid
- FORWARD_NULL deref_constant_null
- FORWARD_NULL dynamic_cast
- FORWARD_NULL none
- FORWARD_NULL throws_on_null
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- MISRA_CAST bitwise_op_bad_cast
- MISRA_CAST bitwise_op_no_cast
- MISRA_CAST float_complex_conversion
- MISRA_CAST float_narrowing_conversion
- MISRA_CAST float_non_constant_arg_conversion
- MISRA_CAST float_non_constant_conversion
- MISRA_CAST float_non_constant_rtn_conversion
- MISRA_CAST float_to_integer_cast
- MISRA_CAST float_to_integer_conversion
- MISRA_CAST float_widening_cast
- MISRA_CAST integer_complex_conversion
- MISRA_CAST integer_narrowing_conversion
- MISRA_CAST integer_non_constant_arg_conversion
- MISRA_CAST integer_non_constant_conversion
- MISRA_CAST integer_non_constant_rtn_conversion
- MISRA_CAST integer_signedness_changing_cast
- MISRA_CAST integer_signedness_changing_conversion
- MISRA_CAST integer_to_float_cast
- MISRA_CAST integer_to_float_conversion
- MISRA_CAST integer_widening_cast
- MISRA_CAST none
- MISSING_ASSIGN none
- MISSING_ASSIGN uncalled
- MISSING_COPY none
- MISSING_COPY uncalled
- NO_EFFECT bad_memset_truncated_fill
- NO_EFFECT bad_memset_zero_size
- NO_EFFECT incomplete_delete
- NULL_RETURNS none
- NULL_RETURNS unimpl
- PW.NON_CONST_PRINTF_FORMAT_STRING none
- PW.RETURN_PTR_TO_LOCAL_TEMP none
- RESOURCE_LEAK fds_handles
- RETURN_LOCAL escape_local_addr_to_fields_or_globals
- RETURN_LOCAL none
- REVERSE_INULL none
- SIGN_EXTENSION none
- USE_AFTER_FREE deref_read_after_free
- USE_AFTER_FREE deref_write_after_free
- USE_AFTER_FREE double_close
- USE_AFTER_FREE double_free
- USE_AFTER_FREE none
- USE_AFTER_FREE use_after_close
- VIRTUAL_DTOR empty_dtor
- VIRTUAL_DTOR none
- WRAPPER_ESCAPE COM_deref_read_after_free
- WRAPPER_ESCAPE COM_deref_write_after_free
- WRAPPER_ESCAPE COM_use_after_free
- WRAPPER_ESCAPE deref_read_after_free
- WRAPPER_ESCAPE deref_write_after_free
- WRAPPER_ESCAPE none
|
- FORWARD_NULL deref_constant_null
- FORWARD_NULL none
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- NULL_RETURNS none
- NULL_RETURNS unimpl
- REVERSE_INULL none
|
- CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
- CONFIG.SPRING_SECURITY_HARDCODED_CREDENTIALS none
- CONFIG.SPRING_SECURITY_REMEMBER_ME_HARDCODED_KEY none
- CONFIG.UNSAFE_SESSION_TIMEOUT none
- FB.BC_NULL_INSTANCEOF none
- FB.BX_BOXING_IMMEDIATELY_UNBOXED_TO_PERFORM_COERCION none
- FB.DMI_CONSTANT_DB_PASSWORD none
- FB.DMI_EMPTY_DB_PASSWORD none
- FB.ICAST_BAD_SHIFT_AMOUNT none
- FB.ICAST_IDIV_CAST_TO_DOUBLE none
- FB.ICAST_INTEGER_MULTIPLY_CAST_TO_LONG none
- FB.ICAST_INT_2_LONG_AS_INSTANT none
- FB.ICAST_INT_CAST_TO_DOUBLE_PASSED_TO_CEIL none
- FB.ICAST_INT_CAST_TO_FLOAT_PASSED_TO_ROUND none
- FB.ICAST_QUESTIONABLE_UNSIGNED_RIGHT_SHIFT none
- FB.NP_ALWAYS_NULL none
- FB.NP_ALWAYS_NULL_EXCEPTION none
- FB.NP_ARGUMENT_MIGHT_BE_NULL none
- FB.NP_BOOLEAN_RETURN_NULL none
- FB.NP_CLONE_COULD_RETURN_NULL none
- FB.NP_CLOSING_NULL none
- FB.NP_DEREFERENCE_OF_READLINE_VALUE none
- FB.NP_DOES_NOT_HANDLE_NULL none
- FB.NP_EQUALS_SHOULD_HANDLE_NULL_ARGUMENT none
- FB.NP_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR none
- FB.NP_GUARANTEED_DEREF none
- FB.NP_GUARANTEED_DEREF_ON_EXCEPTION_PATH none
- FB.NP_IMMEDIATE_DEREFERENCE_OF_READLINE none
- FB.NP_LOAD_OF_KNOWN_NULL_VALUE none
- FB.NP_METHOD_PARAMETER_RELAXING_ANNOTATION none
- FB.NP_METHOD_PARAMETER_TIGHTENS_ANNOTATION none
- FB.NP_METHOD_RETURN_RELAXING_ANNOTATION none
- FB.NP_NONNULL_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR none
- FB.NP_NONNULL_PARAM_VIOLATION none
- FB.NP_NONNULL_RETURN_VIOLATION none
- FB.NP_NULL_INSTANCEOF none
- FB.NP_NULL_ON_SOME_PATH none
- FB.NP_NULL_ON_SOME_PATH_EXCEPTION none
- FB.NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE none
- FB.NP_NULL_ON_SOME_PATH_MIGHT_BE_INFEASIBLE none
- FB.NP_NULL_PARAM_DEREF none
- FB.NP_NULL_PARAM_DEREF_ALL_TARGETS_DANGEROUS none
- FB.NP_NULL_PARAM_DEREF_NONVIRTUAL none
- FB.NP_OPTIONAL_RETURN_NULL none
- FB.NP_PARAMETER_MUST_BE_NONNULL_BUT_MARKED_AS_NULLABLE none
- FB.NP_STORE_INTO_NONNULL_FIELD none
- FB.NP_TOSTRING_COULD_RETURN_NULL none
- FB.NP_UNWRITTEN_FIELD none
- FB.NP_UNWRITTEN_PUBLIC_OR_PROTECTED_FIELD none
- FB.RCN_REDUNDANT_COMPARISON_OF_NULL_AND_NONNULL_VALUE none
- FB.RCN_REDUNDANT_COMPARISON_TWO_NULL_VALUES none
- FB.RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE none
- FB.RCN_REDUNDANT_NULLCHECK_OF_NULL_VALUE none
- FB.RCN_REDUNDANT_NULLCHECK_WOULD_HAVE_BEEN_A_NPE none
- FORWARD_NULL deref_constant_null
- FORWARD_NULL deref_constant_zero
- FORWARD_NULL needs_null_check
- FORWARD_NULL none
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- INSECURE_RANDOM insecure_random_used
- INSECURE_RANDOM insecure_random_value
- MOBILE_ID_MISUSE none
- NULL_RETURNS none
- NULL_RETURNS unimpl
- PREDICTABLE_RANDOM_SEED random_seed
- PREDICTABLE_RANDOM_SEED secure_random_seed_const
- PREDICTABLE_RANDOM_SEED secure_random_seed_sys_time
- REVERSE_INULL none
- USE_AFTER_FREE none
|
- CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
- CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
- CONFIG.JSONWEBTOKEN_NON_EXPIRING_TOKEN jwt_non_expiring_token
- CONFIG.UNSAFE_SESSION_TIMEOUT client_sessions_unsafe_session_timeout
- CONFIG.UNSAFE_SESSION_TIMEOUT connect_mongo_session_timeout_too_long
- CONFIG.UNSAFE_SESSION_TIMEOUT connect_redis_session_timeout_too_long
- CONFIG.UNSAFE_SESSION_TIMEOUT google_cloud_connect_datastore_unsafe_session_timeout
- CORS_MISCONFIGURATION_AUDIT cors_preflight_age_too_long
- FORWARD_NULL bad_null_value_use
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_max_age
- INSECURE_RANDOM insecure_random_used
- INSECURE_RANDOM insecure_random_value
- INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_aws
- INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_google
- JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_exipration
- JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_not_before
- NULL_RETURNS none
- REVERSE_INULL none
- TEMPORARY_CREDENTIALS_DURATION temporary_credentials_duration
|
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- INSECURE_RANDOM insecure_random_used
- INSECURE_RANDOM insecure_random_value
- MOBILE_ID_MISUSE none
- PREDICTABLE_RANDOM_SEED random_seed
- PREDICTABLE_RANDOM_SEED secure_random_seed_const
- PREDICTABLE_RANDOM_SEED secure_random_seed_sys_time
|
- CHAR_IO none
- CTOR_DTOR_LEAK none
- FORMAT_STRING_INJECTION none
- FORMAT_STRING_INJECTION paranoid
- FORWARD_NULL deref_constant_null
- FORWARD_NULL dynamic_cast
- FORWARD_NULL none
- FORWARD_NULL throws_on_null
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- MISRA_CAST bitwise_op_bad_cast
- MISRA_CAST bitwise_op_no_cast
- MISRA_CAST float_complex_conversion
- MISRA_CAST float_narrowing_conversion
- MISRA_CAST float_non_constant_arg_conversion
- MISRA_CAST float_non_constant_conversion
- MISRA_CAST float_non_constant_rtn_conversion
- MISRA_CAST float_to_integer_cast
- MISRA_CAST float_to_integer_conversion
- MISRA_CAST float_widening_cast
- MISRA_CAST integer_complex_conversion
- MISRA_CAST integer_narrowing_conversion
- MISRA_CAST integer_non_constant_arg_conversion
- MISRA_CAST integer_non_constant_conversion
- MISRA_CAST integer_non_constant_rtn_conversion
- MISRA_CAST integer_signedness_changing_cast
- MISRA_CAST integer_signedness_changing_conversion
- MISRA_CAST integer_to_float_cast
- MISRA_CAST integer_to_float_conversion
- MISRA_CAST integer_widening_cast
- MISRA_CAST none
- MISSING_ASSIGN none
- MISSING_ASSIGN uncalled
- MISSING_COPY none
- MISSING_COPY uncalled
- NO_EFFECT bad_memset_truncated_fill
- NO_EFFECT bad_memset_zero_size
- NO_EFFECT incomplete_delete
- NULL_RETURNS none
- NULL_RETURNS unimpl
- RESOURCE_LEAK fds_handles
- RETURN_LOCAL escape_local_addr_to_fields_or_globals
- RETURN_LOCAL none
- REVERSE_INULL none
- SIGN_EXTENSION none
- USE_AFTER_FREE deref_read_after_free
- USE_AFTER_FREE deref_write_after_free
- USE_AFTER_FREE double_close
- USE_AFTER_FREE double_free
- USE_AFTER_FREE none
- USE_AFTER_FREE use_after_close
- VIRTUAL_DTOR empty_dtor
- VIRTUAL_DTOR none
- WRAPPER_ESCAPE COM_deref_read_after_free
- WRAPPER_ESCAPE COM_deref_write_after_free
- WRAPPER_ESCAPE COM_use_after_free
- WRAPPER_ESCAPE deref_read_after_free
- WRAPPER_ESCAPE deref_write_after_free
- WRAPPER_ESCAPE none
|
- FORWARD_NULL bad_null_value_use
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
|
- FORWARD_NULL bad_null_value_use
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- REVERSE_INULL none
|
- FORWARD_NULL bad_null_value_use
- HARDCODED_CREDENTIALS secret_in_source_med
- RAILS_DEVISE_CONFIG devise_lock_strategy_low
- REVERSE_INULL none
- SENSITIVE_DATA_LEAK detailed_exceptions_hi
- SENSITIVE_DATA_LEAK detailed_exceptions_med
- UNSAFE_BASIC_AUTH basic_auth_password_hi
- UNSAFE_SESSION_SETTING session_secret_hi
|
- FORWARD_NULL deref_constant_null
- FORWARD_NULL none
- REVERSE_INULL none
|
- FORWARD_NULL deref_constant_null
- FORWARD_NULL none
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- REVERSE_INULL none
|
- CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
- CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
- CONFIG.JSONWEBTOKEN_NON_EXPIRING_TOKEN jwt_non_expiring_token
- CONFIG.UNSAFE_SESSION_TIMEOUT client_sessions_unsafe_session_timeout
- CONFIG.UNSAFE_SESSION_TIMEOUT connect_mongo_session_timeout_too_long
- CONFIG.UNSAFE_SESSION_TIMEOUT connect_redis_session_timeout_too_long
- CONFIG.UNSAFE_SESSION_TIMEOUT google_cloud_connect_datastore_unsafe_session_timeout
- CORS_MISCONFIGURATION_AUDIT cors_preflight_age_too_long
- FORWARD_NULL bad_null_value_use
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_max_age
- INSECURE_RANDOM insecure_random_used
- INSECURE_RANDOM insecure_random_value
- INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_aws
- INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_google
- JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_exipration
- JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_not_before
- NULL_RETURNS none
- REVERSE_INULL none
- TEMPORARY_CREDENTIALS_DURATION temporary_credentials_duration
|
- FORWARD_NULL deref_constant_null
- FORWARD_NULL deref_constant_zero
- FORWARD_NULL dynamic_cast
- FORWARD_NULL none
- FORWARD_NULL null_from_as
- FORWARD_NULL throws_on_null
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- INSECURE_RANDOM insecure_random_used
- INSECURE_RANDOM insecure_random_value
- NULL_RETURNS none
- REVERSE_INULL none
|
| 809 Weaknesses in OWASP Top Ten (2010) |
- CONFIG.CONNECTION_STRING_PASSWORD none
- CONFIG.DEAD_AUTHORIZATION_RULE dead_allow_rule
- CONFIG.DEAD_AUTHORIZATION_RULE dead_deny_rule
- CONFIG.DYNAMIC_DATA_HTML_COMMENT none
- CSRF database_update
- CSRF filesystem_modification
- CSRF none
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HEADER_INJECTION none
- INSECURE_COOKIE dotnet
- LDAP_INJECTION none
- LDAP_NOT_CONSTANT none
- MISSING_AUTHZ none
- OPEN_REDIRECT none
- OS_CMD_INJECTION command_argument
- OS_CMD_INJECTION executable_file
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
- XML_EXTERNAL_ENTITY unrestricted_dtds
- XML_INJECTION none
- XPATH_INJECTION none
- XSS none
- XSS stored_xss
|
- AUTOSAR C++14 A15-3-3 none
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HEADER_INJECTION none
- MISRA C++-2008 Rule 15-3-2 none
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- UNCAUGHT_EXCEPT none
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- URL_MANIPULATION none
- WEAK_GUARD dns
- WEAK_GUARD dns_sensitive_op
- WEAK_GUARD http_referer
- WEAK_GUARD http_referer_sensitive_op
- WEAK_GUARD ip_address
- WEAK_GUARD ip_address_sensitive_op
- WEAK_GUARD none
- WEAK_GUARD os_login
- WEAK_GUARD os_login_sensitive_op
- WEAK_GUARD principal_name
- WEAK_GUARD principal_name_sensitive_op
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
- XPATH_INJECTION none
|
- AUTOSAR C++14 A15-3-3 none
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HEADER_INJECTION none
- MISRA C++-2008 Rule 15-3-2 none
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- UNCAUGHT_EXCEPT none
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- URL_MANIPULATION none
- WEAK_GUARD dns
- WEAK_GUARD dns_sensitive_op
- WEAK_GUARD http_referer
- WEAK_GUARD http_referer_sensitive_op
- WEAK_GUARD ip_address
- WEAK_GUARD ip_address_sensitive_op
- WEAK_GUARD none
- WEAK_GUARD os_login
- WEAK_GUARD os_login_sensitive_op
- WEAK_GUARD principal_name
- WEAK_GUARD principal_name_sensitive_op
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
- XPATH_INJECTION none
|
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HEADER_INJECTION none
- OPEN_REDIRECT none
- OS_CMD_INJECTION command_as_one_string
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
- URL_MANIPULATION none
- XSS none
|
- ANDROID_CAPABILITY_LEAK none
- CONFIG.ANDROID_BACKUPS_ALLOWED android
- CONFIG.DWR_DEBUG_MODE none
- CONFIG.DYNAMIC_DATA_HTML_COMMENT none
- CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
- CONFIG.JAVAEE_MISSING_SERVLET_MAPPING javaee
- CONFIG.MISSING_JSF2_SECURITY_CONSTRAINT none
- CONFIG.MYBATIS_MAPPER_SQLI none
- CONFIG.SPRING_BOOT_SENSITIVE_LOGGING spring_boot_logging
- CONFIG.SPRING_BOOT_SSL_DISABLED spring_boot_certificate_validation_skipped
- CONFIG.SPRING_BOOT_SSL_DISABLED spring_boot_ssl_disabled
- CONFIG.SPRING_SECURITY_CSRF_PROTECTION_DISABLED spring_security
- CONFIG.SPRING_SECURITY_DEPRECATED_XSS_HEADER deprecated_xss_header
- CONFIG.SPRING_SECURITY_DISABLE_AUTH_TAGS none
- CONFIG.SPRING_SECURITY_HARDCODED_CREDENTIALS none
- CONFIG.SPRING_SECURITY_LOGIN_OVER_HTTP spring_security_login_over_http
- CONFIG.SPRING_SECURITY_REMEMBER_ME_HARDCODED_KEY none
- CONFIG.SPRING_SECURITY_SESSION_FIXATION none
- CONFIG.SPRING_SECURITY_SESSION_FIXATION spring_security_source_code
- CONFIG.SPRING_SECURITY_WEAK_PASSWORD_HASH weak_encoding_for_password
- CONFIG.STRUTS2_CONFIG_BROWSER_PLUGIN none
- CONFIG.STRUTS2_DYNAMIC_METHOD_INVOCATION none
- CONFIG.STRUTS2_ENABLED_DEV_MODE none
- CORS_MISCONFIGURATION cors_with_credentials_null_origin
- CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
- CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
- CSRF database_update
- CSRF filesystem_modification
- CSRF none
- DISABLED_ENCRYPTION text_encryptor
- EXPOSED_PREFERENCES none
- FB.DMI_CONSTANT_DB_PASSWORD none
- FB.DMI_EMPTY_DB_PASSWORD none
- FB.PT_ABSOLUTE_PATH_TRAVERSAL none
- FB.PT_RELATIVE_PATH_TRAVERSAL none
- FB.SQL_NONCONSTANT_STRING_PASSED_TO_EXECUTE none
- FB.SQL_PREPARED_STATEMENT_GENERATED_FROM_NONCONSTANT_STRING none
- FB.XSS_REQUEST_PARAMETER_TO_JSP_WRITER none
- FB.XSS_REQUEST_PARAMETER_TO_SEND_ERROR none
- FB.XSS_REQUEST_PARAMETER_TO_SERVLET_WRITER none
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HEADER_INJECTION none
- IMPLICIT_INTENT none
- INSECURE_COMMUNICATION insecure_communication
- INSECURE_COMMUNICATION none
- INSECURE_COMMUNICATION unencrypted_connection
- INSECURE_COOKIE java
- INSECURE_REMEMBER_ME_COOKIE remember_me_cookie
- JAVA_CODE_INJECTION none
- JSP_DYNAMIC_INCLUDE none
- JSP_SQL_INJECTION none
- LDAP_INJECTION none
- LDAP_NOT_CONSTANT none
- MISSING_AUTHZ none
- MISSING_HEADER_VALIDATION missing_header_validation
- MISSING_PERMISSION_FOR_BROADCAST none
- MISSING_PERMISSION_ON_EXPORTED_COMPONENT none
- OPEN_REDIRECT none
- OS_CMD_INJECTION command_as_array_of_args
- OS_CMD_INJECTION command_as_one_string
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_intent
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SESSION_FIXATION none
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_access
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_read
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_write
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_access
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_read
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_write
- URL_MANIPULATION bad_content_uri
- URL_MANIPULATION bad_intent_uri
- URL_MANIPULATION bad_web_uri
- VERBOSE_ERROR_REPORTING exception_information
- VERBOSE_ERROR_REPORTING stack_trace
- WEAK_GUARD dns
- WEAK_GUARD dns_sensitive_op
- WEAK_GUARD http_referer
- WEAK_GUARD http_referer_sensitive_op
- WEAK_GUARD ip_address
- WEAK_GUARD ip_address_sensitive_op
- WEAK_GUARD none
- WEAK_GUARD os_login
- WEAK_GUARD os_login_sensitive_op
- WEAK_GUARD principal_name
- WEAK_GUARD principal_name_sensitive_op
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
- XML_EXTERNAL_ENTITY unrestricted_dtds
- XML_INJECTION none
- XPATH_INJECTION none
- XSS none
- XSS stored_xss
|
- ANGULAR_BYPASS_SECURITY none
- ANGULAR_ELEMENT_REFERENCE none
- ANGULAR_SCE_DISABLED angular_sce_disabled
- AWS_SSL_DISABLED aws_ssl_disabled
- AWS_VALIDATION_DISABLED aws_credentials_validation
- AWS_VALIDATION_DISABLED aws_parameters_validation
- BAD_CERT_VERIFICATION bad_cert_verification
- BAD_CERT_VERIFICATION certificate_validation_disabled
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
- CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
- CONFIG.CSURF_IGNORE_METHODS csurf_ignore_methods
- CONFIG.HANA_XS_PREVENT_XSRF_DISABLED none
- CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
- CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
- CONFIG.SEQUELIZE_ENABLED_LOGGING sequelize_logging_enabled
- CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
- CORS_MISCONFIGURATION cors_with_credentials_all_origin
- CORS_MISCONFIGURATION cors_with_credentials_null_origin
- CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
- CORS_MISCONFIGURATION_AUDIT cors_headers_allowed
- CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_all_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_null_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
- CSRF database_update
- CSRF filesystem_modification
- CSRF none
- CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_cookie_name
- CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_no_validation
- CSRF_MISCONFIGURATION_HAPI_CRUMB insecure_cookie
- CSRF_MISCONFIGURATION_HAPI_CRUMB insufficient_token_entropy
- DOM_XSS none
- EXPRESS_WINSTON_SENSITIVE_LOGGING error_logger
- EXPRESS_WINSTON_SENSITIVE_LOGGING meta_data
- EXPRESS_WINSTON_SENSITIVE_LOGGING request_logger
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HEADER_INJECTION none
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_set_if
- INSECURE_ACL insecure_acl
- INSECURE_COMMUNICATION insecure_connection
- INSECURE_COOKIE client_sessions_express_session
- INSECURE_COOKIE hapi_server_session
- INSECURE_SALT hardcoded
- LOCALSTORAGE_MANIPULATION none
- MISSING_AUTHZ none
- MISSING_IFRAME_SANDBOX none
- MULTER_MISCONFIGURATION multer_applied_globally
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
- OPEN_REDIRECT none
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- REACT_DANGEROUS_INNERHTML react_set_unsafe_html
- REVERSE_TABNABBING react_target_blank
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO insecure_cipher
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SA.RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SESSIONSTORAGE_MANIPULATION none
- SQLI none
- SQLI nosink
- SQLI sink
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
- UNLESS_CASE_SENSITIVE_ROUTE_MATCHING express_unless_case_sensitive_route_matching
- URL_MANIPULATION none
- VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
- WEAK_URL_SANITIZATION hostname_regular_expression
- WEAK_URL_SANITIZATION regular_expression_anchor
- WEAK_URL_SANITIZATION url_substring
- XSS none
|
- ANDROID_CAPABILITY_LEAK none
- CONFIG.ANDROID_BACKUPS_ALLOWED android
- EXPOSED_PREFERENCES none
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HEADER_INJECTION none
- IMPLICIT_INTENT none
- INSECURE_COMMUNICATION none
- MISSING_PERMISSION_FOR_BROADCAST none
- OS_CMD_INJECTION command_as_array_of_args
- OS_CMD_INJECTION command_as_one_string
- PATH_MANIPULATION none
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_intent
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_access
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_read
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_write
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_access
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_read
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_write
- URL_MANIPULATION bad_content_uri
- URL_MANIPULATION bad_intent_uri
- URL_MANIPULATION bad_web_uri
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
- XML_EXTERNAL_ENTITY unrestricted_dtds
|
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HEADER_INJECTION none
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- UNCAUGHT_EXCEPT none
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- URL_MANIPULATION none
- WEAK_GUARD dns
- WEAK_GUARD dns_sensitive_op
- WEAK_GUARD http_referer
- WEAK_GUARD http_referer_sensitive_op
- WEAK_GUARD ip_address
- WEAK_GUARD ip_address_sensitive_op
- WEAK_GUARD none
- WEAK_GUARD os_login
- WEAK_GUARD os_login_sensitive_op
- WEAK_GUARD principal_name
- WEAK_GUARD principal_name_sensitive_op
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
- XPATH_INJECTION none
|
- CONFIG.SYMFONY_CSRF_PROTECTION_DISABLED none
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HEADER_INJECTION none
- MISSING_AUTHZ none
- OPEN_REDIRECT none
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- XSS none
|
- CSRF database_update
- CSRF none
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- MISSING_AUTHZ none
- OPEN_REDIRECT none
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- XSS none
|
- CSRF csrf_not_protected_by_raising_exception_med
- CSRF csrf_protection_disabled_hi
- CSRF csrf_protection_missing_hi
- CSRF cve_2011_0447_hi
- DYNAMIC_OBJECT_ATTRIBUTES cve_2013_0276_hi
- HARDCODED_CREDENTIALS secret_in_source_med
- INSECURE_COOKIE cookie_missing_secure_flag_low
- INSECURE_COOKIE missing_httponly_low
- INSECURE_DIRECT_OBJECT_REFERENCE unscoped_find_low
- OPEN_REDIRECT open_redirect_hi
- OPEN_REDIRECT open_redirect_low
- OS_CMD_INJECTION command_injection_hi
- OS_CMD_INJECTION command_injection_med
- PATH_MANIPULATION dynamic_render_path_hi
- PATH_MANIPULATION dynamic_render_path_low
- PATH_MANIPULATION dynamic_render_path_med
- PATH_MANIPULATION dynamic_render_path_rce_hi
- PATH_MANIPULATION file_access_hi
- PATH_MANIPULATION file_access_low
- PATH_MANIPULATION file_access_med
- RAILS_DEFAULT_ROUTES all_default_routes_hi
- RAILS_DEFAULT_ROUTES controller_default_routes_med
- RAILS_DEVISE_CONFIG devise_encryptor_hi
- RAILS_DEVISE_CONFIG devise_lock_strategy_low
- RAILS_DEVISE_CONFIG devise_password_length_max_low
- RAILS_DEVISE_CONFIG devise_password_length_max_med
- RAILS_DEVISE_CONFIG devise_password_length_min_low
- RAILS_DEVISE_CONFIG devise_password_length_min_med
- RAILS_DEVISE_CONFIG devise_reset_timeout_hi
- RAILS_MISSING_FILTER_ACTION missing_action_filter_low
- REVERSE_TABNABBING reverse_tabnabbing_low
- RUBY_VULNERABLE_LIBRARY cve_2010_3933_hi
- RUBY_VULNERABLE_LIBRARY cve_2011_2929_hi
- RUBY_VULNERABLE_LIBRARY cve_2011_2930_med
- RUBY_VULNERABLE_LIBRARY cve_2011_2931_hi
- RUBY_VULNERABLE_LIBRARY cve_2011_2932_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_2660_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_2661_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_2695_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_3463_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_3465_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_5664_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_0155_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_1855_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_1857_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_4491_med
- RUBY_VULNERABLE_LIBRARY cve_2013_6416_call_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_6416_med
- RUBY_VULNERABLE_LIBRARY cve_2013_6417_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_0080_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_0081_call_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_0081_med
- RUBY_VULNERABLE_LIBRARY cve_2014_3482_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_3483_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_low
- RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_med
- RUBY_VULNERABLE_LIBRARY cve_2014_3514_med
- RUBY_VULNERABLE_LIBRARY cve_2015_3226_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_3226_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7576_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_7577_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7578_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_7578_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7579_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_7579_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7580_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_7580_med
- RUBY_VULNERABLE_LIBRARY cve_2016_6317_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_3741_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_3741_med
- RUBY_VULNERABLE_LIBRARY cve_2018_3760_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_3760_low
- RUBY_VULNERABLE_LIBRARY cve_2018_8048_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_8048_med
- RUBY_VULNERABLE_LIBRARY safe_buffer_vuln_med
- RUBY_VULNERABLE_LIBRARY select_options_vuln_low
- RUBY_VULNERABLE_LIBRARY select_options_vuln_med
- RUBY_VULNERABLE_LIBRARY translate_vuln_hi
- RUBY_VULNERABLE_LIBRARY translate_vuln_med
- SENSITIVE_DATA_LEAK detailed_exceptions_hi
- SENSITIVE_DATA_LEAK detailed_exceptions_med
- SQLI sql_injection_calculate_hi
- SQLI sql_injection_calculate_low
- SQLI sql_injection_calculate_med
- SQLI sql_injection_connection_hi
- SQLI sql_injection_connection_low
- SQLI sql_injection_connection_med
- SQLI sql_injection_delete_hi
- SQLI sql_injection_delete_low
- SQLI sql_injection_delete_med
- SQLI sql_injection_dynamic_finder_med
- SQLI sql_injection_exists_hi
- SQLI sql_injection_find_by_hi
- SQLI sql_injection_find_hi
- SQLI sql_injection_find_low
- SQLI sql_injection_find_med
- SQLI sql_injection_from_hi
- SQLI sql_injection_from_low
- SQLI sql_injection_from_med
- SQLI sql_injection_group_low
- SQLI sql_injection_group_med
- SQLI sql_injection_having_low
- SQLI sql_injection_having_med
- SQLI sql_injection_hi
- SQLI sql_injection_interp_hi
- SQLI sql_injection_interp_low
- SQLI sql_injection_interp_med
- SQLI sql_injection_joins_hi
- SQLI sql_injection_joins_low
- SQLI sql_injection_joins_med
- SQLI sql_injection_limit_offset_hi
- SQLI sql_injection_limit_offset_low
- SQLI sql_injection_low
- SQLI sql_injection_med
- SQLI sql_injection_not_low
- SQLI sql_injection_order_hi
- SQLI sql_injection_order_low
- SQLI sql_injection_order_med
- SQLI sql_injection_pluck_hi
- SQLI sql_injection_pluck_low
- SQLI sql_injection_pluck_med
- SQLI sql_injection_reorder_hi
- SQLI sql_injection_reorder_low
- SQLI sql_injection_reorder_med
- SQLI sql_injection_select_hi
- SQLI sql_injection_select_med
- SQLI sql_injection_where_hi
- SQLI sql_injection_where_low
- SQLI sql_injection_where_med
- STRICT_TRANSPORT_SECURITY force_ssl_disabled_med
- UNESCAPED_HTML unescaped_output_low
- UNSAFE_BASIC_AUTH basic_auth_password_hi
- UNSAFE_BASIC_AUTH basic_auth_timing_attack_low
- UNSAFE_BASIC_AUTH basic_auth_usage_low
- UNSAFE_SESSION_SETTING http_cookies_hi
- UNSAFE_SESSION_SETTING secure_cookies_hi
- UNSAFE_SESSION_SETTING session_secret_hi
- WEAK_PASSWORD_HASH weak_hash_digest_hi
- WEAK_PASSWORD_HASH weak_hash_digest_med
- WEAK_PASSWORD_HASH weak_hash_hmac_med
- XSS cross_site_scripting_hi
- XSS cross_site_scripting_inline_hi
- XSS cross_site_scripting_inline_med
- XSS cross_site_scripting_low
- XSS cross_site_scripting_med
- XSS cve_2011_0446_hi
- XSS cve_2012_3464_med
- XSS cve_2016_6316_hi
- XSS cve_2016_6316_med
- XSS unquoted_attribute_hi
- XSS unquoted_attribute_low
- XSS unquoted_attribute_med
- XSS xss_content_tag_hi
- XSS xss_content_tag_med
- XSS xss_link_to_hi
- XSS xss_link_to_href_hi
- XSS xss_link_to_href_low
- XSS xss_link_to_med
- XSS xss_to_json_hi
- XSS xss_to_json_med
|
|
- CONFIG.ATS_INSECURE none
- CUSTOM_KEYBOARD_DATA_LEAK none
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- INSECURE_COMMUNICATION none
- INSECURE_MULTIPEER_CONNECTION none
- PATH_MANIPULATION none
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- WEAK_BIOMETRIC_AUTH none
- XPATH_INJECTION none
|
- ANGULAR_BYPASS_SECURITY none
- ANGULAR_ELEMENT_REFERENCE none
- ANGULAR_SCE_DISABLED angular_sce_disabled
- AWS_SSL_DISABLED aws_ssl_disabled
- AWS_VALIDATION_DISABLED aws_credentials_validation
- AWS_VALIDATION_DISABLED aws_parameters_validation
- BAD_CERT_VERIFICATION bad_cert_verification
- BAD_CERT_VERIFICATION certificate_validation_disabled
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
- CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
- CONFIG.CSURF_IGNORE_METHODS csurf_ignore_methods
- CONFIG.HANA_XS_PREVENT_XSRF_DISABLED none
- CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
- CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
- CONFIG.SEQUELIZE_ENABLED_LOGGING sequelize_logging_enabled
- CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
- CORS_MISCONFIGURATION cors_with_credentials_all_origin
- CORS_MISCONFIGURATION cors_with_credentials_null_origin
- CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
- CORS_MISCONFIGURATION_AUDIT cors_headers_allowed
- CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_all_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_null_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
- CSRF database_update
- CSRF filesystem_modification
- CSRF none
- CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_cookie_name
- CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_no_validation
- CSRF_MISCONFIGURATION_HAPI_CRUMB insecure_cookie
- CSRF_MISCONFIGURATION_HAPI_CRUMB insufficient_token_entropy
- DOM_XSS none
- EXPRESS_WINSTON_SENSITIVE_LOGGING error_logger
- EXPRESS_WINSTON_SENSITIVE_LOGGING meta_data
- EXPRESS_WINSTON_SENSITIVE_LOGGING request_logger
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HEADER_INJECTION none
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_set_if
- INSECURE_ACL insecure_acl
- INSECURE_COMMUNICATION insecure_connection
- INSECURE_COOKIE client_sessions_express_session
- INSECURE_COOKIE hapi_server_session
- INSECURE_SALT hardcoded
- LOCALSTORAGE_MANIPULATION none
- MISSING_AUTHZ none
- MISSING_IFRAME_SANDBOX none
- MULTER_MISCONFIGURATION multer_applied_globally
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
- OPEN_REDIRECT none
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- REACT_DANGEROUS_INNERHTML react_set_unsafe_html
- REVERSE_TABNABBING react_target_blank
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO insecure_cipher
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SA.RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SESSIONSTORAGE_MANIPULATION none
- SQLI none
- SQLI nosink
- SQLI sink
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
- UNLESS_CASE_SENSITIVE_ROUTE_MATCHING express_unless_case_sensitive_route_matching
- URL_MANIPULATION none
- VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
- WEAK_URL_SANITIZATION hostname_regular_expression
- WEAK_URL_SANITIZATION regular_expression_anchor
- WEAK_URL_SANITIZATION url_substring
- XSS none
|
- CONFIG.DYNAMIC_DATA_HTML_COMMENT none
- CSRF database_update
- CSRF filesystem_modification
- CSRF none
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HEADER_INJECTION none
- LDAP_INJECTION none
- LDAP_NOT_CONSTANT none
- MISSING_AUTHZ none
- OPEN_REDIRECT none
- OS_CMD_INJECTION command_argument
- OS_CMD_INJECTION executable_file
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
- XML_EXTERNAL_ENTITY unrestricted_dtds
- XML_INJECTION none
- XPATH_INJECTION none
- XSS none
- XSS stored_xss
|
| 810 OWASP Top Ten 2010 Category A1 - Injection |
- HEADER_INJECTION none
- LDAP_INJECTION none
- LDAP_NOT_CONSTANT none
- OS_CMD_INJECTION command_argument
- OS_CMD_INJECTION executable_file
- OS_CMD_INJECTION none
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
- XML_INJECTION none
- XPATH_INJECTION none
|
- HEADER_INJECTION none
- OS_CMD_INJECTION none
- SQLI none
- XPATH_INJECTION none
|
- HEADER_INJECTION none
- OS_CMD_INJECTION none
- SQLI none
- XPATH_INJECTION none
|
- HEADER_INJECTION none
- OS_CMD_INJECTION command_as_one_string
- OS_CMD_INJECTION none
- SQLI none
- SQLI nosink
- SQLI sink
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
|
- CONFIG.MYBATIS_MAPPER_SQLI none
- FB.SQL_NONCONSTANT_STRING_PASSED_TO_EXECUTE none
- FB.SQL_PREPARED_STATEMENT_GENERATED_FROM_NONCONSTANT_STRING none
- HEADER_INJECTION none
- JSP_SQL_INJECTION none
- LDAP_INJECTION none
- LDAP_NOT_CONSTANT none
- MISSING_HEADER_VALIDATION missing_header_validation
- OS_CMD_INJECTION command_as_array_of_args
- OS_CMD_INJECTION command_as_one_string
- OS_CMD_INJECTION none
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
- XML_INJECTION none
- XPATH_INJECTION none
|
- HEADER_INJECTION none
- OS_CMD_INJECTION none
- SQLI none
- SQLI nosink
- SQLI sink
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
|
- HEADER_INJECTION none
- OS_CMD_INJECTION command_as_array_of_args
- OS_CMD_INJECTION command_as_one_string
- SQLI none
- SQLI nosink
- SQLI sink
|
- HEADER_INJECTION none
- OS_CMD_INJECTION none
- SQLI none
- XPATH_INJECTION none
|
- HEADER_INJECTION none
- OS_CMD_INJECTION none
- SQLI none
- SQLI nosink
- SQLI sink
|
- OS_CMD_INJECTION none
- SQLI none
- SQLI nosink
- SQLI sink
|
- DYNAMIC_OBJECT_ATTRIBUTES cve_2013_0276_hi
- OS_CMD_INJECTION command_injection_hi
- OS_CMD_INJECTION command_injection_med
- RUBY_VULNERABLE_LIBRARY cve_2010_3933_hi
- RUBY_VULNERABLE_LIBRARY cve_2011_2930_med
- RUBY_VULNERABLE_LIBRARY cve_2012_2660_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_2661_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_2695_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_5664_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_0155_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_6417_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_0080_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_3482_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_3483_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_low
- RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_med
- RUBY_VULNERABLE_LIBRARY cve_2014_3514_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7577_med
- RUBY_VULNERABLE_LIBRARY cve_2016_6317_hi
- SQLI sql_injection_calculate_hi
- SQLI sql_injection_calculate_low
- SQLI sql_injection_calculate_med
- SQLI sql_injection_connection_hi
- SQLI sql_injection_connection_low
- SQLI sql_injection_connection_med
- SQLI sql_injection_delete_hi
- SQLI sql_injection_delete_low
- SQLI sql_injection_delete_med
- SQLI sql_injection_dynamic_finder_med
- SQLI sql_injection_exists_hi
- SQLI sql_injection_find_by_hi
- SQLI sql_injection_find_hi
- SQLI sql_injection_find_low
- SQLI sql_injection_find_med
- SQLI sql_injection_from_hi
- SQLI sql_injection_from_low
- SQLI sql_injection_from_med
- SQLI sql_injection_group_low
- SQLI sql_injection_group_med
- SQLI sql_injection_having_low
- SQLI sql_injection_having_med
- SQLI sql_injection_hi
- SQLI sql_injection_interp_hi
- SQLI sql_injection_interp_low
- SQLI sql_injection_interp_med
- SQLI sql_injection_joins_hi
- SQLI sql_injection_joins_low
- SQLI sql_injection_joins_med
- SQLI sql_injection_limit_offset_hi
- SQLI sql_injection_limit_offset_low
- SQLI sql_injection_low
- SQLI sql_injection_med
- SQLI sql_injection_not_low
- SQLI sql_injection_order_hi
- SQLI sql_injection_order_low
- SQLI sql_injection_order_med
- SQLI sql_injection_pluck_hi
- SQLI sql_injection_pluck_low
- SQLI sql_injection_pluck_med
- SQLI sql_injection_reorder_hi
- SQLI sql_injection_reorder_low
- SQLI sql_injection_reorder_med
- SQLI sql_injection_select_hi
- SQLI sql_injection_select_med
- SQLI sql_injection_where_hi
- SQLI sql_injection_where_low
- SQLI sql_injection_where_med
|
|
- SQLI none
- SQLI nosink
- SQLI sink
- XPATH_INJECTION none
|
- HEADER_INJECTION none
- OS_CMD_INJECTION none
- SQLI none
- SQLI nosink
- SQLI sink
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
|
- HEADER_INJECTION none
- LDAP_INJECTION none
- LDAP_NOT_CONSTANT none
- OS_CMD_INJECTION command_argument
- OS_CMD_INJECTION executable_file
- OS_CMD_INJECTION none
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
- XML_INJECTION none
- XPATH_INJECTION none
|
| 811 OWASP Top Ten 2010 Category A2 - Cross-Site Scripting (XSS) |
|
|
|
|
- CONFIG.SPRING_SECURITY_DEPRECATED_XSS_HEADER deprecated_xss_header
- FB.XSS_REQUEST_PARAMETER_TO_JSP_WRITER none
- FB.XSS_REQUEST_PARAMETER_TO_SEND_ERROR none
- FB.XSS_REQUEST_PARAMETER_TO_SERVLET_WRITER none
- XSS none
- XSS stored_xss
|
- ANGULAR_BYPASS_SECURITY none
- ANGULAR_ELEMENT_REFERENCE none
- ANGULAR_SCE_DISABLED angular_sce_disabled
- DOM_XSS none
- REACT_DANGEROUS_INNERHTML react_set_unsafe_html
- VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
- XSS none
|
|
|
|
|
- RUBY_VULNERABLE_LIBRARY cve_2011_2931_hi
- RUBY_VULNERABLE_LIBRARY cve_2011_2932_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_3463_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_3465_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_1855_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_1857_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_4491_med
- RUBY_VULNERABLE_LIBRARY cve_2013_6416_call_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_6416_med
- RUBY_VULNERABLE_LIBRARY cve_2014_0081_call_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_0081_med
- RUBY_VULNERABLE_LIBRARY cve_2015_3226_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_3226_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7578_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_7578_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7579_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_7579_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7580_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_7580_med
- RUBY_VULNERABLE_LIBRARY cve_2018_3741_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_3741_med
- RUBY_VULNERABLE_LIBRARY cve_2018_8048_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_8048_med
- RUBY_VULNERABLE_LIBRARY safe_buffer_vuln_med
- RUBY_VULNERABLE_LIBRARY select_options_vuln_low
- RUBY_VULNERABLE_LIBRARY select_options_vuln_med
- RUBY_VULNERABLE_LIBRARY translate_vuln_hi
- RUBY_VULNERABLE_LIBRARY translate_vuln_med
- UNESCAPED_HTML unescaped_output_low
- XSS cross_site_scripting_hi
- XSS cross_site_scripting_inline_hi
- XSS cross_site_scripting_inline_med
- XSS cross_site_scripting_low
- XSS cross_site_scripting_med
- XSS cve_2011_0446_hi
- XSS cve_2012_3464_med
- XSS cve_2016_6316_hi
- XSS cve_2016_6316_med
- XSS unquoted_attribute_hi
- XSS unquoted_attribute_low
- XSS unquoted_attribute_med
- XSS xss_content_tag_hi
- XSS xss_content_tag_med
- XSS xss_link_to_hi
- XSS xss_link_to_href_hi
- XSS xss_link_to_href_low
- XSS xss_link_to_med
- XSS xss_to_json_hi
- XSS xss_to_json_med
|
|
|
- ANGULAR_BYPASS_SECURITY none
- ANGULAR_ELEMENT_REFERENCE none
- ANGULAR_SCE_DISABLED angular_sce_disabled
- DOM_XSS none
- REACT_DANGEROUS_INNERHTML react_set_unsafe_html
- VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
- XSS none
|
|
| 812 OWASP Top Ten 2010 Category A3 - Broken Authentication and Session Management |
- CONFIG.CONNECTION_STRING_PASSWORD none
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- MISSING_AUTHZ none
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
|
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- WEAK_GUARD dns
- WEAK_GUARD dns_sensitive_op
- WEAK_GUARD http_referer
- WEAK_GUARD http_referer_sensitive_op
- WEAK_GUARD ip_address
- WEAK_GUARD ip_address_sensitive_op
- WEAK_GUARD none
- WEAK_GUARD os_login
- WEAK_GUARD os_login_sensitive_op
- WEAK_GUARD principal_name
- WEAK_GUARD principal_name_sensitive_op
|
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- WEAK_GUARD dns
- WEAK_GUARD dns_sensitive_op
- WEAK_GUARD http_referer
- WEAK_GUARD http_referer_sensitive_op
- WEAK_GUARD ip_address
- WEAK_GUARD ip_address_sensitive_op
- WEAK_GUARD none
- WEAK_GUARD os_login
- WEAK_GUARD os_login_sensitive_op
- WEAK_GUARD principal_name
- WEAK_GUARD principal_name_sensitive_op
|
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_transmission
|
- CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
- CONFIG.MISSING_JSF2_SECURITY_CONSTRAINT none
- CONFIG.SPRING_BOOT_SSL_DISABLED spring_boot_certificate_validation_skipped
- CONFIG.SPRING_SECURITY_HARDCODED_CREDENTIALS none
- CONFIG.SPRING_SECURITY_REMEMBER_ME_HARDCODED_KEY none
- CONFIG.SPRING_SECURITY_SESSION_FIXATION none
- CONFIG.SPRING_SECURITY_SESSION_FIXATION spring_security_source_code
- CONFIG.SPRING_SECURITY_WEAK_PASSWORD_HASH weak_encoding_for_password
- CORS_MISCONFIGURATION cors_with_credentials_null_origin
- CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
- CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
- FB.DMI_CONSTANT_DB_PASSWORD none
- FB.DMI_EMPTY_DB_PASSWORD none
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- INSECURE_COMMUNICATION none
- MISSING_AUTHZ none
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_transmission
- SESSION_FIXATION none
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- WEAK_GUARD dns
- WEAK_GUARD dns_sensitive_op
- WEAK_GUARD http_referer
- WEAK_GUARD http_referer_sensitive_op
- WEAK_GUARD ip_address
- WEAK_GUARD ip_address_sensitive_op
- WEAK_GUARD none
- WEAK_GUARD os_login
- WEAK_GUARD os_login_sensitive_op
- WEAK_GUARD principal_name
- WEAK_GUARD principal_name_sensitive_op
|
- AWS_SSL_DISABLED aws_ssl_disabled
- AWS_VALIDATION_DISABLED aws_credentials_validation
- AWS_VALIDATION_DISABLED aws_parameters_validation
- BAD_CERT_VERIFICATION bad_cert_verification
- BAD_CERT_VERIFICATION certificate_validation_disabled
- CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
- CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
- CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
- CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
- CORS_MISCONFIGURATION cors_with_credentials_all_origin
- CORS_MISCONFIGURATION cors_with_credentials_null_origin
- CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
- CORS_MISCONFIGURATION_AUDIT cors_headers_allowed
- CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_all_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_null_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_set_if
- INSECURE_COMMUNICATION insecure_connection
- MISSING_AUTHZ none
- MULTER_MISCONFIGURATION multer_applied_globally
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNLESS_CASE_SENSITIVE_ROUTE_MATCHING express_unless_case_sensitive_route_matching
- WEAK_URL_SANITIZATION hostname_regular_expression
- WEAK_URL_SANITIZATION regular_expression_anchor
- WEAK_URL_SANITIZATION url_substring
|
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- INSECURE_COMMUNICATION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
|
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- WEAK_GUARD dns
- WEAK_GUARD dns_sensitive_op
- WEAK_GUARD http_referer
- WEAK_GUARD http_referer_sensitive_op
- WEAK_GUARD ip_address
- WEAK_GUARD ip_address_sensitive_op
- WEAK_GUARD none
- WEAK_GUARD os_login
- WEAK_GUARD os_login_sensitive_op
- WEAK_GUARD principal_name
- WEAK_GUARD principal_name_sensitive_op
|
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- MISSING_AUTHZ none
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_transmission
|
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- MISSING_AUTHZ none
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_transmission
|
- HARDCODED_CREDENTIALS secret_in_source_med
- RAILS_DEVISE_CONFIG devise_lock_strategy_low
- RAILS_DEVISE_CONFIG devise_password_length_max_low
- RAILS_DEVISE_CONFIG devise_password_length_max_med
- RAILS_DEVISE_CONFIG devise_password_length_min_low
- RAILS_DEVISE_CONFIG devise_password_length_min_med
- RAILS_DEVISE_CONFIG devise_reset_timeout_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_7576_hi
- STRICT_TRANSPORT_SECURITY force_ssl_disabled_med
- UNSAFE_BASIC_AUTH basic_auth_password_hi
- UNSAFE_BASIC_AUTH basic_auth_timing_attack_low
- UNSAFE_BASIC_AUTH basic_auth_usage_low
- UNSAFE_SESSION_SETTING session_secret_hi
|
|
- CONFIG.ATS_INSECURE none
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- INSECURE_COMMUNICATION none
- INSECURE_MULTIPEER_CONNECTION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- WEAK_BIOMETRIC_AUTH none
|
- AWS_SSL_DISABLED aws_ssl_disabled
- AWS_VALIDATION_DISABLED aws_credentials_validation
- AWS_VALIDATION_DISABLED aws_parameters_validation
- BAD_CERT_VERIFICATION bad_cert_verification
- BAD_CERT_VERIFICATION certificate_validation_disabled
- CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
- CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
- CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
- CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
- CORS_MISCONFIGURATION cors_with_credentials_all_origin
- CORS_MISCONFIGURATION cors_with_credentials_null_origin
- CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
- CORS_MISCONFIGURATION_AUDIT cors_headers_allowed
- CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_all_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_null_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_set_if
- INSECURE_COMMUNICATION insecure_connection
- MISSING_AUTHZ none
- MULTER_MISCONFIGURATION multer_applied_globally
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNLESS_CASE_SENSITIVE_ROUTE_MATCHING express_unless_case_sensitive_route_matching
- WEAK_URL_SANITIZATION hostname_regular_expression
- WEAK_URL_SANITIZATION regular_expression_anchor
- WEAK_URL_SANITIZATION url_substring
|
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- MISSING_AUTHZ none
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_transmission
|
| 813 OWASP Top Ten 2010 Category A4 - Insecure Direct Object References |
- CONFIG.DEAD_AUTHORIZATION_RULE dead_allow_rule
- CONFIG.DEAD_AUTHORIZATION_RULE dead_deny_rule
- PATH_MANIPULATION none
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
- XML_EXTERNAL_ENTITY unrestricted_dtds
|
- PATH_MANIPULATION none
- SQLI none
- URL_MANIPULATION none
|
- PATH_MANIPULATION none
- SQLI none
- URL_MANIPULATION none
|
- PATH_MANIPULATION none
- SQLI none
- SQLI nosink
- SQLI sink
- URL_MANIPULATION none
|
- CONFIG.DWR_DEBUG_MODE none
- CONFIG.JAVAEE_MISSING_SERVLET_MAPPING javaee
- CONFIG.MISSING_JSF2_SECURITY_CONSTRAINT none
- CONFIG.MYBATIS_MAPPER_SQLI none
- CONFIG.SPRING_SECURITY_DISABLE_AUTH_TAGS none
- CONFIG.STRUTS2_CONFIG_BROWSER_PLUGIN none
- CONFIG.STRUTS2_DYNAMIC_METHOD_INVOCATION none
- CONFIG.STRUTS2_ENABLED_DEV_MODE none
- FB.PT_ABSOLUTE_PATH_TRAVERSAL none
- FB.PT_RELATIVE_PATH_TRAVERSAL none
- JAVA_CODE_INJECTION none
- JSP_DYNAMIC_INCLUDE none
- JSP_SQL_INJECTION none
- PATH_MANIPULATION none
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
- URL_MANIPULATION bad_content_uri
- URL_MANIPULATION bad_intent_uri
- URL_MANIPULATION bad_web_uri
- XML_EXTERNAL_ENTITY unrestricted_dtds
|
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
- LOCALSTORAGE_MANIPULATION none
- MISSING_IFRAME_SANDBOX none
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
- PATH_MANIPULATION none
- SESSIONSTORAGE_MANIPULATION none
- SQLI none
- SQLI nosink
- SQLI sink
- URL_MANIPULATION none
|
- PATH_MANIPULATION none
- SQLI none
- SQLI nosink
- SQLI sink
- URL_MANIPULATION bad_content_uri
- URL_MANIPULATION bad_intent_uri
- URL_MANIPULATION bad_web_uri
- XML_EXTERNAL_ENTITY unrestricted_dtds
|
- PATH_MANIPULATION none
- SQLI none
- URL_MANIPULATION none
|
- PATH_MANIPULATION none
- SQLI none
- SQLI nosink
- SQLI sink
|
- PATH_MANIPULATION none
- SQLI none
- SQLI nosink
- SQLI sink
|
- INSECURE_DIRECT_OBJECT_REFERENCE unscoped_find_low
- PATH_MANIPULATION dynamic_render_path_hi
- PATH_MANIPULATION dynamic_render_path_low
- PATH_MANIPULATION dynamic_render_path_med
- PATH_MANIPULATION dynamic_render_path_rce_hi
- PATH_MANIPULATION file_access_hi
- PATH_MANIPULATION file_access_low
- PATH_MANIPULATION file_access_med
- RAILS_DEFAULT_ROUTES all_default_routes_hi
- RAILS_DEFAULT_ROUTES controller_default_routes_med
- RAILS_MISSING_FILTER_ACTION missing_action_filter_low
- RUBY_VULNERABLE_LIBRARY cve_2011_2929_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_3760_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_3760_low
|
|
- CUSTOM_KEYBOARD_DATA_LEAK none
- PATH_MANIPULATION none
- SQLI none
- SQLI nosink
- SQLI sink
|
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
- LOCALSTORAGE_MANIPULATION none
- MISSING_IFRAME_SANDBOX none
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
- PATH_MANIPULATION none
- SESSIONSTORAGE_MANIPULATION none
- SQLI none
- SQLI nosink
- SQLI sink
- URL_MANIPULATION none
|
- PATH_MANIPULATION none
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
- XML_EXTERNAL_ENTITY unrestricted_dtds
|
| 814 OWASP Top Ten 2010 Category A5 - Cross-Site Request Forgery(CSRF) |
- CSRF database_update
- CSRF filesystem_modification
- CSRF none
|
|
|
|
- CONFIG.SPRING_SECURITY_CSRF_PROTECTION_DISABLED spring_security
- CSRF database_update
- CSRF filesystem_modification
- CSRF none
|
- CONFIG.CSURF_IGNORE_METHODS csurf_ignore_methods
- CONFIG.HANA_XS_PREVENT_XSRF_DISABLED none
- CSRF database_update
- CSRF filesystem_modification
- CSRF none
- CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_cookie_name
- CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_no_validation
- CSRF_MISCONFIGURATION_HAPI_CRUMB insecure_cookie
- CSRF_MISCONFIGURATION_HAPI_CRUMB insufficient_token_entropy
|
|
|
- CONFIG.SYMFONY_CSRF_PROTECTION_DISABLED none
|
- CSRF database_update
- CSRF none
|
- CSRF csrf_not_protected_by_raising_exception_med
- CSRF csrf_protection_disabled_hi
- CSRF csrf_protection_missing_hi
- CSRF cve_2011_0447_hi
|
|
|
- CONFIG.CSURF_IGNORE_METHODS csurf_ignore_methods
- CONFIG.HANA_XS_PREVENT_XSRF_DISABLED none
- CSRF database_update
- CSRF filesystem_modification
- CSRF none
- CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_cookie_name
- CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_no_validation
- CSRF_MISCONFIGURATION_HAPI_CRUMB insecure_cookie
- CSRF_MISCONFIGURATION_HAPI_CRUMB insufficient_token_entropy
|
- CSRF database_update
- CSRF filesystem_modification
- CSRF none
|
| 815 OWASP Top Ten 2010 Category A6 - Security Misconfiguration |
- CONFIG.DYNAMIC_DATA_HTML_COMMENT none
- INSECURE_COOKIE dotnet
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
|
- AUTOSAR C++14 A15-3-3 none
- MISRA C++-2008 Rule 15-3-2 none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- UNCAUGHT_EXCEPT none
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
|
- AUTOSAR C++14 A15-3-3 none
- MISRA C++-2008 Rule 15-3-2 none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- UNCAUGHT_EXCEPT none
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
|
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
|
- CONFIG.ANDROID_BACKUPS_ALLOWED android
- CONFIG.DYNAMIC_DATA_HTML_COMMENT none
- CONFIG.SPRING_BOOT_SENSITIVE_LOGGING spring_boot_logging
- EXPOSED_PREFERENCES none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_access
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_read
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_write
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_access
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_read
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_write
- VERBOSE_ERROR_REPORTING exception_information
- VERBOSE_ERROR_REPORTING stack_trace
|
- CONFIG.SEQUELIZE_ENABLED_LOGGING sequelize_logging_enabled
- EXPRESS_WINSTON_SENSITIVE_LOGGING error_logger
- EXPRESS_WINSTON_SENSITIVE_LOGGING meta_data
- EXPRESS_WINSTON_SENSITIVE_LOGGING request_logger
- INSECURE_ACL insecure_acl
- INSECURE_COOKIE client_sessions_express_session
- INSECURE_COOKIE hapi_server_session
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
|
- CONFIG.ANDROID_BACKUPS_ALLOWED android
- EXPOSED_PREFERENCES none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_access
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_read
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_write
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_access
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_read
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_write
|
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- UNCAUGHT_EXCEPT none
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
|
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
|
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
|
- INSECURE_COOKIE missing_httponly_low
- SENSITIVE_DATA_LEAK detailed_exceptions_hi
- SENSITIVE_DATA_LEAK detailed_exceptions_med
- UNSAFE_SESSION_SETTING http_cookies_hi
|
|
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
|
- CONFIG.SEQUELIZE_ENABLED_LOGGING sequelize_logging_enabled
- EXPRESS_WINSTON_SENSITIVE_LOGGING error_logger
- EXPRESS_WINSTON_SENSITIVE_LOGGING meta_data
- EXPRESS_WINSTON_SENSITIVE_LOGGING request_logger
- INSECURE_ACL insecure_acl
- INSECURE_COOKIE client_sessions_express_session
- INSECURE_COOKIE hapi_server_session
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
|
- CONFIG.DYNAMIC_DATA_HTML_COMMENT none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
|
| 816 OWASP Top Ten 2010 Category A7 - Insecure Cryptographic Storage |
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- INSECURE_COOKIE dotnet
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
|
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
|
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
|
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
|
- CONFIG.SPRING_BOOT_SSL_DISABLED spring_boot_ssl_disabled
- CONFIG.SPRING_SECURITY_LOGIN_OVER_HTTP spring_security_login_over_http
- CONFIG.SPRING_SECURITY_WEAK_PASSWORD_HASH weak_encoding_for_password
- DISABLED_ENCRYPTION text_encryptor
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- INSECURE_COMMUNICATION insecure_communication
- INSECURE_COMMUNICATION none
- INSECURE_COMMUNICATION unencrypted_connection
- INSECURE_COOKIE java
- INSECURE_REMEMBER_ME_COOKIE remember_me_cookie
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
|
- AWS_SSL_DISABLED aws_ssl_disabled
- CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
- INSECURE_COMMUNICATION insecure_connection
- INSECURE_COOKIE client_sessions_express_session
- INSECURE_COOKIE hapi_server_session
- INSECURE_SALT hardcoded
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO insecure_cipher
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SA.RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
|
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- INSECURE_COMMUNICATION none
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
|
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
|
- HARDCODED_CREDENTIALS secret_in_source_med
- INSECURE_COOKIE cookie_missing_secure_flag_low
- RAILS_DEVISE_CONFIG devise_encryptor_hi
- STRICT_TRANSPORT_SECURITY force_ssl_disabled_med
- UNSAFE_SESSION_SETTING secure_cookies_hi
- WEAK_PASSWORD_HASH weak_hash_digest_hi
- WEAK_PASSWORD_HASH weak_hash_digest_med
- WEAK_PASSWORD_HASH weak_hash_hmac_med
|
|
- CONFIG.ATS_INSECURE none
- INSECURE_COMMUNICATION none
- INSECURE_MULTIPEER_CONNECTION none
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
|
- AWS_SSL_DISABLED aws_ssl_disabled
- CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
- INSECURE_COMMUNICATION insecure_connection
- INSECURE_COOKIE client_sessions_express_session
- INSECURE_COOKIE hapi_server_session
- INSECURE_SALT hardcoded
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO insecure_cipher
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SA.RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
|
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
|
| 817 OWASP Top Ten 2010 Category A8 - Failure to Restrict URL Access |
- CONFIG.DEAD_AUTHORIZATION_RULE dead_allow_rule
- CONFIG.DEAD_AUTHORIZATION_RULE dead_deny_rule
- INSECURE_COOKIE dotnet
- MISSING_AUTHZ none
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
|
|
|
- SQLI none
- SQLI nosink
- SQLI sink
|
- ANDROID_CAPABILITY_LEAK none
- CONFIG.DWR_DEBUG_MODE none
- CONFIG.JAVAEE_MISSING_SERVLET_MAPPING javaee
- CONFIG.MISSING_JSF2_SECURITY_CONSTRAINT none
- CONFIG.MYBATIS_MAPPER_SQLI none
- CONFIG.SPRING_BOOT_SSL_DISABLED spring_boot_certificate_validation_skipped
- CONFIG.SPRING_SECURITY_DISABLE_AUTH_TAGS none
- CONFIG.STRUTS2_CONFIG_BROWSER_PLUGIN none
- CONFIG.STRUTS2_DYNAMIC_METHOD_INVOCATION none
- CONFIG.STRUTS2_ENABLED_DEV_MODE none
- CORS_MISCONFIGURATION cors_with_credentials_null_origin
- CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
- CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
- IMPLICIT_INTENT none
- JSP_SQL_INJECTION none
- MISSING_AUTHZ none
- MISSING_PERMISSION_FOR_BROADCAST none
- MISSING_PERMISSION_ON_EXPORTED_COMPONENT none
- SENSITIVE_DATA_LEAK cleartext_storage_in_intent
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
|
- AWS_VALIDATION_DISABLED aws_credentials_validation
- AWS_VALIDATION_DISABLED aws_parameters_validation
- BAD_CERT_VERIFICATION bad_cert_verification
- BAD_CERT_VERIFICATION certificate_validation_disabled
- CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
- CORS_MISCONFIGURATION cors_with_credentials_all_origin
- CORS_MISCONFIGURATION cors_with_credentials_null_origin
- CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
- CORS_MISCONFIGURATION_AUDIT cors_headers_allowed
- CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_all_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_null_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_set_if
- INSECURE_ACL insecure_acl
- INSECURE_COOKIE client_sessions_express_session
- INSECURE_COOKIE hapi_server_session
- MISSING_AUTHZ none
- SQLI none
- SQLI nosink
- SQLI sink
|
- ANDROID_CAPABILITY_LEAK none
- IMPLICIT_INTENT none
- MISSING_PERMISSION_FOR_BROADCAST none
- SENSITIVE_DATA_LEAK cleartext_storage_in_intent
- SQLI none
- SQLI nosink
- SQLI sink
|
|
- MISSING_AUTHZ none
- SQLI none
- SQLI nosink
- SQLI sink
|
- MISSING_AUTHZ none
- SQLI none
- SQLI nosink
- SQLI sink
|
- INSECURE_COOKIE missing_httponly_low
- INSECURE_DIRECT_OBJECT_REFERENCE unscoped_find_low
- RAILS_DEFAULT_ROUTES all_default_routes_hi
- RAILS_DEFAULT_ROUTES controller_default_routes_med
- RAILS_MISSING_FILTER_ACTION missing_action_filter_low
- UNSAFE_SESSION_SETTING http_cookies_hi
|
|
- SQLI none
- SQLI nosink
- SQLI sink
|
- AWS_VALIDATION_DISABLED aws_credentials_validation
- AWS_VALIDATION_DISABLED aws_parameters_validation
- BAD_CERT_VERIFICATION bad_cert_verification
- BAD_CERT_VERIFICATION certificate_validation_disabled
- CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
- CORS_MISCONFIGURATION cors_with_credentials_all_origin
- CORS_MISCONFIGURATION cors_with_credentials_null_origin
- CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
- CORS_MISCONFIGURATION_AUDIT cors_headers_allowed
- CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_all_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_null_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_set_if
- INSECURE_ACL insecure_acl
- INSECURE_COOKIE client_sessions_express_session
- INSECURE_COOKIE hapi_server_session
- MISSING_AUTHZ none
- SQLI none
- SQLI nosink
- SQLI sink
|
- MISSING_AUTHZ none
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
|
| 818 OWASP Top Ten 2010 Category A9 - Insufficient Transport Layer Protection |
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- INSECURE_COOKIE dotnet
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
|
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
|
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
|
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
|
- CONFIG.SPRING_BOOT_SSL_DISABLED spring_boot_ssl_disabled
- CONFIG.SPRING_SECURITY_LOGIN_OVER_HTTP spring_security_login_over_http
- DISABLED_ENCRYPTION text_encryptor
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- INSECURE_COMMUNICATION insecure_communication
- INSECURE_COMMUNICATION none
- INSECURE_COMMUNICATION unencrypted_connection
- INSECURE_COOKIE java
- INSECURE_REMEMBER_ME_COOKIE remember_me_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
|
- AWS_SSL_DISABLED aws_ssl_disabled
- CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
- INSECURE_COMMUNICATION insecure_connection
- INSECURE_COOKIE client_sessions_express_session
- INSECURE_COOKIE hapi_server_session
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
|
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- INSECURE_COMMUNICATION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
|
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
|
- HARDCODED_CREDENTIALS secret_in_source_med
- INSECURE_COOKIE cookie_missing_secure_flag_low
- STRICT_TRANSPORT_SECURITY force_ssl_disabled_med
- UNSAFE_SESSION_SETTING secure_cookies_hi
|
|
- CONFIG.ATS_INSECURE none
- INSECURE_COMMUNICATION none
- INSECURE_MULTIPEER_CONNECTION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
|
- AWS_SSL_DISABLED aws_ssl_disabled
- CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
- INSECURE_COMMUNICATION insecure_connection
- INSECURE_COOKIE client_sessions_express_session
- INSECURE_COOKIE hapi_server_session
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
|
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
|
| 819 OWASP Top Ten 2010 Category A10 - Unvalidated Redirects and Forwards |
|
|
|
|
|
- OPEN_REDIRECT none
- REVERSE_TABNABBING react_target_blank
|
|
|
|
|
- OPEN_REDIRECT open_redirect_hi
- OPEN_REDIRECT open_redirect_low
- REVERSE_TABNABBING reverse_tabnabbing_low
|
|
|
- OPEN_REDIRECT none
- REVERSE_TABNABBING react_target_blank
|
|
| 820 Missing Synchronization |
- BAD_LOCK_OBJECT boxed_lock
- BAD_LOCK_OBJECT interned_string_lock
- BAD_LOCK_OBJECT none
- BAD_LOCK_OBJECT single_thread_lock
- BAD_LOCK_OBJECT unsafe_assign_to_locked_field
- GUARDED_BY_VIOLATION none
- LOCK_EVASION none
- NON_STATIC_GUARDING_STATIC none
|
|
|
- GUARDED_BY_VIOLATION none
|
- BAD_LOCK_OBJECT boxed_lock
- BAD_LOCK_OBJECT interned_string_lock
- BAD_LOCK_OBJECT none
- BAD_LOCK_OBJECT single_thread_lock
- BAD_LOCK_OBJECT unsafe_assign_to_locked_field
- FB.LI_LAZY_INIT_STATIC none
- FB.LI_LAZY_INIT_UPDATE_STATIC none
- GUARDED_BY_VIOLATION none
- GUARDED_BY_VIOLATION unlocked_read
- GUARDED_BY_VIOLATION unlocked_write
- LOCK_EVASION none
- NON_STATIC_GUARDING_STATIC none
- SERVLET_ATOMICITY attribute_init_race
- SERVLET_ATOMICITY none
- SERVLET_ATOMICITY violation_on_session_object
- SINGLETON_RACE none
|
|
|
|
|
|
|
|
|
|
|
| 821 Incorrect Synchronization |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 822 Untrusted Pointer Dereference |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 823 Use of Out-of-range Pointer Offset |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 824 Access of Uninitialized Pointer |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 825 Expired Pointer Dereference |
|
- COM.BAD_FREE none
- COM.BSTR.ALLOC double_free
- COM.BSTR.ALLOC free_uninit
- COM.BSTR.ALLOC none
- COM.BSTR.ALLOC use_after_free
- COM.BSTR.ALLOC use_uninit
- MISSING_ASSIGN none
- MISSING_ASSIGN uncalled
- MISSING_COPY none
- MISSING_COPY uncalled
- USE_AFTER_FREE deref_read_after_free
- USE_AFTER_FREE deref_write_after_free
- USE_AFTER_FREE double_free
- USE_AFTER_FREE none
- WRAPPER_ESCAPE COM_deref_read_after_free
- WRAPPER_ESCAPE COM_deref_write_after_free
- WRAPPER_ESCAPE COM_use_after_free
- WRAPPER_ESCAPE deref_read_after_free
- WRAPPER_ESCAPE deref_write_after_free
- WRAPPER_ESCAPE none
|
- MISSING_ASSIGN none
- MISSING_ASSIGN uncalled
- MISSING_COPY none
- MISSING_COPY uncalled
- USE_AFTER_FREE deref_read_after_free
- USE_AFTER_FREE deref_write_after_free
- USE_AFTER_FREE double_free
- USE_AFTER_FREE none
- WRAPPER_ESCAPE COM_deref_read_after_free
- WRAPPER_ESCAPE COM_deref_write_after_free
- WRAPPER_ESCAPE COM_use_after_free
- WRAPPER_ESCAPE deref_read_after_free
- WRAPPER_ESCAPE deref_write_after_free
- WRAPPER_ESCAPE none
|
|
|
|
|
- MISSING_ASSIGN none
- MISSING_ASSIGN uncalled
- MISSING_COPY none
- MISSING_COPY uncalled
- USE_AFTER_FREE deref_read_after_free
- USE_AFTER_FREE deref_write_after_free
- USE_AFTER_FREE double_free
- USE_AFTER_FREE none
- WRAPPER_ESCAPE COM_deref_read_after_free
- WRAPPER_ESCAPE COM_deref_write_after_free
- WRAPPER_ESCAPE COM_use_after_free
- WRAPPER_ESCAPE deref_read_after_free
- WRAPPER_ESCAPE deref_write_after_free
- WRAPPER_ESCAPE none
|
|
|
|
|
|
|
|
| 826 Premature Release of Resource During Expected Lifetime |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 827 Improper Control of Document Type Definition |
- XML_EXTERNAL_ENTITY unrestricted_dtds
|
|
|
|
- XML_EXTERNAL_ENTITY unrestricted_dtds
|
|
- XML_EXTERNAL_ENTITY unrestricted_dtds
|
|
|
|
|
|
|
|
- XML_EXTERNAL_ENTITY unrestricted_dtds
|
| 828 Signal Handler with Functionality that is not Asynchronous-Safe |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 829 Inclusion of Functionality from Untrusted Control Sphere |
- XML_EXTERNAL_ENTITY unrestricted_dtds
|
|
|
|
- JAVA_CODE_INJECTION none
- XML_EXTERNAL_ENTITY unrestricted_dtds
|
- MISSING_IFRAME_SANDBOX none
|
- XML_EXTERNAL_ENTITY unrestricted_dtds
|
|
|
|
|
|
- CUSTOM_KEYBOARD_DATA_LEAK none
|
- MISSING_IFRAME_SANDBOX none
|
- XML_EXTERNAL_ENTITY unrestricted_dtds
|
| 830 Inclusion of Web Functionality from an Untrusted Source |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 831 Signal Handler Function Associated with Multiple Signals |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 832 Unlock of a Resource that is not Locked |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 833 Deadlock |
|
|
|
|
- DC.DEADLOCK none
- LOCK_INVERSION none
|
|
|
|
|
|
|
|
|
|
|
| 834 Excessive Iteration |
- INFINITE_LOOP no_escape
- INFINITE_LOOP none
- XML_EXTERNAL_ENTITY entity_expansion
- XML_EXTERNAL_ENTITY unrestricted_dtds
|
- INFINITE_LOOP no_escape
- INFINITE_LOOP none
|
- INFINITE_LOOP no_escape
- INFINITE_LOOP none
|
- INFINITE_LOOP no_escape
- INFINITE_LOOP none
- XML_EXTERNAL_ENTITY entity_expansion
|
- FB.IL_INFINITE_RECURSIVE_LOOP none
- INFINITE_LOOP no_escape
- INFINITE_LOOP none
- XML_EXTERNAL_ENTITY entity_expansion
- XML_EXTERNAL_ENTITY unrestricted_dtds
|
- XML_EXTERNAL_ENTITY entity_expansion
|
- XML_EXTERNAL_ENTITY entity_expansion
- XML_EXTERNAL_ENTITY unrestricted_dtds
|
- INFINITE_LOOP no_escape
- INFINITE_LOOP none
|
|
|
|
|
|
- XML_EXTERNAL_ENTITY entity_expansion
|
- INFINITE_LOOP no_escape
- INFINITE_LOOP none
- XML_EXTERNAL_ENTITY entity_expansion
- XML_EXTERNAL_ENTITY unrestricted_dtds
|
| 835 Loop with Unreachable Exit Condition ('Infinite Loop') |
- INFINITE_LOOP no_escape
- INFINITE_LOOP none
|
- INFINITE_LOOP no_escape
- INFINITE_LOOP none
|
- INFINITE_LOOP no_escape
- INFINITE_LOOP none
|
- INFINITE_LOOP no_escape
- INFINITE_LOOP none
|
- INFINITE_LOOP no_escape
- INFINITE_LOOP none
|
|
|
- INFINITE_LOOP no_escape
- INFINITE_LOOP none
|
|
|
|
|
|
|
- INFINITE_LOOP no_escape
- INFINITE_LOOP none
|
| 836 Use of Password Hash Instead of Password for Authentication |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 837 Improper Enforcement of a Single, Unique Action |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 838 Inappropriate Encoding for Output Context |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 839 Numeric Range Comparison Without Minimum Check |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 840 Business Logic Errors |
- ASPNET_MVC_VERSION_HEADER none
- CONFIG.ASPNET_VERSION_HEADER none
- CONFIG.COOKIES_MISSING_HTTPONLY none
- CONFIG.DEAD_AUTHORIZATION_RULE dead_allow_rule
- CONFIG.DEAD_AUTHORIZATION_RULE dead_deny_rule
- CONFIG.DYNAMIC_DATA_HTML_COMMENT none
- CONFIG.ENABLED_DEBUG_MODE none
- CONFIG.ENABLED_TRACE_MODE none
- INSECURE_COOKIE dotnet
- MISSING_AUTHZ none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
|
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK nested_memory_access
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK sensitive_data_comparison
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_execution_data_leak
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_uninitialized_use
- AUTOSAR C++14 A15-3-3 none
- BAD_COMPARE comparator_misuse
- CHECKED_RETURN library_function
- CHECKED_RETURN none
- CHECKED_RETURN returns_error_info
- CHECKED_RETURN short_read
- CHECKED_RETURN unchecked_arg
- CHECKED_RETURN user_required
- COM.BAD_FREE none
- COM.BSTR.ALLOC double_free
- COM.BSTR.ALLOC free_uninit
- COM.BSTR.ALLOC none
- COM.BSTR.ALLOC use_after_free
- COM.BSTR.ALLOC use_uninit
- MISRA C++-2008 Rule 15-3-2 none
- MISSING_ASSIGN none
- MISSING_ASSIGN uncalled
- MISSING_COPY none
- MISSING_COPY uncalled
- NEGATIVE_RETURNS none
- PW.RETURN_PTR_TO_LOCAL_TEMP none
- RETURN_LOCAL escape_local_addr_to_fields_or_globals
- RETURN_LOCAL none
- REVERSE_NEGATIVE none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- TAINTED_SCALAR allocation
- UNCAUGHT_EXCEPT none
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- USE_AFTER_FREE deref_read_after_free
- USE_AFTER_FREE deref_write_after_free
- USE_AFTER_FREE double_close
- USE_AFTER_FREE double_free
- USE_AFTER_FREE none
- USE_AFTER_FREE use_after_close
- WRAPPER_ESCAPE COM_deref_read_after_free
- WRAPPER_ESCAPE COM_deref_write_after_free
- WRAPPER_ESCAPE COM_use_after_free
- WRAPPER_ESCAPE deref_read_after_free
- WRAPPER_ESCAPE deref_write_after_free
- WRAPPER_ESCAPE none
|
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK nested_memory_access
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK sensitive_data_comparison
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_execution_data_leak
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_uninitialized_use
- AUTOSAR C++14 A15-3-3 none
- BAD_COMPARE comparator_misuse
- CHECKED_RETURN library_function
- CHECKED_RETURN none
- CHECKED_RETURN returns_error_info
- CHECKED_RETURN short_read
- CHECKED_RETURN unchecked_arg
- CHECKED_RETURN user_required
- MISRA C++-2008 Rule 15-3-2 none
- MISSING_ASSIGN none
- MISSING_ASSIGN uncalled
- MISSING_COPY none
- MISSING_COPY uncalled
- NEGATIVE_RETURNS none
- PW.RETURN_PTR_TO_LOCAL_TEMP none
- RETURN_LOCAL escape_local_addr_to_fields_or_globals
- RETURN_LOCAL none
- REVERSE_NEGATIVE none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- TAINTED_SCALAR allocation
- UNCAUGHT_EXCEPT none
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- USE_AFTER_FREE deref_read_after_free
- USE_AFTER_FREE deref_write_after_free
- USE_AFTER_FREE double_close
- USE_AFTER_FREE double_free
- USE_AFTER_FREE none
- USE_AFTER_FREE use_after_close
- WRAPPER_ESCAPE COM_deref_read_after_free
- WRAPPER_ESCAPE COM_deref_write_after_free
- WRAPPER_ESCAPE COM_use_after_free
- WRAPPER_ESCAPE deref_read_after_free
- WRAPPER_ESCAPE deref_write_after_free
- WRAPPER_ESCAPE none
|
- CHECKED_RETURN none
- CHECKED_RETURN unchecked_arg
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
|
- ANDROID_CAPABILITY_LEAK none
- ANDROID_DEBUG_MODE none
- CHECKED_RETURN library_function
- CHECKED_RETURN none
- CHECKED_RETURN short_read
- CHECKED_RETURN user_required
- CONFIG.ANDROID_BACKUPS_ALLOWED android
- CONFIG.DWR_DEBUG_MODE none
- CONFIG.DYNAMIC_DATA_HTML_COMMENT none
- CONFIG.JAVAEE_MISSING_HTTPONLY none
- CONFIG.JAVAEE_MISSING_SERVLET_MAPPING javaee
- CONFIG.MISSING_JSF2_SECURITY_CONSTRAINT none
- CONFIG.MYBATIS_MAPPER_SQLI none
- CONFIG.SPRING_BOOT_SENSITIVE_LOGGING spring_boot_logging
- CONFIG.SPRING_BOOT_SSL_DISABLED spring_boot_certificate_validation_skipped
- CONFIG.SPRING_BOOT_SSL_DISABLED spring_boot_ssl_disabled
- CONFIG.SPRING_SECURITY_DEBUG_MODE spring_debug_mode_enabled
- CONFIG.SPRING_SECURITY_DISABLE_AUTH_TAGS none
- CONFIG.SPRING_SECURITY_EXPOSED_SESSIONID session_id_in_url
- CONFIG.SPRING_SECURITY_LOGIN_OVER_HTTP spring_security_login_over_http
- CONFIG.SPRING_SECURITY_UNSAFE_AUTHENTICATION_FILTER authentication_filter
- CONFIG.STRUTS2_CONFIG_BROWSER_PLUGIN none
- CONFIG.STRUTS2_DYNAMIC_METHOD_INVOCATION none
- CONFIG.STRUTS2_ENABLED_DEV_MODE none
- CONFIG.UNSAFE_SESSION_TIMEOUT none
- CORS_MISCONFIGURATION cors_with_credentials_null_origin
- CORS_MISCONFIGURATION_AUDIT cors_expose_sensitive_header
- CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
- CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
- DISABLED_ENCRYPTION text_encryptor
- EXPOSED_PREFERENCES none
- FB.RV_RETURN_VALUE_IGNORED_BAD_PRACTICE none
- HIBERNATE_BAD_HASHCODE bad_equals
- IMPLICIT_INTENT none
- INSECURE_COMMUNICATION insecure_communication
- INSECURE_COMMUNICATION unencrypted_connection
- JSP_SQL_INJECTION none
- MISSING_AUTHZ none
- MISSING_PERMISSION_FOR_BROADCAST none
- MISSING_PERMISSION_ON_EXPORTED_COMPONENT none
- ORM_LOAD_NULL_CHECK none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_clipboard
- SENSITIVE_DATA_LEAK cleartext_storage_in_content_provider
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_intent
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_access
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_read
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_write
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_access
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_read
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_write
- USE_AFTER_FREE none
- VERBOSE_ERROR_REPORTING exception_information
- VERBOSE_ERROR_REPORTING stack_trace
|
- AWS_SSL_DISABLED aws_ssl_disabled
- AWS_VALIDATION_DISABLED aws_credentials_validation
- AWS_VALIDATION_DISABLED aws_parameters_validation
- BAD_CERT_VERIFICATION bad_cert_verification
- BAD_CERT_VERIFICATION certificate_validation_disabled
- CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
- CONFIG.ENABLED_DEBUG_MODE debug_mode_enabled
- CONFIG.JSONWEBTOKEN_NON_EXPIRING_TOKEN jwt_non_expiring_token
- CONFIG.MYSQL_SSL_VERIFY_DISABLED mysql_ssl_verify_disabled
- CONFIG.SEQUELIZE_ENABLED_LOGGING sequelize_logging_enabled
- CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
- CONFIG.UNSAFE_SESSION_TIMEOUT client_sessions_unsafe_session_timeout
- CONFIG.UNSAFE_SESSION_TIMEOUT connect_mongo_session_timeout_too_long
- CONFIG.UNSAFE_SESSION_TIMEOUT connect_redis_session_timeout_too_long
- CONFIG.UNSAFE_SESSION_TIMEOUT google_cloud_connect_datastore_unsafe_session_timeout
- CONFIG.VUE_ROUTER_PARAMS_EXPOSED_TO_PROPS vuerouter_exposed_params
- CORS_MISCONFIGURATION cors_configured_globally
- CORS_MISCONFIGURATION cors_origin_string
- CORS_MISCONFIGURATION cors_with_credentials_all_origin
- CORS_MISCONFIGURATION cors_with_credentials_null_origin
- CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
- CORS_MISCONFIGURATION_AUDIT cors_expose_sensitive_header
- CORS_MISCONFIGURATION_AUDIT cors_headers_allowed
- CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
- CORS_MISCONFIGURATION_AUDIT cors_origin_string
- CORS_MISCONFIGURATION_AUDIT cors_preflight_age_too_long
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_all_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_null_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
- DNS_PREFETCHING helmet_dns_prefetching
- EXPRESS_SESSION_UNSAFE_MEMORYSTORE express_session_unsafe_memorystore
- EXPRESS_WINSTON_SENSITIVE_LOGGING error_logger
- EXPRESS_WINSTON_SENSITIVE_LOGGING meta_data
- EXPRESS_WINSTON_SENSITIVE_LOGGING request_logger
- EXPRESS_X_POWERED_BY_ENABLED x_powered_by_http_header
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_max_age
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_report_uri
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_set_if
- INSECURE_ACL insecure_acl
- INSECURE_COMMUNICATION insecure_connection
- INSECURE_COOKIE client_sessions_express_session
- INSECURE_COOKIE hapi_server_session
- INSECURE_REFERRER_POLICY insecure_referrer_policy
- INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_aws
- INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_google
- JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_exipration
- JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_not_before
- MISSING_AUTHZ none
- MULTER_MISCONFIGURATION multer_applied_globally
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_count
- MULTER_MISCONFIGURATION multer_misconfiguration_of_limits
- REVERSE_TABNABBING react_target_blank
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- TEMPORARY_CREDENTIALS_DURATION temporary_credentials_duration
- UNSAFE_BUFFER_METHOD unsafe_buffer_method
|
- ANDROID_CAPABILITY_LEAK none
- ANDROID_DEBUG_MODE none
- CONFIG.ANDROID_BACKUPS_ALLOWED android
- EXPOSED_PREFERENCES none
- IMPLICIT_INTENT none
- MISSING_PERMISSION_FOR_BROADCAST none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_clipboard
- SENSITIVE_DATA_LEAK cleartext_storage_in_content_provider
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_intent
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_access
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_read
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_write
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_access
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_read
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_write
|
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK nested_memory_access
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK sensitive_data_comparison
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_execution_data_leak
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_uninitialized_use
- BAD_COMPARE comparator_misuse
- CHECKED_RETURN library_function
- CHECKED_RETURN none
- CHECKED_RETURN short_read
- CHECKED_RETURN unchecked_arg
- CHECKED_RETURN user_required
- MISSING_ASSIGN none
- MISSING_ASSIGN uncalled
- MISSING_COPY none
- MISSING_COPY uncalled
- NEGATIVE_RETURNS none
- RETURN_LOCAL escape_local_addr_to_fields_or_globals
- RETURN_LOCAL none
- REVERSE_NEGATIVE none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- TAINTED_SCALAR allocation
- UNCAUGHT_EXCEPT none
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- USE_AFTER_FREE deref_read_after_free
- USE_AFTER_FREE deref_write_after_free
- USE_AFTER_FREE double_close
- USE_AFTER_FREE double_free
- USE_AFTER_FREE none
- USE_AFTER_FREE use_after_close
- WRAPPER_ESCAPE COM_deref_read_after_free
- WRAPPER_ESCAPE COM_deref_write_after_free
- WRAPPER_ESCAPE COM_use_after_free
- WRAPPER_ESCAPE deref_read_after_free
- WRAPPER_ESCAPE deref_write_after_free
- WRAPPER_ESCAPE none
|
- MISSING_AUTHZ none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
|
- MISSING_AUTHZ none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
|
- INSECURE_COOKIE missing_httponly_low
- INSECURE_DIRECT_OBJECT_REFERENCE unscoped_find_low
- RAILS_DEFAULT_ROUTES all_default_routes_hi
- RAILS_DEFAULT_ROUTES controller_default_routes_med
- RAILS_DEVISE_CONFIG devise_lock_strategy_low
- RAILS_MISSING_FILTER_ACTION missing_action_filter_low
- SENSITIVE_DATA_LEAK detailed_exceptions_hi
- SENSITIVE_DATA_LEAK detailed_exceptions_med
- SENSITIVE_DATA_LEAK local_request_config_hi
- UNSAFE_SESSION_SETTING http_cookies_hi
|
|
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
|
- AWS_SSL_DISABLED aws_ssl_disabled
- AWS_VALIDATION_DISABLED aws_credentials_validation
- AWS_VALIDATION_DISABLED aws_parameters_validation
- BAD_CERT_VERIFICATION bad_cert_verification
- BAD_CERT_VERIFICATION certificate_validation_disabled
- CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
- CONFIG.ENABLED_DEBUG_MODE debug_mode_enabled
- CONFIG.JSONWEBTOKEN_NON_EXPIRING_TOKEN jwt_non_expiring_token
- CONFIG.MYSQL_SSL_VERIFY_DISABLED mysql_ssl_verify_disabled
- CONFIG.SEQUELIZE_ENABLED_LOGGING sequelize_logging_enabled
- CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
- CONFIG.UNSAFE_SESSION_TIMEOUT client_sessions_unsafe_session_timeout
- CONFIG.UNSAFE_SESSION_TIMEOUT connect_mongo_session_timeout_too_long
- CONFIG.UNSAFE_SESSION_TIMEOUT connect_redis_session_timeout_too_long
- CONFIG.UNSAFE_SESSION_TIMEOUT google_cloud_connect_datastore_unsafe_session_timeout
- CONFIG.VUE_ROUTER_PARAMS_EXPOSED_TO_PROPS vuerouter_exposed_params
- CORS_MISCONFIGURATION cors_configured_globally
- CORS_MISCONFIGURATION cors_origin_string
- CORS_MISCONFIGURATION cors_with_credentials_all_origin
- CORS_MISCONFIGURATION cors_with_credentials_null_origin
- CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
- CORS_MISCONFIGURATION_AUDIT cors_expose_sensitive_header
- CORS_MISCONFIGURATION_AUDIT cors_headers_allowed
- CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
- CORS_MISCONFIGURATION_AUDIT cors_origin_string
- CORS_MISCONFIGURATION_AUDIT cors_preflight_age_too_long
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_all_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_null_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
- DNS_PREFETCHING helmet_dns_prefetching
- EXPRESS_SESSION_UNSAFE_MEMORYSTORE express_session_unsafe_memorystore
- EXPRESS_WINSTON_SENSITIVE_LOGGING error_logger
- EXPRESS_WINSTON_SENSITIVE_LOGGING meta_data
- EXPRESS_WINSTON_SENSITIVE_LOGGING request_logger
- EXPRESS_X_POWERED_BY_ENABLED x_powered_by_http_header
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_max_age
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_report_uri
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_set_if
- INSECURE_ACL insecure_acl
- INSECURE_COMMUNICATION insecure_connection
- INSECURE_COOKIE client_sessions_express_session
- INSECURE_COOKIE hapi_server_session
- INSECURE_REFERRER_POLICY insecure_referrer_policy
- INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_aws
- INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_google
- JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_exipration
- JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_not_before
- MISSING_AUTHZ none
- MULTER_MISCONFIGURATION multer_applied_globally
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_count
- MULTER_MISCONFIGURATION multer_misconfiguration_of_limits
- REVERSE_TABNABBING react_target_blank
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- TEMPORARY_CREDENTIALS_DURATION temporary_credentials_duration
- UNSAFE_BUFFER_METHOD unsafe_buffer_method
|
- ASPNET_MVC_VERSION_HEADER none
- CONFIG.DYNAMIC_DATA_HTML_COMMENT none
- MISSING_AUTHZ none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
|
| 841 Improper Enforcement of Behavioral Workflow |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 842 Placement of User into Incorrect Group |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 843 Access of Resource Using Incompatible Type ('Type Confusion') |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 844 Weaknesses Addressed by The CERT Oracle Secure Coding Standard for Java (2011) |
- BAD_EQ referential
- BAD_LOCK_OBJECT boxed_lock
- BAD_LOCK_OBJECT interned_string_lock
- BAD_LOCK_OBJECT none
- BAD_LOCK_OBJECT single_thread_lock
- BAD_LOCK_OBJECT unsafe_assign_to_locked_field
- CALL_SUPER none
- CONFIG.CONNECTION_STRING_PASSWORD none
- CONFIG.MISSING_CUSTOM_ERROR_PAGE none
- DIVIDE_BY_ZERO float_divisor
- DIVIDE_BY_ZERO none
- GUARDED_BY_VIOLATION none
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HEADER_INJECTION none
- INSECURE_COOKIE dotnet
- INSECURE_RANDOM insecure_random_used
- INSECURE_RANDOM insecure_random_value
- LDAP_INJECTION none
- LDAP_NOT_CONSTANT none
- LOCK_EVASION none
- LOCK_INVERSION none
- LOG_INJECTION none
- MISSING_RESTORE likely
- MISSING_RESTORE none
- MISSING_RESTORE possible
- MISSING_THROW none
- NON_STATIC_GUARDING_STATIC none
- NOSQL_QUERY_INJECTION none
- OS_CMD_INJECTION command_argument
- OS_CMD_INJECTION executable_file
- OS_CMD_INJECTION none
- REGEX_INJECTION none
- RESOURCE_LEAK channel
- RESOURCE_LEAK database
- RESOURCE_LEAK exceptional_path
- RESOURCE_LEAK none
- RESOURCE_LEAK socket
- RESOURCE_LEAK stream
- RISKY_CRYPTO ssl_protocol
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
- SWAPPED_ARGUMENTS none
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- UNKNOWN_LANGUAGE_INJECTION none
- UNSAFE_DESERIALIZATION none
- UNSAFE_NAMED_QUERY none
- VOLATILE_ATOMICITY compare
- VOLATILE_ATOMICITY none
- VOLATILE_ATOMICITY semantic
- VOLATILE_ATOMICITY threshold
- XML_EXTERNAL_ENTITY entity_expansion
- XML_EXTERNAL_ENTITY unrestricted_dtds
- XML_INJECTION none
- XPATH_INJECTION none
- XSS none
- XSS stored_xss
|
- ALLOC_FREE_MISMATCH none
- ATOMICITY none
- AUTOSAR C++14 A15-3-3 none
- BAD_COMPARE comparator_misuse
- BAD_COMPARE none
- BAD_COMPARE string_lit_comparison
- BAD_FREE address
- BAD_FREE alloca
- BAD_FREE array
- BAD_FREE first_field_address
- BAD_FREE function_pointer
- BAD_FREE none
- BUFFER_SIZE no_null_terminator
- BUFFER_SIZE no_null_terminator_warn
- CHAR_IO none
- CHECKED_RETURN library_function
- CHECKED_RETURN none
- CHECKED_RETURN returns_error_info
- CHECKED_RETURN short_read
- CHECKED_RETURN unchecked_arg
- CHECKED_RETURN user_required
- CHROOT none
- COM.ADDROF_LEAK none
- COM.BAD_FREE none
- COM.BSTR.ALLOC double_free
- COM.BSTR.ALLOC leak
- COM.BSTR.CONV none
- CTOR_DTOR_LEAK none
- DELETE_ARRAY non_array_delete
- DELETE_ARRAY none
- DELETE_ARRAY object
- DELETE_ARRAY scalar
- DIVIDE_BY_ZERO float_divisor
- DIVIDE_BY_ZERO none
- FORMAT_STRING_INJECTION none
- FORMAT_STRING_INJECTION paranoid
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HEADER_INJECTION none
- INVALIDATE_ITERATOR none
- LOCK double_lock
- LOCK lock_assert
- LOCK missing_unlock
- LOCK none
- MISRA C++-2008 Rule 15-3-2 none
- MISRA_CAST bitwise_op_bad_cast
- MISRA_CAST bitwise_op_no_cast
- MISRA_CAST float_complex_conversion
- MISRA_CAST float_narrowing_conversion
- MISRA_CAST float_non_constant_arg_conversion
- MISRA_CAST float_non_constant_conversion
- MISRA_CAST float_non_constant_rtn_conversion
- MISRA_CAST float_to_integer_cast
- MISRA_CAST float_to_integer_conversion
- MISRA_CAST float_widening_cast
- MISRA_CAST integer_complex_conversion
- MISRA_CAST integer_narrowing_conversion
- MISRA_CAST integer_non_constant_arg_conversion
- MISRA_CAST integer_non_constant_conversion
- MISRA_CAST integer_non_constant_rtn_conversion
- MISRA_CAST integer_signedness_changing_cast
- MISRA_CAST integer_signedness_changing_conversion
- MISRA_CAST integer_to_float_cast
- MISRA_CAST integer_to_float_conversion
- MISRA_CAST integer_widening_cast
- MISRA_CAST none
- MISSING_LOCK none
- MISSING_RESTORE likely
- MISSING_RESTORE none
- MISSING_RESTORE possible
- NEGATIVE_RETURNS critical_argument
- NEGATIVE_RETURNS none
- NO_EFFECT bad_memset_fill_value
- NO_EFFECT bad_memset_truncated_fill
- NO_EFFECT bad_memset_zero_size
- NO_EFFECT incomplete_delete
- NO_EFFECT self_assign
- OPEN_ARGS none
- ORDER_REVERSAL none
- OS_CMD_INJECTION none
- PRINTF_ARGS extra_printf_arg
- PRINTF_ARGS invalid_printf_format_string
- PRINTF_ARGS invalid_type_printf_arg
- PRINTF_ARGS missing_printf_arg
- PW.BAD_PRINTF_FORMAT_STRING none
- PW.BRANCH_PAST_INITIALIZATION none
- PW.DIVIDE_BY_ZERO none
- PW.NON_CONST_PRINTF_FORMAT_STRING none
- PW.TOO_FEW_PRINTF_ARGS none
- PW.TOO_MANY_PRINTF_ARGS none
- READLINK none
- RESOURCE_LEAK exceptional_path
- RESOURCE_LEAK fds_handles
- RESOURCE_LEAK none
- REVERSE_NEGATIVE none
- RISKY_CRYPTO ssl_protocol
- SECURE_TEMP none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SIGN_EXTENSION none
- SIZECHECK no_null_terminator
- SLEEP none
- SQLI none
- STACK_USE none
- STRING_NULL none
- SWAPPED_ARGUMENTS none
- TAINTED_SCALAR allocation
- TAINTED_SCALAR array_index_read
- TAINTED_SCALAR array_index_write
- TAINTED_SCALAR critical_argument
- TAINTED_SCALAR divisor
- TAINTED_SCALAR loop_bound
- TAINTED_SCALAR none
- TAINTED_SCALAR pointer_deref_read
- TAINTED_SCALAR pointer_deref_write
- TOCTOU none
- UNCAUGHT_EXCEPT none
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- UNINIT array_index_read
- UNINIT array_index_write
- UNINIT none
- UNINIT pointer_deref_read
- UNINIT pointer_deref_write
- UNINIT_CTOR none
- UNINIT_CTOR pointer
- URL_MANIPULATION none
- USE_AFTER_FREE double_free
- VARARGS none
- VIRTUAL_DTOR empty_dtor
- VIRTUAL_DTOR none
- WEAK_GUARD dns
- WEAK_GUARD dns_sensitive_op
- WEAK_GUARD http_referer
- WEAK_GUARD http_referer_sensitive_op
- WEAK_GUARD ip_address
- WEAK_GUARD ip_address_sensitive_op
- WEAK_GUARD none
- WEAK_GUARD os_login
- WEAK_GUARD os_login_sensitive_op
- WEAK_GUARD principal_name
- WEAK_GUARD principal_name_sensitive_op
- XPATH_INJECTION none
- Y2K38_SAFETY declaration_with_small_time_t
- Y2K38_SAFETY truncation_of_time_t
|
- ALLOC_FREE_MISMATCH none
- ATOMICITY none
- AUTOSAR C++14 A15-3-3 none
- BAD_COMPARE comparator_misuse
- BAD_COMPARE none
- BAD_COMPARE string_lit_comparison
- BAD_FREE address
- BAD_FREE alloca
- BAD_FREE array
- BAD_FREE first_field_address
- BAD_FREE function_pointer
- BAD_FREE none
- BUFFER_SIZE no_null_terminator
- BUFFER_SIZE no_null_terminator_warn
- CHAR_IO none
- CHECKED_RETURN library_function
- CHECKED_RETURN none
- CHECKED_RETURN returns_error_info
- CHECKED_RETURN short_read
- CHECKED_RETURN unchecked_arg
- CHECKED_RETURN user_required
- CHROOT none
- CTOR_DTOR_LEAK none
- DELETE_ARRAY non_array_delete
- DELETE_ARRAY none
- DELETE_ARRAY object
- DELETE_ARRAY scalar
- DIVIDE_BY_ZERO float_divisor
- DIVIDE_BY_ZERO none
- FORMAT_STRING_INJECTION none
- FORMAT_STRING_INJECTION paranoid
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HEADER_INJECTION none
- INVALIDATE_ITERATOR none
- LOCK double_lock
- LOCK lock_assert
- LOCK missing_unlock
- LOCK none
- MISRA C++-2008 Rule 15-3-2 none
- MISRA_CAST bitwise_op_bad_cast
- MISRA_CAST bitwise_op_no_cast
- MISRA_CAST float_complex_conversion
- MISRA_CAST float_narrowing_conversion
- MISRA_CAST float_non_constant_arg_conversion
- MISRA_CAST float_non_constant_conversion
- MISRA_CAST float_non_constant_rtn_conversion
- MISRA_CAST float_to_integer_cast
- MISRA_CAST float_to_integer_conversion
- MISRA_CAST float_widening_cast
- MISRA_CAST integer_complex_conversion
- MISRA_CAST integer_narrowing_conversion
- MISRA_CAST integer_non_constant_arg_conversion
- MISRA_CAST integer_non_constant_conversion
- MISRA_CAST integer_non_constant_rtn_conversion
- MISRA_CAST integer_signedness_changing_cast
- MISRA_CAST integer_signedness_changing_conversion
- MISRA_CAST integer_to_float_cast
- MISRA_CAST integer_to_float_conversion
- MISRA_CAST integer_widening_cast
- MISRA_CAST none
- MISSING_LOCK none
- MISSING_RESTORE likely
- MISSING_RESTORE none
- MISSING_RESTORE possible
- NEGATIVE_RETURNS critical_argument
- NEGATIVE_RETURNS none
- NO_EFFECT bad_memset_fill_value
- NO_EFFECT bad_memset_truncated_fill
- NO_EFFECT bad_memset_zero_size
- NO_EFFECT incomplete_delete
- NO_EFFECT self_assign
- OPEN_ARGS none
- ORDER_REVERSAL none
- OS_CMD_INJECTION none
- PRINTF_ARGS extra_printf_arg
- PRINTF_ARGS invalid_printf_format_string
- PRINTF_ARGS invalid_type_printf_arg
- PRINTF_ARGS missing_printf_arg
- PW.BAD_PRINTF_FORMAT_STRING none
- PW.BRANCH_PAST_INITIALIZATION none
- PW.DIVIDE_BY_ZERO none
- PW.NON_CONST_PRINTF_FORMAT_STRING none
- PW.TOO_FEW_PRINTF_ARGS none
- PW.TOO_MANY_PRINTF_ARGS none
- READLINK none
- RESOURCE_LEAK exceptional_path
- RESOURCE_LEAK fds_handles
- RESOURCE_LEAK none
- REVERSE_NEGATIVE none
- RISKY_CRYPTO ssl_protocol
- SECURE_TEMP none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SIGN_EXTENSION none
- SIZECHECK no_null_terminator
- SLEEP none
- SQLI none
- STACK_USE none
- STRING_NULL none
- SWAPPED_ARGUMENTS none
- TAINTED_SCALAR allocation
- TAINTED_SCALAR array_index_read
- TAINTED_SCALAR array_index_write
- TAINTED_SCALAR critical_argument
- TAINTED_SCALAR divisor
- TAINTED_SCALAR loop_bound
- TAINTED_SCALAR none
- TAINTED_SCALAR pointer_deref_read
- TAINTED_SCALAR pointer_deref_write
- TOCTOU none
- UNCAUGHT_EXCEPT none
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- UNINIT array_index_read
- UNINIT array_index_write
- UNINIT none
- UNINIT pointer_deref_read
- UNINIT pointer_deref_write
- UNINIT_CTOR none
- UNINIT_CTOR pointer
- URL_MANIPULATION none
- USE_AFTER_FREE double_free
- VARARGS none
- VIRTUAL_DTOR empty_dtor
- VIRTUAL_DTOR none
- WEAK_GUARD dns
- WEAK_GUARD dns_sensitive_op
- WEAK_GUARD http_referer
- WEAK_GUARD http_referer_sensitive_op
- WEAK_GUARD ip_address
- WEAK_GUARD ip_address_sensitive_op
- WEAK_GUARD none
- WEAK_GUARD os_login
- WEAK_GUARD os_login_sensitive_op
- WEAK_GUARD principal_name
- WEAK_GUARD principal_name_sensitive_op
- XPATH_INJECTION none
|
- ATOMICITY none
- CHECKED_RETURN none
- CHECKED_RETURN unchecked_arg
- DISTRUSTED_DATA_DESERIALIZATION none
- DIVIDE_BY_ZERO float_divisor
- DIVIDE_BY_ZERO none
- GUARDED_BY_VIOLATION none
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HEADER_INJECTION none
- LOCK double_lock
- LOCK lock_assert
- LOCK missing_unlock
- LOCK none
- LOCK_INVERSION none
- NOSQL_QUERY_INJECTION none
- OS_CMD_INJECTION command_as_one_string
- OS_CMD_INJECTION none
- RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SLEEP none
- SQLI none
- SQLI nosink
- SQLI sink
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
- TEMPLATE_INJECTION none
- URL_MANIPULATION none
- XML_EXTERNAL_ENTITY entity_expansion
- XSS none
|
- ATOMICITY none
- ATTRIBUTE_NAME_CONFLICT jsp_tag
- BAD_CERT_VERIFICATION bad_hostname_verifier
- BAD_CERT_VERIFICATION bad_revocation_check
- BAD_CERT_VERIFICATION bad_ssl_session
- BAD_CERT_VERIFICATION bad_trust_manager
- BAD_LOCK_OBJECT boxed_lock
- BAD_LOCK_OBJECT interned_string_lock
- BAD_LOCK_OBJECT none
- BAD_LOCK_OBJECT single_thread_lock
- BAD_LOCK_OBJECT unsafe_assign_to_locked_field
- CALL_SUPER clone
- CALL_SUPER finalize
- CALL_SUPER none
- CHECKED_RETURN library_function
- CHECKED_RETURN none
- CHECKED_RETURN short_read
- CHECKED_RETURN user_required
- CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
- CONFIG.MISSING_GLOBAL_EXCEPTION_HANDLER none
- CONFIG.MYBATIS_MAPPER_SQLI none
- CONFIG.SPRING_BOOT_SENSITIVE_LOGGING spring_boot_logging
- CONFIG.SPRING_BOOT_SSL_DISABLED spring_boot_ssl_disabled
- CONFIG.SPRING_SECURITY_DEPRECATED_XSS_HEADER deprecated_xss_header
- CONFIG.SPRING_SECURITY_EXPOSED_SESSIONID session_id_in_url
- CONFIG.SPRING_SECURITY_HARDCODED_CREDENTIALS none
- CONFIG.SPRING_SECURITY_LOGIN_OVER_HTTP spring_security_login_over_http
- CONFIG.SPRING_SECURITY_REMEMBER_ME_HARDCODED_KEY none
- CONFIG.SPRING_SECURITY_UNSAFE_AUTHENTICATION_FILTER authentication_filter
- CORS_MISCONFIGURATION cors_with_credentials_http_origin
- CORS_MISCONFIGURATION_AUDIT cors_expose_sensitive_header
- CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
- DC.DEADLOCK none
- DISABLED_ENCRYPTION text_encryptor
- DIVIDE_BY_ZERO float_divisor
- DIVIDE_BY_ZERO none
- EL_INJECTION none
- FB.BX_BOXING_IMMEDIATELY_UNBOXED_TO_PERFORM_COERCION none
- FB.CN_IDIOM none
- FB.CN_IDIOM_NO_SUPER_CALL none
- FB.CN_IMPLEMENTS_CLONE_BUT_NOT_CLONEABLE none
- FB.DC_DOUBLECHECK none
- FB.DC_PARTIALLY_CONSTRUCTED none
- FB.DE_MIGHT_DROP none
- FB.DE_MIGHT_IGNORE none
- FB.DMI_CONSTANT_DB_PASSWORD none
- FB.DMI_EMPTY_DB_PASSWORD none
- FB.DM_EXIT none
- FB.EI_EXPOSE_REP none
- FB.EI_EXPOSE_REP2 none
- FB.EQ_ABSTRACT_SELF none
- FB.EQ_ALWAYS_FALSE none
- FB.EQ_ALWAYS_TRUE none
- FB.EQ_CHECK_FOR_OPERAND_NOT_COMPATIBLE_WITH_THIS none
- FB.EQ_COMPARETO_USE_OBJECT_EQUALS none
- FB.EQ_COMPARING_CLASS_NAMES none
- FB.EQ_DOESNT_OVERRIDE_EQUALS none
- FB.EQ_DONT_DEFINE_EQUALS_FOR_ENUM none
- FB.EQ_GETCLASS_AND_CLASS_CONSTANT none
- FB.EQ_OTHER_NO_OBJECT none
- FB.EQ_OTHER_USE_OBJECT none
- FB.EQ_OVERRIDING_EQUALS_NOT_SYMMETRIC none
- FB.EQ_SELF_NO_OBJECT none
- FB.EQ_SELF_USE_OBJECT none
- FB.EQ_UNUSUAL none
- FB.ES_COMPARING_PARAMETER_STRING_WITH_EQ none
- FB.ES_COMPARING_STRINGS_WITH_EQ none
- FB.FI_EMPTY none
- FB.FI_EXPLICIT_INVOCATION none
- FB.FI_FINALIZER_NULLS_FIELDS none
- FB.FI_FINALIZER_ONLY_NULLS_FIELDS none
- FB.FI_MISSING_SUPER_CALL none
- FB.FI_NULLIFY_SUPER none
- FB.FI_PUBLIC_SHOULD_BE_PROTECTED none
- FB.FI_USELESS none
- FB.HRS_REQUEST_PARAMETER_TO_COOKIE none
- FB.HRS_REQUEST_PARAMETER_TO_HTTP_HEADER none
- FB.ICAST_BAD_SHIFT_AMOUNT none
- FB.ICAST_IDIV_CAST_TO_DOUBLE none
- FB.ICAST_INTEGER_MULTIPLY_CAST_TO_LONG none
- FB.ICAST_INT_2_LONG_AS_INSTANT none
- FB.ICAST_INT_CAST_TO_DOUBLE_PASSED_TO_CEIL none
- FB.ICAST_INT_CAST_TO_FLOAT_PASSED_TO_ROUND none
- FB.ICAST_QUESTIONABLE_UNSIGNED_RIGHT_SHIFT none
- FB.IS2_INCONSISTENT_SYNC none
- FB.IS_FIELD_NOT_GUARDED none
- FB.IS_INCONSISTENT_SYNC none
- FB.J2EE_STORE_OF_NON_SERIALIZABLE_OBJECT_INTO_SESSION none
- FB.LI_LAZY_INIT_STATIC none
- FB.LI_LAZY_INIT_UPDATE_STATIC none
- FB.MS_CANNOT_BE_FINAL none
- FB.REC_CATCH_EXCEPTION none
- FB.RE_BAD_SYNTAX_FOR_REGULAR_EXPRESSION none
- FB.RE_CANT_USE_FILE_SEPARATOR_AS_REGULAR_EXPRESSION none
- FB.RE_POSSIBLE_UNINTENDED_PATTERN none
- FB.RU_INVOKE_RUN none
- FB.RV_RETURN_VALUE_IGNORED_BAD_PRACTICE none
- FB.SQL_NONCONSTANT_STRING_PASSED_TO_EXECUTE none
- FB.SQL_PREPARED_STATEMENT_GENERATED_FROM_NONCONSTANT_STRING none
- FB.STCAL_INVOKE_ON_STATIC_CALENDAR_INSTANCE none
- FB.STCAL_INVOKE_ON_STATIC_DATE_FORMAT_INSTANCE none
- FB.STCAL_STATIC_CALENDAR_INSTANCE none
- FB.STCAL_STATIC_SIMPLE_DATE_FORMAT_INSTANCE none
- FB.XSS_REQUEST_PARAMETER_TO_JSP_WRITER none
- FB.XSS_REQUEST_PARAMETER_TO_SEND_ERROR none
- FB.XSS_REQUEST_PARAMETER_TO_SERVLET_WRITER none
- GUARDED_BY_VIOLATION none
- GUARDED_BY_VIOLATION unlocked_read
- GUARDED_BY_VIOLATION unlocked_write
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HEADER_INJECTION none
- HIBERNATE_BAD_HASHCODE bad_equals
- INSECURE_COMMUNICATION insecure_communication
- INSECURE_COMMUNICATION none
- INSECURE_COMMUNICATION unencrypted_connection
- INSECURE_COOKIE java
- INSECURE_HTTP_FIREWALL spring_security
- INSECURE_RANDOM insecure_random_used
- INSECURE_RANDOM insecure_random_value
- INSECURE_REMEMBER_ME_COOKIE remember_me_cookie
- INVALIDATE_ITERATOR map_put
- INVALIDATE_ITERATOR none
- JAVA_CODE_INJECTION none
- JCR_INJECTION none
- JSP_DYNAMIC_INCLUDE none
- JSP_SQL_INJECTION none
- LDAP_INJECTION none
- LDAP_NOT_CONSTANT none
- LOCK_EVASION none
- LOCK_INVERSION none
- LOG_INJECTION none
- MISSING_HEADER_VALIDATION missing_header_validation
- MISSING_RESTORE likely
- MISSING_RESTORE none
- MISSING_RESTORE possible
- MISSING_THROW none
- MOBILE_ID_MISUSE none
- NON_STATIC_GUARDING_STATIC none
- NOSQL_QUERY_INJECTION none
- OGNL_INJECTION none
- ORM_LOAD_NULL_CHECK none
- OS_CMD_INJECTION command_as_array_of_args
- OS_CMD_INJECTION command_as_one_string
- OS_CMD_INJECTION none
- PREDICTABLE_RANDOM_SEED random_seed
- PREDICTABLE_RANDOM_SEED secure_random_seed_const
- PREDICTABLE_RANDOM_SEED secure_random_seed_sys_time
- REGEX_CONFUSION none
- REGEX_INJECTION none
- RESOURCE_LEAK exceptional_path
- RESOURCE_LEAK none
- RESOURCE_LEAK socket
- RESOURCE_LEAK stream
- RISKY_CRYPTO ssl_protocol
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_clipboard
- SENSITIVE_DATA_LEAK cleartext_storage_in_content_provider
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_intent
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SERVLET_ATOMICITY attribute_init_race
- SERVLET_ATOMICITY none
- SERVLET_ATOMICITY violation_on_session_object
- SINGLETON_RACE none
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
- SWAPPED_ARGUMENTS none
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- UNKNOWN_LANGUAGE_INJECTION none
- UNLIMITED_CONCURRENT_SESSIONS unlimited_concurrent_sessions
- UNSAFE_DESERIALIZATION none
- UNSAFE_JNI none
- UNSAFE_NAMED_QUERY none
- UNSAFE_REFLECTION none
- URL_MANIPULATION bad_content_uri
- URL_MANIPULATION bad_intent_uri
- URL_MANIPULATION bad_web_uri
- VERBOSE_ERROR_REPORTING exception_information
- VERBOSE_ERROR_REPORTING stack_trace
- VOLATILE_ATOMICITY compare
- VOLATILE_ATOMICITY none
- VOLATILE_ATOMICITY semantic
- VOLATILE_ATOMICITY threshold
- WEAK_GUARD dns
- WEAK_GUARD dns_sensitive_op
- WEAK_GUARD http_referer
- WEAK_GUARD http_referer_sensitive_op
- WEAK_GUARD ip_address
- WEAK_GUARD ip_address_sensitive_op
- WEAK_GUARD none
- WEAK_GUARD os_login
- WEAK_GUARD os_login_sensitive_op
- WEAK_GUARD principal_name
- WEAK_GUARD principal_name_sensitive_op
- XML_EXTERNAL_ENTITY entity_expansion
- XML_EXTERNAL_ENTITY unrestricted_dtds
- XML_INJECTION none
- XPATH_INJECTION none
- XSS none
- XSS stored_xss
|
- ANGULAR_BYPASS_SECURITY none
- ANGULAR_ELEMENT_REFERENCE none
- ANGULAR_EXPRESSION_INJECTION none
- ANGULAR_SCE_DISABLED angular_sce_disabled
- AWS_SSL_DISABLED aws_ssl_disabled
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_fields
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_filesize
- CONFIG.CORDOVA_EXCESSIVE_LOGGING cordova
- CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_intent_whitelist
- CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_navigation_whitelist
- CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_network_request_whitelist
- CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
- CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
- CONFIG.MISSING_GLOBAL_EXCEPTION_HANDLER winston_exception_handling
- CONFIG.REQUEST_STRICTSSL_DISABLED request_strictssl_disabled
- CONFIG.SEQUELIZE_ENABLED_LOGGING sequelize_logging_enabled
- CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
- CONFIG.SOCKETIO_MAXHTTPBUFFERSIZE_SET_TOO_LARGE socketio_max_buffer_size
- CONFIG.SOCKETIO_ORIGINS_ACCEPT_ALL socketio_all_origins
- CORS_MISCONFIGURATION cors_configured_globally
- CORS_MISCONFIGURATION cors_origin_string
- CORS_MISCONFIGURATION cors_with_credentials_http_origin
- CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
- CORS_MISCONFIGURATION_AUDIT cors_expose_sensitive_header
- CORS_MISCONFIGURATION_AUDIT cors_origin_string
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_http_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
- CSS_INJECTION none
- DOM_XSS none
- EXPLICIT_THIS_EXPECTED none
- EXPRESS_SESSION_UNSAFE_MEMORYSTORE express_session_unsafe_memorystore
- EXPRESS_WINSTON_SENSITIVE_LOGGING error_logger
- EXPRESS_WINSTON_SENSITIVE_LOGGING meta_data
- EXPRESS_WINSTON_SENSITIVE_LOGGING request_logger
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_fields
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_filesize
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_use_temp_files
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HEADER_INJECTION none
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_report_uri
- IDENTIFIER_TYPO none
- INSECURE_ACL insecure_acl
- INSECURE_COMMUNICATION insecure_connection
- INSECURE_COOKIE client_sessions_express_session
- INSECURE_COOKIE hapi_server_session
- INSECURE_RANDOM insecure_random_used
- INSECURE_RANDOM insecure_random_value
- INSECURE_REFERRER_POLICY insecure_referrer_policy
- LOCALSTORAGE_MANIPULATION none
- MULTER_MISCONFIGURATION multer_applied_globally
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_count
- MULTER_MISCONFIGURATION multer_misconfiguration_of_limits
- MULTER_MISCONFIGURATION multer_misconfiguration_of_storage
- NOSQL_QUERY_INJECTION none
- NO_EFFECT self_assign
- OS_CMD_INJECTION none
- REACT_DANGEROUS_INNERHTML react_set_unsafe_html
- REGEX_INJECTION none
- REVERSE_TABNABBING react_target_blank
- RISKY_CRYPTO ssl_protocol
- SA.RISKY_CRYPTO ssl_protocol
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SESSIONSTORAGE_MANIPULATION none
- SQLI none
- SQLI nosink
- SQLI sink
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
- TEMPLATE_INJECTION none
- UNLESS_CASE_SENSITIVE_ROUTE_MATCHING express_unless_case_sensitive_route_matching
- UNSAFE_BUFFER_METHOD unsafe_buffer_method
- UNSAFE_DESERIALIZATION none
- URL_MANIPULATION none
- VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
- WEAK_URL_SANITIZATION hostname_regular_expression
- WEAK_URL_SANITIZATION regular_expression_anchor
- WEAK_URL_SANITIZATION url_substring
- XML_EXTERNAL_ENTITY entity_expansion
- XSS none
|
- BAD_CERT_VERIFICATION bad_hostname_verifier
- BAD_CERT_VERIFICATION bad_revocation_check
- BAD_CERT_VERIFICATION bad_ssl_session
- BAD_CERT_VERIFICATION bad_trust_manager
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HEADER_INJECTION none
- INSECURE_COMMUNICATION none
- INSECURE_RANDOM insecure_random_used
- INSECURE_RANDOM insecure_random_value
- MOBILE_ID_MISUSE none
- OS_CMD_INJECTION command_as_array_of_args
- OS_CMD_INJECTION command_as_one_string
- PREDICTABLE_RANDOM_SEED random_seed
- PREDICTABLE_RANDOM_SEED secure_random_seed_const
- PREDICTABLE_RANDOM_SEED secure_random_seed_sys_time
- RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_clipboard
- SENSITIVE_DATA_LEAK cleartext_storage_in_content_provider
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_intent
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- UNSAFE_DESERIALIZATION none
- URL_MANIPULATION bad_content_uri
- URL_MANIPULATION bad_intent_uri
- URL_MANIPULATION bad_web_uri
- XML_EXTERNAL_ENTITY entity_expansion
- XML_EXTERNAL_ENTITY unrestricted_dtds
|
- ALLOC_FREE_MISMATCH none
- ATOMICITY none
- BAD_COMPARE comparator_misuse
- BAD_COMPARE none
- BAD_COMPARE string_lit_comparison
- BAD_FREE address
- BAD_FREE alloca
- BAD_FREE array
- BAD_FREE first_field_address
- BAD_FREE function_pointer
- BAD_FREE none
- BUFFER_SIZE no_null_terminator
- BUFFER_SIZE no_null_terminator_warn
- CHAR_IO none
- CHECKED_RETURN library_function
- CHECKED_RETURN none
- CHECKED_RETURN short_read
- CHECKED_RETURN unchecked_arg
- CHECKED_RETURN user_required
- CHROOT none
- CTOR_DTOR_LEAK none
- DELETE_ARRAY non_array_delete
- DELETE_ARRAY none
- DELETE_ARRAY object
- DELETE_ARRAY scalar
- DIVIDE_BY_ZERO float_divisor
- DIVIDE_BY_ZERO none
- FORMAT_STRING_INJECTION none
- FORMAT_STRING_INJECTION paranoid
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HEADER_INJECTION none
- INVALIDATE_ITERATOR none
- LOCK double_lock
- LOCK lock_assert
- LOCK missing_unlock
- LOCK none
- MISRA_CAST bitwise_op_bad_cast
- MISRA_CAST bitwise_op_no_cast
- MISRA_CAST float_complex_conversion
- MISRA_CAST float_narrowing_conversion
- MISRA_CAST float_non_constant_arg_conversion
- MISRA_CAST float_non_constant_conversion
- MISRA_CAST float_non_constant_rtn_conversion
- MISRA_CAST float_to_integer_cast
- MISRA_CAST float_to_integer_conversion
- MISRA_CAST float_widening_cast
- MISRA_CAST integer_complex_conversion
- MISRA_CAST integer_narrowing_conversion
- MISRA_CAST integer_non_constant_arg_conversion
- MISRA_CAST integer_non_constant_conversion
- MISRA_CAST integer_non_constant_rtn_conversion
- MISRA_CAST integer_signedness_changing_cast
- MISRA_CAST integer_signedness_changing_conversion
- MISRA_CAST integer_to_float_cast
- MISRA_CAST integer_to_float_conversion
- MISRA_CAST integer_widening_cast
- MISRA_CAST none
- MISSING_LOCK none
- MISSING_RESTORE likely
- MISSING_RESTORE none
- MISSING_RESTORE possible
- NEGATIVE_RETURNS critical_argument
- NEGATIVE_RETURNS none
- NO_EFFECT bad_memset_fill_value
- NO_EFFECT bad_memset_truncated_fill
- NO_EFFECT bad_memset_zero_size
- NO_EFFECT incomplete_delete
- NO_EFFECT self_assign
- OPEN_ARGS none
- ORDER_REVERSAL none
- OS_CMD_INJECTION none
- PRINTF_ARGS extra_printf_arg
- PRINTF_ARGS invalid_printf_format_string
- PRINTF_ARGS invalid_type_printf_arg
- PRINTF_ARGS missing_printf_arg
- READLINK none
- RESOURCE_LEAK exceptional_path
- RESOURCE_LEAK fds_handles
- RESOURCE_LEAK none
- REVERSE_NEGATIVE none
- RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SIGN_EXTENSION none
- SIZECHECK no_null_terminator
- SLEEP none
- SQLI none
- STACK_USE none
- STRING_NULL none
- SWAPPED_ARGUMENTS none
- TAINTED_SCALAR allocation
- TAINTED_SCALAR array_index_read
- TAINTED_SCALAR array_index_write
- TAINTED_SCALAR critical_argument
- TAINTED_SCALAR divisor
- TAINTED_SCALAR loop_bound
- TAINTED_SCALAR none
- TAINTED_SCALAR pointer_deref_read
- TAINTED_SCALAR pointer_deref_write
- TOCTOU none
- UNCAUGHT_EXCEPT none
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- UNINIT array_index_read
- UNINIT array_index_write
- UNINIT none
- UNINIT pointer_deref_read
- UNINIT pointer_deref_write
- UNINIT_CTOR none
- UNINIT_CTOR pointer
- URL_MANIPULATION none
- USE_AFTER_FREE double_free
- VARARGS none
- VIRTUAL_DTOR empty_dtor
- VIRTUAL_DTOR none
- WEAK_GUARD dns
- WEAK_GUARD dns_sensitive_op
- WEAK_GUARD http_referer
- WEAK_GUARD http_referer_sensitive_op
- WEAK_GUARD ip_address
- WEAK_GUARD ip_address_sensitive_op
- WEAK_GUARD none
- WEAK_GUARD os_login
- WEAK_GUARD os_login_sensitive_op
- WEAK_GUARD principal_name
- WEAK_GUARD principal_name_sensitive_op
- XPATH_INJECTION none
|
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HEADER_INJECTION none
- IDENTIFIER_TYPO none
- NOSQL_QUERY_INJECTION none
- NO_EFFECT self_assign
- OS_CMD_INJECTION none
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- SYMFONY_EL_INJECTION none
- UNSAFE_DESERIALIZATION none
- UNSAFE_REFLECTION none
- XSS none
|
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- IDENTIFIER_TYPO none
- NOSQL_QUERY_INJECTION none
- OS_CMD_INJECTION none
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- UNSAFE_DESERIALIZATION none
- XSS none
|
- BAD_CERT_VERIFICATION ssl_verification_bypass_hi
- BLACKLIST_FOR_AUTHN auth_blacklist_med
- BLACKLIST_FOR_AUTHN csrf_blacklist_med
- COOKIE_SERIALIZER_CONFIG unsafe_cookie_serialization_med
- DIVIDE_BY_ZERO divide_by_zero_low
- DIVIDE_BY_ZERO divide_by_zero_med
- DYNAMIC_OBJECT_ATTRIBUTES cve_2013_0276_hi
- DYNAMIC_OBJECT_ATTRIBUTES dangerous_attr_accessible_hi
- DYNAMIC_OBJECT_ATTRIBUTES dangerous_attr_accessible_low
- DYNAMIC_OBJECT_ATTRIBUTES dangerous_attr_accessible_med
- DYNAMIC_OBJECT_ATTRIBUTES dangerous_permit_key_hi
- DYNAMIC_OBJECT_ATTRIBUTES dangerous_permit_key_med
- HARDCODED_CREDENTIALS secret_in_source_med
- IDENTIFIER_TYPO none
- INSECURE_COOKIE cookie_missing_secure_flag_low
- INSECURE_COOKIE missing_httponly_low
- NO_EFFECT self_assign
- OS_CMD_INJECTION command_injection_hi
- OS_CMD_INJECTION command_injection_med
- PATH_MANIPULATION dynamic_render_path_rce_hi
- RAILS_DEFAULT_ROUTES cve_2014_0130_hi
- RAILS_DEFAULT_ROUTES cve_2014_0130_med
- RAILS_DEVISE_CONFIG devise_reset_timeout_hi
- REGEX_INJECTION regex_dos_hi
- REGEX_INJECTION regex_dos_low
- REGEX_INJECTION regex_dos_med
- REGEX_MISSING_ANCHOR validation_regex_hi
- RESOURCE_LEAK unsafe_symbol_creation_low
- RUBY_VULNERABLE_LIBRARY cve_2010_3933_hi
- RUBY_VULNERABLE_LIBRARY cve_2011_2930_med
- RUBY_VULNERABLE_LIBRARY cve_2011_2931_hi
- RUBY_VULNERABLE_LIBRARY cve_2011_2932_hi
- RUBY_VULNERABLE_LIBRARY cve_2011_3186_med
- RUBY_VULNERABLE_LIBRARY cve_2012_2660_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_2661_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_2695_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_3424_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_3424_low
- RUBY_VULNERABLE_LIBRARY cve_2012_3463_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_3465_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_5664_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_0155_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_0156_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_0269_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_0269_low
- RUBY_VULNERABLE_LIBRARY cve_2013_0269_med
- RUBY_VULNERABLE_LIBRARY cve_2013_0277_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_0277_med
- RUBY_VULNERABLE_LIBRARY cve_2013_0333_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_1854_med
- RUBY_VULNERABLE_LIBRARY cve_2013_1855_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_1857_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_4491_med
- RUBY_VULNERABLE_LIBRARY cve_2013_6414_med
- RUBY_VULNERABLE_LIBRARY cve_2013_6416_call_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_6416_med
- RUBY_VULNERABLE_LIBRARY cve_2013_6417_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_0080_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_0081_call_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_0081_med
- RUBY_VULNERABLE_LIBRARY cve_2014_0082_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_3482_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_3483_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_low
- RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_med
- RUBY_VULNERABLE_LIBRARY cve_2014_3514_med
- RUBY_VULNERABLE_LIBRARY cve_2015_3226_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_3226_med
- RUBY_VULNERABLE_LIBRARY cve_2015_3227_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7576_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_7577_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7578_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_7578_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7579_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_7579_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7580_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_7580_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7581_med
- RUBY_VULNERABLE_LIBRARY cve_2016_0751_med
- RUBY_VULNERABLE_LIBRARY cve_2016_6317_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_3741_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_3741_med
- RUBY_VULNERABLE_LIBRARY cve_2018_8048_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_8048_med
- RUBY_VULNERABLE_LIBRARY safe_buffer_vuln_med
- RUBY_VULNERABLE_LIBRARY select_options_vuln_low
- RUBY_VULNERABLE_LIBRARY select_options_vuln_med
- RUBY_VULNERABLE_LIBRARY translate_vuln_hi
- RUBY_VULNERABLE_LIBRARY translate_vuln_med
- SCRIPT_CODE_INJECTION code_eval_hi
- SCRIPT_CODE_INJECTION code_eval_low
- SENSITIVE_DATA_LEAK detailed_exceptions_hi
- SENSITIVE_DATA_LEAK detailed_exceptions_med
- SENSITIVE_DATA_LEAK local_request_config_hi
- SQLI sql_injection_calculate_hi
- SQLI sql_injection_calculate_low
- SQLI sql_injection_calculate_med
- SQLI sql_injection_connection_hi
- SQLI sql_injection_connection_low
- SQLI sql_injection_connection_med
- SQLI sql_injection_delete_hi
- SQLI sql_injection_delete_low
- SQLI sql_injection_delete_med
- SQLI sql_injection_dynamic_finder_med
- SQLI sql_injection_exists_hi
- SQLI sql_injection_find_by_hi
- SQLI sql_injection_find_hi
- SQLI sql_injection_find_low
- SQLI sql_injection_find_med
- SQLI sql_injection_from_hi
- SQLI sql_injection_from_low
- SQLI sql_injection_from_med
- SQLI sql_injection_group_low
- SQLI sql_injection_group_med
- SQLI sql_injection_having_low
- SQLI sql_injection_having_med
- SQLI sql_injection_hi
- SQLI sql_injection_interp_hi
- SQLI sql_injection_interp_low
- SQLI sql_injection_interp_med
- SQLI sql_injection_joins_hi
- SQLI sql_injection_joins_low
- SQLI sql_injection_joins_med
- SQLI sql_injection_limit_offset_hi
- SQLI sql_injection_limit_offset_low
- SQLI sql_injection_low
- SQLI sql_injection_med
- SQLI sql_injection_not_low
- SQLI sql_injection_order_hi
- SQLI sql_injection_order_low
- SQLI sql_injection_order_med
- SQLI sql_injection_pluck_hi
- SQLI sql_injection_pluck_low
- SQLI sql_injection_pluck_med
- SQLI sql_injection_reorder_hi
- SQLI sql_injection_reorder_low
- SQLI sql_injection_reorder_med
- SQLI sql_injection_select_hi
- SQLI sql_injection_select_med
- SQLI sql_injection_where_hi
- SQLI sql_injection_where_low
- SQLI sql_injection_where_med
- STRICT_TRANSPORT_SECURITY force_ssl_disabled_med
- UNESCAPED_HTML unescaped_output_low
- UNSAFE_BASIC_AUTH basic_auth_password_hi
- UNSAFE_BASIC_AUTH basic_auth_timing_attack_low
- UNSAFE_DESERIALIZATION unsafe_deserialize_hi
- UNSAFE_DESERIALIZATION unsafe_deserialize_med
- UNSAFE_REFLECTION dangerous_send_hi
- UNSAFE_REFLECTION unsafe_constantize_hi
- UNSAFE_REFLECTION unsafe_constantize_med
- UNSAFE_SESSION_SETTING http_cookies_hi
- UNSAFE_SESSION_SETTING secure_cookies_hi
- UNSAFE_SESSION_SETTING session_secret_hi
- XSS cross_site_scripting_hi
- XSS cross_site_scripting_inline_hi
- XSS cross_site_scripting_inline_med
- XSS cross_site_scripting_low
- XSS cross_site_scripting_med
- XSS cve_2011_0446_hi
- XSS cve_2012_3464_med
- XSS cve_2016_6316_hi
- XSS cve_2016_6316_med
- XSS unquoted_attribute_hi
- XSS unquoted_attribute_low
- XSS unquoted_attribute_med
- XSS xss_content_tag_hi
- XSS xss_content_tag_med
- XSS xss_link_to_hi
- XSS xss_link_to_href_hi
- XSS xss_link_to_href_low
- XSS xss_link_to_med
- XSS xss_to_json_hi
- XSS xss_to_json_med
|
|
- BAD_CERT_VERIFICATION bad_trust_manager
- BAD_CERT_VERIFICATION none
- CONFIG.ATS_INSECURE none
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- INSECURE_COMMUNICATION none
- INSECURE_MULTIPEER_CONNECTION none
- REGEX_INJECTION none
- RISKY_CRYPTO ssl_protocol
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- UNEXPECTED_CONTROL_FLOW ignored_exception_to_optional
- XPATH_INJECTION none
|
- ANGULAR_BYPASS_SECURITY none
- ANGULAR_ELEMENT_REFERENCE none
- ANGULAR_EXPRESSION_INJECTION none
- ANGULAR_SCE_DISABLED angular_sce_disabled
- AWS_SSL_DISABLED aws_ssl_disabled
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_fields
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_filesize
- CONFIG.CORDOVA_EXCESSIVE_LOGGING cordova
- CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_intent_whitelist
- CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_navigation_whitelist
- CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_network_request_whitelist
- CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
- CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
- CONFIG.MISSING_GLOBAL_EXCEPTION_HANDLER winston_exception_handling
- CONFIG.REQUEST_STRICTSSL_DISABLED request_strictssl_disabled
- CONFIG.SEQUELIZE_ENABLED_LOGGING sequelize_logging_enabled
- CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
- CONFIG.SOCKETIO_MAXHTTPBUFFERSIZE_SET_TOO_LARGE socketio_max_buffer_size
- CONFIG.SOCKETIO_ORIGINS_ACCEPT_ALL socketio_all_origins
- CORS_MISCONFIGURATION cors_configured_globally
- CORS_MISCONFIGURATION cors_origin_string
- CORS_MISCONFIGURATION cors_with_credentials_http_origin
- CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
- CORS_MISCONFIGURATION_AUDIT cors_expose_sensitive_header
- CORS_MISCONFIGURATION_AUDIT cors_origin_string
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_http_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
- CSS_INJECTION none
- DOM_XSS none
- EXPLICIT_THIS_EXPECTED none
- EXPRESS_SESSION_UNSAFE_MEMORYSTORE express_session_unsafe_memorystore
- EXPRESS_WINSTON_SENSITIVE_LOGGING error_logger
- EXPRESS_WINSTON_SENSITIVE_LOGGING meta_data
- EXPRESS_WINSTON_SENSITIVE_LOGGING request_logger
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_fields
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_filesize
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_use_temp_files
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HEADER_INJECTION none
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_report_uri
- IDENTIFIER_TYPO none
- INSECURE_ACL insecure_acl
- INSECURE_COMMUNICATION insecure_connection
- INSECURE_COOKIE client_sessions_express_session
- INSECURE_COOKIE hapi_server_session
- INSECURE_RANDOM insecure_random_used
- INSECURE_RANDOM insecure_random_value
- INSECURE_REFERRER_POLICY insecure_referrer_policy
- LOCALSTORAGE_MANIPULATION none
- MULTER_MISCONFIGURATION multer_applied_globally
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_count
- MULTER_MISCONFIGURATION multer_misconfiguration_of_limits
- MULTER_MISCONFIGURATION multer_misconfiguration_of_storage
- NOSQL_QUERY_INJECTION none
- NO_EFFECT self_assign
- OS_CMD_INJECTION none
- REACT_DANGEROUS_INNERHTML react_set_unsafe_html
- REGEX_INJECTION none
- REVERSE_TABNABBING react_target_blank
- RISKY_CRYPTO ssl_protocol
- SA.RISKY_CRYPTO ssl_protocol
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SESSIONSTORAGE_MANIPULATION none
- SQLI none
- SQLI nosink
- SQLI sink
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
- TEMPLATE_INJECTION none
- UNLESS_CASE_SENSITIVE_ROUTE_MATCHING express_unless_case_sensitive_route_matching
- UNSAFE_BUFFER_METHOD unsafe_buffer_method
- UNSAFE_DESERIALIZATION none
- URL_MANIPULATION none
- VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
- WEAK_URL_SANITIZATION hostname_regular_expression
- WEAK_URL_SANITIZATION regular_expression_anchor
- WEAK_URL_SANITIZATION url_substring
- XML_EXTERNAL_ENTITY entity_expansion
- XSS none
|
- CALL_SUPER none
- CONFIG.MISSING_CUSTOM_ERROR_PAGE none
- DIVIDE_BY_ZERO float_divisor
- DIVIDE_BY_ZERO none
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HEADER_INJECTION none
- INSECURE_RANDOM insecure_random_used
- INSECURE_RANDOM insecure_random_value
- LDAP_INJECTION none
- LDAP_NOT_CONSTANT none
- LOCK_EVASION none
- LOG_INJECTION none
- OS_CMD_INJECTION command_argument
- OS_CMD_INJECTION executable_file
- OS_CMD_INJECTION none
- REGEX_INJECTION none
- RESOURCE_LEAK channel
- RESOURCE_LEAK database
- RESOURCE_LEAK exceptional_path
- RESOURCE_LEAK none
- RESOURCE_LEAK socket
- RESOURCE_LEAK stream
- RISKY_CRYPTO ssl_protocol
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
- SWAPPED_ARGUMENTS none
- UNSAFE_DESERIALIZATION none
- UNSAFE_NAMED_QUERY none
- XML_EXTERNAL_ENTITY entity_expansion
- XML_EXTERNAL_ENTITY unrestricted_dtds
- XML_INJECTION none
- XPATH_INJECTION none
- XSS none
- XSS stored_xss
|
| 845 The CERT Oracle Secure Coding Standard for Java (2011) Chapter 2 - Input Validation and Data Sanitization (IDS) |
- BAD_EQ referential
- HEADER_INJECTION none
- LDAP_INJECTION none
- LDAP_NOT_CONSTANT none
- LOG_INJECTION none
- NOSQL_QUERY_INJECTION none
- OS_CMD_INJECTION command_argument
- OS_CMD_INJECTION executable_file
- OS_CMD_INJECTION none
- REGEX_INJECTION none
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
- UNKNOWN_LANGUAGE_INJECTION none
- XML_EXTERNAL_ENTITY entity_expansion
- XML_EXTERNAL_ENTITY unrestricted_dtds
- XML_INJECTION none
- XPATH_INJECTION none
- XSS none
- XSS stored_xss
|
- BAD_COMPARE string_lit_comparison
- BUFFER_SIZE no_null_terminator
- BUFFER_SIZE no_null_terminator_warn
- FORMAT_STRING_INJECTION none
- FORMAT_STRING_INJECTION paranoid
- HEADER_INJECTION none
- OS_CMD_INJECTION none
- PW.NON_CONST_PRINTF_FORMAT_STRING none
- READLINK none
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SIZECHECK no_null_terminator
- SQLI none
- STRING_NULL none
- TAINTED_SCALAR allocation
- TAINTED_SCALAR array_index_read
- TAINTED_SCALAR array_index_write
- TAINTED_SCALAR critical_argument
- TAINTED_SCALAR divisor
- TAINTED_SCALAR loop_bound
- TAINTED_SCALAR none
- TAINTED_SCALAR pointer_deref_read
- TAINTED_SCALAR pointer_deref_write
- URL_MANIPULATION none
- XPATH_INJECTION none
|
- BAD_COMPARE string_lit_comparison
- BUFFER_SIZE no_null_terminator
- BUFFER_SIZE no_null_terminator_warn
- FORMAT_STRING_INJECTION none
- FORMAT_STRING_INJECTION paranoid
- HEADER_INJECTION none
- OS_CMD_INJECTION none
- PW.NON_CONST_PRINTF_FORMAT_STRING none
- READLINK none
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SIZECHECK no_null_terminator
- SQLI none
- STRING_NULL none
- TAINTED_SCALAR allocation
- TAINTED_SCALAR array_index_read
- TAINTED_SCALAR array_index_write
- TAINTED_SCALAR critical_argument
- TAINTED_SCALAR divisor
- TAINTED_SCALAR loop_bound
- TAINTED_SCALAR none
- TAINTED_SCALAR pointer_deref_read
- TAINTED_SCALAR pointer_deref_write
- URL_MANIPULATION none
- XPATH_INJECTION none
|
- HEADER_INJECTION none
- NOSQL_QUERY_INJECTION none
- OS_CMD_INJECTION command_as_one_string
- OS_CMD_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SQLI none
- SQLI nosink
- SQLI sink
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
- TEMPLATE_INJECTION none
- URL_MANIPULATION none
- XML_EXTERNAL_ENTITY entity_expansion
- XSS none
|
- CONFIG.MYBATIS_MAPPER_SQLI none
- CONFIG.SPRING_SECURITY_DEPRECATED_XSS_HEADER deprecated_xss_header
- CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
- EL_INJECTION none
- FB.EQ_ABSTRACT_SELF none
- FB.EQ_ALWAYS_FALSE none
- FB.EQ_ALWAYS_TRUE none
- FB.EQ_CHECK_FOR_OPERAND_NOT_COMPATIBLE_WITH_THIS none
- FB.EQ_COMPARETO_USE_OBJECT_EQUALS none
- FB.EQ_COMPARING_CLASS_NAMES none
- FB.EQ_DOESNT_OVERRIDE_EQUALS none
- FB.EQ_DONT_DEFINE_EQUALS_FOR_ENUM none
- FB.EQ_GETCLASS_AND_CLASS_CONSTANT none
- FB.EQ_OTHER_NO_OBJECT none
- FB.EQ_OTHER_USE_OBJECT none
- FB.EQ_OVERRIDING_EQUALS_NOT_SYMMETRIC none
- FB.EQ_SELF_NO_OBJECT none
- FB.EQ_SELF_USE_OBJECT none
- FB.EQ_UNUSUAL none
- FB.ES_COMPARING_PARAMETER_STRING_WITH_EQ none
- FB.ES_COMPARING_STRINGS_WITH_EQ none
- FB.HRS_REQUEST_PARAMETER_TO_COOKIE none
- FB.HRS_REQUEST_PARAMETER_TO_HTTP_HEADER none
- FB.RE_BAD_SYNTAX_FOR_REGULAR_EXPRESSION none
- FB.RE_CANT_USE_FILE_SEPARATOR_AS_REGULAR_EXPRESSION none
- FB.RE_POSSIBLE_UNINTENDED_PATTERN none
- FB.SQL_NONCONSTANT_STRING_PASSED_TO_EXECUTE none
- FB.SQL_PREPARED_STATEMENT_GENERATED_FROM_NONCONSTANT_STRING none
- FB.XSS_REQUEST_PARAMETER_TO_JSP_WRITER none
- FB.XSS_REQUEST_PARAMETER_TO_SEND_ERROR none
- FB.XSS_REQUEST_PARAMETER_TO_SERVLET_WRITER none
- HEADER_INJECTION none
- HIBERNATE_BAD_HASHCODE bad_equals
- INSECURE_HTTP_FIREWALL spring_security
- INSECURE_REMEMBER_ME_COOKIE remember_me_cookie
- JAVA_CODE_INJECTION none
- JCR_INJECTION none
- JSP_DYNAMIC_INCLUDE none
- JSP_SQL_INJECTION none
- LDAP_INJECTION none
- LDAP_NOT_CONSTANT none
- LOG_INJECTION none
- MISSING_HEADER_VALIDATION missing_header_validation
- NOSQL_QUERY_INJECTION none
- OGNL_INJECTION none
- OS_CMD_INJECTION command_as_array_of_args
- OS_CMD_INJECTION command_as_one_string
- OS_CMD_INJECTION none
- REGEX_CONFUSION none
- REGEX_INJECTION none
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
- UNKNOWN_LANGUAGE_INJECTION none
- URL_MANIPULATION bad_content_uri
- URL_MANIPULATION bad_intent_uri
- URL_MANIPULATION bad_web_uri
- XML_EXTERNAL_ENTITY entity_expansion
- XML_EXTERNAL_ENTITY unrestricted_dtds
- XML_INJECTION none
- XPATH_INJECTION none
- XSS none
- XSS stored_xss
|
- ANGULAR_BYPASS_SECURITY none
- ANGULAR_ELEMENT_REFERENCE none
- ANGULAR_EXPRESSION_INJECTION none
- ANGULAR_SCE_DISABLED angular_sce_disabled
- CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_intent_whitelist
- CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_navigation_whitelist
- CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_network_request_whitelist
- CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
- CSS_INJECTION none
- DOM_XSS none
- HEADER_INJECTION none
- INSECURE_COOKIE client_sessions_express_session
- INSECURE_COOKIE hapi_server_session
- LOCALSTORAGE_MANIPULATION none
- MULTER_MISCONFIGURATION multer_applied_globally
- NOSQL_QUERY_INJECTION none
- OS_CMD_INJECTION none
- REACT_DANGEROUS_INNERHTML react_set_unsafe_html
- REGEX_INJECTION none
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SESSIONSTORAGE_MANIPULATION none
- SQLI none
- SQLI nosink
- SQLI sink
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
- TEMPLATE_INJECTION none
- UNLESS_CASE_SENSITIVE_ROUTE_MATCHING express_unless_case_sensitive_route_matching
- URL_MANIPULATION none
- VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
- WEAK_URL_SANITIZATION hostname_regular_expression
- WEAK_URL_SANITIZATION regular_expression_anchor
- XML_EXTERNAL_ENTITY entity_expansion
- XSS none
|
- HEADER_INJECTION none
- OS_CMD_INJECTION command_as_array_of_args
- OS_CMD_INJECTION command_as_one_string
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SQLI none
- SQLI nosink
- SQLI sink
- URL_MANIPULATION bad_content_uri
- URL_MANIPULATION bad_intent_uri
- URL_MANIPULATION bad_web_uri
- XML_EXTERNAL_ENTITY entity_expansion
- XML_EXTERNAL_ENTITY unrestricted_dtds
|
- BAD_COMPARE string_lit_comparison
- BUFFER_SIZE no_null_terminator
- BUFFER_SIZE no_null_terminator_warn
- FORMAT_STRING_INJECTION none
- FORMAT_STRING_INJECTION paranoid
- HEADER_INJECTION none
- OS_CMD_INJECTION none
- READLINK none
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SIZECHECK no_null_terminator
- SQLI none
- STRING_NULL none
- TAINTED_SCALAR allocation
- TAINTED_SCALAR array_index_read
- TAINTED_SCALAR array_index_write
- TAINTED_SCALAR critical_argument
- TAINTED_SCALAR divisor
- TAINTED_SCALAR loop_bound
- TAINTED_SCALAR none
- TAINTED_SCALAR pointer_deref_read
- TAINTED_SCALAR pointer_deref_write
- URL_MANIPULATION none
- XPATH_INJECTION none
|
- HEADER_INJECTION none
- NOSQL_QUERY_INJECTION none
- OS_CMD_INJECTION none
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SQLI none
- SQLI nosink
- SQLI sink
- SYMFONY_EL_INJECTION none
- XSS none
|
- NOSQL_QUERY_INJECTION none
- OS_CMD_INJECTION none
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SQLI none
- SQLI nosink
- SQLI sink
- XSS none
|
- BLACKLIST_FOR_AUTHN auth_blacklist_med
- BLACKLIST_FOR_AUTHN csrf_blacklist_med
- DYNAMIC_OBJECT_ATTRIBUTES cve_2013_0276_hi
- DYNAMIC_OBJECT_ATTRIBUTES dangerous_attr_accessible_hi
- DYNAMIC_OBJECT_ATTRIBUTES dangerous_attr_accessible_low
- DYNAMIC_OBJECT_ATTRIBUTES dangerous_attr_accessible_med
- DYNAMIC_OBJECT_ATTRIBUTES dangerous_permit_key_hi
- DYNAMIC_OBJECT_ATTRIBUTES dangerous_permit_key_med
- OS_CMD_INJECTION command_injection_hi
- OS_CMD_INJECTION command_injection_med
- PATH_MANIPULATION dynamic_render_path_rce_hi
- REGEX_INJECTION regex_dos_hi
- REGEX_INJECTION regex_dos_low
- REGEX_INJECTION regex_dos_med
- REGEX_MISSING_ANCHOR validation_regex_hi
- RUBY_VULNERABLE_LIBRARY cve_2010_3933_hi
- RUBY_VULNERABLE_LIBRARY cve_2011_2930_med
- RUBY_VULNERABLE_LIBRARY cve_2011_2931_hi
- RUBY_VULNERABLE_LIBRARY cve_2011_2932_hi
- RUBY_VULNERABLE_LIBRARY cve_2011_3186_med
- RUBY_VULNERABLE_LIBRARY cve_2012_2660_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_2661_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_2695_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_3463_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_3465_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_5664_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_0155_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_1855_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_1857_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_4491_med
- RUBY_VULNERABLE_LIBRARY cve_2013_6416_call_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_6416_med
- RUBY_VULNERABLE_LIBRARY cve_2013_6417_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_0080_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_0081_call_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_0081_med
- RUBY_VULNERABLE_LIBRARY cve_2014_3482_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_3483_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_low
- RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_med
- RUBY_VULNERABLE_LIBRARY cve_2014_3514_med
- RUBY_VULNERABLE_LIBRARY cve_2015_3226_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_3226_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7576_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_7577_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7578_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_7578_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7579_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_7579_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7580_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_7580_med
- RUBY_VULNERABLE_LIBRARY cve_2016_6317_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_3741_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_3741_med
- RUBY_VULNERABLE_LIBRARY cve_2018_8048_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_8048_med
- RUBY_VULNERABLE_LIBRARY safe_buffer_vuln_med
- RUBY_VULNERABLE_LIBRARY select_options_vuln_low
- RUBY_VULNERABLE_LIBRARY select_options_vuln_med
- RUBY_VULNERABLE_LIBRARY translate_vuln_hi
- RUBY_VULNERABLE_LIBRARY translate_vuln_med
- SCRIPT_CODE_INJECTION code_eval_hi
- SCRIPT_CODE_INJECTION code_eval_low
- SQLI sql_injection_calculate_hi
- SQLI sql_injection_calculate_low
- SQLI sql_injection_calculate_med
- SQLI sql_injection_connection_hi
- SQLI sql_injection_connection_low
- SQLI sql_injection_connection_med
- SQLI sql_injection_delete_hi
- SQLI sql_injection_delete_low
- SQLI sql_injection_delete_med
- SQLI sql_injection_dynamic_finder_med
- SQLI sql_injection_exists_hi
- SQLI sql_injection_find_by_hi
- SQLI sql_injection_find_hi
- SQLI sql_injection_find_low
- SQLI sql_injection_find_med
- SQLI sql_injection_from_hi
- SQLI sql_injection_from_low
- SQLI sql_injection_from_med
- SQLI sql_injection_group_low
- SQLI sql_injection_group_med
- SQLI sql_injection_having_low
- SQLI sql_injection_having_med
- SQLI sql_injection_hi
- SQLI sql_injection_interp_hi
- SQLI sql_injection_interp_low
- SQLI sql_injection_interp_med
- SQLI sql_injection_joins_hi
- SQLI sql_injection_joins_low
- SQLI sql_injection_joins_med
- SQLI sql_injection_limit_offset_hi
- SQLI sql_injection_limit_offset_low
- SQLI sql_injection_low
- SQLI sql_injection_med
- SQLI sql_injection_not_low
- SQLI sql_injection_order_hi
- SQLI sql_injection_order_low
- SQLI sql_injection_order_med
- SQLI sql_injection_pluck_hi
- SQLI sql_injection_pluck_low
- SQLI sql_injection_pluck_med
- SQLI sql_injection_reorder_hi
- SQLI sql_injection_reorder_low
- SQLI sql_injection_reorder_med
- SQLI sql_injection_select_hi
- SQLI sql_injection_select_med
- SQLI sql_injection_where_hi
- SQLI sql_injection_where_low
- SQLI sql_injection_where_med
- UNESCAPED_HTML unescaped_output_low
- UNSAFE_BASIC_AUTH basic_auth_timing_attack_low
- XSS cross_site_scripting_hi
- XSS cross_site_scripting_inline_hi
- XSS cross_site_scripting_inline_med
- XSS cross_site_scripting_low
- XSS cross_site_scripting_med
- XSS cve_2011_0446_hi
- XSS cve_2012_3464_med
- XSS cve_2016_6316_hi
- XSS cve_2016_6316_med
- XSS unquoted_attribute_hi
- XSS unquoted_attribute_low
- XSS unquoted_attribute_med
- XSS xss_content_tag_hi
- XSS xss_content_tag_med
- XSS xss_link_to_hi
- XSS xss_link_to_href_hi
- XSS xss_link_to_href_low
- XSS xss_link_to_med
- XSS xss_to_json_hi
- XSS xss_to_json_med
|
|
- REGEX_INJECTION none
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SQLI none
- SQLI nosink
- SQLI sink
- XPATH_INJECTION none
|
- ANGULAR_BYPASS_SECURITY none
- ANGULAR_ELEMENT_REFERENCE none
- ANGULAR_EXPRESSION_INJECTION none
- ANGULAR_SCE_DISABLED angular_sce_disabled
- CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_intent_whitelist
- CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_navigation_whitelist
- CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_network_request_whitelist
- CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
- CSS_INJECTION none
- DOM_XSS none
- HEADER_INJECTION none
- INSECURE_COOKIE client_sessions_express_session
- INSECURE_COOKIE hapi_server_session
- LOCALSTORAGE_MANIPULATION none
- MULTER_MISCONFIGURATION multer_applied_globally
- NOSQL_QUERY_INJECTION none
- OS_CMD_INJECTION none
- REACT_DANGEROUS_INNERHTML react_set_unsafe_html
- REGEX_INJECTION none
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SESSIONSTORAGE_MANIPULATION none
- SQLI none
- SQLI nosink
- SQLI sink
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
- TEMPLATE_INJECTION none
- UNLESS_CASE_SENSITIVE_ROUTE_MATCHING express_unless_case_sensitive_route_matching
- URL_MANIPULATION none
- VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
- WEAK_URL_SANITIZATION hostname_regular_expression
- WEAK_URL_SANITIZATION regular_expression_anchor
- XML_EXTERNAL_ENTITY entity_expansion
- XSS none
|
- HEADER_INJECTION none
- LDAP_INJECTION none
- LDAP_NOT_CONSTANT none
- LOG_INJECTION none
- OS_CMD_INJECTION command_argument
- OS_CMD_INJECTION executable_file
- OS_CMD_INJECTION none
- REGEX_INJECTION none
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
- XML_EXTERNAL_ENTITY entity_expansion
- XML_EXTERNAL_ENTITY unrestricted_dtds
- XML_INJECTION none
- XPATH_INJECTION none
- XSS none
- XSS stored_xss
|
| 846 The CERT Oracle Secure Coding Standard for Java (2011) Chapter 3 - Declarations and Initialization (DCL) |
|
- NO_EFFECT bad_memset_fill_value
- NO_EFFECT bad_memset_zero_size
- NO_EFFECT self_assign
- PW.BRANCH_PAST_INITIALIZATION none
- TAINTED_SCALAR allocation
- UNINIT array_index_read
- UNINIT array_index_write
- UNINIT none
- UNINIT pointer_deref_read
- UNINIT pointer_deref_write
- UNINIT_CTOR none
- UNINIT_CTOR pointer
|
- NO_EFFECT bad_memset_fill_value
- NO_EFFECT bad_memset_zero_size
- NO_EFFECT self_assign
- PW.BRANCH_PAST_INITIALIZATION none
- TAINTED_SCALAR allocation
- UNINIT array_index_read
- UNINIT array_index_write
- UNINIT none
- UNINIT pointer_deref_read
- UNINIT pointer_deref_write
- UNINIT_CTOR none
- UNINIT_CTOR pointer
|
|
|
- EXPRESS_SESSION_UNSAFE_MEMORYSTORE express_session_unsafe_memorystore
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_count
- MULTER_MISCONFIGURATION multer_misconfiguration_of_limits
- NO_EFFECT self_assign
|
|
- NO_EFFECT bad_memset_fill_value
- NO_EFFECT bad_memset_zero_size
- NO_EFFECT self_assign
- TAINTED_SCALAR allocation
- UNINIT array_index_read
- UNINIT array_index_write
- UNINIT none
- UNINIT pointer_deref_read
- UNINIT pointer_deref_write
- UNINIT_CTOR none
- UNINIT_CTOR pointer
|
|
|
|
|
|
- EXPRESS_SESSION_UNSAFE_MEMORYSTORE express_session_unsafe_memorystore
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_count
- MULTER_MISCONFIGURATION multer_misconfiguration_of_limits
- NO_EFFECT self_assign
|
|
| 847 The CERT Oracle Secure Coding Standard for Java (2011) Chapter 4 - Expressions (EXP) |
|
- BAD_COMPARE string_lit_comparison
- CHECKED_RETURN library_function
- CHECKED_RETURN none
- CHECKED_RETURN returns_error_info
- CHECKED_RETURN short_read
- CHECKED_RETURN unchecked_arg
- CHECKED_RETURN user_required
|
- BAD_COMPARE string_lit_comparison
- CHECKED_RETURN library_function
- CHECKED_RETURN none
- CHECKED_RETURN returns_error_info
- CHECKED_RETURN short_read
- CHECKED_RETURN unchecked_arg
- CHECKED_RETURN user_required
|
- CHECKED_RETURN none
- CHECKED_RETURN unchecked_arg
|
- CHECKED_RETURN library_function
- CHECKED_RETURN none
- CHECKED_RETURN short_read
- CHECKED_RETURN user_required
- FB.EQ_ABSTRACT_SELF none
- FB.EQ_ALWAYS_FALSE none
- FB.EQ_ALWAYS_TRUE none
- FB.EQ_CHECK_FOR_OPERAND_NOT_COMPATIBLE_WITH_THIS none
- FB.EQ_COMPARETO_USE_OBJECT_EQUALS none
- FB.EQ_COMPARING_CLASS_NAMES none
- FB.EQ_DOESNT_OVERRIDE_EQUALS none
- FB.EQ_DONT_DEFINE_EQUALS_FOR_ENUM none
- FB.EQ_GETCLASS_AND_CLASS_CONSTANT none
- FB.EQ_OTHER_NO_OBJECT none
- FB.EQ_OTHER_USE_OBJECT none
- FB.EQ_OVERRIDING_EQUALS_NOT_SYMMETRIC none
- FB.EQ_SELF_NO_OBJECT none
- FB.EQ_SELF_USE_OBJECT none
- FB.EQ_UNUSUAL none
- FB.ES_COMPARING_PARAMETER_STRING_WITH_EQ none
- FB.ES_COMPARING_STRINGS_WITH_EQ none
|
|
|
- BAD_COMPARE string_lit_comparison
- CHECKED_RETURN library_function
- CHECKED_RETURN none
- CHECKED_RETURN short_read
- CHECKED_RETURN unchecked_arg
- CHECKED_RETURN user_required
|
|
|
|
|
|
|
|
| 848 The CERT Oracle Secure Coding Standard for Java (2011) Chapter 5 - Numeric Types and Operations (NUM) |
- DIVIDE_BY_ZERO float_divisor
- DIVIDE_BY_ZERO none
|
- CHAR_IO none
- DIVIDE_BY_ZERO float_divisor
- DIVIDE_BY_ZERO none
- MISRA_CAST bitwise_op_bad_cast
- MISRA_CAST bitwise_op_no_cast
- MISRA_CAST float_complex_conversion
- MISRA_CAST float_narrowing_conversion
- MISRA_CAST float_non_constant_arg_conversion
- MISRA_CAST float_non_constant_conversion
- MISRA_CAST float_non_constant_rtn_conversion
- MISRA_CAST float_to_integer_cast
- MISRA_CAST float_to_integer_conversion
- MISRA_CAST float_widening_cast
- MISRA_CAST integer_complex_conversion
- MISRA_CAST integer_narrowing_conversion
- MISRA_CAST integer_non_constant_arg_conversion
- MISRA_CAST integer_non_constant_conversion
- MISRA_CAST integer_non_constant_rtn_conversion
- MISRA_CAST integer_signedness_changing_cast
- MISRA_CAST integer_signedness_changing_conversion
- MISRA_CAST integer_to_float_cast
- MISRA_CAST integer_to_float_conversion
- MISRA_CAST integer_widening_cast
- MISRA_CAST none
- NO_EFFECT bad_memset_truncated_fill
- PW.DIVIDE_BY_ZERO none
- SIGN_EXTENSION none
- TAINTED_SCALAR divisor
- Y2K38_SAFETY declaration_with_small_time_t
- Y2K38_SAFETY truncation_of_time_t
|
- CHAR_IO none
- DIVIDE_BY_ZERO float_divisor
- DIVIDE_BY_ZERO none
- MISRA_CAST bitwise_op_bad_cast
- MISRA_CAST bitwise_op_no_cast
- MISRA_CAST float_complex_conversion
- MISRA_CAST float_narrowing_conversion
- MISRA_CAST float_non_constant_arg_conversion
- MISRA_CAST float_non_constant_conversion
- MISRA_CAST float_non_constant_rtn_conversion
- MISRA_CAST float_to_integer_cast
- MISRA_CAST float_to_integer_conversion
- MISRA_CAST float_widening_cast
- MISRA_CAST integer_complex_conversion
- MISRA_CAST integer_narrowing_conversion
- MISRA_CAST integer_non_constant_arg_conversion
- MISRA_CAST integer_non_constant_conversion
- MISRA_CAST integer_non_constant_rtn_conversion
- MISRA_CAST integer_signedness_changing_cast
- MISRA_CAST integer_signedness_changing_conversion
- MISRA_CAST integer_to_float_cast
- MISRA_CAST integer_to_float_conversion
- MISRA_CAST integer_widening_cast
- MISRA_CAST none
- NO_EFFECT bad_memset_truncated_fill
- PW.DIVIDE_BY_ZERO none
- SIGN_EXTENSION none
- TAINTED_SCALAR divisor
|
- DIVIDE_BY_ZERO float_divisor
- DIVIDE_BY_ZERO none
|
- DIVIDE_BY_ZERO float_divisor
- DIVIDE_BY_ZERO none
- FB.BX_BOXING_IMMEDIATELY_UNBOXED_TO_PERFORM_COERCION none
- FB.ICAST_BAD_SHIFT_AMOUNT none
- FB.ICAST_IDIV_CAST_TO_DOUBLE none
- FB.ICAST_INTEGER_MULTIPLY_CAST_TO_LONG none
- FB.ICAST_INT_2_LONG_AS_INSTANT none
- FB.ICAST_INT_CAST_TO_DOUBLE_PASSED_TO_CEIL none
- FB.ICAST_INT_CAST_TO_FLOAT_PASSED_TO_ROUND none
- FB.ICAST_QUESTIONABLE_UNSIGNED_RIGHT_SHIFT none
|
|
|
- CHAR_IO none
- DIVIDE_BY_ZERO float_divisor
- DIVIDE_BY_ZERO none
- MISRA_CAST bitwise_op_bad_cast
- MISRA_CAST bitwise_op_no_cast
- MISRA_CAST float_complex_conversion
- MISRA_CAST float_narrowing_conversion
- MISRA_CAST float_non_constant_arg_conversion
- MISRA_CAST float_non_constant_conversion
- MISRA_CAST float_non_constant_rtn_conversion
- MISRA_CAST float_to_integer_cast
- MISRA_CAST float_to_integer_conversion
- MISRA_CAST float_widening_cast
- MISRA_CAST integer_complex_conversion
- MISRA_CAST integer_narrowing_conversion
- MISRA_CAST integer_non_constant_arg_conversion
- MISRA_CAST integer_non_constant_conversion
- MISRA_CAST integer_non_constant_rtn_conversion
- MISRA_CAST integer_signedness_changing_cast
- MISRA_CAST integer_signedness_changing_conversion
- MISRA_CAST integer_to_float_cast
- MISRA_CAST integer_to_float_conversion
- MISRA_CAST integer_widening_cast
- MISRA_CAST none
- NO_EFFECT bad_memset_truncated_fill
- SIGN_EXTENSION none
- TAINTED_SCALAR divisor
|
|
|
- DIVIDE_BY_ZERO divide_by_zero_low
- DIVIDE_BY_ZERO divide_by_zero_med
|
|
|
|
- DIVIDE_BY_ZERO float_divisor
- DIVIDE_BY_ZERO none
|
| 849 The CERT Oracle Secure Coding Standard for Java (2011) Chapter 6 - Object Orientation (OBJ) |
|
|
|
|
- FB.EI_EXPOSE_REP none
- FB.EI_EXPOSE_REP2 none
- FB.MS_CANNOT_BE_FINAL none
|
|
|
|
|
|
|
|
|
|
|
| 850 The CERT Oracle Secure Coding Standard for Java (2011) Chapter 7 - Methods (MET) |
- CALL_SUPER none
- MISSING_RESTORE likely
- MISSING_RESTORE none
- MISSING_RESTORE possible
- SWAPPED_ARGUMENTS none
|
- BAD_COMPARE comparator_misuse
- BAD_COMPARE none
- CHECKED_RETURN library_function
- CHECKED_RETURN none
- CHECKED_RETURN returns_error_info
- CHECKED_RETURN short_read
- CHECKED_RETURN unchecked_arg
- CHECKED_RETURN user_required
- CHROOT none
- COM.BSTR.ALLOC double_free
- INVALIDATE_ITERATOR none
- LOCK double_lock
- LOCK lock_assert
- MISSING_RESTORE likely
- MISSING_RESTORE none
- MISSING_RESTORE possible
- NEGATIVE_RETURNS critical_argument
- OPEN_ARGS none
- PRINTF_ARGS extra_printf_arg
- PRINTF_ARGS invalid_printf_format_string
- PRINTF_ARGS invalid_type_printf_arg
- PRINTF_ARGS missing_printf_arg
- PW.BAD_PRINTF_FORMAT_STRING none
- PW.TOO_FEW_PRINTF_ARGS none
- PW.TOO_MANY_PRINTF_ARGS none
- SWAPPED_ARGUMENTS none
- USE_AFTER_FREE double_free
- VARARGS none
|
- BAD_COMPARE comparator_misuse
- BAD_COMPARE none
- CHECKED_RETURN library_function
- CHECKED_RETURN none
- CHECKED_RETURN returns_error_info
- CHECKED_RETURN short_read
- CHECKED_RETURN unchecked_arg
- CHECKED_RETURN user_required
- CHROOT none
- INVALIDATE_ITERATOR none
- LOCK double_lock
- LOCK lock_assert
- MISSING_RESTORE likely
- MISSING_RESTORE none
- MISSING_RESTORE possible
- NEGATIVE_RETURNS critical_argument
- OPEN_ARGS none
- PRINTF_ARGS extra_printf_arg
- PRINTF_ARGS invalid_printf_format_string
- PRINTF_ARGS invalid_type_printf_arg
- PRINTF_ARGS missing_printf_arg
- PW.BAD_PRINTF_FORMAT_STRING none
- PW.TOO_FEW_PRINTF_ARGS none
- PW.TOO_MANY_PRINTF_ARGS none
- SWAPPED_ARGUMENTS none
- USE_AFTER_FREE double_free
- VARARGS none
|
- CHECKED_RETURN none
- CHECKED_RETURN unchecked_arg
- LOCK double_lock
- LOCK lock_assert
|
- ATTRIBUTE_NAME_CONFLICT jsp_tag
- BAD_CERT_VERIFICATION bad_trust_manager
- CALL_SUPER clone
- CALL_SUPER finalize
- CALL_SUPER none
- CHECKED_RETURN library_function
- CHECKED_RETURN none
- CHECKED_RETURN short_read
- CHECKED_RETURN user_required
- FB.CN_IDIOM none
- FB.CN_IDIOM_NO_SUPER_CALL none
- FB.CN_IMPLEMENTS_CLONE_BUT_NOT_CLONEABLE none
- FB.FI_EMPTY none
- FB.FI_EXPLICIT_INVOCATION none
- FB.FI_FINALIZER_NULLS_FIELDS none
- FB.FI_FINALIZER_ONLY_NULLS_FIELDS none
- FB.FI_MISSING_SUPER_CALL none
- FB.FI_NULLIFY_SUPER none
- FB.FI_PUBLIC_SHOULD_BE_PROTECTED none
- FB.FI_USELESS none
- FB.J2EE_STORE_OF_NON_SERIALIZABLE_OBJECT_INTO_SESSION none
- FB.RV_RETURN_VALUE_IGNORED_BAD_PRACTICE none
- INVALIDATE_ITERATOR map_put
- INVALIDATE_ITERATOR none
- MISSING_RESTORE likely
- MISSING_RESTORE none
- MISSING_RESTORE possible
- ORM_LOAD_NULL_CHECK none
- SWAPPED_ARGUMENTS none
|
- EXPLICIT_THIS_EXPECTED none
- IDENTIFIER_TYPO none
|
- BAD_CERT_VERIFICATION bad_trust_manager
|
- BAD_COMPARE comparator_misuse
- BAD_COMPARE none
- CHECKED_RETURN library_function
- CHECKED_RETURN none
- CHECKED_RETURN short_read
- CHECKED_RETURN unchecked_arg
- CHECKED_RETURN user_required
- CHROOT none
- INVALIDATE_ITERATOR none
- LOCK double_lock
- LOCK lock_assert
- MISSING_RESTORE likely
- MISSING_RESTORE none
- MISSING_RESTORE possible
- NEGATIVE_RETURNS critical_argument
- OPEN_ARGS none
- PRINTF_ARGS extra_printf_arg
- PRINTF_ARGS invalid_printf_format_string
- PRINTF_ARGS invalid_type_printf_arg
- PRINTF_ARGS missing_printf_arg
- SWAPPED_ARGUMENTS none
- USE_AFTER_FREE double_free
- VARARGS none
|
|
|
|
|
- BAD_CERT_VERIFICATION bad_trust_manager
|
- EXPLICIT_THIS_EXPECTED none
- IDENTIFIER_TYPO none
|
- CALL_SUPER none
- SWAPPED_ARGUMENTS none
|
| 851 The CERT Oracle Secure Coding Standard for Java (2011) Chapter 8 - Exceptional Behavior (ERR) |
- CONFIG.MISSING_CUSTOM_ERROR_PAGE none
- MISSING_THROW none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
|
- AUTOSAR C++14 A15-3-3 none
- BAD_COMPARE comparator_misuse
- CHECKED_RETURN library_function
- CHECKED_RETURN none
- CHECKED_RETURN returns_error_info
- CHECKED_RETURN short_read
- CHECKED_RETURN unchecked_arg
- CHECKED_RETURN user_required
- MISRA C++-2008 Rule 15-3-2 none
- NEGATIVE_RETURNS none
- REVERSE_NEGATIVE none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- TAINTED_SCALAR allocation
- TAINTED_SCALAR array_index_read
- TAINTED_SCALAR array_index_write
- TAINTED_SCALAR critical_argument
- TAINTED_SCALAR divisor
- TAINTED_SCALAR loop_bound
- TAINTED_SCALAR none
- TAINTED_SCALAR pointer_deref_read
- TAINTED_SCALAR pointer_deref_write
- UNCAUGHT_EXCEPT none
|
- AUTOSAR C++14 A15-3-3 none
- BAD_COMPARE comparator_misuse
- CHECKED_RETURN library_function
- CHECKED_RETURN none
- CHECKED_RETURN returns_error_info
- CHECKED_RETURN short_read
- CHECKED_RETURN unchecked_arg
- CHECKED_RETURN user_required
- MISRA C++-2008 Rule 15-3-2 none
- NEGATIVE_RETURNS none
- REVERSE_NEGATIVE none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- TAINTED_SCALAR allocation
- TAINTED_SCALAR array_index_read
- TAINTED_SCALAR array_index_write
- TAINTED_SCALAR critical_argument
- TAINTED_SCALAR divisor
- TAINTED_SCALAR loop_bound
- TAINTED_SCALAR none
- TAINTED_SCALAR pointer_deref_read
- TAINTED_SCALAR pointer_deref_write
- UNCAUGHT_EXCEPT none
|
- CHECKED_RETURN none
- CHECKED_RETURN unchecked_arg
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
|
- CHECKED_RETURN library_function
- CHECKED_RETURN none
- CHECKED_RETURN short_read
- CHECKED_RETURN user_required
- CONFIG.MISSING_GLOBAL_EXCEPTION_HANDLER none
- CONFIG.SPRING_BOOT_SENSITIVE_LOGGING spring_boot_logging
- FB.DE_MIGHT_DROP none
- FB.DE_MIGHT_IGNORE none
- FB.DM_EXIT none
- FB.REC_CATCH_EXCEPTION none
- FB.RV_RETURN_VALUE_IGNORED_BAD_PRACTICE none
- MISSING_THROW none
- ORM_LOAD_NULL_CHECK none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- VERBOSE_ERROR_REPORTING exception_information
- VERBOSE_ERROR_REPORTING stack_trace
|
- CONFIG.MISSING_GLOBAL_EXCEPTION_HANDLER winston_exception_handling
- CONFIG.SEQUELIZE_ENABLED_LOGGING sequelize_logging_enabled
- EXPRESS_WINSTON_SENSITIVE_LOGGING error_logger
- EXPRESS_WINSTON_SENSITIVE_LOGGING meta_data
- EXPRESS_WINSTON_SENSITIVE_LOGGING request_logger
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
|
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
|
- BAD_COMPARE comparator_misuse
- CHECKED_RETURN library_function
- CHECKED_RETURN none
- CHECKED_RETURN short_read
- CHECKED_RETURN unchecked_arg
- CHECKED_RETURN user_required
- NEGATIVE_RETURNS none
- REVERSE_NEGATIVE none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- TAINTED_SCALAR allocation
- TAINTED_SCALAR array_index_read
- TAINTED_SCALAR array_index_write
- TAINTED_SCALAR critical_argument
- TAINTED_SCALAR divisor
- TAINTED_SCALAR loop_bound
- TAINTED_SCALAR none
- TAINTED_SCALAR pointer_deref_read
- TAINTED_SCALAR pointer_deref_write
- UNCAUGHT_EXCEPT none
|
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
|
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
|
- SENSITIVE_DATA_LEAK detailed_exceptions_hi
- SENSITIVE_DATA_LEAK detailed_exceptions_med
|
|
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- UNEXPECTED_CONTROL_FLOW ignored_exception_to_optional
|
- CONFIG.MISSING_GLOBAL_EXCEPTION_HANDLER winston_exception_handling
- CONFIG.SEQUELIZE_ENABLED_LOGGING sequelize_logging_enabled
- EXPRESS_WINSTON_SENSITIVE_LOGGING error_logger
- EXPRESS_WINSTON_SENSITIVE_LOGGING meta_data
- EXPRESS_WINSTON_SENSITIVE_LOGGING request_logger
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
|
- CONFIG.MISSING_CUSTOM_ERROR_PAGE none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
|
| 852 The CERT Oracle Secure Coding Standard for Java (2011) Chapter 9 - Visibility and Atomicity (VNA) |
- BAD_LOCK_OBJECT boxed_lock
- BAD_LOCK_OBJECT interned_string_lock
- BAD_LOCK_OBJECT none
- BAD_LOCK_OBJECT single_thread_lock
- BAD_LOCK_OBJECT unsafe_assign_to_locked_field
- GUARDED_BY_VIOLATION none
- LOCK_EVASION none
- LOCK_INVERSION none
- NON_STATIC_GUARDING_STATIC none
- VOLATILE_ATOMICITY compare
- VOLATILE_ATOMICITY none
- VOLATILE_ATOMICITY semantic
- VOLATILE_ATOMICITY threshold
|
- ATOMICITY none
- LOCK double_lock
- LOCK missing_unlock
- LOCK none
- MISSING_LOCK none
- ORDER_REVERSAL none
- SLEEP none
- TOCTOU none
|
- ATOMICITY none
- LOCK double_lock
- LOCK missing_unlock
- LOCK none
- MISSING_LOCK none
- ORDER_REVERSAL none
- SLEEP none
- TOCTOU none
|
- ATOMICITY none
- GUARDED_BY_VIOLATION none
- LOCK double_lock
- LOCK missing_unlock
- LOCK none
- LOCK_INVERSION none
- SLEEP none
|
- ATOMICITY none
- BAD_LOCK_OBJECT boxed_lock
- BAD_LOCK_OBJECT interned_string_lock
- BAD_LOCK_OBJECT none
- BAD_LOCK_OBJECT single_thread_lock
- BAD_LOCK_OBJECT unsafe_assign_to_locked_field
- DC.DEADLOCK none
- FB.DC_DOUBLECHECK none
- FB.DC_PARTIALLY_CONSTRUCTED none
- FB.IS2_INCONSISTENT_SYNC none
- FB.IS_FIELD_NOT_GUARDED none
- FB.IS_INCONSISTENT_SYNC none
- FB.LI_LAZY_INIT_STATIC none
- FB.LI_LAZY_INIT_UPDATE_STATIC none
- FB.RU_INVOKE_RUN none
- FB.STCAL_INVOKE_ON_STATIC_CALENDAR_INSTANCE none
- FB.STCAL_INVOKE_ON_STATIC_DATE_FORMAT_INSTANCE none
- FB.STCAL_STATIC_CALENDAR_INSTANCE none
- FB.STCAL_STATIC_SIMPLE_DATE_FORMAT_INSTANCE none
- GUARDED_BY_VIOLATION none
- GUARDED_BY_VIOLATION unlocked_read
- GUARDED_BY_VIOLATION unlocked_write
- LOCK_EVASION none
- LOCK_INVERSION none
- NON_STATIC_GUARDING_STATIC none
- SERVLET_ATOMICITY attribute_init_race
- SERVLET_ATOMICITY none
- SERVLET_ATOMICITY violation_on_session_object
- SINGLETON_RACE none
- VOLATILE_ATOMICITY compare
- VOLATILE_ATOMICITY none
- VOLATILE_ATOMICITY semantic
- VOLATILE_ATOMICITY threshold
|
|
|
- ATOMICITY none
- LOCK double_lock
- LOCK missing_unlock
- LOCK none
- MISSING_LOCK none
- ORDER_REVERSAL none
- SLEEP none
- TOCTOU none
|
|
|
|
|
|
|
|
| 853 The CERT Oracle Secure Coding Standard for Java (2011) Chapter 10 - Locking (LCK) |
- BAD_LOCK_OBJECT boxed_lock
- BAD_LOCK_OBJECT interned_string_lock
- BAD_LOCK_OBJECT none
- BAD_LOCK_OBJECT single_thread_lock
- BAD_LOCK_OBJECT unsafe_assign_to_locked_field
- GUARDED_BY_VIOLATION none
- LOCK_EVASION none
- LOCK_INVERSION none
- NON_STATIC_GUARDING_STATIC none
|
- LOCK double_lock
- LOCK missing_unlock
- LOCK none
- MISSING_LOCK none
- ORDER_REVERSAL none
- SLEEP none
|
- LOCK double_lock
- LOCK missing_unlock
- LOCK none
- MISSING_LOCK none
- ORDER_REVERSAL none
- SLEEP none
|
- GUARDED_BY_VIOLATION none
- LOCK double_lock
- LOCK missing_unlock
- LOCK none
- LOCK_INVERSION none
- SLEEP none
|
- BAD_LOCK_OBJECT boxed_lock
- BAD_LOCK_OBJECT interned_string_lock
- BAD_LOCK_OBJECT none
- BAD_LOCK_OBJECT single_thread_lock
- BAD_LOCK_OBJECT unsafe_assign_to_locked_field
- DC.DEADLOCK none
- FB.DC_DOUBLECHECK none
- FB.DC_PARTIALLY_CONSTRUCTED none
- FB.LI_LAZY_INIT_STATIC none
- FB.LI_LAZY_INIT_UPDATE_STATIC none
- GUARDED_BY_VIOLATION none
- GUARDED_BY_VIOLATION unlocked_read
- GUARDED_BY_VIOLATION unlocked_write
- LOCK_EVASION none
- LOCK_INVERSION none
- NON_STATIC_GUARDING_STATIC none
- SERVLET_ATOMICITY attribute_init_race
- SERVLET_ATOMICITY none
- SERVLET_ATOMICITY violation_on_session_object
- SINGLETON_RACE none
|
|
|
- LOCK double_lock
- LOCK missing_unlock
- LOCK none
- MISSING_LOCK none
- ORDER_REVERSAL none
- SLEEP none
|
|
|
|
|
|
|
|
| 854 The CERT Oracle Secure Coding Standard for Java (2011) Chapter 11 - Thread APIs (THI) |
|
|
|
|
- FB.DM_EXIT none
- FB.REC_CATCH_EXCEPTION none
- FB.RU_INVOKE_RUN none
|
|
|
|
|
|
|
|
|
|
|
| 855 The CERT Oracle Secure Coding Standard for Java (2011) Chapter 12 - Thread Pools (TPS) |
- XML_EXTERNAL_ENTITY entity_expansion
- XML_EXTERNAL_ENTITY unrestricted_dtds
|
|
|
- XML_EXTERNAL_ENTITY entity_expansion
|
- XML_EXTERNAL_ENTITY entity_expansion
- XML_EXTERNAL_ENTITY unrestricted_dtds
|
- XML_EXTERNAL_ENTITY entity_expansion
|
- XML_EXTERNAL_ENTITY entity_expansion
- XML_EXTERNAL_ENTITY unrestricted_dtds
|
|
|
|
|
|
|
- XML_EXTERNAL_ENTITY entity_expansion
|
- XML_EXTERNAL_ENTITY entity_expansion
- XML_EXTERNAL_ENTITY unrestricted_dtds
|
| 856 The CERT Oracle Secure Coding Standard for Java (2011) Chapter 13 - Thread-Safety Miscellaneous (TSM) |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 857 The CERT Oracle Secure Coding Standard for Java (2011) Chapter 14 - Input Output (FIO) |
- INSECURE_COOKIE dotnet
- RESOURCE_LEAK channel
- RESOURCE_LEAK database
- RESOURCE_LEAK exceptional_path
- RESOURCE_LEAK none
- RESOURCE_LEAK socket
- RESOURCE_LEAK stream
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- XML_EXTERNAL_ENTITY entity_expansion
- XML_EXTERNAL_ENTITY unrestricted_dtds
|
- ALLOC_FREE_MISMATCH none
- BAD_FREE address
- BAD_FREE alloca
- BAD_FREE array
- BAD_FREE first_field_address
- BAD_FREE function_pointer
- BAD_FREE none
- COM.ADDROF_LEAK none
- COM.BAD_FREE none
- COM.BSTR.ALLOC leak
- COM.BSTR.CONV none
- CTOR_DTOR_LEAK none
- DELETE_ARRAY non_array_delete
- DELETE_ARRAY none
- DELETE_ARRAY object
- DELETE_ARRAY scalar
- NO_EFFECT incomplete_delete
- RESOURCE_LEAK exceptional_path
- RESOURCE_LEAK fds_handles
- RESOURCE_LEAK none
- SECURE_TEMP none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- TAINTED_SCALAR allocation
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- VIRTUAL_DTOR empty_dtor
- VIRTUAL_DTOR none
|
- ALLOC_FREE_MISMATCH none
- BAD_FREE address
- BAD_FREE alloca
- BAD_FREE array
- BAD_FREE first_field_address
- BAD_FREE function_pointer
- BAD_FREE none
- CTOR_DTOR_LEAK none
- DELETE_ARRAY non_array_delete
- DELETE_ARRAY none
- DELETE_ARRAY object
- DELETE_ARRAY scalar
- NO_EFFECT incomplete_delete
- RESOURCE_LEAK exceptional_path
- RESOURCE_LEAK fds_handles
- RESOURCE_LEAK none
- SECURE_TEMP none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- TAINTED_SCALAR allocation
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- VIRTUAL_DTOR empty_dtor
- VIRTUAL_DTOR none
|
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- XML_EXTERNAL_ENTITY entity_expansion
|
- BAD_CERT_VERIFICATION bad_revocation_check
- CALL_SUPER finalize
- CONFIG.SPRING_BOOT_SENSITIVE_LOGGING spring_boot_logging
- CONFIG.SPRING_BOOT_SSL_DISABLED spring_boot_ssl_disabled
- CONFIG.SPRING_SECURITY_EXPOSED_SESSIONID session_id_in_url
- CONFIG.SPRING_SECURITY_LOGIN_OVER_HTTP spring_security_login_over_http
- CONFIG.SPRING_SECURITY_UNSAFE_AUTHENTICATION_FILTER authentication_filter
- CORS_MISCONFIGURATION_AUDIT cors_expose_sensitive_header
- DISABLED_ENCRYPTION text_encryptor
- INSECURE_COMMUNICATION insecure_communication
- INSECURE_COMMUNICATION unencrypted_connection
- RESOURCE_LEAK exceptional_path
- RESOURCE_LEAK none
- RESOURCE_LEAK socket
- RESOURCE_LEAK stream
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_clipboard
- SENSITIVE_DATA_LEAK cleartext_storage_in_content_provider
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_intent
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- VERBOSE_ERROR_REPORTING exception_information
- VERBOSE_ERROR_REPORTING stack_trace
- XML_EXTERNAL_ENTITY entity_expansion
- XML_EXTERNAL_ENTITY unrestricted_dtds
|
- AWS_SSL_DISABLED aws_ssl_disabled
- CONFIG.SEQUELIZE_ENABLED_LOGGING sequelize_logging_enabled
- CORS_MISCONFIGURATION cors_configured_globally
- CORS_MISCONFIGURATION cors_origin_string
- CORS_MISCONFIGURATION_AUDIT cors_expose_sensitive_header
- CORS_MISCONFIGURATION_AUDIT cors_origin_string
- EXPRESS_SESSION_UNSAFE_MEMORYSTORE express_session_unsafe_memorystore
- EXPRESS_WINSTON_SENSITIVE_LOGGING error_logger
- EXPRESS_WINSTON_SENSITIVE_LOGGING meta_data
- EXPRESS_WINSTON_SENSITIVE_LOGGING request_logger
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_report_uri
- INSECURE_ACL insecure_acl
- INSECURE_COMMUNICATION insecure_connection
- INSECURE_COOKIE client_sessions_express_session
- INSECURE_COOKIE hapi_server_session
- INSECURE_REFERRER_POLICY insecure_referrer_policy
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_count
- MULTER_MISCONFIGURATION multer_misconfiguration_of_limits
- REVERSE_TABNABBING react_target_blank
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNSAFE_BUFFER_METHOD unsafe_buffer_method
- XML_EXTERNAL_ENTITY entity_expansion
|
- BAD_CERT_VERIFICATION bad_revocation_check
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_clipboard
- SENSITIVE_DATA_LEAK cleartext_storage_in_content_provider
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_intent
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- XML_EXTERNAL_ENTITY entity_expansion
- XML_EXTERNAL_ENTITY unrestricted_dtds
|
- ALLOC_FREE_MISMATCH none
- BAD_FREE address
- BAD_FREE alloca
- BAD_FREE array
- BAD_FREE first_field_address
- BAD_FREE function_pointer
- BAD_FREE none
- CTOR_DTOR_LEAK none
- DELETE_ARRAY non_array_delete
- DELETE_ARRAY none
- DELETE_ARRAY object
- DELETE_ARRAY scalar
- NO_EFFECT incomplete_delete
- RESOURCE_LEAK exceptional_path
- RESOURCE_LEAK fds_handles
- RESOURCE_LEAK none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- TAINTED_SCALAR allocation
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- VIRTUAL_DTOR empty_dtor
- VIRTUAL_DTOR none
|
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
|
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
|
- INSECURE_COOKIE missing_httponly_low
- RAILS_DEVISE_CONFIG devise_reset_timeout_hi
- RESOURCE_LEAK unsafe_symbol_creation_low
- SENSITIVE_DATA_LEAK detailed_exceptions_hi
- SENSITIVE_DATA_LEAK detailed_exceptions_med
- SENSITIVE_DATA_LEAK local_request_config_hi
- UNSAFE_SESSION_SETTING http_cookies_hi
|
|
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
|
- AWS_SSL_DISABLED aws_ssl_disabled
- CONFIG.SEQUELIZE_ENABLED_LOGGING sequelize_logging_enabled
- CORS_MISCONFIGURATION cors_configured_globally
- CORS_MISCONFIGURATION cors_origin_string
- CORS_MISCONFIGURATION_AUDIT cors_expose_sensitive_header
- CORS_MISCONFIGURATION_AUDIT cors_origin_string
- EXPRESS_SESSION_UNSAFE_MEMORYSTORE express_session_unsafe_memorystore
- EXPRESS_WINSTON_SENSITIVE_LOGGING error_logger
- EXPRESS_WINSTON_SENSITIVE_LOGGING meta_data
- EXPRESS_WINSTON_SENSITIVE_LOGGING request_logger
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_report_uri
- INSECURE_ACL insecure_acl
- INSECURE_COMMUNICATION insecure_connection
- INSECURE_COOKIE client_sessions_express_session
- INSECURE_COOKIE hapi_server_session
- INSECURE_REFERRER_POLICY insecure_referrer_policy
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_count
- MULTER_MISCONFIGURATION multer_misconfiguration_of_limits
- REVERSE_TABNABBING react_target_blank
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNSAFE_BUFFER_METHOD unsafe_buffer_method
- XML_EXTERNAL_ENTITY entity_expansion
|
- RESOURCE_LEAK channel
- RESOURCE_LEAK database
- RESOURCE_LEAK exceptional_path
- RESOURCE_LEAK none
- RESOURCE_LEAK socket
- RESOURCE_LEAK stream
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- XML_EXTERNAL_ENTITY entity_expansion
- XML_EXTERNAL_ENTITY unrestricted_dtds
|
| 858 The CERT Oracle Secure Coding Standard for Java (2011) Chapter 15 - Serialization (SER) |
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- UNSAFE_DESERIALIZATION none
|
- COM.ADDROF_LEAK none
- COM.BSTR.ALLOC leak
- CTOR_DTOR_LEAK none
- NO_EFFECT incomplete_delete
- RESOURCE_LEAK fds_handles
- SENSITIVE_DATA_LEAK cleartext_transmission
- STACK_USE none
- TAINTED_SCALAR allocation
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- VIRTUAL_DTOR empty_dtor
- VIRTUAL_DTOR none
|
- CTOR_DTOR_LEAK none
- NO_EFFECT incomplete_delete
- RESOURCE_LEAK fds_handles
- SENSITIVE_DATA_LEAK cleartext_transmission
- STACK_USE none
- TAINTED_SCALAR allocation
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- VIRTUAL_DTOR empty_dtor
- VIRTUAL_DTOR none
|
- DISTRUSTED_DATA_DESERIALIZATION none
- SENSITIVE_DATA_LEAK cleartext_transmission
|
- CONFIG.SPRING_SECURITY_LOGIN_OVER_HTTP spring_security_login_over_http
- DISABLED_ENCRYPTION text_encryptor
- INSECURE_COMMUNICATION insecure_communication
- INSECURE_COMMUNICATION none
- INSECURE_COMMUNICATION unencrypted_connection
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- UNLIMITED_CONCURRENT_SESSIONS unlimited_concurrent_sessions
- UNSAFE_DESERIALIZATION none
|
- AWS_SSL_DISABLED aws_ssl_disabled
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_fields
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_filesize
- CONFIG.CORDOVA_EXCESSIVE_LOGGING cordova
- CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
- CONFIG.SOCKETIO_MAXHTTPBUFFERSIZE_SET_TOO_LARGE socketio_max_buffer_size
- CONFIG.SOCKETIO_ORIGINS_ACCEPT_ALL socketio_all_origins
- EXPRESS_SESSION_UNSAFE_MEMORYSTORE express_session_unsafe_memorystore
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_fields
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_filesize
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_use_temp_files
- INSECURE_COMMUNICATION insecure_connection
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_count
- MULTER_MISCONFIGURATION multer_misconfiguration_of_limits
- MULTER_MISCONFIGURATION multer_misconfiguration_of_storage
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNSAFE_DESERIALIZATION none
|
- INSECURE_COMMUNICATION none
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- UNSAFE_DESERIALIZATION none
|
- CTOR_DTOR_LEAK none
- NO_EFFECT incomplete_delete
- RESOURCE_LEAK fds_handles
- SENSITIVE_DATA_LEAK cleartext_transmission
- STACK_USE none
- TAINTED_SCALAR allocation
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- VIRTUAL_DTOR empty_dtor
- VIRTUAL_DTOR none
|
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNSAFE_DESERIALIZATION none
|
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNSAFE_DESERIALIZATION none
|
- COOKIE_SERIALIZER_CONFIG unsafe_cookie_serialization_med
- RAILS_DEFAULT_ROUTES cve_2014_0130_hi
- RAILS_DEFAULT_ROUTES cve_2014_0130_med
- RESOURCE_LEAK unsafe_symbol_creation_low
- RUBY_VULNERABLE_LIBRARY cve_2012_3424_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_3424_low
- RUBY_VULNERABLE_LIBRARY cve_2013_0156_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_0269_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_0269_low
- RUBY_VULNERABLE_LIBRARY cve_2013_0269_med
- RUBY_VULNERABLE_LIBRARY cve_2013_0277_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_0277_med
- RUBY_VULNERABLE_LIBRARY cve_2013_0333_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_1854_med
- RUBY_VULNERABLE_LIBRARY cve_2013_6414_med
- RUBY_VULNERABLE_LIBRARY cve_2014_0082_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_3227_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7581_med
- RUBY_VULNERABLE_LIBRARY cve_2016_0751_med
- STRICT_TRANSPORT_SECURITY force_ssl_disabled_med
- UNSAFE_DESERIALIZATION unsafe_deserialize_hi
- UNSAFE_DESERIALIZATION unsafe_deserialize_med
|
|
- CONFIG.ATS_INSECURE none
- INSECURE_COMMUNICATION none
- INSECURE_MULTIPEER_CONNECTION none
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
|
- AWS_SSL_DISABLED aws_ssl_disabled
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_fields
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_filesize
- CONFIG.CORDOVA_EXCESSIVE_LOGGING cordova
- CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
- CONFIG.SOCKETIO_MAXHTTPBUFFERSIZE_SET_TOO_LARGE socketio_max_buffer_size
- CONFIG.SOCKETIO_ORIGINS_ACCEPT_ALL socketio_all_origins
- EXPRESS_SESSION_UNSAFE_MEMORYSTORE express_session_unsafe_memorystore
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_fields
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_filesize
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_use_temp_files
- INSECURE_COMMUNICATION insecure_connection
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_count
- MULTER_MISCONFIGURATION multer_misconfiguration_of_limits
- MULTER_MISCONFIGURATION multer_misconfiguration_of_storage
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNSAFE_DESERIALIZATION none
|
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNSAFE_DESERIALIZATION none
|
| 859 The CERT Oracle Secure Coding Standard for Java (2011) Chapter 16 - Platform Security (SEC) |
- INSECURE_COOKIE dotnet
- RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- UNSAFE_NAMED_QUERY none
|
- RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- WEAK_GUARD dns
- WEAK_GUARD dns_sensitive_op
- WEAK_GUARD http_referer
- WEAK_GUARD http_referer_sensitive_op
- WEAK_GUARD ip_address
- WEAK_GUARD ip_address_sensitive_op
- WEAK_GUARD none
- WEAK_GUARD os_login
- WEAK_GUARD os_login_sensitive_op
- WEAK_GUARD principal_name
- WEAK_GUARD principal_name_sensitive_op
|
- RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- WEAK_GUARD dns
- WEAK_GUARD dns_sensitive_op
- WEAK_GUARD http_referer
- WEAK_GUARD http_referer_sensitive_op
- WEAK_GUARD ip_address
- WEAK_GUARD ip_address_sensitive_op
- WEAK_GUARD none
- WEAK_GUARD os_login
- WEAK_GUARD os_login_sensitive_op
- WEAK_GUARD principal_name
- WEAK_GUARD principal_name_sensitive_op
|
- RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_transmission
|
- BAD_CERT_VERIFICATION bad_hostname_verifier
- BAD_CERT_VERIFICATION bad_revocation_check
- BAD_CERT_VERIFICATION bad_ssl_session
- BAD_CERT_VERIFICATION bad_trust_manager
- CONFIG.SPRING_SECURITY_LOGIN_OVER_HTTP spring_security_login_over_http
- CORS_MISCONFIGURATION cors_with_credentials_http_origin
- DISABLED_ENCRYPTION text_encryptor
- INSECURE_COMMUNICATION insecure_communication
- INSECURE_COMMUNICATION none
- INSECURE_COMMUNICATION unencrypted_connection
- JSP_DYNAMIC_INCLUDE none
- RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- UNSAFE_JNI none
- UNSAFE_NAMED_QUERY none
- UNSAFE_REFLECTION none
- WEAK_GUARD dns
- WEAK_GUARD dns_sensitive_op
- WEAK_GUARD http_referer
- WEAK_GUARD http_referer_sensitive_op
- WEAK_GUARD ip_address
- WEAK_GUARD ip_address_sensitive_op
- WEAK_GUARD none
- WEAK_GUARD os_login
- WEAK_GUARD os_login_sensitive_op
- WEAK_GUARD principal_name
- WEAK_GUARD principal_name_sensitive_op
|
- AWS_SSL_DISABLED aws_ssl_disabled
- CONFIG.REQUEST_STRICTSSL_DISABLED request_strictssl_disabled
- CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
- CORS_MISCONFIGURATION cors_with_credentials_http_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_http_origin
- INSECURE_ACL insecure_acl
- INSECURE_COMMUNICATION insecure_connection
- INSECURE_COOKIE client_sessions_express_session
- INSECURE_COOKIE hapi_server_session
- RISKY_CRYPTO ssl_protocol
- SA.RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_transmission
- WEAK_URL_SANITIZATION hostname_regular_expression
- WEAK_URL_SANITIZATION regular_expression_anchor
- WEAK_URL_SANITIZATION url_substring
|
- BAD_CERT_VERIFICATION bad_hostname_verifier
- BAD_CERT_VERIFICATION bad_revocation_check
- BAD_CERT_VERIFICATION bad_ssl_session
- BAD_CERT_VERIFICATION bad_trust_manager
- INSECURE_COMMUNICATION none
- RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
|
- RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- WEAK_GUARD dns
- WEAK_GUARD dns_sensitive_op
- WEAK_GUARD http_referer
- WEAK_GUARD http_referer_sensitive_op
- WEAK_GUARD ip_address
- WEAK_GUARD ip_address_sensitive_op
- WEAK_GUARD none
- WEAK_GUARD os_login
- WEAK_GUARD os_login_sensitive_op
- WEAK_GUARD principal_name
- WEAK_GUARD principal_name_sensitive_op
|
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNSAFE_REFLECTION none
|
- SENSITIVE_DATA_LEAK cleartext_transmission
|
- BAD_CERT_VERIFICATION ssl_verification_bypass_hi
- INSECURE_COOKIE missing_httponly_low
- STRICT_TRANSPORT_SECURITY force_ssl_disabled_med
- UNSAFE_REFLECTION dangerous_send_hi
- UNSAFE_REFLECTION unsafe_constantize_hi
- UNSAFE_REFLECTION unsafe_constantize_med
- UNSAFE_SESSION_SETTING http_cookies_hi
|
|
- BAD_CERT_VERIFICATION bad_trust_manager
- BAD_CERT_VERIFICATION none
- CONFIG.ATS_INSECURE none
- INSECURE_COMMUNICATION none
- INSECURE_MULTIPEER_CONNECTION none
- RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
|
- AWS_SSL_DISABLED aws_ssl_disabled
- CONFIG.REQUEST_STRICTSSL_DISABLED request_strictssl_disabled
- CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
- CORS_MISCONFIGURATION cors_with_credentials_http_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_http_origin
- INSECURE_ACL insecure_acl
- INSECURE_COMMUNICATION insecure_connection
- INSECURE_COOKIE client_sessions_express_session
- INSECURE_COOKIE hapi_server_session
- RISKY_CRYPTO ssl_protocol
- SA.RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_transmission
- WEAK_URL_SANITIZATION hostname_regular_expression
- WEAK_URL_SANITIZATION regular_expression_anchor
- WEAK_URL_SANITIZATION url_substring
|
- RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNSAFE_NAMED_QUERY none
|
| 860 The CERT Oracle Secure Coding Standard for Java (2011) Chapter 17 - Runtime Environment (ENV) |
|
|
|
|
|
- INSECURE_ACL insecure_acl
- INSECURE_COOKIE client_sessions_express_session
- INSECURE_COOKIE hapi_server_session
|
|
|
|
|
- INSECURE_COOKIE missing_httponly_low
- UNSAFE_SESSION_SETTING http_cookies_hi
|
|
|
- INSECURE_ACL insecure_acl
- INSECURE_COOKIE client_sessions_express_session
- INSECURE_COOKIE hapi_server_session
|
|
| 861 The CERT Oracle Secure Coding Standard for Java (2011) Chapter 18 - Miscellaneous (MSC) |
- BAD_LOCK_OBJECT boxed_lock
- BAD_LOCK_OBJECT interned_string_lock
- BAD_LOCK_OBJECT none
- BAD_LOCK_OBJECT single_thread_lock
- BAD_LOCK_OBJECT unsafe_assign_to_locked_field
- CONFIG.CONNECTION_STRING_PASSWORD none
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- INSECURE_COOKIE dotnet
- INSECURE_RANDOM insecure_random_used
- INSECURE_RANDOM insecure_random_value
- LOCK_EVASION none
- NON_STATIC_GUARDING_STATIC none
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
|
- COM.ADDROF_LEAK none
- COM.BSTR.ALLOC leak
- CTOR_DTOR_LEAK none
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- NO_EFFECT incomplete_delete
- RESOURCE_LEAK fds_handles
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- STACK_USE none
- TAINTED_SCALAR allocation
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- VIRTUAL_DTOR empty_dtor
- VIRTUAL_DTOR none
|
- CTOR_DTOR_LEAK none
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- NO_EFFECT incomplete_delete
- RESOURCE_LEAK fds_handles
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- STACK_USE none
- TAINTED_SCALAR allocation
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- VIRTUAL_DTOR empty_dtor
- VIRTUAL_DTOR none
|
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
|
- BAD_LOCK_OBJECT boxed_lock
- BAD_LOCK_OBJECT interned_string_lock
- BAD_LOCK_OBJECT none
- BAD_LOCK_OBJECT single_thread_lock
- BAD_LOCK_OBJECT unsafe_assign_to_locked_field
- CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
- CONFIG.SPRING_BOOT_SSL_DISABLED spring_boot_ssl_disabled
- CONFIG.SPRING_SECURITY_HARDCODED_CREDENTIALS none
- CONFIG.SPRING_SECURITY_LOGIN_OVER_HTTP spring_security_login_over_http
- CONFIG.SPRING_SECURITY_REMEMBER_ME_HARDCODED_KEY none
- DISABLED_ENCRYPTION text_encryptor
- FB.DMI_CONSTANT_DB_PASSWORD none
- FB.DMI_EMPTY_DB_PASSWORD none
- FB.LI_LAZY_INIT_STATIC none
- FB.LI_LAZY_INIT_UPDATE_STATIC none
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- INSECURE_COMMUNICATION insecure_communication
- INSECURE_COMMUNICATION none
- INSECURE_COMMUNICATION unencrypted_connection
- INSECURE_COOKIE java
- INSECURE_RANDOM insecure_random_used
- INSECURE_RANDOM insecure_random_value
- INSECURE_REMEMBER_ME_COOKIE remember_me_cookie
- LOCK_EVASION none
- MOBILE_ID_MISUSE none
- NON_STATIC_GUARDING_STATIC none
- PREDICTABLE_RANDOM_SEED random_seed
- PREDICTABLE_RANDOM_SEED secure_random_seed_const
- PREDICTABLE_RANDOM_SEED secure_random_seed_sys_time
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SINGLETON_RACE none
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- UNLIMITED_CONCURRENT_SESSIONS unlimited_concurrent_sessions
|
- AWS_SSL_DISABLED aws_ssl_disabled
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_fields
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_filesize
- CONFIG.CORDOVA_EXCESSIVE_LOGGING cordova
- CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
- CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
- CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
- CONFIG.SOCKETIO_MAXHTTPBUFFERSIZE_SET_TOO_LARGE socketio_max_buffer_size
- CONFIG.SOCKETIO_ORIGINS_ACCEPT_ALL socketio_all_origins
- EXPRESS_SESSION_UNSAFE_MEMORYSTORE express_session_unsafe_memorystore
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_fields
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_filesize
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_use_temp_files
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- INSECURE_COMMUNICATION insecure_connection
- INSECURE_COOKIE client_sessions_express_session
- INSECURE_COOKIE hapi_server_session
- INSECURE_RANDOM insecure_random_used
- INSECURE_RANDOM insecure_random_value
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_count
- MULTER_MISCONFIGURATION multer_misconfiguration_of_limits
- MULTER_MISCONFIGURATION multer_misconfiguration_of_storage
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
|
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- INSECURE_COMMUNICATION none
- INSECURE_RANDOM insecure_random_used
- INSECURE_RANDOM insecure_random_value
- MOBILE_ID_MISUSE none
- PREDICTABLE_RANDOM_SEED random_seed
- PREDICTABLE_RANDOM_SEED secure_random_seed_const
- PREDICTABLE_RANDOM_SEED secure_random_seed_sys_time
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
|
- CTOR_DTOR_LEAK none
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- NO_EFFECT incomplete_delete
- RESOURCE_LEAK fds_handles
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- STACK_USE none
- TAINTED_SCALAR allocation
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- VIRTUAL_DTOR empty_dtor
- VIRTUAL_DTOR none
|
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
|
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
|
- HARDCODED_CREDENTIALS secret_in_source_med
- INSECURE_COOKIE cookie_missing_secure_flag_low
- RAILS_DEFAULT_ROUTES cve_2014_0130_hi
- RAILS_DEFAULT_ROUTES cve_2014_0130_med
- RESOURCE_LEAK unsafe_symbol_creation_low
- RUBY_VULNERABLE_LIBRARY cve_2012_3424_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_3424_low
- RUBY_VULNERABLE_LIBRARY cve_2013_1854_med
- RUBY_VULNERABLE_LIBRARY cve_2013_6414_med
- RUBY_VULNERABLE_LIBRARY cve_2014_0082_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_3227_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7581_med
- RUBY_VULNERABLE_LIBRARY cve_2016_0751_med
- STRICT_TRANSPORT_SECURITY force_ssl_disabled_med
- UNSAFE_BASIC_AUTH basic_auth_password_hi
- UNSAFE_SESSION_SETTING secure_cookies_hi
- UNSAFE_SESSION_SETTING session_secret_hi
|
|
- CONFIG.ATS_INSECURE none
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- INSECURE_COMMUNICATION none
- INSECURE_MULTIPEER_CONNECTION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
|
- AWS_SSL_DISABLED aws_ssl_disabled
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_fields
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_filesize
- CONFIG.CORDOVA_EXCESSIVE_LOGGING cordova
- CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
- CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
- CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
- CONFIG.SOCKETIO_MAXHTTPBUFFERSIZE_SET_TOO_LARGE socketio_max_buffer_size
- CONFIG.SOCKETIO_ORIGINS_ACCEPT_ALL socketio_all_origins
- EXPRESS_SESSION_UNSAFE_MEMORYSTORE express_session_unsafe_memorystore
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_fields
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_filesize
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_use_temp_files
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- INSECURE_COMMUNICATION insecure_connection
- INSECURE_COOKIE client_sessions_express_session
- INSECURE_COOKIE hapi_server_session
- INSECURE_RANDOM insecure_random_used
- INSECURE_RANDOM insecure_random_value
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_count
- MULTER_MISCONFIGURATION multer_misconfiguration_of_limits
- MULTER_MISCONFIGURATION multer_misconfiguration_of_storage
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
|
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- INSECURE_RANDOM insecure_random_used
- INSECURE_RANDOM insecure_random_value
- LOCK_EVASION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
|
| 862 Missing Authorization |
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
|
|
|
- SQLI none
- SQLI nosink
- SQLI sink
|
- CONFIG.JAVAEE_MISSING_SERVLET_MAPPING javaee
- CONFIG.MISSING_JSF2_SECURITY_CONSTRAINT none
- CONFIG.MYBATIS_MAPPER_SQLI none
- CONFIG.SPRING_SECURITY_DISABLE_AUTH_TAGS none
- CONFIG.STRUTS2_CONFIG_BROWSER_PLUGIN none
- JSP_SQL_INJECTION none
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
|
- SQLI none
- SQLI nosink
- SQLI sink
|
- SQLI none
- SQLI nosink
- SQLI sink
|
|
- SQLI none
- SQLI nosink
- SQLI sink
|
- SQLI none
- SQLI nosink
- SQLI sink
|
- INSECURE_DIRECT_OBJECT_REFERENCE unscoped_find_low
- RAILS_DEFAULT_ROUTES all_default_routes_hi
- RAILS_DEFAULT_ROUTES controller_default_routes_med
- RAILS_MISSING_FILTER_ACTION missing_action_filter_low
|
|
- SQLI none
- SQLI nosink
- SQLI sink
|
- SQLI none
- SQLI nosink
- SQLI sink
|
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
|
| 863 Incorrect Authorization |
- CONFIG.DEAD_AUTHORIZATION_RULE dead_allow_rule
- CONFIG.DEAD_AUTHORIZATION_RULE dead_deny_rule
|
|
|
|
- CONFIG.DWR_DEBUG_MODE none
- CONFIG.STRUTS2_DYNAMIC_METHOD_INVOCATION none
- CONFIG.STRUTS2_ENABLED_DEV_MODE none
|
|
|
|
|
|
|
|
|
|
|
| 864 2011 Top 25 - Insecure Interaction Between Components |
- CSRF database_update
- CSRF filesystem_modification
- CSRF none
- OPEN_REDIRECT none
- OS_CMD_INJECTION command_argument
- OS_CMD_INJECTION executable_file
- OS_CMD_INJECTION none
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
- XML_EXTERNAL_ENTITY unrestricted_dtds
- XSS none
- XSS stored_xss
|
- OS_CMD_INJECTION none
- SQLI none
|
- OS_CMD_INJECTION none
- SQLI none
|
- OPEN_REDIRECT none
- OS_CMD_INJECTION command_as_one_string
- OS_CMD_INJECTION none
- SQLI none
- SQLI nosink
- SQLI sink
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
- XSS none
|
- CONFIG.MYBATIS_MAPPER_SQLI none
- CONFIG.SPRING_SECURITY_CSRF_PROTECTION_DISABLED spring_security
- CONFIG.SPRING_SECURITY_DEPRECATED_XSS_HEADER deprecated_xss_header
- CSRF database_update
- CSRF filesystem_modification
- CSRF none
- FB.SQL_NONCONSTANT_STRING_PASSED_TO_EXECUTE none
- FB.SQL_PREPARED_STATEMENT_GENERATED_FROM_NONCONSTANT_STRING none
- FB.XSS_REQUEST_PARAMETER_TO_JSP_WRITER none
- FB.XSS_REQUEST_PARAMETER_TO_SEND_ERROR none
- FB.XSS_REQUEST_PARAMETER_TO_SERVLET_WRITER none
- JAVA_CODE_INJECTION none
- JSP_SQL_INJECTION none
- OPEN_REDIRECT none
- OS_CMD_INJECTION command_as_array_of_args
- OS_CMD_INJECTION command_as_one_string
- OS_CMD_INJECTION none
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
- XML_EXTERNAL_ENTITY unrestricted_dtds
- XSS none
- XSS stored_xss
|
- ANGULAR_BYPASS_SECURITY none
- ANGULAR_ELEMENT_REFERENCE none
- ANGULAR_SCE_DISABLED angular_sce_disabled
- CONFIG.CSURF_IGNORE_METHODS csurf_ignore_methods
- CONFIG.HANA_XS_PREVENT_XSRF_DISABLED none
- CSRF database_update
- CSRF filesystem_modification
- CSRF none
- CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_cookie_name
- CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_no_validation
- CSRF_MISCONFIGURATION_HAPI_CRUMB insecure_cookie
- CSRF_MISCONFIGURATION_HAPI_CRUMB insufficient_token_entropy
- DOM_XSS none
- MISSING_IFRAME_SANDBOX none
- OPEN_REDIRECT none
- OS_CMD_INJECTION none
- REACT_DANGEROUS_INNERHTML react_set_unsafe_html
- REVERSE_TABNABBING react_target_blank
- SQLI none
- SQLI nosink
- SQLI sink
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
- VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
- XSS none
|
- OS_CMD_INJECTION command_as_array_of_args
- OS_CMD_INJECTION command_as_one_string
- SQLI none
- SQLI nosink
- SQLI sink
- XML_EXTERNAL_ENTITY unrestricted_dtds
|
- OS_CMD_INJECTION none
- SQLI none
|
- CONFIG.SYMFONY_CSRF_PROTECTION_DISABLED none
- OPEN_REDIRECT none
- OS_CMD_INJECTION none
- SQLI none
- SQLI nosink
- SQLI sink
- XSS none
|
- CSRF database_update
- CSRF none
- OPEN_REDIRECT none
- OS_CMD_INJECTION none
- SQLI none
- SQLI nosink
- SQLI sink
- XSS none
|
- CSRF csrf_not_protected_by_raising_exception_med
- CSRF csrf_protection_disabled_hi
- CSRF csrf_protection_missing_hi
- CSRF cve_2011_0447_hi
- DYNAMIC_OBJECT_ATTRIBUTES cve_2013_0276_hi
- OPEN_REDIRECT open_redirect_hi
- OPEN_REDIRECT open_redirect_low
- OS_CMD_INJECTION command_injection_hi
- OS_CMD_INJECTION command_injection_med
- REVERSE_TABNABBING reverse_tabnabbing_low
- RUBY_VULNERABLE_LIBRARY cve_2010_3933_hi
- RUBY_VULNERABLE_LIBRARY cve_2011_2930_med
- RUBY_VULNERABLE_LIBRARY cve_2011_2931_hi
- RUBY_VULNERABLE_LIBRARY cve_2011_2932_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_2660_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_2661_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_2695_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_3463_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_3465_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_5664_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_0155_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_1855_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_1857_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_4491_med
- RUBY_VULNERABLE_LIBRARY cve_2013_6416_call_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_6416_med
- RUBY_VULNERABLE_LIBRARY cve_2013_6417_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_0080_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_0081_call_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_0081_med
- RUBY_VULNERABLE_LIBRARY cve_2014_3482_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_3483_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_low
- RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_med
- RUBY_VULNERABLE_LIBRARY cve_2014_3514_med
- RUBY_VULNERABLE_LIBRARY cve_2015_3226_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_3226_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7577_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7578_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_7578_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7579_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_7579_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7580_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_7580_med
- RUBY_VULNERABLE_LIBRARY cve_2016_6317_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_3741_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_3741_med
- RUBY_VULNERABLE_LIBRARY cve_2018_8048_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_8048_med
- RUBY_VULNERABLE_LIBRARY safe_buffer_vuln_med
- RUBY_VULNERABLE_LIBRARY select_options_vuln_low
- RUBY_VULNERABLE_LIBRARY select_options_vuln_med
- RUBY_VULNERABLE_LIBRARY translate_vuln_hi
- RUBY_VULNERABLE_LIBRARY translate_vuln_med
- SQLI sql_injection_calculate_hi
- SQLI sql_injection_calculate_low
- SQLI sql_injection_calculate_med
- SQLI sql_injection_connection_hi
- SQLI sql_injection_connection_low
- SQLI sql_injection_connection_med
- SQLI sql_injection_delete_hi
- SQLI sql_injection_delete_low
- SQLI sql_injection_delete_med
- SQLI sql_injection_dynamic_finder_med
- SQLI sql_injection_exists_hi
- SQLI sql_injection_find_by_hi
- SQLI sql_injection_find_hi
- SQLI sql_injection_find_low
- SQLI sql_injection_find_med
- SQLI sql_injection_from_hi
- SQLI sql_injection_from_low
- SQLI sql_injection_from_med
- SQLI sql_injection_group_low
- SQLI sql_injection_group_med
- SQLI sql_injection_having_low
- SQLI sql_injection_having_med
- SQLI sql_injection_hi
- SQLI sql_injection_interp_hi
- SQLI sql_injection_interp_low
- SQLI sql_injection_interp_med
- SQLI sql_injection_joins_hi
- SQLI sql_injection_joins_low
- SQLI sql_injection_joins_med
- SQLI sql_injection_limit_offset_hi
- SQLI sql_injection_limit_offset_low
- SQLI sql_injection_low
- SQLI sql_injection_med
- SQLI sql_injection_not_low
- SQLI sql_injection_order_hi
- SQLI sql_injection_order_low
- SQLI sql_injection_order_med
- SQLI sql_injection_pluck_hi
- SQLI sql_injection_pluck_low
- SQLI sql_injection_pluck_med
- SQLI sql_injection_reorder_hi
- SQLI sql_injection_reorder_low
- SQLI sql_injection_reorder_med
- SQLI sql_injection_select_hi
- SQLI sql_injection_select_med
- SQLI sql_injection_where_hi
- SQLI sql_injection_where_low
- SQLI sql_injection_where_med
- UNESCAPED_HTML unescaped_output_low
- XSS cross_site_scripting_hi
- XSS cross_site_scripting_inline_hi
- XSS cross_site_scripting_inline_med
- XSS cross_site_scripting_low
- XSS cross_site_scripting_med
- XSS cve_2011_0446_hi
- XSS cve_2012_3464_med
- XSS cve_2016_6316_hi
- XSS cve_2016_6316_med
- XSS unquoted_attribute_hi
- XSS unquoted_attribute_low
- XSS unquoted_attribute_med
- XSS xss_content_tag_hi
- XSS xss_content_tag_med
- XSS xss_link_to_hi
- XSS xss_link_to_href_hi
- XSS xss_link_to_href_low
- XSS xss_link_to_med
- XSS xss_to_json_hi
- XSS xss_to_json_med
|
|
- CUSTOM_KEYBOARD_DATA_LEAK none
- SQLI none
- SQLI nosink
- SQLI sink
|
- ANGULAR_BYPASS_SECURITY none
- ANGULAR_ELEMENT_REFERENCE none
- ANGULAR_SCE_DISABLED angular_sce_disabled
- CONFIG.CSURF_IGNORE_METHODS csurf_ignore_methods
- CONFIG.HANA_XS_PREVENT_XSRF_DISABLED none
- CSRF database_update
- CSRF filesystem_modification
- CSRF none
- CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_cookie_name
- CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_no_validation
- CSRF_MISCONFIGURATION_HAPI_CRUMB insecure_cookie
- CSRF_MISCONFIGURATION_HAPI_CRUMB insufficient_token_entropy
- DOM_XSS none
- MISSING_IFRAME_SANDBOX none
- OPEN_REDIRECT none
- OS_CMD_INJECTION none
- REACT_DANGEROUS_INNERHTML react_set_unsafe_html
- REVERSE_TABNABBING react_target_blank
- SQLI none
- SQLI nosink
- SQLI sink
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
- VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
- XSS none
|
- CSRF database_update
- CSRF filesystem_modification
- CSRF none
- OPEN_REDIRECT none
- OS_CMD_INJECTION command_argument
- OS_CMD_INJECTION executable_file
- OS_CMD_INJECTION none
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
- XML_EXTERNAL_ENTITY unrestricted_dtds
- XSS none
- XSS stored_xss
|
| 865 2011 Top 25 - Risky Resource Management |
- OVERFLOW_BEFORE_WIDEN none
- PATH_MANIPULATION none
|
- BAD_ALLOC_STRLEN none
- BUFFER_SIZE fixed_size_dest
- BUFFER_SIZE likely_overflow
- BUFFER_SIZE none
- BUFFER_SIZE overflow
- BUFFER_SIZE overlapping_buffer
- DC.PREDICTABLE_KEY_PASSWORD none
- DC.STREAM_BUFFER none
- DC.STRING_BUFFER none
- DC.WEAK_CRYPTO none
- FORMAT_STRING_INJECTION none
- FORMAT_STRING_INJECTION paranoid
- INTEGER_OVERFLOW array_index_read
- INTEGER_OVERFLOW array_index_write
- INTEGER_OVERFLOW const_overflow
- INTEGER_OVERFLOW critical_argument
- INTEGER_OVERFLOW none
- INTEGER_OVERFLOW pointer_deref_read
- INTEGER_OVERFLOW pointer_deref_write
- INTEGER_OVERFLOW return_value_error
- OVERFLOW_BEFORE_WIDEN none
- PATH_MANIPULATION none
- PW.INTEGER_OVERFLOW none
- PW.INTEGER_TOO_LARGE none
- PW.NON_CONST_PRINTF_FORMAT_STRING none
- PW.SHIFT_COUNT_TOO_LARGE none
- SECURE_CODING none
- SIZECHECK ampersand_in_size
- SIZECHECK improper_new
- SIZECHECK incorrect_multiplication
- SIZECHECK likely_overflow
- SIZECHECK none
- STRING_OVERFLOW fixed_size_dest
- STRING_OVERFLOW likely_overflow
- STRING_OVERFLOW none
- STRING_SIZE none
|
- BAD_ALLOC_STRLEN none
- BUFFER_SIZE fixed_size_dest
- BUFFER_SIZE likely_overflow
- BUFFER_SIZE none
- BUFFER_SIZE overflow
- BUFFER_SIZE overlapping_buffer
- DC.PREDICTABLE_KEY_PASSWORD none
- DC.STREAM_BUFFER none
- DC.STRING_BUFFER none
- DC.WEAK_CRYPTO none
- FORMAT_STRING_INJECTION none
- FORMAT_STRING_INJECTION paranoid
- INTEGER_OVERFLOW array_index_read
- INTEGER_OVERFLOW array_index_write
- INTEGER_OVERFLOW const_overflow
- INTEGER_OVERFLOW critical_argument
- INTEGER_OVERFLOW none
- INTEGER_OVERFLOW pointer_deref_read
- INTEGER_OVERFLOW pointer_deref_write
- INTEGER_OVERFLOW return_value_error
- OVERFLOW_BEFORE_WIDEN none
- PATH_MANIPULATION none
- PW.INTEGER_OVERFLOW none
- PW.INTEGER_TOO_LARGE none
- PW.NON_CONST_PRINTF_FORMAT_STRING none
- PW.SHIFT_COUNT_TOO_LARGE none
- SECURE_CODING none
- SIZECHECK ampersand_in_size
- SIZECHECK improper_new
- SIZECHECK incorrect_multiplication
- SIZECHECK likely_overflow
- SIZECHECK none
- STRING_OVERFLOW fixed_size_dest
- STRING_OVERFLOW likely_overflow
- STRING_OVERFLOW none
- STRING_SIZE none
|
|
- DC.DANGEROUS none
- FB.PT_ABSOLUTE_PATH_TRAVERSAL none
- FB.PT_RELATIVE_PATH_TRAVERSAL none
- JSP_DYNAMIC_INCLUDE none
- OVERFLOW_BEFORE_WIDEN none
- PATH_MANIPULATION none
|
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
- PATH_MANIPULATION none
|
|
- BAD_ALLOC_STRLEN none
- BUFFER_SIZE fixed_size_dest
- BUFFER_SIZE likely_overflow
- BUFFER_SIZE none
- BUFFER_SIZE overflow
- BUFFER_SIZE overlapping_buffer
- DC.PREDICTABLE_KEY_PASSWORD none
- DC.STREAM_BUFFER none
- DC.STRING_BUFFER none
- DC.WEAK_CRYPTO none
- FORMAT_STRING_INJECTION none
- FORMAT_STRING_INJECTION paranoid
- INTEGER_OVERFLOW array_index_read
- INTEGER_OVERFLOW array_index_write
- INTEGER_OVERFLOW const_overflow
- INTEGER_OVERFLOW critical_argument
- INTEGER_OVERFLOW none
- INTEGER_OVERFLOW pointer_deref_read
- INTEGER_OVERFLOW pointer_deref_write
- INTEGER_OVERFLOW return_value_error
- OVERFLOW_BEFORE_WIDEN none
- PATH_MANIPULATION none
- SECURE_CODING none
- SIZECHECK ampersand_in_size
- SIZECHECK improper_new
- SIZECHECK incorrect_multiplication
- SIZECHECK likely_overflow
- SIZECHECK none
- STRING_OVERFLOW fixed_size_dest
- STRING_OVERFLOW likely_overflow
- STRING_OVERFLOW none
- STRING_SIZE none
|
|
|
- PATH_MANIPULATION dynamic_render_path_hi
- PATH_MANIPULATION dynamic_render_path_low
- PATH_MANIPULATION dynamic_render_path_med
- PATH_MANIPULATION dynamic_render_path_rce_hi
- PATH_MANIPULATION file_access_hi
- PATH_MANIPULATION file_access_low
- PATH_MANIPULATION file_access_med
- RUBY_VULNERABLE_LIBRARY cve_2011_2929_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_3760_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_3760_low
|
- OVERFLOW_BEFORE_WIDEN none
|
|
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
- PATH_MANIPULATION none
|
|
| 866 2011 Top 25 - Porous Defenses |
- CONFIG.CONNECTION_STRING_PASSWORD none
- CONFIG.DEAD_AUTHORIZATION_RULE dead_allow_rule
- CONFIG.DEAD_AUTHORIZATION_RULE dead_deny_rule
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- INSECURE_COOKIE dotnet
- MISSING_AUTHZ none
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
|
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- WEAK_GUARD dns
- WEAK_GUARD dns_sensitive_op
- WEAK_GUARD http_referer
- WEAK_GUARD http_referer_sensitive_op
- WEAK_GUARD ip_address
- WEAK_GUARD ip_address_sensitive_op
- WEAK_GUARD none
- WEAK_GUARD os_login
- WEAK_GUARD os_login_sensitive_op
- WEAK_GUARD principal_name
- WEAK_GUARD principal_name_sensitive_op
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
|
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- WEAK_GUARD dns
- WEAK_GUARD dns_sensitive_op
- WEAK_GUARD http_referer
- WEAK_GUARD http_referer_sensitive_op
- WEAK_GUARD ip_address
- WEAK_GUARD ip_address_sensitive_op
- WEAK_GUARD none
- WEAK_GUARD os_login
- WEAK_GUARD os_login_sensitive_op
- WEAK_GUARD principal_name
- WEAK_GUARD principal_name_sensitive_op
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
|
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
|
- CONFIG.DWR_DEBUG_MODE none
- CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
- CONFIG.JAVAEE_MISSING_SERVLET_MAPPING javaee
- CONFIG.MISSING_JSF2_SECURITY_CONSTRAINT none
- CONFIG.MYBATIS_MAPPER_SQLI none
- CONFIG.SPRING_BOOT_SSL_DISABLED spring_boot_certificate_validation_skipped
- CONFIG.SPRING_BOOT_SSL_DISABLED spring_boot_ssl_disabled
- CONFIG.SPRING_SECURITY_DISABLE_AUTH_TAGS none
- CONFIG.SPRING_SECURITY_HARDCODED_CREDENTIALS none
- CONFIG.SPRING_SECURITY_LOGIN_OVER_HTTP spring_security_login_over_http
- CONFIG.SPRING_SECURITY_REMEMBER_ME_HARDCODED_KEY none
- CONFIG.SPRING_SECURITY_WEAK_PASSWORD_HASH weak_encoding_for_password
- CONFIG.STRUTS2_CONFIG_BROWSER_PLUGIN none
- CONFIG.STRUTS2_DYNAMIC_METHOD_INVOCATION none
- CONFIG.STRUTS2_ENABLED_DEV_MODE none
- CORS_MISCONFIGURATION cors_with_credentials_null_origin
- CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
- CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
- DISABLED_ENCRYPTION text_encryptor
- FB.DMI_CONSTANT_DB_PASSWORD none
- FB.DMI_EMPTY_DB_PASSWORD none
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- INSECURE_COMMUNICATION insecure_communication
- INSECURE_COMMUNICATION none
- INSECURE_COMMUNICATION unencrypted_connection
- INSECURE_COOKIE java
- INSECURE_REMEMBER_ME_COOKIE remember_me_cookie
- JSP_SQL_INJECTION none
- MISSING_AUTHZ none
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- WEAK_GUARD dns
- WEAK_GUARD dns_sensitive_op
- WEAK_GUARD http_referer
- WEAK_GUARD http_referer_sensitive_op
- WEAK_GUARD ip_address
- WEAK_GUARD ip_address_sensitive_op
- WEAK_GUARD none
- WEAK_GUARD os_login
- WEAK_GUARD os_login_sensitive_op
- WEAK_GUARD principal_name
- WEAK_GUARD principal_name_sensitive_op
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
|
- AWS_SSL_DISABLED aws_ssl_disabled
- AWS_VALIDATION_DISABLED aws_credentials_validation
- AWS_VALIDATION_DISABLED aws_parameters_validation
- BAD_CERT_VERIFICATION bad_cert_verification
- BAD_CERT_VERIFICATION certificate_validation_disabled
- CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
- CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
- CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
- CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
- CORS_MISCONFIGURATION cors_with_credentials_all_origin
- CORS_MISCONFIGURATION cors_with_credentials_null_origin
- CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
- CORS_MISCONFIGURATION_AUDIT cors_headers_allowed
- CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_all_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_null_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_set_if
- INSECURE_ACL insecure_acl
- INSECURE_COMMUNICATION insecure_connection
- INSECURE_COOKIE client_sessions_express_session
- INSECURE_COOKIE hapi_server_session
- INSECURE_SALT hardcoded
- MISSING_AUTHZ none
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO insecure_cipher
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SA.RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- WEAK_URL_SANITIZATION hostname_regular_expression
- WEAK_URL_SANITIZATION regular_expression_anchor
- WEAK_URL_SANITIZATION url_substring
|
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- INSECURE_COMMUNICATION none
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
|
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- WEAK_GUARD dns
- WEAK_GUARD dns_sensitive_op
- WEAK_GUARD http_referer
- WEAK_GUARD http_referer_sensitive_op
- WEAK_GUARD ip_address
- WEAK_GUARD ip_address_sensitive_op
- WEAK_GUARD none
- WEAK_GUARD os_login
- WEAK_GUARD os_login_sensitive_op
- WEAK_GUARD principal_name
- WEAK_GUARD principal_name_sensitive_op
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
|
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- MISSING_AUTHZ none
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
|
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- MISSING_AUTHZ none
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
|
- HARDCODED_CREDENTIALS secret_in_source_med
- INSECURE_COOKIE cookie_missing_secure_flag_low
- INSECURE_COOKIE missing_httponly_low
- INSECURE_DIRECT_OBJECT_REFERENCE unscoped_find_low
- RAILS_DEFAULT_ROUTES all_default_routes_hi
- RAILS_DEFAULT_ROUTES controller_default_routes_med
- RAILS_DEVISE_CONFIG devise_encryptor_hi
- RAILS_DEVISE_CONFIG devise_lock_strategy_low
- RAILS_MISSING_FILTER_ACTION missing_action_filter_low
- STRICT_TRANSPORT_SECURITY force_ssl_disabled_med
- UNSAFE_BASIC_AUTH basic_auth_password_hi
- UNSAFE_SESSION_SETTING http_cookies_hi
- UNSAFE_SESSION_SETTING secure_cookies_hi
- UNSAFE_SESSION_SETTING session_secret_hi
- WEAK_PASSWORD_HASH weak_hash_digest_hi
- WEAK_PASSWORD_HASH weak_hash_digest_med
- WEAK_PASSWORD_HASH weak_hash_hmac_med
|
|
- CONFIG.ATS_INSECURE none
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- INSECURE_COMMUNICATION none
- INSECURE_MULTIPEER_CONNECTION none
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
|
- AWS_SSL_DISABLED aws_ssl_disabled
- AWS_VALIDATION_DISABLED aws_credentials_validation
- AWS_VALIDATION_DISABLED aws_parameters_validation
- BAD_CERT_VERIFICATION bad_cert_verification
- BAD_CERT_VERIFICATION certificate_validation_disabled
- CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
- CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
- CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
- CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
- CORS_MISCONFIGURATION cors_with_credentials_all_origin
- CORS_MISCONFIGURATION cors_with_credentials_null_origin
- CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
- CORS_MISCONFIGURATION_AUDIT cors_headers_allowed
- CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_all_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_null_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_set_if
- INSECURE_ACL insecure_acl
- INSECURE_COMMUNICATION insecure_connection
- INSECURE_COOKIE client_sessions_express_session
- INSECURE_COOKIE hapi_server_session
- INSECURE_SALT hardcoded
- MISSING_AUTHZ none
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO insecure_cipher
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SA.RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- WEAK_URL_SANITIZATION hostname_regular_expression
- WEAK_URL_SANITIZATION regular_expression_anchor
- WEAK_URL_SANITIZATION url_substring
|
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- MISSING_AUTHZ none
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
|
| 867 2011 Top 25 - Weaknesses On the Cusp |
- CONFIG.CONNECTION_STRING_PASSWORD none
- FORWARD_NULL deref_constant_null
- FORWARD_NULL deref_constant_zero
- FORWARD_NULL dynamic_cast
- FORWARD_NULL none
- FORWARD_NULL null_from_as
- FORWARD_NULL throws_on_null
- GUARDED_BY_VIOLATION none
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- INSECURE_RANDOM insecure_random_used
- INSECURE_RANDOM insecure_random_value
- NON_STATIC_GUARDING_STATIC none
- NULL_RETURNS none
- NULL_RETURNS unimpl
- REVERSE_INULL none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- VOLATILE_ATOMICITY compare
- VOLATILE_ATOMICITY none
- VOLATILE_ATOMICITY semantic
- VOLATILE_ATOMICITY threshold
|
- AUTOSAR C++14 A15-3-3 none
- BAD_COMPARE comparator_misuse
- CHAR_IO none
- CHECKED_RETURN library_function
- CHECKED_RETURN none
- CHECKED_RETURN returns_error_info
- CHECKED_RETURN short_read
- CHECKED_RETURN unchecked_arg
- CHECKED_RETURN user_required
- COM.ADDROF_LEAK none
- COM.BAD_FREE none
- COM.BSTR.ALLOC double_free
- COM.BSTR.ALLOC free_uninit
- COM.BSTR.ALLOC leak
- COM.BSTR.ALLOC none
- COM.BSTR.ALLOC use_after_free
- COM.BSTR.ALLOC use_uninit
- CTOR_DTOR_LEAK none
- FORWARD_NULL deref_constant_null
- FORWARD_NULL dynamic_cast
- FORWARD_NULL none
- FORWARD_NULL throws_on_null
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- MISRA C++-2008 Rule 15-3-2 none
- MISRA_CAST bitwise_op_bad_cast
- MISRA_CAST bitwise_op_no_cast
- MISRA_CAST float_complex_conversion
- MISRA_CAST float_narrowing_conversion
- MISRA_CAST float_non_constant_arg_conversion
- MISRA_CAST float_non_constant_conversion
- MISRA_CAST float_non_constant_rtn_conversion
- MISRA_CAST float_to_integer_cast
- MISRA_CAST float_to_integer_conversion
- MISRA_CAST float_widening_cast
- MISRA_CAST integer_complex_conversion
- MISRA_CAST integer_narrowing_conversion
- MISRA_CAST integer_non_constant_arg_conversion
- MISRA_CAST integer_non_constant_conversion
- MISRA_CAST integer_non_constant_rtn_conversion
- MISRA_CAST integer_signedness_changing_cast
- MISRA_CAST integer_signedness_changing_conversion
- MISRA_CAST integer_to_float_cast
- MISRA_CAST integer_to_float_conversion
- MISRA_CAST integer_widening_cast
- MISRA_CAST none
- MISSING_ASSIGN none
- MISSING_ASSIGN uncalled
- MISSING_COPY none
- MISSING_COPY uncalled
- MISSING_LOCK none
- NEGATIVE_RETURNS array_index_read
- NEGATIVE_RETURNS array_index_write
- NEGATIVE_RETURNS none
- NO_EFFECT bad_memset_truncated_fill
- NO_EFFECT bad_memset_zero_size
- NO_EFFECT incomplete_delete
- NULL_RETURNS none
- NULL_RETURNS unimpl
- RESOURCE_LEAK fds_handles
- REVERSE_INULL none
- REVERSE_NEGATIVE array_index_read
- REVERSE_NEGATIVE array_index_write
- REVERSE_NEGATIVE none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SIGN_EXTENSION none
- TAINTED_SCALAR allocation
- TAINTED_SCALAR array_index_read
- TAINTED_SCALAR array_index_write
- TAINTED_SCALAR pointer_deref_read
- TAINTED_SCALAR pointer_deref_write
- TOCTOU none
- UNCAUGHT_EXCEPT none
- USE_AFTER_FREE deref_read_after_free
- USE_AFTER_FREE deref_write_after_free
- USE_AFTER_FREE double_free
- USE_AFTER_FREE none
- VIRTUAL_DTOR empty_dtor
- VIRTUAL_DTOR none
- WRAPPER_ESCAPE COM_deref_read_after_free
- WRAPPER_ESCAPE COM_deref_write_after_free
- WRAPPER_ESCAPE COM_use_after_free
- WRAPPER_ESCAPE deref_read_after_free
- WRAPPER_ESCAPE deref_write_after_free
- WRAPPER_ESCAPE none
- Y2K38_SAFETY declaration_with_small_time_t
- Y2K38_SAFETY truncation_of_time_t
|
- AUTOSAR C++14 A15-3-3 none
- BAD_COMPARE comparator_misuse
- CHAR_IO none
- CHECKED_RETURN library_function
- CHECKED_RETURN none
- CHECKED_RETURN returns_error_info
- CHECKED_RETURN short_read
- CHECKED_RETURN unchecked_arg
- CHECKED_RETURN user_required
- CTOR_DTOR_LEAK none
- FORWARD_NULL deref_constant_null
- FORWARD_NULL dynamic_cast
- FORWARD_NULL none
- FORWARD_NULL throws_on_null
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- MISRA C++-2008 Rule 15-3-2 none
- MISRA_CAST bitwise_op_bad_cast
- MISRA_CAST bitwise_op_no_cast
- MISRA_CAST float_complex_conversion
- MISRA_CAST float_narrowing_conversion
- MISRA_CAST float_non_constant_arg_conversion
- MISRA_CAST float_non_constant_conversion
- MISRA_CAST float_non_constant_rtn_conversion
- MISRA_CAST float_to_integer_cast
- MISRA_CAST float_to_integer_conversion
- MISRA_CAST float_widening_cast
- MISRA_CAST integer_complex_conversion
- MISRA_CAST integer_narrowing_conversion
- MISRA_CAST integer_non_constant_arg_conversion
- MISRA_CAST integer_non_constant_conversion
- MISRA_CAST integer_non_constant_rtn_conversion
- MISRA_CAST integer_signedness_changing_cast
- MISRA_CAST integer_signedness_changing_conversion
- MISRA_CAST integer_to_float_cast
- MISRA_CAST integer_to_float_conversion
- MISRA_CAST integer_widening_cast
- MISRA_CAST none
- MISSING_ASSIGN none
- MISSING_ASSIGN uncalled
- MISSING_COPY none
- MISSING_COPY uncalled
- MISSING_LOCK none
- NEGATIVE_RETURNS array_index_read
- NEGATIVE_RETURNS array_index_write
- NEGATIVE_RETURNS none
- NO_EFFECT bad_memset_truncated_fill
- NO_EFFECT bad_memset_zero_size
- NO_EFFECT incomplete_delete
- NULL_RETURNS none
- NULL_RETURNS unimpl
- RESOURCE_LEAK fds_handles
- REVERSE_INULL none
- REVERSE_NEGATIVE array_index_read
- REVERSE_NEGATIVE array_index_write
- REVERSE_NEGATIVE none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SIGN_EXTENSION none
- TAINTED_SCALAR allocation
- TAINTED_SCALAR array_index_read
- TAINTED_SCALAR array_index_write
- TAINTED_SCALAR pointer_deref_read
- TAINTED_SCALAR pointer_deref_write
- TOCTOU none
- UNCAUGHT_EXCEPT none
- USE_AFTER_FREE deref_read_after_free
- USE_AFTER_FREE deref_write_after_free
- USE_AFTER_FREE double_free
- USE_AFTER_FREE none
- VIRTUAL_DTOR empty_dtor
- VIRTUAL_DTOR none
- WRAPPER_ESCAPE COM_deref_read_after_free
- WRAPPER_ESCAPE COM_deref_write_after_free
- WRAPPER_ESCAPE COM_use_after_free
- WRAPPER_ESCAPE deref_read_after_free
- WRAPPER_ESCAPE deref_write_after_free
- WRAPPER_ESCAPE none
|
- CHECKED_RETURN none
- CHECKED_RETURN unchecked_arg
- FORWARD_NULL deref_constant_null
- FORWARD_NULL none
- GUARDED_BY_VIOLATION none
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- NULL_RETURNS none
- NULL_RETURNS unimpl
- REVERSE_INULL none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
|
- CHECKED_RETURN library_function
- CHECKED_RETURN none
- CHECKED_RETURN short_read
- CHECKED_RETURN user_required
- CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
- CONFIG.SPRING_SECURITY_HARDCODED_CREDENTIALS none
- CONFIG.SPRING_SECURITY_REMEMBER_ME_HARDCODED_KEY none
- FB.BC_NULL_INSTANCEOF none
- FB.BX_BOXING_IMMEDIATELY_UNBOXED_TO_PERFORM_COERCION none
- FB.DMI_CONSTANT_DB_PASSWORD none
- FB.DMI_EMPTY_DB_PASSWORD none
- FB.ICAST_BAD_SHIFT_AMOUNT none
- FB.ICAST_IDIV_CAST_TO_DOUBLE none
- FB.ICAST_INTEGER_MULTIPLY_CAST_TO_LONG none
- FB.ICAST_INT_2_LONG_AS_INSTANT none
- FB.ICAST_INT_CAST_TO_DOUBLE_PASSED_TO_CEIL none
- FB.ICAST_INT_CAST_TO_FLOAT_PASSED_TO_ROUND none
- FB.ICAST_QUESTIONABLE_UNSIGNED_RIGHT_SHIFT none
- FB.IS2_INCONSISTENT_SYNC none
- FB.IS_FIELD_NOT_GUARDED none
- FB.IS_INCONSISTENT_SYNC none
- FB.NP_ALWAYS_NULL none
- FB.NP_ALWAYS_NULL_EXCEPTION none
- FB.NP_ARGUMENT_MIGHT_BE_NULL none
- FB.NP_BOOLEAN_RETURN_NULL none
- FB.NP_CLONE_COULD_RETURN_NULL none
- FB.NP_CLOSING_NULL none
- FB.NP_DEREFERENCE_OF_READLINE_VALUE none
- FB.NP_DOES_NOT_HANDLE_NULL none
- FB.NP_EQUALS_SHOULD_HANDLE_NULL_ARGUMENT none
- FB.NP_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR none
- FB.NP_GUARANTEED_DEREF none
- FB.NP_GUARANTEED_DEREF_ON_EXCEPTION_PATH none
- FB.NP_IMMEDIATE_DEREFERENCE_OF_READLINE none
- FB.NP_LOAD_OF_KNOWN_NULL_VALUE none
- FB.NP_METHOD_PARAMETER_RELAXING_ANNOTATION none
- FB.NP_METHOD_PARAMETER_TIGHTENS_ANNOTATION none
- FB.NP_METHOD_RETURN_RELAXING_ANNOTATION none
- FB.NP_NONNULL_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR none
- FB.NP_NONNULL_PARAM_VIOLATION none
- FB.NP_NONNULL_RETURN_VIOLATION none
- FB.NP_NULL_INSTANCEOF none
- FB.NP_NULL_ON_SOME_PATH none
- FB.NP_NULL_ON_SOME_PATH_EXCEPTION none
- FB.NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE none
- FB.NP_NULL_ON_SOME_PATH_MIGHT_BE_INFEASIBLE none
- FB.NP_NULL_PARAM_DEREF none
- FB.NP_NULL_PARAM_DEREF_ALL_TARGETS_DANGEROUS none
- FB.NP_NULL_PARAM_DEREF_NONVIRTUAL none
- FB.NP_OPTIONAL_RETURN_NULL none
- FB.NP_PARAMETER_MUST_BE_NONNULL_BUT_MARKED_AS_NULLABLE none
- FB.NP_STORE_INTO_NONNULL_FIELD none
- FB.NP_TOSTRING_COULD_RETURN_NULL none
- FB.NP_UNWRITTEN_FIELD none
- FB.NP_UNWRITTEN_PUBLIC_OR_PROTECTED_FIELD none
- FB.RCN_REDUNDANT_COMPARISON_OF_NULL_AND_NONNULL_VALUE none
- FB.RCN_REDUNDANT_COMPARISON_TWO_NULL_VALUES none
- FB.RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE none
- FB.RCN_REDUNDANT_NULLCHECK_OF_NULL_VALUE none
- FB.RCN_REDUNDANT_NULLCHECK_WOULD_HAVE_BEEN_A_NPE none
- FB.RV_RETURN_VALUE_IGNORED_BAD_PRACTICE none
- FB.STCAL_INVOKE_ON_STATIC_CALENDAR_INSTANCE none
- FB.STCAL_INVOKE_ON_STATIC_DATE_FORMAT_INSTANCE none
- FB.STCAL_STATIC_CALENDAR_INSTANCE none
- FB.STCAL_STATIC_SIMPLE_DATE_FORMAT_INSTANCE none
- FORWARD_NULL deref_constant_null
- FORWARD_NULL deref_constant_zero
- FORWARD_NULL needs_null_check
- FORWARD_NULL none
- GUARDED_BY_VIOLATION none
- GUARDED_BY_VIOLATION unlocked_read
- GUARDED_BY_VIOLATION unlocked_write
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- INSECURE_RANDOM insecure_random_used
- INSECURE_RANDOM insecure_random_value
- MOBILE_ID_MISUSE none
- NON_STATIC_GUARDING_STATIC none
- NULL_RETURNS none
- NULL_RETURNS unimpl
- ORM_LOAD_NULL_CHECK none
- PREDICTABLE_RANDOM_SEED random_seed
- PREDICTABLE_RANDOM_SEED secure_random_seed_const
- PREDICTABLE_RANDOM_SEED secure_random_seed_sys_time
- REVERSE_INULL none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- VERBOSE_ERROR_REPORTING exception_information
- VERBOSE_ERROR_REPORTING stack_trace
- VOLATILE_ATOMICITY compare
- VOLATILE_ATOMICITY none
- VOLATILE_ATOMICITY semantic
- VOLATILE_ATOMICITY threshold
|
- CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
- CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
- EXPRESS_SESSION_UNSAFE_MEMORYSTORE express_session_unsafe_memorystore
- FORWARD_NULL bad_null_value_use
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- INSECURE_RANDOM insecure_random_used
- INSECURE_RANDOM insecure_random_value
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_count
- MULTER_MISCONFIGURATION multer_misconfiguration_of_limits
- NULL_RETURNS none
- REVERSE_INULL none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
|
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- INSECURE_RANDOM insecure_random_used
- INSECURE_RANDOM insecure_random_value
- MOBILE_ID_MISUSE none
- PREDICTABLE_RANDOM_SEED random_seed
- PREDICTABLE_RANDOM_SEED secure_random_seed_const
- PREDICTABLE_RANDOM_SEED secure_random_seed_sys_time
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
|
- BAD_COMPARE comparator_misuse
- CHAR_IO none
- CHECKED_RETURN library_function
- CHECKED_RETURN none
- CHECKED_RETURN short_read
- CHECKED_RETURN unchecked_arg
- CHECKED_RETURN user_required
- CTOR_DTOR_LEAK none
- FORWARD_NULL deref_constant_null
- FORWARD_NULL dynamic_cast
- FORWARD_NULL none
- FORWARD_NULL throws_on_null
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- MISRA_CAST bitwise_op_bad_cast
- MISRA_CAST bitwise_op_no_cast
- MISRA_CAST float_complex_conversion
- MISRA_CAST float_narrowing_conversion
- MISRA_CAST float_non_constant_arg_conversion
- MISRA_CAST float_non_constant_conversion
- MISRA_CAST float_non_constant_rtn_conversion
- MISRA_CAST float_to_integer_cast
- MISRA_CAST float_to_integer_conversion
- MISRA_CAST float_widening_cast
- MISRA_CAST integer_complex_conversion
- MISRA_CAST integer_narrowing_conversion
- MISRA_CAST integer_non_constant_arg_conversion
- MISRA_CAST integer_non_constant_conversion
- MISRA_CAST integer_non_constant_rtn_conversion
- MISRA_CAST integer_signedness_changing_cast
- MISRA_CAST integer_signedness_changing_conversion
- MISRA_CAST integer_to_float_cast
- MISRA_CAST integer_to_float_conversion
- MISRA_CAST integer_widening_cast
- MISRA_CAST none
- MISSING_ASSIGN none
- MISSING_ASSIGN uncalled
- MISSING_COPY none
- MISSING_COPY uncalled
- MISSING_LOCK none
- NEGATIVE_RETURNS array_index_read
- NEGATIVE_RETURNS array_index_write
- NEGATIVE_RETURNS none
- NO_EFFECT bad_memset_truncated_fill
- NO_EFFECT bad_memset_zero_size
- NO_EFFECT incomplete_delete
- NULL_RETURNS none
- NULL_RETURNS unimpl
- RESOURCE_LEAK fds_handles
- REVERSE_INULL none
- REVERSE_NEGATIVE array_index_read
- REVERSE_NEGATIVE array_index_write
- REVERSE_NEGATIVE none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SIGN_EXTENSION none
- TAINTED_SCALAR allocation
- TAINTED_SCALAR array_index_read
- TAINTED_SCALAR array_index_write
- TAINTED_SCALAR pointer_deref_read
- TAINTED_SCALAR pointer_deref_write
- TOCTOU none
- UNCAUGHT_EXCEPT none
- USE_AFTER_FREE deref_read_after_free
- USE_AFTER_FREE deref_write_after_free
- USE_AFTER_FREE double_free
- USE_AFTER_FREE none
- VIRTUAL_DTOR empty_dtor
- VIRTUAL_DTOR none
- WRAPPER_ESCAPE COM_deref_read_after_free
- WRAPPER_ESCAPE COM_deref_write_after_free
- WRAPPER_ESCAPE COM_use_after_free
- WRAPPER_ESCAPE deref_read_after_free
- WRAPPER_ESCAPE deref_write_after_free
- WRAPPER_ESCAPE none
|
- FORWARD_NULL bad_null_value_use
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
|
- FORWARD_NULL bad_null_value_use
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- REVERSE_INULL none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
|
- FORWARD_NULL bad_null_value_use
- HARDCODED_CREDENTIALS secret_in_source_med
- REVERSE_INULL none
- SENSITIVE_DATA_LEAK detailed_exceptions_hi
- SENSITIVE_DATA_LEAK detailed_exceptions_med
- UNSAFE_BASIC_AUTH basic_auth_password_hi
- UNSAFE_SESSION_SETTING session_secret_hi
|
- FORWARD_NULL deref_constant_null
- FORWARD_NULL none
- REVERSE_INULL none
|
- FORWARD_NULL deref_constant_null
- FORWARD_NULL none
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- REVERSE_INULL none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
|
- CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
- CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
- EXPRESS_SESSION_UNSAFE_MEMORYSTORE express_session_unsafe_memorystore
- FORWARD_NULL bad_null_value_use
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- INSECURE_RANDOM insecure_random_used
- INSECURE_RANDOM insecure_random_value
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_count
- MULTER_MISCONFIGURATION multer_misconfiguration_of_limits
- NULL_RETURNS none
- REVERSE_INULL none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
|
- FORWARD_NULL deref_constant_null
- FORWARD_NULL deref_constant_zero
- FORWARD_NULL dynamic_cast
- FORWARD_NULL none
- FORWARD_NULL null_from_as
- FORWARD_NULL throws_on_null
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- INSECURE_RANDOM insecure_random_used
- INSECURE_RANDOM insecure_random_value
- NULL_RETURNS none
- REVERSE_INULL none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
|
| 868 Weaknesses Addressed by the SEI CERT C++ Coding Standard (2016 Version) |
- BAD_EQ referential
- BAD_EQ_TYPES none
- BAD_LOCK_OBJECT boxed_lock
- BAD_LOCK_OBJECT interned_string_lock
- BAD_LOCK_OBJECT none
- BAD_LOCK_OBJECT single_thread_lock
- BAD_LOCK_OBJECT unsafe_assign_to_locked_field
- CONFIG.CONNECTION_STRING_PASSWORD none
- CONFIG.DYNAMIC_DATA_HTML_COMMENT none
- CONFIG.MISSING_CUSTOM_ERROR_PAGE none
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- DEADCODE dead_case_in_switch
- DEADCODE dead_default_in_switch
- DEADCODE effectively_constant
- DEADCODE none
- DEADCODE redundant_test
- DIVIDE_BY_ZERO float_divisor
- DIVIDE_BY_ZERO none
- FORWARD_NULL deref_constant_null
- FORWARD_NULL deref_constant_zero
- FORWARD_NULL dynamic_cast
- FORWARD_NULL none
- FORWARD_NULL null_from_as
- FORWARD_NULL throws_on_null
- GUARDED_BY_VIOLATION none
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HEADER_INJECTION none
- INSECURE_COOKIE dotnet
- INSECURE_RANDOM insecure_random_used
- INSECURE_RANDOM insecure_random_value
- LDAP_INJECTION none
- LDAP_NOT_CONSTANT none
- LOCK_EVASION none
- LOCK_INVERSION none
- LOG_INJECTION none
- MISSING_THROW none
- NON_STATIC_GUARDING_STATIC none
- NOSQL_QUERY_INJECTION none
- NULL_RETURNS none
- NULL_RETURNS unimpl
- OPEN_REDIRECT none
- OS_CMD_INJECTION command_argument
- OS_CMD_INJECTION executable_file
- OS_CMD_INJECTION none
- OVERFLOW_BEFORE_WIDEN none
- PATH_MANIPULATION none
- REGEX_INJECTION none
- RESOURCE_LEAK channel
- RESOURCE_LEAK database
- RESOURCE_LEAK exceptional_path
- RESOURCE_LEAK none
- RESOURCE_LEAK socket
- RESOURCE_LEAK stream
- REVERSE_INULL none
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
- UNKNOWN_LANGUAGE_INJECTION none
- UNREACHABLE none
- UNRESTRICTED_DISPATCH none
- UNSAFE_NAMED_QUERY none
- UNUSED_VALUE adjacent
- UNUSED_VALUE none
- VOLATILE_ATOMICITY compare
- VOLATILE_ATOMICITY none
- VOLATILE_ATOMICITY semantic
- VOLATILE_ATOMICITY threshold
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
- XML_INJECTION none
- XPATH_INJECTION none
- XSS none
- XSS stored_xss
|
- ALLOC_FREE_MISMATCH none
- ARRAY_VS_SINGLETON none
- ATOMICITY none
- AUTOSAR C++14 A15-3-3 none
- BAD_ALLOC_ARITHMETIC none
- BAD_ALLOC_STRLEN none
- BAD_COMPARE comparator_misuse
- BAD_COMPARE string_lit_comparison
- BAD_FREE address
- BAD_FREE alloca
- BAD_FREE array
- BAD_FREE first_field_address
- BAD_FREE function_pointer
- BAD_FREE none
- BAD_SIZEOF none
- BAD_SIZEOF sizeof_ptr_expr
- BUFFER_SIZE fixed_size_dest
- BUFFER_SIZE likely_overflow
- BUFFER_SIZE no_null_terminator
- BUFFER_SIZE no_null_terminator_warn
- BUFFER_SIZE none
- BUFFER_SIZE overflow
- BUFFER_SIZE overlapping_buffer
- CHAR_IO none
- CHECKED_RETURN library_function
- CHECKED_RETURN none
- CHECKED_RETURN returns_error_info
- CHECKED_RETURN short_read
- CHECKED_RETURN unchecked_arg
- CHECKED_RETURN user_required
- COM.ADDROF_LEAK none
- COM.BAD_FREE none
- COM.BSTR.ALLOC double_free
- COM.BSTR.ALLOC free_uninit
- COM.BSTR.ALLOC leak
- COM.BSTR.ALLOC none
- COM.BSTR.ALLOC use_after_free
- COM.BSTR.ALLOC use_uninit
- COM.BSTR.CONV none
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- CTOR_DTOR_LEAK none
- DC.PREDICTABLE_KEY_PASSWORD none
- DC.STREAM_BUFFER none
- DC.STRING_BUFFER none
- DC.WEAK_CRYPTO none
- DEADCODE dead_case_in_switch
- DEADCODE dead_default_in_switch
- DEADCODE effectively_constant
- DEADCODE none
- DEADCODE redundant_test
- DELETE_ARRAY non_array_delete
- DELETE_ARRAY none
- DELETE_ARRAY object
- DELETE_ARRAY scalar
- DIVIDE_BY_ZERO float_divisor
- DIVIDE_BY_ZERO none
- FORMAT_STRING_INJECTION none
- FORMAT_STRING_INJECTION paranoid
- FORWARD_NULL deref_constant_null
- FORWARD_NULL dynamic_cast
- FORWARD_NULL none
- FORWARD_NULL throws_on_null
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HEADER_INJECTION none
- INCOMPATIBLE_CAST float_vs_integral
- INCOMPATIBLE_CAST none
- INCOMPATIBLE_CAST overrun
- INTEGER_OVERFLOW array_index_read
- INTEGER_OVERFLOW array_index_write
- INTEGER_OVERFLOW const_overflow
- INTEGER_OVERFLOW critical_argument
- INTEGER_OVERFLOW none
- INTEGER_OVERFLOW pointer_deref_read
- INTEGER_OVERFLOW pointer_deref_write
- INTEGER_OVERFLOW return_value_error
- INVALIDATE_ITERATOR none
- LOCK double_lock
- LOCK missing_unlock
- LOCK none
- MISMATCHED_ITERATOR none
- MISMATCHED_ITERATOR splice_iterator_mismatch
- MISRA C++-2008 Rule 15-3-2 none
- MISRA_CAST bitwise_op_bad_cast
- MISRA_CAST bitwise_op_no_cast
- MISRA_CAST float_complex_conversion
- MISRA_CAST float_narrowing_conversion
- MISRA_CAST float_non_constant_arg_conversion
- MISRA_CAST float_non_constant_conversion
- MISRA_CAST float_non_constant_rtn_conversion
- MISRA_CAST float_to_integer_cast
- MISRA_CAST float_to_integer_conversion
- MISRA_CAST float_widening_cast
- MISRA_CAST integer_complex_conversion
- MISRA_CAST integer_narrowing_conversion
- MISRA_CAST integer_non_constant_arg_conversion
- MISRA_CAST integer_non_constant_conversion
- MISRA_CAST integer_non_constant_rtn_conversion
- MISRA_CAST integer_signedness_changing_cast
- MISRA_CAST integer_signedness_changing_conversion
- MISRA_CAST integer_to_float_cast
- MISRA_CAST integer_to_float_conversion
- MISRA_CAST integer_widening_cast
- MISRA_CAST none
- MISSING_ASSIGN none
- MISSING_ASSIGN uncalled
- MISSING_COPY none
- MISSING_COPY uncalled
- MISSING_LOCK none
- NEGATIVE_RETURNS array_index_read
- NEGATIVE_RETURNS array_index_write
- NEGATIVE_RETURNS critical_argument
- NEGATIVE_RETURNS loop_bound
- NEGATIVE_RETURNS none
- NO_EFFECT bad_memset_fill_value
- NO_EFFECT bad_memset_truncated_fill
- NO_EFFECT bad_memset_zero_size
- NO_EFFECT extra_comma
- NO_EFFECT incomplete_delete
- NO_EFFECT no_effect_test
- NO_EFFECT self_assign
- NO_EFFECT unsigned_compare
- NO_EFFECT unsigned_compare_macros
- NO_EFFECT unsigned_enums
- NULL_RETURNS none
- NULL_RETURNS unimpl
- ORDER_REVERSAL none
- OS_CMD_INJECTION none
- OVERFLOW_BEFORE_WIDEN none
- OVERRUN illegal_address
- OVERRUN none
- OVERRUN read
- OVERRUN strlen
- OVERRUN write
- PATH_MANIPULATION none
- PRINTF_ARGS invalid_type_printf_arg
- PW.ASSIGN_WHERE_COMPARE_MEANT none
- PW.BAD_CAST none
- PW.BRANCH_PAST_INITIALIZATION none
- PW.CONVERSION_TO_POINTER_LOSES_BITS none
- PW.DIVIDE_BY_ZERO none
- PW.INTEGER_OVERFLOW none
- PW.INTEGER_TOO_LARGE none
- PW.NON_CONST_PRINTF_FORMAT_STRING none
- PW.SHIFT_COUNT_TOO_LARGE none
- PW.UNSIGNED_COMPARE_WITH_NEGATIVE none
- READLINK none
- RESOURCE_LEAK exceptional_path
- RESOURCE_LEAK fds_handles
- RESOURCE_LEAK none
- REVERSE_INULL none
- REVERSE_NEGATIVE array_index_read
- REVERSE_NEGATIVE array_index_write
- REVERSE_NEGATIVE critical_argument
- REVERSE_NEGATIVE none
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SECURE_CODING none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SIGN_EXTENSION none
- SIZECHECK ampersand_in_size
- SIZECHECK improper_new
- SIZECHECK incorrect_multiplication
- SIZECHECK likely_overflow
- SIZECHECK no_null_terminator
- SIZECHECK none
- SIZEOF_MISMATCH sizeof_punning
- SLEEP none
- SQLI none
- STRING_NULL none
- STRING_OVERFLOW fixed_size_dest
- STRING_OVERFLOW likely_overflow
- STRING_OVERFLOW none
- STRING_SIZE none
- TAINTED_SCALAR allocation
- TAINTED_SCALAR array_index_read
- TAINTED_SCALAR array_index_write
- TAINTED_SCALAR critical_argument
- TAINTED_SCALAR divisor
- TAINTED_SCALAR loop_bound
- TAINTED_SCALAR none
- TAINTED_SCALAR pointer_deref_read
- TAINTED_SCALAR pointer_deref_write
- TAINTED_STRING none
- TOCTOU none
- UNCAUGHT_EXCEPT none
- UNINIT array_index_read
- UNINIT array_index_write
- UNINIT none
- UNINIT pointer_deref_read
- UNINIT pointer_deref_write
- UNINIT_CTOR none
- UNINIT_CTOR pointer
- UNREACHABLE none
- UNUSED_VALUE adjacent
- UNUSED_VALUE none
- URL_MANIPULATION none
- USER_POINTER none
- USE_AFTER_FREE deref_read_after_free
- USE_AFTER_FREE deref_write_after_free
- USE_AFTER_FREE double_free
- USE_AFTER_FREE none
- VIRTUAL_DTOR empty_dtor
- VIRTUAL_DTOR none
- WEAK_GUARD dns
- WEAK_GUARD dns_sensitive_op
- WEAK_GUARD http_referer
- WEAK_GUARD http_referer_sensitive_op
- WEAK_GUARD ip_address
- WEAK_GUARD ip_address_sensitive_op
- WEAK_GUARD none
- WEAK_GUARD os_login
- WEAK_GUARD os_login_sensitive_op
- WEAK_GUARD principal_name
- WEAK_GUARD principal_name_sensitive_op
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
- WRAPPER_ESCAPE COM_deref_read_after_free
- WRAPPER_ESCAPE COM_deref_write_after_free
- WRAPPER_ESCAPE COM_use_after_free
- WRAPPER_ESCAPE deref_read_after_free
- WRAPPER_ESCAPE deref_write_after_free
- WRAPPER_ESCAPE none
- XPATH_INJECTION none
- Y2K38_SAFETY declaration_with_small_time_t
- Y2K38_SAFETY truncation_of_time_t
|
- ALLOC_FREE_MISMATCH none
- ARRAY_VS_SINGLETON none
- ATOMICITY none
- AUTOSAR C++14 A15-3-3 none
- BAD_ALLOC_ARITHMETIC none
- BAD_ALLOC_STRLEN none
- BAD_COMPARE comparator_misuse
- BAD_COMPARE string_lit_comparison
- BAD_FREE address
- BAD_FREE alloca
- BAD_FREE array
- BAD_FREE first_field_address
- BAD_FREE function_pointer
- BAD_FREE none
- BAD_SIZEOF none
- BAD_SIZEOF sizeof_ptr_expr
- BUFFER_SIZE fixed_size_dest
- BUFFER_SIZE likely_overflow
- BUFFER_SIZE no_null_terminator
- BUFFER_SIZE no_null_terminator_warn
- BUFFER_SIZE none
- BUFFER_SIZE overflow
- BUFFER_SIZE overlapping_buffer
- CHAR_IO none
- CHECKED_RETURN library_function
- CHECKED_RETURN none
- CHECKED_RETURN returns_error_info
- CHECKED_RETURN short_read
- CHECKED_RETURN unchecked_arg
- CHECKED_RETURN user_required
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- CTOR_DTOR_LEAK none
- DC.PREDICTABLE_KEY_PASSWORD none
- DC.STREAM_BUFFER none
- DC.STRING_BUFFER none
- DC.WEAK_CRYPTO none
- DEADCODE dead_case_in_switch
- DEADCODE dead_default_in_switch
- DEADCODE effectively_constant
- DEADCODE none
- DEADCODE redundant_test
- DELETE_ARRAY non_array_delete
- DELETE_ARRAY none
- DELETE_ARRAY object
- DELETE_ARRAY scalar
- DIVIDE_BY_ZERO float_divisor
- DIVIDE_BY_ZERO none
- FORMAT_STRING_INJECTION none
- FORMAT_STRING_INJECTION paranoid
- FORWARD_NULL deref_constant_null
- FORWARD_NULL dynamic_cast
- FORWARD_NULL none
- FORWARD_NULL throws_on_null
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HEADER_INJECTION none
- INCOMPATIBLE_CAST float_vs_integral
- INCOMPATIBLE_CAST none
- INCOMPATIBLE_CAST overrun
- INTEGER_OVERFLOW array_index_read
- INTEGER_OVERFLOW array_index_write
- INTEGER_OVERFLOW const_overflow
- INTEGER_OVERFLOW critical_argument
- INTEGER_OVERFLOW none
- INTEGER_OVERFLOW pointer_deref_read
- INTEGER_OVERFLOW pointer_deref_write
- INTEGER_OVERFLOW return_value_error
- INVALIDATE_ITERATOR none
- LOCK double_lock
- LOCK missing_unlock
- LOCK none
- MISMATCHED_ITERATOR none
- MISMATCHED_ITERATOR splice_iterator_mismatch
- MISRA C++-2008 Rule 15-3-2 none
- MISRA_CAST bitwise_op_bad_cast
- MISRA_CAST bitwise_op_no_cast
- MISRA_CAST float_complex_conversion
- MISRA_CAST float_narrowing_conversion
- MISRA_CAST float_non_constant_arg_conversion
- MISRA_CAST float_non_constant_conversion
- MISRA_CAST float_non_constant_rtn_conversion
- MISRA_CAST float_to_integer_cast
- MISRA_CAST float_to_integer_conversion
- MISRA_CAST float_widening_cast
- MISRA_CAST integer_complex_conversion
- MISRA_CAST integer_narrowing_conversion
- MISRA_CAST integer_non_constant_arg_conversion
- MISRA_CAST integer_non_constant_conversion
- MISRA_CAST integer_non_constant_rtn_conversion
- MISRA_CAST integer_signedness_changing_cast
- MISRA_CAST integer_signedness_changing_conversion
- MISRA_CAST integer_to_float_cast
- MISRA_CAST integer_to_float_conversion
- MISRA_CAST integer_widening_cast
- MISRA_CAST none
- MISSING_ASSIGN none
- MISSING_ASSIGN uncalled
- MISSING_COPY none
- MISSING_COPY uncalled
- MISSING_LOCK none
- NEGATIVE_RETURNS array_index_read
- NEGATIVE_RETURNS array_index_write
- NEGATIVE_RETURNS critical_argument
- NEGATIVE_RETURNS loop_bound
- NEGATIVE_RETURNS none
- NO_EFFECT bad_memset_fill_value
- NO_EFFECT bad_memset_truncated_fill
- NO_EFFECT bad_memset_zero_size
- NO_EFFECT extra_comma
- NO_EFFECT incomplete_delete
- NO_EFFECT no_effect_test
- NO_EFFECT self_assign
- NO_EFFECT unsigned_compare
- NO_EFFECT unsigned_compare_macros
- NO_EFFECT unsigned_enums
- NULL_RETURNS none
- NULL_RETURNS unimpl
- ORDER_REVERSAL none
- OS_CMD_INJECTION none
- OVERFLOW_BEFORE_WIDEN none
- OVERRUN illegal_address
- OVERRUN none
- OVERRUN read
- OVERRUN strlen
- OVERRUN write
- PATH_MANIPULATION none
- PRINTF_ARGS invalid_type_printf_arg
- PW.ASSIGN_WHERE_COMPARE_MEANT none
- PW.BAD_CAST none
- PW.BRANCH_PAST_INITIALIZATION none
- PW.CONVERSION_TO_POINTER_LOSES_BITS none
- PW.DIVIDE_BY_ZERO none
- PW.INTEGER_OVERFLOW none
- PW.INTEGER_TOO_LARGE none
- PW.NON_CONST_PRINTF_FORMAT_STRING none
- PW.SHIFT_COUNT_TOO_LARGE none
- PW.UNSIGNED_COMPARE_WITH_NEGATIVE none
- READLINK none
- RESOURCE_LEAK exceptional_path
- RESOURCE_LEAK fds_handles
- RESOURCE_LEAK none
- REVERSE_INULL none
- REVERSE_NEGATIVE array_index_read
- REVERSE_NEGATIVE array_index_write
- REVERSE_NEGATIVE critical_argument
- REVERSE_NEGATIVE none
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SECURE_CODING none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SIGN_EXTENSION none
- SIZECHECK ampersand_in_size
- SIZECHECK improper_new
- SIZECHECK incorrect_multiplication
- SIZECHECK likely_overflow
- SIZECHECK no_null_terminator
- SIZECHECK none
- SIZEOF_MISMATCH sizeof_punning
- SLEEP none
- SQLI none
- STRING_NULL none
- STRING_OVERFLOW fixed_size_dest
- STRING_OVERFLOW likely_overflow
- STRING_OVERFLOW none
- STRING_SIZE none
- TAINTED_SCALAR allocation
- TAINTED_SCALAR array_index_read
- TAINTED_SCALAR array_index_write
- TAINTED_SCALAR critical_argument
- TAINTED_SCALAR divisor
- TAINTED_SCALAR loop_bound
- TAINTED_SCALAR none
- TAINTED_SCALAR pointer_deref_read
- TAINTED_SCALAR pointer_deref_write
- TAINTED_STRING none
- TOCTOU none
- UNCAUGHT_EXCEPT none
- UNINIT array_index_read
- UNINIT array_index_write
- UNINIT none
- UNINIT pointer_deref_read
- UNINIT pointer_deref_write
- UNINIT_CTOR none
- UNINIT_CTOR pointer
- UNREACHABLE none
- UNUSED_VALUE adjacent
- UNUSED_VALUE none
- URL_MANIPULATION none
- USER_POINTER none
- USE_AFTER_FREE deref_read_after_free
- USE_AFTER_FREE deref_write_after_free
- USE_AFTER_FREE double_free
- USE_AFTER_FREE none
- VIRTUAL_DTOR empty_dtor
- VIRTUAL_DTOR none
- WEAK_GUARD dns
- WEAK_GUARD dns_sensitive_op
- WEAK_GUARD http_referer
- WEAK_GUARD http_referer_sensitive_op
- WEAK_GUARD ip_address
- WEAK_GUARD ip_address_sensitive_op
- WEAK_GUARD none
- WEAK_GUARD os_login
- WEAK_GUARD os_login_sensitive_op
- WEAK_GUARD principal_name
- WEAK_GUARD principal_name_sensitive_op
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
- WRAPPER_ESCAPE COM_deref_read_after_free
- WRAPPER_ESCAPE COM_deref_write_after_free
- WRAPPER_ESCAPE COM_use_after_free
- WRAPPER_ESCAPE deref_read_after_free
- WRAPPER_ESCAPE deref_write_after_free
- WRAPPER_ESCAPE none
- XPATH_INJECTION none
|
- ATOMICITY none
- CHECKED_RETURN none
- CHECKED_RETURN unchecked_arg
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- DEADCODE dead_case_in_switch
- DEADCODE dead_default_in_switch
- DEADCODE effectively_constant
- DEADCODE none
- DEADCODE redundant_test
- DIVIDE_BY_ZERO float_divisor
- DIVIDE_BY_ZERO none
- FORWARD_NULL deref_constant_null
- FORWARD_NULL none
- GUARDED_BY_VIOLATION none
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HEADER_INJECTION none
- LOCK double_lock
- LOCK missing_unlock
- LOCK none
- LOCK_INVERSION none
- NOSQL_QUERY_INJECTION none
- NULL_RETURNS none
- NULL_RETURNS unimpl
- OPEN_REDIRECT none
- OS_CMD_INJECTION command_as_one_string
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- REVERSE_INULL none
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SLEEP none
- SQLI none
- SQLI nosink
- SQLI sink
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
- TEMPLATE_INJECTION none
- UNUSED_VALUE adjacent
- UNUSED_VALUE none
- URL_MANIPULATION none
- XSS none
|
- ATOMICITY none
- BAD_CERT_VERIFICATION bad_revocation_check
- BAD_LOCK_OBJECT boxed_lock
- BAD_LOCK_OBJECT interned_string_lock
- BAD_LOCK_OBJECT none
- BAD_LOCK_OBJECT single_thread_lock
- BAD_LOCK_OBJECT unsafe_assign_to_locked_field
- CALL_SUPER clone
- CALL_SUPER finalize
- CHECKED_RETURN library_function
- CHECKED_RETURN none
- CHECKED_RETURN short_read
- CHECKED_RETURN user_required
- CONFIG.ANDROID_BACKUPS_ALLOWED android
- CONFIG.DYNAMIC_DATA_HTML_COMMENT none
- CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
- CONFIG.MISSING_GLOBAL_EXCEPTION_HANDLER none
- CONFIG.MYBATIS_MAPPER_SQLI none
- CONFIG.SPRING_BOOT_SENSITIVE_LOGGING spring_boot_logging
- CONFIG.SPRING_SECURITY_DEBUG_MODE spring_debug_mode_enabled
- CONFIG.SPRING_SECURITY_DEPRECATED_XSS_HEADER deprecated_xss_header
- CONFIG.SPRING_SECURITY_HARDCODED_CREDENTIALS none
- CONFIG.SPRING_SECURITY_REMEMBER_ME_HARDCODED_KEY none
- CONFIG.SPRING_SECURITY_WEAK_PASSWORD_HASH weak_encoding_for_password
- CONFIG.STRUTS2_CONFIG_BROWSER_PLUGIN none
- CONFIG.STRUTS2_DYNAMIC_METHOD_INVOCATION none
- CONFIG.STRUTS2_ENABLED_DEV_MODE none
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
- DC.DANGEROUS none
- DC.DEADLOCK none
- DEADCODE dead_case_in_switch
- DEADCODE dead_default_in_switch
- DEADCODE effectively_constant
- DEADCODE none
- DEADCODE redundant_test
- DIVIDE_BY_ZERO float_divisor
- DIVIDE_BY_ZERO none
- EL_INJECTION none
- FB.BC_IMPOSSIBLE_CAST none
- FB.BC_IMPOSSIBLE_DOWNCAST none
- FB.BC_IMPOSSIBLE_DOWNCAST_OF_TOARRAY none
- FB.BC_IMPOSSIBLE_INSTANCEOF none
- FB.BC_NULL_INSTANCEOF none
- FB.BC_VACUOUS_INSTANCEOF none
- FB.BX_BOXING_IMMEDIATELY_UNBOXED_TO_PERFORM_COERCION none
- FB.CN_IDIOM none
- FB.CN_IDIOM_NO_SUPER_CALL none
- FB.CN_IMPLEMENTS_CLONE_BUT_NOT_CLONEABLE none
- FB.DC_DOUBLECHECK none
- FB.DC_PARTIALLY_CONSTRUCTED none
- FB.DE_MIGHT_DROP none
- FB.DE_MIGHT_IGNORE none
- FB.DLS_DEAD_LOCAL_INCREMENT_IN_RETURN none
- FB.DLS_DEAD_LOCAL_STORE none
- FB.DLS_DEAD_LOCAL_STORE_IN_RETURN none
- FB.DLS_DEAD_LOCAL_STORE_OF_NULL none
- FB.DLS_DEAD_LOCAL_STORE_SHADOWS_FIELD none
- FB.DLS_DEAD_STORE_OF_CLASS_LITERAL none
- FB.DLS_OVERWRITTEN_INCREMENT none
- FB.DMI_CONSTANT_DB_PASSWORD none
- FB.DMI_EMPTY_DB_PASSWORD none
- FB.DM_EXIT none
- FB.EI_EXPOSE_REP none
- FB.EI_EXPOSE_REP2 none
- FB.EQ_ABSTRACT_SELF none
- FB.EQ_ALWAYS_FALSE none
- FB.EQ_ALWAYS_TRUE none
- FB.EQ_CHECK_FOR_OPERAND_NOT_COMPATIBLE_WITH_THIS none
- FB.EQ_COMPARETO_USE_OBJECT_EQUALS none
- FB.EQ_COMPARING_CLASS_NAMES none
- FB.EQ_DOESNT_OVERRIDE_EQUALS none
- FB.EQ_DONT_DEFINE_EQUALS_FOR_ENUM none
- FB.EQ_GETCLASS_AND_CLASS_CONSTANT none
- FB.EQ_OTHER_NO_OBJECT none
- FB.EQ_OTHER_USE_OBJECT none
- FB.EQ_OVERRIDING_EQUALS_NOT_SYMMETRIC none
- FB.EQ_SELF_NO_OBJECT none
- FB.EQ_SELF_USE_OBJECT none
- FB.EQ_UNUSUAL none
- FB.ES_COMPARING_PARAMETER_STRING_WITH_EQ none
- FB.ES_COMPARING_STRINGS_WITH_EQ none
- FB.FI_PUBLIC_SHOULD_BE_PROTECTED none
- FB.HRS_REQUEST_PARAMETER_TO_COOKIE none
- FB.HRS_REQUEST_PARAMETER_TO_HTTP_HEADER none
- FB.ICAST_BAD_SHIFT_AMOUNT none
- FB.ICAST_IDIV_CAST_TO_DOUBLE none
- FB.ICAST_INTEGER_MULTIPLY_CAST_TO_LONG none
- FB.ICAST_INT_2_LONG_AS_INSTANT none
- FB.ICAST_INT_CAST_TO_DOUBLE_PASSED_TO_CEIL none
- FB.ICAST_INT_CAST_TO_FLOAT_PASSED_TO_ROUND none
- FB.ICAST_QUESTIONABLE_UNSIGNED_RIGHT_SHIFT none
- FB.IP_PARAMETER_IS_DEAD_BUT_OVERWRITTEN none
- FB.IS2_INCONSISTENT_SYNC none
- FB.IS_FIELD_NOT_GUARDED none
- FB.IS_INCONSISTENT_SYNC none
- FB.LI_LAZY_INIT_STATIC none
- FB.LI_LAZY_INIT_UPDATE_STATIC none
- FB.MS_CANNOT_BE_FINAL none
- FB.NP_ALWAYS_NULL none
- FB.NP_ALWAYS_NULL_EXCEPTION none
- FB.NP_ARGUMENT_MIGHT_BE_NULL none
- FB.NP_BOOLEAN_RETURN_NULL none
- FB.NP_CLONE_COULD_RETURN_NULL none
- FB.NP_CLOSING_NULL none
- FB.NP_DEREFERENCE_OF_READLINE_VALUE none
- FB.NP_DOES_NOT_HANDLE_NULL none
- FB.NP_EQUALS_SHOULD_HANDLE_NULL_ARGUMENT none
- FB.NP_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR none
- FB.NP_GUARANTEED_DEREF none
- FB.NP_GUARANTEED_DEREF_ON_EXCEPTION_PATH none
- FB.NP_IMMEDIATE_DEREFERENCE_OF_READLINE none
- FB.NP_LOAD_OF_KNOWN_NULL_VALUE none
- FB.NP_METHOD_PARAMETER_RELAXING_ANNOTATION none
- FB.NP_METHOD_PARAMETER_TIGHTENS_ANNOTATION none
- FB.NP_METHOD_RETURN_RELAXING_ANNOTATION none
- FB.NP_NONNULL_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR none
- FB.NP_NONNULL_PARAM_VIOLATION none
- FB.NP_NONNULL_RETURN_VIOLATION none
- FB.NP_NULL_INSTANCEOF none
- FB.NP_NULL_ON_SOME_PATH none
- FB.NP_NULL_ON_SOME_PATH_EXCEPTION none
- FB.NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE none
- FB.NP_NULL_ON_SOME_PATH_MIGHT_BE_INFEASIBLE none
- FB.NP_NULL_PARAM_DEREF none
- FB.NP_NULL_PARAM_DEREF_ALL_TARGETS_DANGEROUS none
- FB.NP_NULL_PARAM_DEREF_NONVIRTUAL none
- FB.NP_OPTIONAL_RETURN_NULL none
- FB.NP_PARAMETER_MUST_BE_NONNULL_BUT_MARKED_AS_NULLABLE none
- FB.NP_STORE_INTO_NONNULL_FIELD none
- FB.NP_TOSTRING_COULD_RETURN_NULL none
- FB.NP_UNWRITTEN_FIELD none
- FB.NP_UNWRITTEN_PUBLIC_OR_PROTECTED_FIELD none
- FB.PT_ABSOLUTE_PATH_TRAVERSAL none
- FB.PT_RELATIVE_PATH_TRAVERSAL none
- FB.QBA_QUESTIONABLE_BOOLEAN_ASSIGNMENT none
- FB.RCN_REDUNDANT_COMPARISON_OF_NULL_AND_NONNULL_VALUE none
- FB.RCN_REDUNDANT_COMPARISON_TWO_NULL_VALUES none
- FB.RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE none
- FB.RCN_REDUNDANT_NULLCHECK_OF_NULL_VALUE none
- FB.RCN_REDUNDANT_NULLCHECK_WOULD_HAVE_BEEN_A_NPE none
- FB.REC_CATCH_EXCEPTION none
- FB.RE_BAD_SYNTAX_FOR_REGULAR_EXPRESSION none
- FB.RE_CANT_USE_FILE_SEPARATOR_AS_REGULAR_EXPRESSION none
- FB.RE_POSSIBLE_UNINTENDED_PATTERN none
- FB.RU_INVOKE_RUN none
- FB.RV_RETURN_VALUE_IGNORED_BAD_PRACTICE none
- FB.SQL_NONCONSTANT_STRING_PASSED_TO_EXECUTE none
- FB.SQL_PREPARED_STATEMENT_GENERATED_FROM_NONCONSTANT_STRING none
- FB.STCAL_INVOKE_ON_STATIC_CALENDAR_INSTANCE none
- FB.STCAL_INVOKE_ON_STATIC_DATE_FORMAT_INSTANCE none
- FB.STCAL_STATIC_CALENDAR_INSTANCE none
- FB.STCAL_STATIC_SIMPLE_DATE_FORMAT_INSTANCE none
- FB.XSS_REQUEST_PARAMETER_TO_JSP_WRITER none
- FB.XSS_REQUEST_PARAMETER_TO_SEND_ERROR none
- FB.XSS_REQUEST_PARAMETER_TO_SERVLET_WRITER none
- FORWARD_NULL deref_constant_null
- FORWARD_NULL deref_constant_zero
- FORWARD_NULL needs_null_check
- FORWARD_NULL none
- GUARDED_BY_VIOLATION none
- GUARDED_BY_VIOLATION unlocked_read
- GUARDED_BY_VIOLATION unlocked_write
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HEADER_INJECTION none
- HIBERNATE_BAD_HASHCODE bad_equals
- INSECURE_HTTP_FIREWALL spring_security
- INSECURE_RANDOM insecure_random_used
- INSECURE_RANDOM insecure_random_value
- INSECURE_REMEMBER_ME_COOKIE remember_me_cookie
- INVALIDATE_ITERATOR map_put
- INVALIDATE_ITERATOR none
- JAVA_CODE_INJECTION none
- JCR_INJECTION none
- JSP_DYNAMIC_INCLUDE none
- JSP_SQL_INJECTION none
- LDAP_INJECTION none
- LDAP_NOT_CONSTANT none
- LOCK_EVASION none
- LOCK_INVERSION none
- LOG_INJECTION none
- MISSING_HEADER_VALIDATION missing_header_validation
- MISSING_THROW none
- MOBILE_ID_MISUSE none
- NON_STATIC_GUARDING_STATIC none
- NOSQL_QUERY_INJECTION none
- NULL_RETURNS none
- NULL_RETURNS unimpl
- OGNL_INJECTION none
- OPEN_REDIRECT none
- ORM_LOAD_NULL_CHECK none
- OS_CMD_INJECTION command_as_array_of_args
- OS_CMD_INJECTION command_as_one_string
- OS_CMD_INJECTION none
- OVERFLOW_BEFORE_WIDEN none
- PATH_MANIPULATION none
- PREDICTABLE_RANDOM_SEED random_seed
- PREDICTABLE_RANDOM_SEED secure_random_seed_const
- PREDICTABLE_RANDOM_SEED secure_random_seed_sys_time
- REGEX_CONFUSION none
- REGEX_INJECTION none
- RESOURCE_LEAK exceptional_path
- RESOURCE_LEAK none
- RESOURCE_LEAK socket
- RESOURCE_LEAK stream
- REVERSE_INULL none
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SERVLET_ATOMICITY attribute_init_race
- SERVLET_ATOMICITY none
- SERVLET_ATOMICITY violation_on_session_object
- SINGLETON_RACE none
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
- TRUST_BOUNDARY_VIOLATION none
- UNKNOWN_LANGUAGE_INJECTION none
- UNREACHABLE none
- UNRESTRICTED_DISPATCH none
- UNSAFE_JNI none
- UNSAFE_NAMED_QUERY none
- UNSAFE_REFLECTION none
- UNUSED_VALUE adjacent
- UNUSED_VALUE none
- URL_MANIPULATION bad_content_uri
- URL_MANIPULATION bad_intent_uri
- URL_MANIPULATION bad_web_uri
- VERBOSE_ERROR_REPORTING exception_information
- VERBOSE_ERROR_REPORTING stack_trace
- VOLATILE_ATOMICITY compare
- VOLATILE_ATOMICITY none
- VOLATILE_ATOMICITY semantic
- VOLATILE_ATOMICITY threshold
- WEAK_GUARD dns
- WEAK_GUARD dns_sensitive_op
- WEAK_GUARD http_referer
- WEAK_GUARD http_referer_sensitive_op
- WEAK_GUARD ip_address
- WEAK_GUARD ip_address_sensitive_op
- WEAK_GUARD none
- WEAK_GUARD os_login
- WEAK_GUARD os_login_sensitive_op
- WEAK_GUARD principal_name
- WEAK_GUARD principal_name_sensitive_op
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
- XML_INJECTION none
- XPATH_INJECTION none
- XSS none
- XSS stored_xss
|
- ANGULAR_BYPASS_SECURITY none
- ANGULAR_ELEMENT_REFERENCE none
- ANGULAR_EXPRESSION_INJECTION none
- ANGULAR_SCE_DISABLED angular_sce_disabled
- AWS_VALIDATION_DISABLED aws_parameters_validation
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
- CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_intent_whitelist
- CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_navigation_whitelist
- CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_network_request_whitelist
- CONFIG.ENABLED_DEBUG_MODE debug_mode_enabled
- CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
- CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
- CONFIG.MISSING_GLOBAL_EXCEPTION_HANDLER winston_exception_handling
- CONFIG.SEQUELIZE_ENABLED_LOGGING sequelize_logging_enabled
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- COOKIE_INJECTION none
- CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
- CSS_INJECTION none
- DEADCODE none
- DEADCODE redundant_test
- DOM_XSS none
- EXPRESS_SESSION_UNSAFE_MEMORYSTORE express_session_unsafe_memorystore
- EXPRESS_WINSTON_SENSITIVE_LOGGING error_logger
- EXPRESS_WINSTON_SENSITIVE_LOGGING meta_data
- EXPRESS_WINSTON_SENSITIVE_LOGGING request_logger
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
- FORWARD_NULL bad_null_value_use
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HEADER_INJECTION none
- INSECURE_ACL insecure_acl
- INSECURE_COOKIE client_sessions_express_session
- INSECURE_COOKIE hapi_server_session
- INSECURE_RANDOM insecure_random_used
- INSECURE_RANDOM insecure_random_value
- INSECURE_SALT hardcoded
- LOCALSTORAGE_MANIPULATION none
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_count
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
- MULTER_MISCONFIGURATION multer_misconfiguration_of_limits
- NOSQL_QUERY_INJECTION none
- NO_EFFECT self_assign
- NULL_RETURNS none
- OPEN_REDIRECT none
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- REACT_DANGEROUS_INNERHTML react_set_unsafe_html
- REGEX_INJECTION none
- REVERSE_INULL none
- REVERSE_TABNABBING react_target_blank
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO insecure_cipher
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SA.RISKY_CRYPTO ssl_protocol
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SESSIONSTORAGE_MANIPULATION none
- SQLI none
- SQLI nosink
- SQLI sink
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
- TEMPLATE_INJECTION none
- UNREACHABLE none
- URL_MANIPULATION none
- VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
- WEAK_URL_SANITIZATION hostname_regular_expression
- WEAK_URL_SANITIZATION regular_expression_anchor
- WEAK_URL_SANITIZATION url_substring
- XSS none
|
- BAD_CERT_VERIFICATION bad_revocation_check
- CONFIG.ANDROID_BACKUPS_ALLOWED android
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HEADER_INJECTION none
- INSECURE_RANDOM insecure_random_used
- INSECURE_RANDOM insecure_random_value
- MOBILE_ID_MISUSE none
- OS_CMD_INJECTION command_as_array_of_args
- OS_CMD_INJECTION command_as_one_string
- PATH_MANIPULATION none
- PREDICTABLE_RANDOM_SEED random_seed
- PREDICTABLE_RANDOM_SEED secure_random_seed_const
- PREDICTABLE_RANDOM_SEED secure_random_seed_sys_time
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SQLI none
- SQLI nosink
- SQLI sink
- URL_MANIPULATION bad_content_uri
- URL_MANIPULATION bad_intent_uri
- URL_MANIPULATION bad_web_uri
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
|
- ALLOC_FREE_MISMATCH none
- ARRAY_VS_SINGLETON none
- ATOMICITY none
- BAD_ALLOC_ARITHMETIC none
- BAD_ALLOC_STRLEN none
- BAD_COMPARE comparator_misuse
- BAD_COMPARE string_lit_comparison
- BAD_FREE address
- BAD_FREE alloca
- BAD_FREE array
- BAD_FREE first_field_address
- BAD_FREE function_pointer
- BAD_FREE none
- BAD_SIZEOF none
- BAD_SIZEOF sizeof_ptr_expr
- BUFFER_SIZE fixed_size_dest
- BUFFER_SIZE likely_overflow
- BUFFER_SIZE no_null_terminator
- BUFFER_SIZE no_null_terminator_warn
- BUFFER_SIZE none
- BUFFER_SIZE overflow
- BUFFER_SIZE overlapping_buffer
- CHAR_IO none
- CHECKED_RETURN library_function
- CHECKED_RETURN none
- CHECKED_RETURN short_read
- CHECKED_RETURN unchecked_arg
- CHECKED_RETURN user_required
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- CTOR_DTOR_LEAK none
- DC.PREDICTABLE_KEY_PASSWORD none
- DC.STREAM_BUFFER none
- DC.STRING_BUFFER none
- DC.WEAK_CRYPTO none
- DEADCODE dead_case_in_switch
- DEADCODE dead_default_in_switch
- DEADCODE effectively_constant
- DEADCODE none
- DEADCODE redundant_test
- DELETE_ARRAY non_array_delete
- DELETE_ARRAY none
- DELETE_ARRAY object
- DELETE_ARRAY scalar
- DIVIDE_BY_ZERO float_divisor
- DIVIDE_BY_ZERO none
- FORMAT_STRING_INJECTION none
- FORMAT_STRING_INJECTION paranoid
- FORWARD_NULL deref_constant_null
- FORWARD_NULL dynamic_cast
- FORWARD_NULL none
- FORWARD_NULL throws_on_null
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HEADER_INJECTION none
- INCOMPATIBLE_CAST float_vs_integral
- INCOMPATIBLE_CAST none
- INCOMPATIBLE_CAST overrun
- INTEGER_OVERFLOW array_index_read
- INTEGER_OVERFLOW array_index_write
- INTEGER_OVERFLOW const_overflow
- INTEGER_OVERFLOW critical_argument
- INTEGER_OVERFLOW none
- INTEGER_OVERFLOW pointer_deref_read
- INTEGER_OVERFLOW pointer_deref_write
- INTEGER_OVERFLOW return_value_error
- INVALIDATE_ITERATOR none
- LOCK double_lock
- LOCK missing_unlock
- LOCK none
- MISMATCHED_ITERATOR none
- MISMATCHED_ITERATOR splice_iterator_mismatch
- MISRA_CAST bitwise_op_bad_cast
- MISRA_CAST bitwise_op_no_cast
- MISRA_CAST float_complex_conversion
- MISRA_CAST float_narrowing_conversion
- MISRA_CAST float_non_constant_arg_conversion
- MISRA_CAST float_non_constant_conversion
- MISRA_CAST float_non_constant_rtn_conversion
- MISRA_CAST float_to_integer_cast
- MISRA_CAST float_to_integer_conversion
- MISRA_CAST float_widening_cast
- MISRA_CAST integer_complex_conversion
- MISRA_CAST integer_narrowing_conversion
- MISRA_CAST integer_non_constant_arg_conversion
- MISRA_CAST integer_non_constant_conversion
- MISRA_CAST integer_non_constant_rtn_conversion
- MISRA_CAST integer_signedness_changing_cast
- MISRA_CAST integer_signedness_changing_conversion
- MISRA_CAST integer_to_float_cast
- MISRA_CAST integer_to_float_conversion
- MISRA_CAST integer_widening_cast
- MISRA_CAST none
- MISSING_ASSIGN none
- MISSING_ASSIGN uncalled
- MISSING_COPY none
- MISSING_COPY uncalled
- MISSING_LOCK none
- NEGATIVE_RETURNS array_index_read
- NEGATIVE_RETURNS array_index_write
- NEGATIVE_RETURNS critical_argument
- NEGATIVE_RETURNS loop_bound
- NEGATIVE_RETURNS none
- NO_EFFECT bad_memset_fill_value
- NO_EFFECT bad_memset_truncated_fill
- NO_EFFECT bad_memset_zero_size
- NO_EFFECT extra_comma
- NO_EFFECT incomplete_delete
- NO_EFFECT no_effect_test
- NO_EFFECT self_assign
- NO_EFFECT unsigned_compare
- NO_EFFECT unsigned_compare_macros
- NO_EFFECT unsigned_enums
- NULL_RETURNS none
- NULL_RETURNS unimpl
- ORDER_REVERSAL none
- OS_CMD_INJECTION none
- OVERFLOW_BEFORE_WIDEN none
- OVERRUN illegal_address
- OVERRUN none
- OVERRUN read
- OVERRUN strlen
- OVERRUN write
- PATH_MANIPULATION none
- PRINTF_ARGS invalid_type_printf_arg
- READLINK none
- RESOURCE_LEAK exceptional_path
- RESOURCE_LEAK fds_handles
- RESOURCE_LEAK none
- REVERSE_INULL none
- REVERSE_NEGATIVE array_index_read
- REVERSE_NEGATIVE array_index_write
- REVERSE_NEGATIVE critical_argument
- REVERSE_NEGATIVE none
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SECURE_CODING none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SIGN_EXTENSION none
- SIZECHECK ampersand_in_size
- SIZECHECK improper_new
- SIZECHECK incorrect_multiplication
- SIZECHECK likely_overflow
- SIZECHECK no_null_terminator
- SIZECHECK none
- SIZEOF_MISMATCH sizeof_punning
- SLEEP none
- SQLI none
- STRING_NULL none
- STRING_OVERFLOW fixed_size_dest
- STRING_OVERFLOW likely_overflow
- STRING_OVERFLOW none
- STRING_SIZE none
- TAINTED_SCALAR allocation
- TAINTED_SCALAR array_index_read
- TAINTED_SCALAR array_index_write
- TAINTED_SCALAR critical_argument
- TAINTED_SCALAR divisor
- TAINTED_SCALAR loop_bound
- TAINTED_SCALAR none
- TAINTED_SCALAR pointer_deref_read
- TAINTED_SCALAR pointer_deref_write
- TAINTED_STRING none
- TOCTOU none
- UNCAUGHT_EXCEPT none
- UNINIT array_index_read
- UNINIT array_index_write
- UNINIT none
- UNINIT pointer_deref_read
- UNINIT pointer_deref_write
- UNINIT_CTOR none
- UNINIT_CTOR pointer
- UNREACHABLE none
- UNUSED_VALUE adjacent
- UNUSED_VALUE none
- URL_MANIPULATION none
- USER_POINTER none
- USE_AFTER_FREE deref_read_after_free
- USE_AFTER_FREE deref_write_after_free
- USE_AFTER_FREE double_free
- USE_AFTER_FREE none
- VIRTUAL_DTOR empty_dtor
- VIRTUAL_DTOR none
- WEAK_GUARD dns
- WEAK_GUARD dns_sensitive_op
- WEAK_GUARD http_referer
- WEAK_GUARD http_referer_sensitive_op
- WEAK_GUARD ip_address
- WEAK_GUARD ip_address_sensitive_op
- WEAK_GUARD none
- WEAK_GUARD os_login
- WEAK_GUARD os_login_sensitive_op
- WEAK_GUARD principal_name
- WEAK_GUARD principal_name_sensitive_op
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
- WRAPPER_ESCAPE COM_deref_read_after_free
- WRAPPER_ESCAPE COM_deref_write_after_free
- WRAPPER_ESCAPE COM_use_after_free
- WRAPPER_ESCAPE deref_read_after_free
- WRAPPER_ESCAPE deref_write_after_free
- WRAPPER_ESCAPE none
- XPATH_INJECTION none
|
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- DEADCODE none
- DEADCODE redundant_test
- FORWARD_NULL bad_null_value_use
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HEADER_INJECTION none
- NOSQL_QUERY_INJECTION none
- NO_EFFECT self_assign
- OPEN_REDIRECT none
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SQLI none
- SQLI nosink
- SQLI sink
- SYMFONY_EL_INJECTION none
- UNREACHABLE none
- UNSAFE_REFLECTION none
- XSS none
|
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- DEADCODE none
- DEADCODE redundant_test
- FORWARD_NULL bad_null_value_use
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- NOSQL_QUERY_INJECTION none
- OPEN_REDIRECT none
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- REVERSE_INULL none
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SQLI none
- SQLI nosink
- SQLI sink
- UNREACHABLE none
- XSS none
|
- BLACKLIST_FOR_AUTHN auth_blacklist_med
- BLACKLIST_FOR_AUTHN csrf_blacklist_med
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- DEADCODE none
- DEADCODE redundant_test
- DIVIDE_BY_ZERO divide_by_zero_low
- DIVIDE_BY_ZERO divide_by_zero_med
- DYNAMIC_OBJECT_ATTRIBUTES cve_2013_0276_hi
- DYNAMIC_OBJECT_ATTRIBUTES dangerous_attr_accessible_hi
- DYNAMIC_OBJECT_ATTRIBUTES dangerous_attr_accessible_low
- DYNAMIC_OBJECT_ATTRIBUTES dangerous_attr_accessible_med
- DYNAMIC_OBJECT_ATTRIBUTES dangerous_permit_key_hi
- DYNAMIC_OBJECT_ATTRIBUTES dangerous_permit_key_med
- FORWARD_NULL bad_null_value_use
- HARDCODED_CREDENTIALS secret_in_source_med
- INSECURE_COOKIE missing_httponly_low
- NO_EFFECT self_assign
- OPEN_REDIRECT open_redirect_hi
- OPEN_REDIRECT open_redirect_low
- OS_CMD_INJECTION command_injection_hi
- OS_CMD_INJECTION command_injection_med
- PATH_MANIPULATION dynamic_render_path_hi
- PATH_MANIPULATION dynamic_render_path_low
- PATH_MANIPULATION dynamic_render_path_med
- PATH_MANIPULATION dynamic_render_path_rce_hi
- PATH_MANIPULATION file_access_hi
- PATH_MANIPULATION file_access_low
- PATH_MANIPULATION file_access_med
- RAILS_DEVISE_CONFIG devise_encryptor_hi
- RAILS_DEVISE_CONFIG devise_reset_timeout_hi
- REGEX_INJECTION regex_dos_hi
- REGEX_INJECTION regex_dos_low
- REGEX_INJECTION regex_dos_med
- REGEX_MISSING_ANCHOR validation_regex_hi
- RESOURCE_LEAK unsafe_symbol_creation_low
- REVERSE_INULL none
- REVERSE_TABNABBING reverse_tabnabbing_low
- RUBY_VULNERABLE_LIBRARY cve_2010_3933_hi
- RUBY_VULNERABLE_LIBRARY cve_2011_2929_hi
- RUBY_VULNERABLE_LIBRARY cve_2011_2930_med
- RUBY_VULNERABLE_LIBRARY cve_2011_2931_hi
- RUBY_VULNERABLE_LIBRARY cve_2011_2932_hi
- RUBY_VULNERABLE_LIBRARY cve_2011_3186_med
- RUBY_VULNERABLE_LIBRARY cve_2012_2660_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_2661_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_2695_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_3463_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_3465_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_5664_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_0155_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_1855_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_1857_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_4491_med
- RUBY_VULNERABLE_LIBRARY cve_2013_6416_call_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_6416_med
- RUBY_VULNERABLE_LIBRARY cve_2013_6417_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_0080_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_0081_call_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_0081_med
- RUBY_VULNERABLE_LIBRARY cve_2014_3482_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_3483_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_low
- RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_med
- RUBY_VULNERABLE_LIBRARY cve_2014_3514_med
- RUBY_VULNERABLE_LIBRARY cve_2014_7829_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_3226_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_3226_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7577_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7578_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_7578_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7579_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_7579_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7580_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_7580_med
- RUBY_VULNERABLE_LIBRARY cve_2016_6317_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_3741_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_3741_med
- RUBY_VULNERABLE_LIBRARY cve_2018_3760_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_3760_low
- RUBY_VULNERABLE_LIBRARY cve_2018_8048_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_8048_med
- RUBY_VULNERABLE_LIBRARY safe_buffer_vuln_med
- RUBY_VULNERABLE_LIBRARY select_options_vuln_low
- RUBY_VULNERABLE_LIBRARY select_options_vuln_med
- RUBY_VULNERABLE_LIBRARY translate_vuln_hi
- RUBY_VULNERABLE_LIBRARY translate_vuln_med
- SCRIPT_CODE_INJECTION code_eval_hi
- SCRIPT_CODE_INJECTION code_eval_low
- SENSITIVE_DATA_LEAK detailed_exceptions_hi
- SENSITIVE_DATA_LEAK detailed_exceptions_med
- SQLI sql_injection_calculate_hi
- SQLI sql_injection_calculate_low
- SQLI sql_injection_calculate_med
- SQLI sql_injection_connection_hi
- SQLI sql_injection_connection_low
- SQLI sql_injection_connection_med
- SQLI sql_injection_delete_hi
- SQLI sql_injection_delete_low
- SQLI sql_injection_delete_med
- SQLI sql_injection_dynamic_finder_med
- SQLI sql_injection_exists_hi
- SQLI sql_injection_find_by_hi
- SQLI sql_injection_find_hi
- SQLI sql_injection_find_low
- SQLI sql_injection_find_med
- SQLI sql_injection_from_hi
- SQLI sql_injection_from_low
- SQLI sql_injection_from_med
- SQLI sql_injection_group_low
- SQLI sql_injection_group_med
- SQLI sql_injection_having_low
- SQLI sql_injection_having_med
- SQLI sql_injection_hi
- SQLI sql_injection_interp_hi
- SQLI sql_injection_interp_low
- SQLI sql_injection_interp_med
- SQLI sql_injection_joins_hi
- SQLI sql_injection_joins_low
- SQLI sql_injection_joins_med
- SQLI sql_injection_limit_offset_hi
- SQLI sql_injection_limit_offset_low
- SQLI sql_injection_low
- SQLI sql_injection_med
- SQLI sql_injection_not_low
- SQLI sql_injection_order_hi
- SQLI sql_injection_order_low
- SQLI sql_injection_order_med
- SQLI sql_injection_pluck_hi
- SQLI sql_injection_pluck_low
- SQLI sql_injection_pluck_med
- SQLI sql_injection_reorder_hi
- SQLI sql_injection_reorder_low
- SQLI sql_injection_reorder_med
- SQLI sql_injection_select_hi
- SQLI sql_injection_select_med
- SQLI sql_injection_where_hi
- SQLI sql_injection_where_low
- SQLI sql_injection_where_med
- UNESCAPED_HTML unescaped_output_low
- UNREACHABLE none
- UNSAFE_BASIC_AUTH basic_auth_password_hi
- UNSAFE_REFLECTION dangerous_send_hi
- UNSAFE_REFLECTION unsafe_constantize_hi
- UNSAFE_REFLECTION unsafe_constantize_med
- UNSAFE_SESSION_SETTING http_cookies_hi
- UNSAFE_SESSION_SETTING session_secret_hi
- WEAK_PASSWORD_HASH weak_hash_digest_hi
- WEAK_PASSWORD_HASH weak_hash_digest_med
- WEAK_PASSWORD_HASH weak_hash_hmac_med
- XSS cross_site_scripting_hi
- XSS cross_site_scripting_inline_hi
- XSS cross_site_scripting_inline_med
- XSS cross_site_scripting_low
- XSS cross_site_scripting_med
- XSS cve_2011_0446_hi
- XSS cve_2012_3464_med
- XSS cve_2016_6316_hi
- XSS cve_2016_6316_med
- XSS unquoted_attribute_hi
- XSS unquoted_attribute_low
- XSS unquoted_attribute_med
- XSS xss_content_tag_hi
- XSS xss_content_tag_med
- XSS xss_link_to_hi
- XSS xss_link_to_href_hi
- XSS xss_link_to_href_low
- XSS xss_link_to_med
- XSS xss_to_json_hi
- XSS xss_to_json_med
|
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- DEADCODE dead_case_in_switch
- DEADCODE dead_default_in_switch
- DEADCODE effectively_constant
- DEADCODE none
- DEADCODE redundant_test
- FORWARD_NULL deref_constant_null
- FORWARD_NULL none
- NO_EFFECT self_assign
- OVERFLOW_BEFORE_WIDEN none
- REVERSE_INULL none
- UNREACHABLE none
|
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- DEADCODE dead_case_in_switch
- DEADCODE dead_default_in_switch
- DEADCODE effectively_constant
- DEADCODE none
- DEADCODE redundant_test
- FORWARD_NULL deref_constant_null
- FORWARD_NULL none
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- PATH_MANIPULATION none
- REGEX_INJECTION none
- REVERSE_INULL none
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SQLI none
- SQLI nosink
- SQLI sink
- UNEXPECTED_CONTROL_FLOW ignored_exception_to_optional
- XPATH_INJECTION none
|
- ANGULAR_BYPASS_SECURITY none
- ANGULAR_ELEMENT_REFERENCE none
- ANGULAR_EXPRESSION_INJECTION none
- ANGULAR_SCE_DISABLED angular_sce_disabled
- AWS_VALIDATION_DISABLED aws_parameters_validation
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
- CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_intent_whitelist
- CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_navigation_whitelist
- CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_network_request_whitelist
- CONFIG.ENABLED_DEBUG_MODE debug_mode_enabled
- CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
- CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
- CONFIG.MISSING_GLOBAL_EXCEPTION_HANDLER winston_exception_handling
- CONFIG.SEQUELIZE_ENABLED_LOGGING sequelize_logging_enabled
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- COOKIE_INJECTION none
- CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
- CSS_INJECTION none
- DEADCODE none
- DEADCODE redundant_test
- DOM_XSS none
- EXPRESS_SESSION_UNSAFE_MEMORYSTORE express_session_unsafe_memorystore
- EXPRESS_WINSTON_SENSITIVE_LOGGING error_logger
- EXPRESS_WINSTON_SENSITIVE_LOGGING meta_data
- EXPRESS_WINSTON_SENSITIVE_LOGGING request_logger
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
- FORWARD_NULL bad_null_value_use
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HEADER_INJECTION none
- INSECURE_ACL insecure_acl
- INSECURE_COOKIE client_sessions_express_session
- INSECURE_COOKIE hapi_server_session
- INSECURE_RANDOM insecure_random_used
- INSECURE_RANDOM insecure_random_value
- INSECURE_SALT hardcoded
- LOCALSTORAGE_MANIPULATION none
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_count
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
- MULTER_MISCONFIGURATION multer_misconfiguration_of_limits
- NOSQL_QUERY_INJECTION none
- NO_EFFECT self_assign
- NULL_RETURNS none
- OPEN_REDIRECT none
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- REACT_DANGEROUS_INNERHTML react_set_unsafe_html
- REGEX_INJECTION none
- REVERSE_INULL none
- REVERSE_TABNABBING react_target_blank
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO insecure_cipher
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SA.RISKY_CRYPTO ssl_protocol
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SESSIONSTORAGE_MANIPULATION none
- SQLI none
- SQLI nosink
- SQLI sink
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
- TEMPLATE_INJECTION none
- UNREACHABLE none
- URL_MANIPULATION none
- VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
- WEAK_URL_SANITIZATION hostname_regular_expression
- WEAK_URL_SANITIZATION regular_expression_anchor
- WEAK_URL_SANITIZATION url_substring
- XSS none
|
- CONFIG.DYNAMIC_DATA_HTML_COMMENT none
- CONFIG.MISSING_CUSTOM_ERROR_PAGE none
- DEADCODE dead_case_in_switch
- DEADCODE dead_default_in_switch
- DEADCODE effectively_constant
- DEADCODE none
- DEADCODE redundant_test
- DIVIDE_BY_ZERO float_divisor
- DIVIDE_BY_ZERO none
- FORWARD_NULL deref_constant_null
- FORWARD_NULL deref_constant_zero
- FORWARD_NULL dynamic_cast
- FORWARD_NULL none
- FORWARD_NULL null_from_as
- FORWARD_NULL throws_on_null
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HEADER_INJECTION none
- INSECURE_RANDOM insecure_random_used
- INSECURE_RANDOM insecure_random_value
- LDAP_INJECTION none
- LDAP_NOT_CONSTANT none
- LOCK_EVASION none
- LOG_INJECTION none
- NULL_RETURNS none
- OPEN_REDIRECT none
- OS_CMD_INJECTION command_argument
- OS_CMD_INJECTION executable_file
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- REGEX_INJECTION none
- RESOURCE_LEAK channel
- RESOURCE_LEAK database
- RESOURCE_LEAK exceptional_path
- RESOURCE_LEAK none
- RESOURCE_LEAK socket
- RESOURCE_LEAK stream
- REVERSE_INULL none
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
- UNREACHABLE none
- UNRESTRICTED_DISPATCH none
- UNSAFE_NAMED_QUERY none
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
- XML_INJECTION none
- XPATH_INJECTION none
- XSS none
- XSS stored_xss
|
| 869 CERT C++ Secure Coding Section 01 - Preprocessor (PRE) |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 870 CERT C++ Secure Coding Section 02 - Declarations and Initialization (DCL) |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 871 CERT C++ Secure Coding Section 03 - Expressions (EXP) |
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- FORWARD_NULL deref_constant_null
- FORWARD_NULL deref_constant_zero
- FORWARD_NULL dynamic_cast
- FORWARD_NULL none
- FORWARD_NULL null_from_as
- FORWARD_NULL throws_on_null
- NULL_RETURNS none
- NULL_RETURNS unimpl
- REVERSE_INULL none
|
- BAD_COMPARE string_lit_comparison
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- FORWARD_NULL deref_constant_null
- FORWARD_NULL dynamic_cast
- FORWARD_NULL none
- FORWARD_NULL throws_on_null
- NO_EFFECT extra_comma
- NO_EFFECT no_effect_test
- NULL_RETURNS none
- NULL_RETURNS unimpl
- PW.ASSIGN_WHERE_COMPARE_MEANT none
- REVERSE_INULL none
|
- BAD_COMPARE string_lit_comparison
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- FORWARD_NULL deref_constant_null
- FORWARD_NULL dynamic_cast
- FORWARD_NULL none
- FORWARD_NULL throws_on_null
- NO_EFFECT extra_comma
- NO_EFFECT no_effect_test
- NULL_RETURNS none
- NULL_RETURNS unimpl
- PW.ASSIGN_WHERE_COMPARE_MEANT none
- REVERSE_INULL none
|
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- FORWARD_NULL deref_constant_null
- FORWARD_NULL none
- NULL_RETURNS none
- NULL_RETURNS unimpl
- REVERSE_INULL none
|
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- FB.BC_NULL_INSTANCEOF none
- FB.ES_COMPARING_PARAMETER_STRING_WITH_EQ none
- FB.ES_COMPARING_STRINGS_WITH_EQ none
- FB.NP_ALWAYS_NULL none
- FB.NP_ALWAYS_NULL_EXCEPTION none
- FB.NP_ARGUMENT_MIGHT_BE_NULL none
- FB.NP_BOOLEAN_RETURN_NULL none
- FB.NP_CLONE_COULD_RETURN_NULL none
- FB.NP_CLOSING_NULL none
- FB.NP_DEREFERENCE_OF_READLINE_VALUE none
- FB.NP_DOES_NOT_HANDLE_NULL none
- FB.NP_EQUALS_SHOULD_HANDLE_NULL_ARGUMENT none
- FB.NP_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR none
- FB.NP_GUARANTEED_DEREF none
- FB.NP_GUARANTEED_DEREF_ON_EXCEPTION_PATH none
- FB.NP_IMMEDIATE_DEREFERENCE_OF_READLINE none
- FB.NP_LOAD_OF_KNOWN_NULL_VALUE none
- FB.NP_METHOD_PARAMETER_RELAXING_ANNOTATION none
- FB.NP_METHOD_PARAMETER_TIGHTENS_ANNOTATION none
- FB.NP_METHOD_RETURN_RELAXING_ANNOTATION none
- FB.NP_NONNULL_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR none
- FB.NP_NONNULL_PARAM_VIOLATION none
- FB.NP_NONNULL_RETURN_VIOLATION none
- FB.NP_NULL_INSTANCEOF none
- FB.NP_NULL_ON_SOME_PATH none
- FB.NP_NULL_ON_SOME_PATH_EXCEPTION none
- FB.NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE none
- FB.NP_NULL_ON_SOME_PATH_MIGHT_BE_INFEASIBLE none
- FB.NP_NULL_PARAM_DEREF none
- FB.NP_NULL_PARAM_DEREF_ALL_TARGETS_DANGEROUS none
- FB.NP_NULL_PARAM_DEREF_NONVIRTUAL none
- FB.NP_OPTIONAL_RETURN_NULL none
- FB.NP_PARAMETER_MUST_BE_NONNULL_BUT_MARKED_AS_NULLABLE none
- FB.NP_STORE_INTO_NONNULL_FIELD none
- FB.NP_TOSTRING_COULD_RETURN_NULL none
- FB.NP_UNWRITTEN_FIELD none
- FB.NP_UNWRITTEN_PUBLIC_OR_PROTECTED_FIELD none
- FB.QBA_QUESTIONABLE_BOOLEAN_ASSIGNMENT none
- FB.RCN_REDUNDANT_COMPARISON_OF_NULL_AND_NONNULL_VALUE none
- FB.RCN_REDUNDANT_COMPARISON_TWO_NULL_VALUES none
- FB.RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE none
- FB.RCN_REDUNDANT_NULLCHECK_OF_NULL_VALUE none
- FB.RCN_REDUNDANT_NULLCHECK_WOULD_HAVE_BEEN_A_NPE none
- FORWARD_NULL deref_constant_null
- FORWARD_NULL deref_constant_zero
- FORWARD_NULL needs_null_check
- FORWARD_NULL none
- NULL_RETURNS none
- NULL_RETURNS unimpl
- REVERSE_INULL none
|
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- FORWARD_NULL bad_null_value_use
- NULL_RETURNS none
- REVERSE_INULL none
|
|
- BAD_COMPARE string_lit_comparison
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- FORWARD_NULL deref_constant_null
- FORWARD_NULL dynamic_cast
- FORWARD_NULL none
- FORWARD_NULL throws_on_null
- NO_EFFECT extra_comma
- NO_EFFECT no_effect_test
- NULL_RETURNS none
- NULL_RETURNS unimpl
- REVERSE_INULL none
|
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- FORWARD_NULL bad_null_value_use
|
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- FORWARD_NULL bad_null_value_use
- REVERSE_INULL none
|
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- FORWARD_NULL bad_null_value_use
- REVERSE_INULL none
|
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- FORWARD_NULL deref_constant_null
- FORWARD_NULL none
- REVERSE_INULL none
|
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- FORWARD_NULL deref_constant_null
- FORWARD_NULL none
- REVERSE_INULL none
|
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- FORWARD_NULL bad_null_value_use
- NULL_RETURNS none
- REVERSE_INULL none
|
- FORWARD_NULL deref_constant_null
- FORWARD_NULL deref_constant_zero
- FORWARD_NULL dynamic_cast
- FORWARD_NULL none
- FORWARD_NULL null_from_as
- FORWARD_NULL throws_on_null
- NULL_RETURNS none
- REVERSE_INULL none
|
| 872 CERT C++ Secure Coding Section 04 - Integers (INT) |
- DIVIDE_BY_ZERO float_divisor
- DIVIDE_BY_ZERO none
- HEADER_INJECTION none
- LDAP_INJECTION none
- LDAP_NOT_CONSTANT none
- LOG_INJECTION none
- NOSQL_QUERY_INJECTION none
- OPEN_REDIRECT none
- OS_CMD_INJECTION command_argument
- OS_CMD_INJECTION executable_file
- OS_CMD_INJECTION none
- OVERFLOW_BEFORE_WIDEN none
- PATH_MANIPULATION none
- REGEX_INJECTION none
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
- UNKNOWN_LANGUAGE_INJECTION none
- UNRESTRICTED_DISPATCH none
- UNSAFE_NAMED_QUERY none
- XML_INJECTION none
- XPATH_INJECTION none
- XSS none
- XSS stored_xss
|
- ARRAY_VS_SINGLETON none
- BAD_ALLOC_ARITHMETIC none
- BAD_ALLOC_STRLEN none
- BAD_SIZEOF none
- BAD_SIZEOF sizeof_ptr_expr
- BUFFER_SIZE fixed_size_dest
- BUFFER_SIZE likely_overflow
- BUFFER_SIZE no_null_terminator
- BUFFER_SIZE no_null_terminator_warn
- BUFFER_SIZE none
- BUFFER_SIZE overflow
- BUFFER_SIZE overlapping_buffer
- CHAR_IO none
- COM.BAD_FREE none
- COM.BSTR.ALLOC double_free
- COM.BSTR.ALLOC free_uninit
- COM.BSTR.ALLOC none
- COM.BSTR.ALLOC use_after_free
- COM.BSTR.ALLOC use_uninit
- COM.BSTR.CONV none
- DC.PREDICTABLE_KEY_PASSWORD none
- DC.STREAM_BUFFER none
- DC.STRING_BUFFER none
- DC.WEAK_CRYPTO none
- DIVIDE_BY_ZERO float_divisor
- DIVIDE_BY_ZERO none
- FORMAT_STRING_INJECTION none
- FORMAT_STRING_INJECTION paranoid
- HEADER_INJECTION none
- INCOMPATIBLE_CAST overrun
- INTEGER_OVERFLOW array_index_read
- INTEGER_OVERFLOW array_index_write
- INTEGER_OVERFLOW const_overflow
- INTEGER_OVERFLOW critical_argument
- INTEGER_OVERFLOW none
- INTEGER_OVERFLOW pointer_deref_read
- INTEGER_OVERFLOW pointer_deref_write
- INTEGER_OVERFLOW return_value_error
- INVALIDATE_ITERATOR none
- MISMATCHED_ITERATOR none
- MISMATCHED_ITERATOR splice_iterator_mismatch
- MISRA_CAST bitwise_op_bad_cast
- MISRA_CAST bitwise_op_no_cast
- MISRA_CAST float_complex_conversion
- MISRA_CAST float_narrowing_conversion
- MISRA_CAST float_non_constant_arg_conversion
- MISRA_CAST float_non_constant_conversion
- MISRA_CAST float_non_constant_rtn_conversion
- MISRA_CAST float_to_integer_cast
- MISRA_CAST float_to_integer_conversion
- MISRA_CAST float_widening_cast
- MISRA_CAST integer_complex_conversion
- MISRA_CAST integer_narrowing_conversion
- MISRA_CAST integer_non_constant_arg_conversion
- MISRA_CAST integer_non_constant_conversion
- MISRA_CAST integer_non_constant_rtn_conversion
- MISRA_CAST integer_signedness_changing_cast
- MISRA_CAST integer_signedness_changing_conversion
- MISRA_CAST integer_to_float_cast
- MISRA_CAST integer_to_float_conversion
- MISRA_CAST integer_widening_cast
- MISRA_CAST none
- MISSING_ASSIGN none
- MISSING_ASSIGN uncalled
- MISSING_COPY none
- MISSING_COPY uncalled
- NEGATIVE_RETURNS array_index_read
- NEGATIVE_RETURNS array_index_write
- NEGATIVE_RETURNS loop_bound
- NO_EFFECT bad_memset_truncated_fill
- OS_CMD_INJECTION none
- OVERFLOW_BEFORE_WIDEN none
- OVERRUN illegal_address
- OVERRUN none
- OVERRUN read
- OVERRUN strlen
- OVERRUN write
- PATH_MANIPULATION none
- PW.DIVIDE_BY_ZERO none
- PW.INTEGER_OVERFLOW none
- PW.INTEGER_TOO_LARGE none
- PW.NON_CONST_PRINTF_FORMAT_STRING none
- PW.SHIFT_COUNT_TOO_LARGE none
- READLINK none
- REVERSE_NEGATIVE array_index_read
- REVERSE_NEGATIVE array_index_write
- REVERSE_NEGATIVE critical_argument
- SECURE_CODING none
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SIGN_EXTENSION none
- SIZECHECK ampersand_in_size
- SIZECHECK improper_new
- SIZECHECK incorrect_multiplication
- SIZECHECK likely_overflow
- SIZECHECK no_null_terminator
- SIZECHECK none
- SIZEOF_MISMATCH sizeof_punning
- SQLI none
- STRING_NULL none
- STRING_OVERFLOW fixed_size_dest
- STRING_OVERFLOW likely_overflow
- STRING_OVERFLOW none
- STRING_SIZE none
- TAINTED_SCALAR allocation
- TAINTED_SCALAR array_index_read
- TAINTED_SCALAR array_index_write
- TAINTED_SCALAR critical_argument
- TAINTED_SCALAR divisor
- TAINTED_SCALAR loop_bound
- TAINTED_SCALAR none
- TAINTED_SCALAR pointer_deref_read
- TAINTED_SCALAR pointer_deref_write
- TAINTED_STRING none
- URL_MANIPULATION none
- USER_POINTER none
- USE_AFTER_FREE deref_read_after_free
- USE_AFTER_FREE deref_write_after_free
- USE_AFTER_FREE double_free
- USE_AFTER_FREE none
- WRAPPER_ESCAPE COM_deref_read_after_free
- WRAPPER_ESCAPE COM_deref_write_after_free
- WRAPPER_ESCAPE COM_use_after_free
- WRAPPER_ESCAPE deref_read_after_free
- WRAPPER_ESCAPE deref_write_after_free
- WRAPPER_ESCAPE none
- XPATH_INJECTION none
- Y2K38_SAFETY declaration_with_small_time_t
- Y2K38_SAFETY truncation_of_time_t
|
- ARRAY_VS_SINGLETON none
- BAD_ALLOC_ARITHMETIC none
- BAD_ALLOC_STRLEN none
- BAD_SIZEOF none
- BAD_SIZEOF sizeof_ptr_expr
- BUFFER_SIZE fixed_size_dest
- BUFFER_SIZE likely_overflow
- BUFFER_SIZE no_null_terminator
- BUFFER_SIZE no_null_terminator_warn
- BUFFER_SIZE none
- BUFFER_SIZE overflow
- BUFFER_SIZE overlapping_buffer
- CHAR_IO none
- DC.PREDICTABLE_KEY_PASSWORD none
- DC.STREAM_BUFFER none
- DC.STRING_BUFFER none
- DC.WEAK_CRYPTO none
- DIVIDE_BY_ZERO float_divisor
- DIVIDE_BY_ZERO none
- FORMAT_STRING_INJECTION none
- FORMAT_STRING_INJECTION paranoid
- HEADER_INJECTION none
- INCOMPATIBLE_CAST overrun
- INTEGER_OVERFLOW array_index_read
- INTEGER_OVERFLOW array_index_write
- INTEGER_OVERFLOW const_overflow
- INTEGER_OVERFLOW critical_argument
- INTEGER_OVERFLOW none
- INTEGER_OVERFLOW pointer_deref_read
- INTEGER_OVERFLOW pointer_deref_write
- INTEGER_OVERFLOW return_value_error
- INVALIDATE_ITERATOR none
- MISMATCHED_ITERATOR none
- MISMATCHED_ITERATOR splice_iterator_mismatch
- MISRA_CAST bitwise_op_bad_cast
- MISRA_CAST bitwise_op_no_cast
- MISRA_CAST float_complex_conversion
- MISRA_CAST float_narrowing_conversion
- MISRA_CAST float_non_constant_arg_conversion
- MISRA_CAST float_non_constant_conversion
- MISRA_CAST float_non_constant_rtn_conversion
- MISRA_CAST float_to_integer_cast
- MISRA_CAST float_to_integer_conversion
- MISRA_CAST float_widening_cast
- MISRA_CAST integer_complex_conversion
- MISRA_CAST integer_narrowing_conversion
- MISRA_CAST integer_non_constant_arg_conversion
- MISRA_CAST integer_non_constant_conversion
- MISRA_CAST integer_non_constant_rtn_conversion
- MISRA_CAST integer_signedness_changing_cast
- MISRA_CAST integer_signedness_changing_conversion
- MISRA_CAST integer_to_float_cast
- MISRA_CAST integer_to_float_conversion
- MISRA_CAST integer_widening_cast
- MISRA_CAST none
- MISSING_ASSIGN none
- MISSING_ASSIGN uncalled
- MISSING_COPY none
- MISSING_COPY uncalled
- NEGATIVE_RETURNS array_index_read
- NEGATIVE_RETURNS array_index_write
- NEGATIVE_RETURNS loop_bound
- NO_EFFECT bad_memset_truncated_fill
- OS_CMD_INJECTION none
- OVERFLOW_BEFORE_WIDEN none
- OVERRUN illegal_address
- OVERRUN none
- OVERRUN read
- OVERRUN strlen
- OVERRUN write
- PATH_MANIPULATION none
- PW.DIVIDE_BY_ZERO none
- PW.INTEGER_OVERFLOW none
- PW.INTEGER_TOO_LARGE none
- PW.NON_CONST_PRINTF_FORMAT_STRING none
- PW.SHIFT_COUNT_TOO_LARGE none
- READLINK none
- REVERSE_NEGATIVE array_index_read
- REVERSE_NEGATIVE array_index_write
- REVERSE_NEGATIVE critical_argument
- SECURE_CODING none
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SIGN_EXTENSION none
- SIZECHECK ampersand_in_size
- SIZECHECK improper_new
- SIZECHECK incorrect_multiplication
- SIZECHECK likely_overflow
- SIZECHECK no_null_terminator
- SIZECHECK none
- SIZEOF_MISMATCH sizeof_punning
- SQLI none
- STRING_NULL none
- STRING_OVERFLOW fixed_size_dest
- STRING_OVERFLOW likely_overflow
- STRING_OVERFLOW none
- STRING_SIZE none
- TAINTED_SCALAR allocation
- TAINTED_SCALAR array_index_read
- TAINTED_SCALAR array_index_write
- TAINTED_SCALAR critical_argument
- TAINTED_SCALAR divisor
- TAINTED_SCALAR loop_bound
- TAINTED_SCALAR none
- TAINTED_SCALAR pointer_deref_read
- TAINTED_SCALAR pointer_deref_write
- TAINTED_STRING none
- URL_MANIPULATION none
- USER_POINTER none
- USE_AFTER_FREE deref_read_after_free
- USE_AFTER_FREE deref_write_after_free
- USE_AFTER_FREE double_free
- USE_AFTER_FREE none
- WRAPPER_ESCAPE COM_deref_read_after_free
- WRAPPER_ESCAPE COM_deref_write_after_free
- WRAPPER_ESCAPE COM_use_after_free
- WRAPPER_ESCAPE deref_read_after_free
- WRAPPER_ESCAPE deref_write_after_free
- WRAPPER_ESCAPE none
- XPATH_INJECTION none
|
- DIVIDE_BY_ZERO float_divisor
- DIVIDE_BY_ZERO none
- HEADER_INJECTION none
- NOSQL_QUERY_INJECTION none
- OPEN_REDIRECT none
- OS_CMD_INJECTION command_as_one_string
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SQLI none
- SQLI nosink
- SQLI sink
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
- TEMPLATE_INJECTION none
- URL_MANIPULATION none
- XSS none
|
- CONFIG.MYBATIS_MAPPER_SQLI none
- CONFIG.SPRING_SECURITY_DEPRECATED_XSS_HEADER deprecated_xss_header
- CONFIG.STRUTS2_CONFIG_BROWSER_PLUGIN none
- CONFIG.STRUTS2_DYNAMIC_METHOD_INVOCATION none
- CONFIG.STRUTS2_ENABLED_DEV_MODE none
- DC.DANGEROUS none
- DIVIDE_BY_ZERO float_divisor
- DIVIDE_BY_ZERO none
- EL_INJECTION none
- FB.BX_BOXING_IMMEDIATELY_UNBOXED_TO_PERFORM_COERCION none
- FB.HRS_REQUEST_PARAMETER_TO_COOKIE none
- FB.HRS_REQUEST_PARAMETER_TO_HTTP_HEADER none
- FB.ICAST_BAD_SHIFT_AMOUNT none
- FB.ICAST_IDIV_CAST_TO_DOUBLE none
- FB.ICAST_INTEGER_MULTIPLY_CAST_TO_LONG none
- FB.ICAST_INT_2_LONG_AS_INSTANT none
- FB.ICAST_INT_CAST_TO_DOUBLE_PASSED_TO_CEIL none
- FB.ICAST_INT_CAST_TO_FLOAT_PASSED_TO_ROUND none
- FB.ICAST_QUESTIONABLE_UNSIGNED_RIGHT_SHIFT none
- FB.PT_ABSOLUTE_PATH_TRAVERSAL none
- FB.PT_RELATIVE_PATH_TRAVERSAL none
- FB.SQL_NONCONSTANT_STRING_PASSED_TO_EXECUTE none
- FB.SQL_PREPARED_STATEMENT_GENERATED_FROM_NONCONSTANT_STRING none
- FB.XSS_REQUEST_PARAMETER_TO_JSP_WRITER none
- FB.XSS_REQUEST_PARAMETER_TO_SEND_ERROR none
- FB.XSS_REQUEST_PARAMETER_TO_SERVLET_WRITER none
- HEADER_INJECTION none
- INVALIDATE_ITERATOR map_put
- INVALIDATE_ITERATOR none
- JAVA_CODE_INJECTION none
- JCR_INJECTION none
- JSP_DYNAMIC_INCLUDE none
- JSP_SQL_INJECTION none
- LDAP_INJECTION none
- LDAP_NOT_CONSTANT none
- LOG_INJECTION none
- MISSING_HEADER_VALIDATION missing_header_validation
- NOSQL_QUERY_INJECTION none
- OGNL_INJECTION none
- OPEN_REDIRECT none
- OS_CMD_INJECTION command_as_array_of_args
- OS_CMD_INJECTION command_as_one_string
- OS_CMD_INJECTION none
- OVERFLOW_BEFORE_WIDEN none
- PATH_MANIPULATION none
- REGEX_INJECTION none
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
- UNKNOWN_LANGUAGE_INJECTION none
- UNRESTRICTED_DISPATCH none
- UNSAFE_JNI none
- UNSAFE_NAMED_QUERY none
- UNSAFE_REFLECTION none
- URL_MANIPULATION bad_content_uri
- URL_MANIPULATION bad_intent_uri
- URL_MANIPULATION bad_web_uri
- XML_INJECTION none
- XPATH_INJECTION none
- XSS none
- XSS stored_xss
|
- ANGULAR_BYPASS_SECURITY none
- ANGULAR_ELEMENT_REFERENCE none
- ANGULAR_EXPRESSION_INJECTION none
- ANGULAR_SCE_DISABLED angular_sce_disabled
- AWS_VALIDATION_DISABLED aws_parameters_validation
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
- COOKIE_INJECTION none
- CSS_INJECTION none
- DOM_XSS none
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
- HEADER_INJECTION none
- LOCALSTORAGE_MANIPULATION none
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
- NOSQL_QUERY_INJECTION none
- OPEN_REDIRECT none
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- REACT_DANGEROUS_INNERHTML react_set_unsafe_html
- REGEX_INJECTION none
- REVERSE_TABNABBING react_target_blank
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SESSIONSTORAGE_MANIPULATION none
- SQLI none
- SQLI nosink
- SQLI sink
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
- TEMPLATE_INJECTION none
- URL_MANIPULATION none
- VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
- WEAK_URL_SANITIZATION url_substring
- XSS none
|
- HEADER_INJECTION none
- OS_CMD_INJECTION command_as_array_of_args
- OS_CMD_INJECTION command_as_one_string
- PATH_MANIPULATION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SQLI none
- SQLI nosink
- SQLI sink
- URL_MANIPULATION bad_content_uri
- URL_MANIPULATION bad_intent_uri
- URL_MANIPULATION bad_web_uri
|
- ARRAY_VS_SINGLETON none
- BAD_ALLOC_ARITHMETIC none
- BAD_ALLOC_STRLEN none
- BAD_SIZEOF none
- BAD_SIZEOF sizeof_ptr_expr
- BUFFER_SIZE fixed_size_dest
- BUFFER_SIZE likely_overflow
- BUFFER_SIZE no_null_terminator
- BUFFER_SIZE no_null_terminator_warn
- BUFFER_SIZE none
- BUFFER_SIZE overflow
- BUFFER_SIZE overlapping_buffer
- CHAR_IO none
- DC.PREDICTABLE_KEY_PASSWORD none
- DC.STREAM_BUFFER none
- DC.STRING_BUFFER none
- DC.WEAK_CRYPTO none
- DIVIDE_BY_ZERO float_divisor
- DIVIDE_BY_ZERO none
- FORMAT_STRING_INJECTION none
- FORMAT_STRING_INJECTION paranoid
- HEADER_INJECTION none
- INCOMPATIBLE_CAST overrun
- INTEGER_OVERFLOW array_index_read
- INTEGER_OVERFLOW array_index_write
- INTEGER_OVERFLOW const_overflow
- INTEGER_OVERFLOW critical_argument
- INTEGER_OVERFLOW none
- INTEGER_OVERFLOW pointer_deref_read
- INTEGER_OVERFLOW pointer_deref_write
- INTEGER_OVERFLOW return_value_error
- INVALIDATE_ITERATOR none
- MISMATCHED_ITERATOR none
- MISMATCHED_ITERATOR splice_iterator_mismatch
- MISRA_CAST bitwise_op_bad_cast
- MISRA_CAST bitwise_op_no_cast
- MISRA_CAST float_complex_conversion
- MISRA_CAST float_narrowing_conversion
- MISRA_CAST float_non_constant_arg_conversion
- MISRA_CAST float_non_constant_conversion
- MISRA_CAST float_non_constant_rtn_conversion
- MISRA_CAST float_to_integer_cast
- MISRA_CAST float_to_integer_conversion
- MISRA_CAST float_widening_cast
- MISRA_CAST integer_complex_conversion
- MISRA_CAST integer_narrowing_conversion
- MISRA_CAST integer_non_constant_arg_conversion
- MISRA_CAST integer_non_constant_conversion
- MISRA_CAST integer_non_constant_rtn_conversion
- MISRA_CAST integer_signedness_changing_cast
- MISRA_CAST integer_signedness_changing_conversion
- MISRA_CAST integer_to_float_cast
- MISRA_CAST integer_to_float_conversion
- MISRA_CAST integer_widening_cast
- MISRA_CAST none
- MISSING_ASSIGN none
- MISSING_ASSIGN uncalled
- MISSING_COPY none
- MISSING_COPY uncalled
- NEGATIVE_RETURNS array_index_read
- NEGATIVE_RETURNS array_index_write
- NEGATIVE_RETURNS loop_bound
- NO_EFFECT bad_memset_truncated_fill
- OS_CMD_INJECTION none
- OVERFLOW_BEFORE_WIDEN none
- OVERRUN illegal_address
- OVERRUN none
- OVERRUN read
- OVERRUN strlen
- OVERRUN write
- PATH_MANIPULATION none
- READLINK none
- REVERSE_NEGATIVE array_index_read
- REVERSE_NEGATIVE array_index_write
- REVERSE_NEGATIVE critical_argument
- SECURE_CODING none
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SIGN_EXTENSION none
- SIZECHECK ampersand_in_size
- SIZECHECK improper_new
- SIZECHECK incorrect_multiplication
- SIZECHECK likely_overflow
- SIZECHECK no_null_terminator
- SIZECHECK none
- SIZEOF_MISMATCH sizeof_punning
- SQLI none
- STRING_NULL none
- STRING_OVERFLOW fixed_size_dest
- STRING_OVERFLOW likely_overflow
- STRING_OVERFLOW none
- STRING_SIZE none
- TAINTED_SCALAR allocation
- TAINTED_SCALAR array_index_read
- TAINTED_SCALAR array_index_write
- TAINTED_SCALAR critical_argument
- TAINTED_SCALAR divisor
- TAINTED_SCALAR loop_bound
- TAINTED_SCALAR none
- TAINTED_SCALAR pointer_deref_read
- TAINTED_SCALAR pointer_deref_write
- TAINTED_STRING none
- URL_MANIPULATION none
- USER_POINTER none
- USE_AFTER_FREE deref_read_after_free
- USE_AFTER_FREE deref_write_after_free
- USE_AFTER_FREE double_free
- USE_AFTER_FREE none
- WRAPPER_ESCAPE COM_deref_read_after_free
- WRAPPER_ESCAPE COM_deref_write_after_free
- WRAPPER_ESCAPE COM_use_after_free
- WRAPPER_ESCAPE deref_read_after_free
- WRAPPER_ESCAPE deref_write_after_free
- WRAPPER_ESCAPE none
- XPATH_INJECTION none
|
- HEADER_INJECTION none
- NOSQL_QUERY_INJECTION none
- OPEN_REDIRECT none
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SQLI none
- SQLI nosink
- SQLI sink
- SYMFONY_EL_INJECTION none
- UNSAFE_REFLECTION none
- XSS none
|
- NOSQL_QUERY_INJECTION none
- OPEN_REDIRECT none
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SQLI none
- SQLI nosink
- SQLI sink
- XSS none
|
- DIVIDE_BY_ZERO divide_by_zero_low
- DIVIDE_BY_ZERO divide_by_zero_med
- DYNAMIC_OBJECT_ATTRIBUTES cve_2013_0276_hi
- OPEN_REDIRECT open_redirect_hi
- OPEN_REDIRECT open_redirect_low
- OS_CMD_INJECTION command_injection_hi
- OS_CMD_INJECTION command_injection_med
- PATH_MANIPULATION dynamic_render_path_hi
- PATH_MANIPULATION dynamic_render_path_low
- PATH_MANIPULATION dynamic_render_path_med
- PATH_MANIPULATION dynamic_render_path_rce_hi
- PATH_MANIPULATION file_access_hi
- PATH_MANIPULATION file_access_low
- PATH_MANIPULATION file_access_med
- REGEX_INJECTION regex_dos_hi
- REGEX_INJECTION regex_dos_low
- REGEX_INJECTION regex_dos_med
- REVERSE_TABNABBING reverse_tabnabbing_low
- RUBY_VULNERABLE_LIBRARY cve_2010_3933_hi
- RUBY_VULNERABLE_LIBRARY cve_2011_2929_hi
- RUBY_VULNERABLE_LIBRARY cve_2011_2930_med
- RUBY_VULNERABLE_LIBRARY cve_2011_2931_hi
- RUBY_VULNERABLE_LIBRARY cve_2011_2932_hi
- RUBY_VULNERABLE_LIBRARY cve_2011_3186_med
- RUBY_VULNERABLE_LIBRARY cve_2012_2660_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_2661_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_2695_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_3463_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_3465_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_5664_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_0155_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_1855_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_1857_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_4491_med
- RUBY_VULNERABLE_LIBRARY cve_2013_6416_call_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_6416_med
- RUBY_VULNERABLE_LIBRARY cve_2013_6417_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_0080_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_0081_call_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_0081_med
- RUBY_VULNERABLE_LIBRARY cve_2014_3482_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_3483_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_low
- RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_med
- RUBY_VULNERABLE_LIBRARY cve_2014_3514_med
- RUBY_VULNERABLE_LIBRARY cve_2014_7829_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_3226_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_3226_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7577_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7578_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_7578_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7579_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_7579_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7580_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_7580_med
- RUBY_VULNERABLE_LIBRARY cve_2016_6317_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_3741_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_3741_med
- RUBY_VULNERABLE_LIBRARY cve_2018_3760_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_3760_low
- RUBY_VULNERABLE_LIBRARY cve_2018_8048_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_8048_med
- RUBY_VULNERABLE_LIBRARY safe_buffer_vuln_med
- RUBY_VULNERABLE_LIBRARY select_options_vuln_low
- RUBY_VULNERABLE_LIBRARY select_options_vuln_med
- RUBY_VULNERABLE_LIBRARY translate_vuln_hi
- RUBY_VULNERABLE_LIBRARY translate_vuln_med
- SCRIPT_CODE_INJECTION code_eval_hi
- SCRIPT_CODE_INJECTION code_eval_low
- SQLI sql_injection_calculate_hi
- SQLI sql_injection_calculate_low
- SQLI sql_injection_calculate_med
- SQLI sql_injection_connection_hi
- SQLI sql_injection_connection_low
- SQLI sql_injection_connection_med
- SQLI sql_injection_delete_hi
- SQLI sql_injection_delete_low
- SQLI sql_injection_delete_med
- SQLI sql_injection_dynamic_finder_med
- SQLI sql_injection_exists_hi
- SQLI sql_injection_find_by_hi
- SQLI sql_injection_find_hi
- SQLI sql_injection_find_low
- SQLI sql_injection_find_med
- SQLI sql_injection_from_hi
- SQLI sql_injection_from_low
- SQLI sql_injection_from_med
- SQLI sql_injection_group_low
- SQLI sql_injection_group_med
- SQLI sql_injection_having_low
- SQLI sql_injection_having_med
- SQLI sql_injection_hi
- SQLI sql_injection_interp_hi
- SQLI sql_injection_interp_low
- SQLI sql_injection_interp_med
- SQLI sql_injection_joins_hi
- SQLI sql_injection_joins_low
- SQLI sql_injection_joins_med
- SQLI sql_injection_limit_offset_hi
- SQLI sql_injection_limit_offset_low
- SQLI sql_injection_low
- SQLI sql_injection_med
- SQLI sql_injection_not_low
- SQLI sql_injection_order_hi
- SQLI sql_injection_order_low
- SQLI sql_injection_order_med
- SQLI sql_injection_pluck_hi
- SQLI sql_injection_pluck_low
- SQLI sql_injection_pluck_med
- SQLI sql_injection_reorder_hi
- SQLI sql_injection_reorder_low
- SQLI sql_injection_reorder_med
- SQLI sql_injection_select_hi
- SQLI sql_injection_select_med
- SQLI sql_injection_where_hi
- SQLI sql_injection_where_low
- SQLI sql_injection_where_med
- UNESCAPED_HTML unescaped_output_low
- UNSAFE_REFLECTION dangerous_send_hi
- UNSAFE_REFLECTION unsafe_constantize_hi
- UNSAFE_REFLECTION unsafe_constantize_med
- XSS cross_site_scripting_hi
- XSS cross_site_scripting_inline_hi
- XSS cross_site_scripting_inline_med
- XSS cross_site_scripting_low
- XSS cross_site_scripting_med
- XSS cve_2011_0446_hi
- XSS cve_2012_3464_med
- XSS cve_2016_6316_hi
- XSS cve_2016_6316_med
- XSS unquoted_attribute_hi
- XSS unquoted_attribute_low
- XSS unquoted_attribute_med
- XSS xss_content_tag_hi
- XSS xss_content_tag_med
- XSS xss_link_to_hi
- XSS xss_link_to_href_hi
- XSS xss_link_to_href_low
- XSS xss_link_to_med
- XSS xss_to_json_hi
- XSS xss_to_json_med
|
- OVERFLOW_BEFORE_WIDEN none
|
- PATH_MANIPULATION none
- REGEX_INJECTION none
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SQLI none
- SQLI nosink
- SQLI sink
- XPATH_INJECTION none
|
- ANGULAR_BYPASS_SECURITY none
- ANGULAR_ELEMENT_REFERENCE none
- ANGULAR_EXPRESSION_INJECTION none
- ANGULAR_SCE_DISABLED angular_sce_disabled
- AWS_VALIDATION_DISABLED aws_parameters_validation
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
- COOKIE_INJECTION none
- CSS_INJECTION none
- DOM_XSS none
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
- HEADER_INJECTION none
- LOCALSTORAGE_MANIPULATION none
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
- NOSQL_QUERY_INJECTION none
- OPEN_REDIRECT none
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- REACT_DANGEROUS_INNERHTML react_set_unsafe_html
- REGEX_INJECTION none
- REVERSE_TABNABBING react_target_blank
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SESSIONSTORAGE_MANIPULATION none
- SQLI none
- SQLI nosink
- SQLI sink
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
- TEMPLATE_INJECTION none
- URL_MANIPULATION none
- VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
- WEAK_URL_SANITIZATION url_substring
- XSS none
|
- DIVIDE_BY_ZERO float_divisor
- DIVIDE_BY_ZERO none
- HEADER_INJECTION none
- LDAP_INJECTION none
- LDAP_NOT_CONSTANT none
- LOG_INJECTION none
- OPEN_REDIRECT none
- OS_CMD_INJECTION command_argument
- OS_CMD_INJECTION executable_file
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- REGEX_INJECTION none
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
- UNRESTRICTED_DISPATCH none
- UNSAFE_NAMED_QUERY none
- XML_INJECTION none
- XPATH_INJECTION none
- XSS none
- XSS stored_xss
|
| 873 CERT C++ Secure Coding Section 05 - Floating Point Arithmetic (FLP) |
- DIVIDE_BY_ZERO float_divisor
- DIVIDE_BY_ZERO none
- OVERFLOW_BEFORE_WIDEN none
|
- BAD_ALLOC_STRLEN none
- BAD_SIZEOF none
- BAD_SIZEOF sizeof_ptr_expr
- CHAR_IO none
- COM.BSTR.CONV none
- DIVIDE_BY_ZERO float_divisor
- DIVIDE_BY_ZERO none
- INTEGER_OVERFLOW array_index_read
- INTEGER_OVERFLOW array_index_write
- INTEGER_OVERFLOW const_overflow
- INTEGER_OVERFLOW critical_argument
- INTEGER_OVERFLOW none
- INTEGER_OVERFLOW pointer_deref_read
- INTEGER_OVERFLOW pointer_deref_write
- INTEGER_OVERFLOW return_value_error
- MISRA_CAST bitwise_op_bad_cast
- MISRA_CAST bitwise_op_no_cast
- MISRA_CAST float_complex_conversion
- MISRA_CAST float_narrowing_conversion
- MISRA_CAST float_non_constant_arg_conversion
- MISRA_CAST float_non_constant_conversion
- MISRA_CAST float_non_constant_rtn_conversion
- MISRA_CAST float_to_integer_cast
- MISRA_CAST float_to_integer_conversion
- MISRA_CAST float_widening_cast
- MISRA_CAST integer_complex_conversion
- MISRA_CAST integer_narrowing_conversion
- MISRA_CAST integer_non_constant_arg_conversion
- MISRA_CAST integer_non_constant_conversion
- MISRA_CAST integer_non_constant_rtn_conversion
- MISRA_CAST integer_signedness_changing_cast
- MISRA_CAST integer_signedness_changing_conversion
- MISRA_CAST integer_to_float_cast
- MISRA_CAST integer_to_float_conversion
- MISRA_CAST integer_widening_cast
- MISRA_CAST none
- NO_EFFECT bad_memset_truncated_fill
- OVERFLOW_BEFORE_WIDEN none
- PRINTF_ARGS invalid_type_printf_arg
- PW.DIVIDE_BY_ZERO none
- PW.INTEGER_OVERFLOW none
- PW.INTEGER_TOO_LARGE none
- PW.SHIFT_COUNT_TOO_LARGE none
- SIGN_EXTENSION none
- SIZECHECK ampersand_in_size
- SIZECHECK improper_new
- SIZECHECK incorrect_multiplication
- SIZECHECK likely_overflow
- SIZECHECK none
- SIZEOF_MISMATCH sizeof_punning
- TAINTED_SCALAR divisor
- Y2K38_SAFETY declaration_with_small_time_t
- Y2K38_SAFETY truncation_of_time_t
|
- BAD_ALLOC_STRLEN none
- BAD_SIZEOF none
- BAD_SIZEOF sizeof_ptr_expr
- CHAR_IO none
- DIVIDE_BY_ZERO float_divisor
- DIVIDE_BY_ZERO none
- INTEGER_OVERFLOW array_index_read
- INTEGER_OVERFLOW array_index_write
- INTEGER_OVERFLOW const_overflow
- INTEGER_OVERFLOW critical_argument
- INTEGER_OVERFLOW none
- INTEGER_OVERFLOW pointer_deref_read
- INTEGER_OVERFLOW pointer_deref_write
- INTEGER_OVERFLOW return_value_error
- MISRA_CAST bitwise_op_bad_cast
- MISRA_CAST bitwise_op_no_cast
- MISRA_CAST float_complex_conversion
- MISRA_CAST float_narrowing_conversion
- MISRA_CAST float_non_constant_arg_conversion
- MISRA_CAST float_non_constant_conversion
- MISRA_CAST float_non_constant_rtn_conversion
- MISRA_CAST float_to_integer_cast
- MISRA_CAST float_to_integer_conversion
- MISRA_CAST float_widening_cast
- MISRA_CAST integer_complex_conversion
- MISRA_CAST integer_narrowing_conversion
- MISRA_CAST integer_non_constant_arg_conversion
- MISRA_CAST integer_non_constant_conversion
- MISRA_CAST integer_non_constant_rtn_conversion
- MISRA_CAST integer_signedness_changing_cast
- MISRA_CAST integer_signedness_changing_conversion
- MISRA_CAST integer_to_float_cast
- MISRA_CAST integer_to_float_conversion
- MISRA_CAST integer_widening_cast
- MISRA_CAST none
- NO_EFFECT bad_memset_truncated_fill
- OVERFLOW_BEFORE_WIDEN none
- PRINTF_ARGS invalid_type_printf_arg
- PW.DIVIDE_BY_ZERO none
- PW.INTEGER_OVERFLOW none
- PW.INTEGER_TOO_LARGE none
- PW.SHIFT_COUNT_TOO_LARGE none
- SIGN_EXTENSION none
- SIZECHECK ampersand_in_size
- SIZECHECK improper_new
- SIZECHECK incorrect_multiplication
- SIZECHECK likely_overflow
- SIZECHECK none
- SIZEOF_MISMATCH sizeof_punning
- TAINTED_SCALAR divisor
|
- DIVIDE_BY_ZERO float_divisor
- DIVIDE_BY_ZERO none
|
- DIVIDE_BY_ZERO float_divisor
- DIVIDE_BY_ZERO none
- FB.BX_BOXING_IMMEDIATELY_UNBOXED_TO_PERFORM_COERCION none
- FB.ICAST_BAD_SHIFT_AMOUNT none
- FB.ICAST_IDIV_CAST_TO_DOUBLE none
- FB.ICAST_INTEGER_MULTIPLY_CAST_TO_LONG none
- FB.ICAST_INT_2_LONG_AS_INSTANT none
- FB.ICAST_INT_CAST_TO_DOUBLE_PASSED_TO_CEIL none
- FB.ICAST_INT_CAST_TO_FLOAT_PASSED_TO_ROUND none
- FB.ICAST_QUESTIONABLE_UNSIGNED_RIGHT_SHIFT none
- OVERFLOW_BEFORE_WIDEN none
|
|
|
- BAD_ALLOC_STRLEN none
- BAD_SIZEOF none
- BAD_SIZEOF sizeof_ptr_expr
- CHAR_IO none
- DIVIDE_BY_ZERO float_divisor
- DIVIDE_BY_ZERO none
- INTEGER_OVERFLOW array_index_read
- INTEGER_OVERFLOW array_index_write
- INTEGER_OVERFLOW const_overflow
- INTEGER_OVERFLOW critical_argument
- INTEGER_OVERFLOW none
- INTEGER_OVERFLOW pointer_deref_read
- INTEGER_OVERFLOW pointer_deref_write
- INTEGER_OVERFLOW return_value_error
- MISRA_CAST bitwise_op_bad_cast
- MISRA_CAST bitwise_op_no_cast
- MISRA_CAST float_complex_conversion
- MISRA_CAST float_narrowing_conversion
- MISRA_CAST float_non_constant_arg_conversion
- MISRA_CAST float_non_constant_conversion
- MISRA_CAST float_non_constant_rtn_conversion
- MISRA_CAST float_to_integer_cast
- MISRA_CAST float_to_integer_conversion
- MISRA_CAST float_widening_cast
- MISRA_CAST integer_complex_conversion
- MISRA_CAST integer_narrowing_conversion
- MISRA_CAST integer_non_constant_arg_conversion
- MISRA_CAST integer_non_constant_conversion
- MISRA_CAST integer_non_constant_rtn_conversion
- MISRA_CAST integer_signedness_changing_cast
- MISRA_CAST integer_signedness_changing_conversion
- MISRA_CAST integer_to_float_cast
- MISRA_CAST integer_to_float_conversion
- MISRA_CAST integer_widening_cast
- MISRA_CAST none
- NO_EFFECT bad_memset_truncated_fill
- OVERFLOW_BEFORE_WIDEN none
- PRINTF_ARGS invalid_type_printf_arg
- SIGN_EXTENSION none
- SIZECHECK ampersand_in_size
- SIZECHECK improper_new
- SIZECHECK incorrect_multiplication
- SIZECHECK likely_overflow
- SIZECHECK none
- SIZEOF_MISMATCH sizeof_punning
- TAINTED_SCALAR divisor
|
|
|
- DIVIDE_BY_ZERO divide_by_zero_low
- DIVIDE_BY_ZERO divide_by_zero_med
|
- OVERFLOW_BEFORE_WIDEN none
|
|
|
- DIVIDE_BY_ZERO float_divisor
- DIVIDE_BY_ZERO none
|
| 874 CERT C++ Secure Coding Section 06 - Arrays and the STL (ARR) |
|
- ARRAY_VS_SINGLETON none
- BAD_ALLOC_ARITHMETIC none
- BAD_SIZEOF none
- BAD_SIZEOF sizeof_ptr_expr
- BUFFER_SIZE fixed_size_dest
- BUFFER_SIZE likely_overflow
- BUFFER_SIZE none
- BUFFER_SIZE overflow
- BUFFER_SIZE overlapping_buffer
- COM.BAD_FREE none
- COM.BSTR.ALLOC double_free
- COM.BSTR.ALLOC free_uninit
- COM.BSTR.ALLOC none
- COM.BSTR.ALLOC use_after_free
- COM.BSTR.ALLOC use_uninit
- COM.BSTR.CONV none
- INCOMPATIBLE_CAST overrun
- INTEGER_OVERFLOW array_index_read
- INTEGER_OVERFLOW array_index_write
- INTEGER_OVERFLOW pointer_deref_read
- INTEGER_OVERFLOW pointer_deref_write
- INVALIDATE_ITERATOR none
- MISMATCHED_ITERATOR none
- MISMATCHED_ITERATOR splice_iterator_mismatch
- MISSING_ASSIGN none
- MISSING_ASSIGN uncalled
- MISSING_COPY none
- MISSING_COPY uncalled
- NEGATIVE_RETURNS array_index_read
- NEGATIVE_RETURNS array_index_write
- NO_EFFECT bad_memset_fill_value
- NO_EFFECT bad_memset_zero_size
- NO_EFFECT self_assign
- OVERRUN illegal_address
- OVERRUN none
- OVERRUN read
- OVERRUN strlen
- OVERRUN write
- PW.BRANCH_PAST_INITIALIZATION none
- REVERSE_NEGATIVE array_index_read
- REVERSE_NEGATIVE array_index_write
- REVERSE_NEGATIVE critical_argument
- SIZECHECK likely_overflow
- SIZEOF_MISMATCH sizeof_punning
- STRING_OVERFLOW fixed_size_dest
- STRING_OVERFLOW likely_overflow
- STRING_OVERFLOW none
- STRING_SIZE none
- TAINTED_SCALAR allocation
- TAINTED_SCALAR array_index_read
- TAINTED_SCALAR array_index_write
- TAINTED_SCALAR critical_argument
- TAINTED_SCALAR divisor
- TAINTED_SCALAR loop_bound
- TAINTED_SCALAR none
- TAINTED_SCALAR pointer_deref_read
- TAINTED_SCALAR pointer_deref_write
- UNINIT array_index_read
- UNINIT array_index_write
- UNINIT none
- UNINIT pointer_deref_read
- UNINIT pointer_deref_write
- UNINIT_CTOR none
- UNINIT_CTOR pointer
- USE_AFTER_FREE deref_read_after_free
- USE_AFTER_FREE deref_write_after_free
- USE_AFTER_FREE double_free
- USE_AFTER_FREE none
- WRAPPER_ESCAPE COM_deref_read_after_free
- WRAPPER_ESCAPE COM_deref_write_after_free
- WRAPPER_ESCAPE COM_use_after_free
- WRAPPER_ESCAPE deref_read_after_free
- WRAPPER_ESCAPE deref_write_after_free
- WRAPPER_ESCAPE none
|
- ARRAY_VS_SINGLETON none
- BAD_ALLOC_ARITHMETIC none
- BAD_SIZEOF none
- BAD_SIZEOF sizeof_ptr_expr
- BUFFER_SIZE fixed_size_dest
- BUFFER_SIZE likely_overflow
- BUFFER_SIZE none
- BUFFER_SIZE overflow
- BUFFER_SIZE overlapping_buffer
- INCOMPATIBLE_CAST overrun
- INTEGER_OVERFLOW array_index_read
- INTEGER_OVERFLOW array_index_write
- INTEGER_OVERFLOW pointer_deref_read
- INTEGER_OVERFLOW pointer_deref_write
- INVALIDATE_ITERATOR none
- MISMATCHED_ITERATOR none
- MISMATCHED_ITERATOR splice_iterator_mismatch
- MISSING_ASSIGN none
- MISSING_ASSIGN uncalled
- MISSING_COPY none
- MISSING_COPY uncalled
- NEGATIVE_RETURNS array_index_read
- NEGATIVE_RETURNS array_index_write
- NO_EFFECT bad_memset_fill_value
- NO_EFFECT bad_memset_zero_size
- NO_EFFECT self_assign
- OVERRUN illegal_address
- OVERRUN none
- OVERRUN read
- OVERRUN strlen
- OVERRUN write
- PW.BRANCH_PAST_INITIALIZATION none
- REVERSE_NEGATIVE array_index_read
- REVERSE_NEGATIVE array_index_write
- REVERSE_NEGATIVE critical_argument
- SIZECHECK likely_overflow
- SIZEOF_MISMATCH sizeof_punning
- STRING_OVERFLOW fixed_size_dest
- STRING_OVERFLOW likely_overflow
- STRING_OVERFLOW none
- STRING_SIZE none
- TAINTED_SCALAR allocation
- TAINTED_SCALAR array_index_read
- TAINTED_SCALAR array_index_write
- TAINTED_SCALAR critical_argument
- TAINTED_SCALAR divisor
- TAINTED_SCALAR loop_bound
- TAINTED_SCALAR none
- TAINTED_SCALAR pointer_deref_read
- TAINTED_SCALAR pointer_deref_write
- UNINIT array_index_read
- UNINIT array_index_write
- UNINIT none
- UNINIT pointer_deref_read
- UNINIT pointer_deref_write
- UNINIT_CTOR none
- UNINIT_CTOR pointer
- USE_AFTER_FREE deref_read_after_free
- USE_AFTER_FREE deref_write_after_free
- USE_AFTER_FREE double_free
- USE_AFTER_FREE none
- WRAPPER_ESCAPE COM_deref_read_after_free
- WRAPPER_ESCAPE COM_deref_write_after_free
- WRAPPER_ESCAPE COM_use_after_free
- WRAPPER_ESCAPE deref_read_after_free
- WRAPPER_ESCAPE deref_write_after_free
- WRAPPER_ESCAPE none
|
|
- INVALIDATE_ITERATOR map_put
- INVALIDATE_ITERATOR none
|
- EXPRESS_SESSION_UNSAFE_MEMORYSTORE express_session_unsafe_memorystore
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_count
- MULTER_MISCONFIGURATION multer_misconfiguration_of_limits
- NO_EFFECT self_assign
|
|
- ARRAY_VS_SINGLETON none
- BAD_ALLOC_ARITHMETIC none
- BAD_SIZEOF none
- BAD_SIZEOF sizeof_ptr_expr
- BUFFER_SIZE fixed_size_dest
- BUFFER_SIZE likely_overflow
- BUFFER_SIZE none
- BUFFER_SIZE overflow
- BUFFER_SIZE overlapping_buffer
- INCOMPATIBLE_CAST overrun
- INTEGER_OVERFLOW array_index_read
- INTEGER_OVERFLOW array_index_write
- INTEGER_OVERFLOW pointer_deref_read
- INTEGER_OVERFLOW pointer_deref_write
- INVALIDATE_ITERATOR none
- MISMATCHED_ITERATOR none
- MISMATCHED_ITERATOR splice_iterator_mismatch
- MISSING_ASSIGN none
- MISSING_ASSIGN uncalled
- MISSING_COPY none
- MISSING_COPY uncalled
- NEGATIVE_RETURNS array_index_read
- NEGATIVE_RETURNS array_index_write
- NO_EFFECT bad_memset_fill_value
- NO_EFFECT bad_memset_zero_size
- NO_EFFECT self_assign
- OVERRUN illegal_address
- OVERRUN none
- OVERRUN read
- OVERRUN strlen
- OVERRUN write
- REVERSE_NEGATIVE array_index_read
- REVERSE_NEGATIVE array_index_write
- REVERSE_NEGATIVE critical_argument
- SIZECHECK likely_overflow
- SIZEOF_MISMATCH sizeof_punning
- STRING_OVERFLOW fixed_size_dest
- STRING_OVERFLOW likely_overflow
- STRING_OVERFLOW none
- STRING_SIZE none
- TAINTED_SCALAR allocation
- TAINTED_SCALAR array_index_read
- TAINTED_SCALAR array_index_write
- TAINTED_SCALAR critical_argument
- TAINTED_SCALAR divisor
- TAINTED_SCALAR loop_bound
- TAINTED_SCALAR none
- TAINTED_SCALAR pointer_deref_read
- TAINTED_SCALAR pointer_deref_write
- UNINIT array_index_read
- UNINIT array_index_write
- UNINIT none
- UNINIT pointer_deref_read
- UNINIT pointer_deref_write
- UNINIT_CTOR none
- UNINIT_CTOR pointer
- USE_AFTER_FREE deref_read_after_free
- USE_AFTER_FREE deref_write_after_free
- USE_AFTER_FREE double_free
- USE_AFTER_FREE none
- WRAPPER_ESCAPE COM_deref_read_after_free
- WRAPPER_ESCAPE COM_deref_write_after_free
- WRAPPER_ESCAPE COM_use_after_free
- WRAPPER_ESCAPE deref_read_after_free
- WRAPPER_ESCAPE deref_write_after_free
- WRAPPER_ESCAPE none
|
|
|
|
|
|
- EXPRESS_SESSION_UNSAFE_MEMORYSTORE express_session_unsafe_memorystore
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_count
- MULTER_MISCONFIGURATION multer_misconfiguration_of_limits
- NO_EFFECT self_assign
|
|
| 875 CERT C++ Secure Coding Section 07 - Characters and Strings (STR) |
- HEADER_INJECTION none
- OS_CMD_INJECTION command_argument
- OS_CMD_INJECTION executable_file
- OS_CMD_INJECTION none
|
- ARRAY_VS_SINGLETON none
- BAD_ALLOC_ARITHMETIC none
- BUFFER_SIZE fixed_size_dest
- BUFFER_SIZE likely_overflow
- BUFFER_SIZE no_null_terminator
- BUFFER_SIZE no_null_terminator_warn
- BUFFER_SIZE none
- BUFFER_SIZE overflow
- BUFFER_SIZE overlapping_buffer
- CHAR_IO none
- COM.BAD_FREE none
- COM.BSTR.ALLOC double_free
- COM.BSTR.ALLOC free_uninit
- COM.BSTR.ALLOC none
- COM.BSTR.ALLOC use_after_free
- COM.BSTR.ALLOC use_uninit
- COM.BSTR.CONV none
- HEADER_INJECTION none
- INCOMPATIBLE_CAST float_vs_integral
- INCOMPATIBLE_CAST none
- INCOMPATIBLE_CAST overrun
- INTEGER_OVERFLOW array_index_read
- INTEGER_OVERFLOW array_index_write
- INTEGER_OVERFLOW pointer_deref_read
- INTEGER_OVERFLOW pointer_deref_write
- INVALIDATE_ITERATOR none
- MISMATCHED_ITERATOR none
- MISMATCHED_ITERATOR splice_iterator_mismatch
- MISRA_CAST bitwise_op_bad_cast
- MISRA_CAST bitwise_op_no_cast
- MISRA_CAST float_complex_conversion
- MISRA_CAST float_narrowing_conversion
- MISRA_CAST float_non_constant_arg_conversion
- MISRA_CAST float_non_constant_conversion
- MISRA_CAST float_non_constant_rtn_conversion
- MISRA_CAST float_to_integer_cast
- MISRA_CAST float_to_integer_conversion
- MISRA_CAST float_widening_cast
- MISRA_CAST integer_complex_conversion
- MISRA_CAST integer_narrowing_conversion
- MISRA_CAST integer_non_constant_arg_conversion
- MISRA_CAST integer_non_constant_conversion
- MISRA_CAST integer_non_constant_rtn_conversion
- MISRA_CAST integer_signedness_changing_cast
- MISRA_CAST integer_signedness_changing_conversion
- MISRA_CAST integer_to_float_cast
- MISRA_CAST integer_to_float_conversion
- MISRA_CAST integer_widening_cast
- MISRA_CAST none
- MISSING_ASSIGN none
- MISSING_ASSIGN uncalled
- MISSING_COPY none
- MISSING_COPY uncalled
- NO_EFFECT bad_memset_truncated_fill
- OS_CMD_INJECTION none
- OVERRUN illegal_address
- OVERRUN none
- OVERRUN read
- OVERRUN strlen
- OVERRUN write
- PRINTF_ARGS invalid_type_printf_arg
- PW.BAD_CAST none
- PW.CONVERSION_TO_POINTER_LOSES_BITS none
- READLINK none
- REVERSE_NEGATIVE critical_argument
- SIGN_EXTENSION none
- SIZECHECK likely_overflow
- SIZECHECK no_null_terminator
- STRING_NULL none
- STRING_OVERFLOW fixed_size_dest
- STRING_OVERFLOW likely_overflow
- STRING_OVERFLOW none
- STRING_SIZE none
- TAINTED_SCALAR allocation
- TAINTED_SCALAR array_index_read
- TAINTED_SCALAR array_index_write
- TAINTED_SCALAR critical_argument
- TAINTED_SCALAR divisor
- TAINTED_SCALAR loop_bound
- TAINTED_SCALAR none
- TAINTED_SCALAR pointer_deref_read
- TAINTED_SCALAR pointer_deref_write
- USE_AFTER_FREE deref_read_after_free
- USE_AFTER_FREE deref_write_after_free
- USE_AFTER_FREE double_free
- USE_AFTER_FREE none
- WRAPPER_ESCAPE COM_deref_read_after_free
- WRAPPER_ESCAPE COM_deref_write_after_free
- WRAPPER_ESCAPE COM_use_after_free
- WRAPPER_ESCAPE deref_read_after_free
- WRAPPER_ESCAPE deref_write_after_free
- WRAPPER_ESCAPE none
- Y2K38_SAFETY declaration_with_small_time_t
- Y2K38_SAFETY truncation_of_time_t
|
- ARRAY_VS_SINGLETON none
- BAD_ALLOC_ARITHMETIC none
- BUFFER_SIZE fixed_size_dest
- BUFFER_SIZE likely_overflow
- BUFFER_SIZE no_null_terminator
- BUFFER_SIZE no_null_terminator_warn
- BUFFER_SIZE none
- BUFFER_SIZE overflow
- BUFFER_SIZE overlapping_buffer
- CHAR_IO none
- HEADER_INJECTION none
- INCOMPATIBLE_CAST float_vs_integral
- INCOMPATIBLE_CAST none
- INCOMPATIBLE_CAST overrun
- INTEGER_OVERFLOW array_index_read
- INTEGER_OVERFLOW array_index_write
- INTEGER_OVERFLOW pointer_deref_read
- INTEGER_OVERFLOW pointer_deref_write
- INVALIDATE_ITERATOR none
- MISMATCHED_ITERATOR none
- MISMATCHED_ITERATOR splice_iterator_mismatch
- MISRA_CAST bitwise_op_bad_cast
- MISRA_CAST bitwise_op_no_cast
- MISRA_CAST float_complex_conversion
- MISRA_CAST float_narrowing_conversion
- MISRA_CAST float_non_constant_arg_conversion
- MISRA_CAST float_non_constant_conversion
- MISRA_CAST float_non_constant_rtn_conversion
- MISRA_CAST float_to_integer_cast
- MISRA_CAST float_to_integer_conversion
- MISRA_CAST float_widening_cast
- MISRA_CAST integer_complex_conversion
- MISRA_CAST integer_narrowing_conversion
- MISRA_CAST integer_non_constant_arg_conversion
- MISRA_CAST integer_non_constant_conversion
- MISRA_CAST integer_non_constant_rtn_conversion
- MISRA_CAST integer_signedness_changing_cast
- MISRA_CAST integer_signedness_changing_conversion
- MISRA_CAST integer_to_float_cast
- MISRA_CAST integer_to_float_conversion
- MISRA_CAST integer_widening_cast
- MISRA_CAST none
- MISSING_ASSIGN none
- MISSING_ASSIGN uncalled
- MISSING_COPY none
- MISSING_COPY uncalled
- NO_EFFECT bad_memset_truncated_fill
- OS_CMD_INJECTION none
- OVERRUN illegal_address
- OVERRUN none
- OVERRUN read
- OVERRUN strlen
- OVERRUN write
- PRINTF_ARGS invalid_type_printf_arg
- PW.BAD_CAST none
- PW.CONVERSION_TO_POINTER_LOSES_BITS none
- READLINK none
- REVERSE_NEGATIVE critical_argument
- SIGN_EXTENSION none
- SIZECHECK likely_overflow
- SIZECHECK no_null_terminator
- STRING_NULL none
- STRING_OVERFLOW fixed_size_dest
- STRING_OVERFLOW likely_overflow
- STRING_OVERFLOW none
- STRING_SIZE none
- TAINTED_SCALAR allocation
- TAINTED_SCALAR array_index_read
- TAINTED_SCALAR array_index_write
- TAINTED_SCALAR critical_argument
- TAINTED_SCALAR divisor
- TAINTED_SCALAR loop_bound
- TAINTED_SCALAR none
- TAINTED_SCALAR pointer_deref_read
- TAINTED_SCALAR pointer_deref_write
- USE_AFTER_FREE deref_read_after_free
- USE_AFTER_FREE deref_write_after_free
- USE_AFTER_FREE double_free
- USE_AFTER_FREE none
- WRAPPER_ESCAPE COM_deref_read_after_free
- WRAPPER_ESCAPE COM_deref_write_after_free
- WRAPPER_ESCAPE COM_use_after_free
- WRAPPER_ESCAPE deref_read_after_free
- WRAPPER_ESCAPE deref_write_after_free
- WRAPPER_ESCAPE none
|
- HEADER_INJECTION none
- OS_CMD_INJECTION command_as_one_string
- OS_CMD_INJECTION none
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
|
- FB.BX_BOXING_IMMEDIATELY_UNBOXED_TO_PERFORM_COERCION none
- FB.ICAST_BAD_SHIFT_AMOUNT none
- FB.ICAST_IDIV_CAST_TO_DOUBLE none
- FB.ICAST_INTEGER_MULTIPLY_CAST_TO_LONG none
- FB.ICAST_INT_2_LONG_AS_INSTANT none
- FB.ICAST_INT_CAST_TO_DOUBLE_PASSED_TO_CEIL none
- FB.ICAST_INT_CAST_TO_FLOAT_PASSED_TO_ROUND none
- FB.ICAST_QUESTIONABLE_UNSIGNED_RIGHT_SHIFT none
- HEADER_INJECTION none
- INVALIDATE_ITERATOR map_put
- INVALIDATE_ITERATOR none
- MISSING_HEADER_VALIDATION missing_header_validation
- OS_CMD_INJECTION command_as_array_of_args
- OS_CMD_INJECTION command_as_one_string
- OS_CMD_INJECTION none
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
|
- HEADER_INJECTION none
- OS_CMD_INJECTION none
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
|
- HEADER_INJECTION none
- OS_CMD_INJECTION command_as_array_of_args
- OS_CMD_INJECTION command_as_one_string
|
- ARRAY_VS_SINGLETON none
- BAD_ALLOC_ARITHMETIC none
- BUFFER_SIZE fixed_size_dest
- BUFFER_SIZE likely_overflow
- BUFFER_SIZE no_null_terminator
- BUFFER_SIZE no_null_terminator_warn
- BUFFER_SIZE none
- BUFFER_SIZE overflow
- BUFFER_SIZE overlapping_buffer
- CHAR_IO none
- HEADER_INJECTION none
- INCOMPATIBLE_CAST float_vs_integral
- INCOMPATIBLE_CAST none
- INCOMPATIBLE_CAST overrun
- INTEGER_OVERFLOW array_index_read
- INTEGER_OVERFLOW array_index_write
- INTEGER_OVERFLOW pointer_deref_read
- INTEGER_OVERFLOW pointer_deref_write
- INVALIDATE_ITERATOR none
- MISMATCHED_ITERATOR none
- MISMATCHED_ITERATOR splice_iterator_mismatch
- MISRA_CAST bitwise_op_bad_cast
- MISRA_CAST bitwise_op_no_cast
- MISRA_CAST float_complex_conversion
- MISRA_CAST float_narrowing_conversion
- MISRA_CAST float_non_constant_arg_conversion
- MISRA_CAST float_non_constant_conversion
- MISRA_CAST float_non_constant_rtn_conversion
- MISRA_CAST float_to_integer_cast
- MISRA_CAST float_to_integer_conversion
- MISRA_CAST float_widening_cast
- MISRA_CAST integer_complex_conversion
- MISRA_CAST integer_narrowing_conversion
- MISRA_CAST integer_non_constant_arg_conversion
- MISRA_CAST integer_non_constant_conversion
- MISRA_CAST integer_non_constant_rtn_conversion
- MISRA_CAST integer_signedness_changing_cast
- MISRA_CAST integer_signedness_changing_conversion
- MISRA_CAST integer_to_float_cast
- MISRA_CAST integer_to_float_conversion
- MISRA_CAST integer_widening_cast
- MISRA_CAST none
- MISSING_ASSIGN none
- MISSING_ASSIGN uncalled
- MISSING_COPY none
- MISSING_COPY uncalled
- NO_EFFECT bad_memset_truncated_fill
- OS_CMD_INJECTION none
- OVERRUN illegal_address
- OVERRUN none
- OVERRUN read
- OVERRUN strlen
- OVERRUN write
- PRINTF_ARGS invalid_type_printf_arg
- READLINK none
- REVERSE_NEGATIVE critical_argument
- SIGN_EXTENSION none
- SIZECHECK likely_overflow
- SIZECHECK no_null_terminator
- STRING_NULL none
- STRING_OVERFLOW fixed_size_dest
- STRING_OVERFLOW likely_overflow
- STRING_OVERFLOW none
- STRING_SIZE none
- TAINTED_SCALAR allocation
- TAINTED_SCALAR array_index_read
- TAINTED_SCALAR array_index_write
- TAINTED_SCALAR critical_argument
- TAINTED_SCALAR divisor
- TAINTED_SCALAR loop_bound
- TAINTED_SCALAR none
- TAINTED_SCALAR pointer_deref_read
- TAINTED_SCALAR pointer_deref_write
- USE_AFTER_FREE deref_read_after_free
- USE_AFTER_FREE deref_write_after_free
- USE_AFTER_FREE double_free
- USE_AFTER_FREE none
- WRAPPER_ESCAPE COM_deref_read_after_free
- WRAPPER_ESCAPE COM_deref_write_after_free
- WRAPPER_ESCAPE COM_use_after_free
- WRAPPER_ESCAPE deref_read_after_free
- WRAPPER_ESCAPE deref_write_after_free
- WRAPPER_ESCAPE none
|
- HEADER_INJECTION none
- OS_CMD_INJECTION none
|
|
- OS_CMD_INJECTION command_injection_hi
- OS_CMD_INJECTION command_injection_med
- SQLI sql_injection_dynamic_finder_med
|
|
|
- HEADER_INJECTION none
- OS_CMD_INJECTION none
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
|
- HEADER_INJECTION none
- OS_CMD_INJECTION command_argument
- OS_CMD_INJECTION executable_file
- OS_CMD_INJECTION none
|
| 876 CERT C++ Secure Coding Section 08 - Memory Management (MEM) |
- CONFIG.MISSING_CUSTOM_ERROR_PAGE none
- FORWARD_NULL deref_constant_null
- FORWARD_NULL deref_constant_zero
- FORWARD_NULL dynamic_cast
- FORWARD_NULL none
- FORWARD_NULL null_from_as
- FORWARD_NULL throws_on_null
- HEADER_INJECTION none
- LDAP_INJECTION none
- LDAP_NOT_CONSTANT none
- LOG_INJECTION none
- MISSING_THROW none
- NOSQL_QUERY_INJECTION none
- NULL_RETURNS none
- NULL_RETURNS unimpl
- OPEN_REDIRECT none
- OS_CMD_INJECTION command_argument
- OS_CMD_INJECTION executable_file
- OS_CMD_INJECTION none
- OVERFLOW_BEFORE_WIDEN none
- PATH_MANIPULATION none
- REGEX_INJECTION none
- RESOURCE_LEAK channel
- RESOURCE_LEAK database
- RESOURCE_LEAK exceptional_path
- RESOURCE_LEAK none
- RESOURCE_LEAK socket
- RESOURCE_LEAK stream
- REVERSE_INULL none
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
- UNKNOWN_LANGUAGE_INJECTION none
- UNRESTRICTED_DISPATCH none
- UNSAFE_NAMED_QUERY none
- XML_INJECTION none
- XPATH_INJECTION none
- XSS none
- XSS stored_xss
|
- ALLOC_FREE_MISMATCH none
- ARRAY_VS_SINGLETON none
- AUTOSAR C++14 A15-3-3 none
- BAD_ALLOC_ARITHMETIC none
- BAD_ALLOC_STRLEN none
- BAD_COMPARE comparator_misuse
- BAD_FREE address
- BAD_FREE alloca
- BAD_FREE array
- BAD_FREE first_field_address
- BAD_FREE function_pointer
- BAD_FREE none
- BUFFER_SIZE fixed_size_dest
- BUFFER_SIZE likely_overflow
- BUFFER_SIZE no_null_terminator
- BUFFER_SIZE no_null_terminator_warn
- BUFFER_SIZE none
- BUFFER_SIZE overflow
- BUFFER_SIZE overlapping_buffer
- CHECKED_RETURN library_function
- CHECKED_RETURN none
- CHECKED_RETURN returns_error_info
- CHECKED_RETURN short_read
- CHECKED_RETURN unchecked_arg
- CHECKED_RETURN user_required
- COM.ADDROF_LEAK none
- COM.BAD_FREE none
- COM.BSTR.ALLOC double_free
- COM.BSTR.ALLOC free_uninit
- COM.BSTR.ALLOC leak
- COM.BSTR.ALLOC none
- COM.BSTR.ALLOC use_after_free
- COM.BSTR.ALLOC use_uninit
- COM.BSTR.CONV none
- CTOR_DTOR_LEAK none
- DELETE_ARRAY non_array_delete
- DELETE_ARRAY none
- DELETE_ARRAY object
- DELETE_ARRAY scalar
- FORMAT_STRING_INJECTION none
- FORMAT_STRING_INJECTION paranoid
- FORWARD_NULL deref_constant_null
- FORWARD_NULL dynamic_cast
- FORWARD_NULL none
- FORWARD_NULL throws_on_null
- HEADER_INJECTION none
- INCOMPATIBLE_CAST overrun
- INTEGER_OVERFLOW array_index_read
- INTEGER_OVERFLOW array_index_write
- INTEGER_OVERFLOW const_overflow
- INTEGER_OVERFLOW critical_argument
- INTEGER_OVERFLOW none
- INTEGER_OVERFLOW pointer_deref_read
- INTEGER_OVERFLOW pointer_deref_write
- INTEGER_OVERFLOW return_value_error
- INVALIDATE_ITERATOR none
- MISMATCHED_ITERATOR none
- MISMATCHED_ITERATOR splice_iterator_mismatch
- MISRA C++-2008 Rule 15-3-2 none
- MISSING_ASSIGN none
- MISSING_ASSIGN uncalled
- MISSING_COPY none
- MISSING_COPY uncalled
- NEGATIVE_RETURNS array_index_read
- NEGATIVE_RETURNS array_index_write
- NEGATIVE_RETURNS critical_argument
- NEGATIVE_RETURNS loop_bound
- NEGATIVE_RETURNS none
- NO_EFFECT bad_memset_fill_value
- NO_EFFECT bad_memset_zero_size
- NO_EFFECT incomplete_delete
- NO_EFFECT self_assign
- NULL_RETURNS none
- NULL_RETURNS unimpl
- OS_CMD_INJECTION none
- OVERFLOW_BEFORE_WIDEN none
- OVERRUN illegal_address
- OVERRUN none
- OVERRUN read
- OVERRUN strlen
- OVERRUN write
- PATH_MANIPULATION none
- PW.BRANCH_PAST_INITIALIZATION none
- PW.INTEGER_OVERFLOW none
- PW.INTEGER_TOO_LARGE none
- PW.NON_CONST_PRINTF_FORMAT_STRING none
- PW.SHIFT_COUNT_TOO_LARGE none
- READLINK none
- RESOURCE_LEAK exceptional_path
- RESOURCE_LEAK fds_handles
- RESOURCE_LEAK none
- REVERSE_INULL none
- REVERSE_NEGATIVE array_index_read
- REVERSE_NEGATIVE array_index_write
- REVERSE_NEGATIVE critical_argument
- REVERSE_NEGATIVE none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SIZECHECK ampersand_in_size
- SIZECHECK improper_new
- SIZECHECK incorrect_multiplication
- SIZECHECK likely_overflow
- SIZECHECK no_null_terminator
- SIZECHECK none
- SQLI none
- STRING_NULL none
- STRING_OVERFLOW fixed_size_dest
- STRING_OVERFLOW likely_overflow
- STRING_OVERFLOW none
- STRING_SIZE none
- TAINTED_SCALAR allocation
- TAINTED_SCALAR array_index_read
- TAINTED_SCALAR array_index_write
- TAINTED_SCALAR critical_argument
- TAINTED_SCALAR divisor
- TAINTED_SCALAR loop_bound
- TAINTED_SCALAR none
- TAINTED_SCALAR pointer_deref_read
- TAINTED_SCALAR pointer_deref_write
- TAINTED_STRING none
- UNCAUGHT_EXCEPT none
- UNINIT array_index_read
- UNINIT array_index_write
- UNINIT none
- UNINIT pointer_deref_read
- UNINIT pointer_deref_write
- UNINIT_CTOR none
- UNINIT_CTOR pointer
- URL_MANIPULATION none
- USER_POINTER none
- USE_AFTER_FREE deref_read_after_free
- USE_AFTER_FREE deref_write_after_free
- USE_AFTER_FREE double_free
- USE_AFTER_FREE none
- VIRTUAL_DTOR empty_dtor
- VIRTUAL_DTOR none
- WRAPPER_ESCAPE COM_deref_read_after_free
- WRAPPER_ESCAPE COM_deref_write_after_free
- WRAPPER_ESCAPE COM_use_after_free
- WRAPPER_ESCAPE deref_read_after_free
- WRAPPER_ESCAPE deref_write_after_free
- WRAPPER_ESCAPE none
- XPATH_INJECTION none
|
- ALLOC_FREE_MISMATCH none
- ARRAY_VS_SINGLETON none
- AUTOSAR C++14 A15-3-3 none
- BAD_ALLOC_ARITHMETIC none
- BAD_ALLOC_STRLEN none
- BAD_COMPARE comparator_misuse
- BAD_FREE address
- BAD_FREE alloca
- BAD_FREE array
- BAD_FREE first_field_address
- BAD_FREE function_pointer
- BAD_FREE none
- BUFFER_SIZE fixed_size_dest
- BUFFER_SIZE likely_overflow
- BUFFER_SIZE no_null_terminator
- BUFFER_SIZE no_null_terminator_warn
- BUFFER_SIZE none
- BUFFER_SIZE overflow
- BUFFER_SIZE overlapping_buffer
- CHECKED_RETURN library_function
- CHECKED_RETURN none
- CHECKED_RETURN returns_error_info
- CHECKED_RETURN short_read
- CHECKED_RETURN unchecked_arg
- CHECKED_RETURN user_required
- CTOR_DTOR_LEAK none
- DELETE_ARRAY non_array_delete
- DELETE_ARRAY none
- DELETE_ARRAY object
- DELETE_ARRAY scalar
- FORMAT_STRING_INJECTION none
- FORMAT_STRING_INJECTION paranoid
- FORWARD_NULL deref_constant_null
- FORWARD_NULL dynamic_cast
- FORWARD_NULL none
- FORWARD_NULL throws_on_null
- HEADER_INJECTION none
- INCOMPATIBLE_CAST overrun
- INTEGER_OVERFLOW array_index_read
- INTEGER_OVERFLOW array_index_write
- INTEGER_OVERFLOW const_overflow
- INTEGER_OVERFLOW critical_argument
- INTEGER_OVERFLOW none
- INTEGER_OVERFLOW pointer_deref_read
- INTEGER_OVERFLOW pointer_deref_write
- INTEGER_OVERFLOW return_value_error
- INVALIDATE_ITERATOR none
- MISMATCHED_ITERATOR none
- MISMATCHED_ITERATOR splice_iterator_mismatch
- MISRA C++-2008 Rule 15-3-2 none
- MISSING_ASSIGN none
- MISSING_ASSIGN uncalled
- MISSING_COPY none
- MISSING_COPY uncalled
- NEGATIVE_RETURNS array_index_read
- NEGATIVE_RETURNS array_index_write
- NEGATIVE_RETURNS critical_argument
- NEGATIVE_RETURNS loop_bound
- NEGATIVE_RETURNS none
- NO_EFFECT bad_memset_fill_value
- NO_EFFECT bad_memset_zero_size
- NO_EFFECT incomplete_delete
- NO_EFFECT self_assign
- NULL_RETURNS none
- NULL_RETURNS unimpl
- OS_CMD_INJECTION none
- OVERFLOW_BEFORE_WIDEN none
- OVERRUN illegal_address
- OVERRUN none
- OVERRUN read
- OVERRUN strlen
- OVERRUN write
- PATH_MANIPULATION none
- PW.BRANCH_PAST_INITIALIZATION none
- PW.INTEGER_OVERFLOW none
- PW.INTEGER_TOO_LARGE none
- PW.NON_CONST_PRINTF_FORMAT_STRING none
- PW.SHIFT_COUNT_TOO_LARGE none
- READLINK none
- RESOURCE_LEAK exceptional_path
- RESOURCE_LEAK fds_handles
- RESOURCE_LEAK none
- REVERSE_INULL none
- REVERSE_NEGATIVE array_index_read
- REVERSE_NEGATIVE array_index_write
- REVERSE_NEGATIVE critical_argument
- REVERSE_NEGATIVE none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SIZECHECK ampersand_in_size
- SIZECHECK improper_new
- SIZECHECK incorrect_multiplication
- SIZECHECK likely_overflow
- SIZECHECK no_null_terminator
- SIZECHECK none
- SQLI none
- STRING_NULL none
- STRING_OVERFLOW fixed_size_dest
- STRING_OVERFLOW likely_overflow
- STRING_OVERFLOW none
- STRING_SIZE none
- TAINTED_SCALAR allocation
- TAINTED_SCALAR array_index_read
- TAINTED_SCALAR array_index_write
- TAINTED_SCALAR critical_argument
- TAINTED_SCALAR divisor
- TAINTED_SCALAR loop_bound
- TAINTED_SCALAR none
- TAINTED_SCALAR pointer_deref_read
- TAINTED_SCALAR pointer_deref_write
- TAINTED_STRING none
- UNCAUGHT_EXCEPT none
- UNINIT array_index_read
- UNINIT array_index_write
- UNINIT none
- UNINIT pointer_deref_read
- UNINIT pointer_deref_write
- UNINIT_CTOR none
- UNINIT_CTOR pointer
- URL_MANIPULATION none
- USER_POINTER none
- USE_AFTER_FREE deref_read_after_free
- USE_AFTER_FREE deref_write_after_free
- USE_AFTER_FREE double_free
- USE_AFTER_FREE none
- VIRTUAL_DTOR empty_dtor
- VIRTUAL_DTOR none
- WRAPPER_ESCAPE COM_deref_read_after_free
- WRAPPER_ESCAPE COM_deref_write_after_free
- WRAPPER_ESCAPE COM_use_after_free
- WRAPPER_ESCAPE deref_read_after_free
- WRAPPER_ESCAPE deref_write_after_free
- WRAPPER_ESCAPE none
- XPATH_INJECTION none
|
- CHECKED_RETURN none
- CHECKED_RETURN unchecked_arg
- FORWARD_NULL deref_constant_null
- FORWARD_NULL none
- HEADER_INJECTION none
- NOSQL_QUERY_INJECTION none
- NULL_RETURNS none
- NULL_RETURNS unimpl
- OPEN_REDIRECT none
- OS_CMD_INJECTION command_as_one_string
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- REVERSE_INULL none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SQLI none
- SQLI nosink
- SQLI sink
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
- TEMPLATE_INJECTION none
- URL_MANIPULATION none
- XSS none
|
- BAD_CERT_VERIFICATION bad_revocation_check
- CALL_SUPER finalize
- CHECKED_RETURN library_function
- CHECKED_RETURN none
- CHECKED_RETURN short_read
- CHECKED_RETURN user_required
- CONFIG.MISSING_GLOBAL_EXCEPTION_HANDLER none
- CONFIG.MYBATIS_MAPPER_SQLI none
- CONFIG.SPRING_SECURITY_DEPRECATED_XSS_HEADER deprecated_xss_header
- CONFIG.STRUTS2_CONFIG_BROWSER_PLUGIN none
- CONFIG.STRUTS2_DYNAMIC_METHOD_INVOCATION none
- CONFIG.STRUTS2_ENABLED_DEV_MODE none
- EL_INJECTION none
- FB.BC_NULL_INSTANCEOF none
- FB.DE_MIGHT_DROP none
- FB.DE_MIGHT_IGNORE none
- FB.HRS_REQUEST_PARAMETER_TO_COOKIE none
- FB.HRS_REQUEST_PARAMETER_TO_HTTP_HEADER none
- FB.NP_ALWAYS_NULL none
- FB.NP_ALWAYS_NULL_EXCEPTION none
- FB.NP_ARGUMENT_MIGHT_BE_NULL none
- FB.NP_BOOLEAN_RETURN_NULL none
- FB.NP_CLONE_COULD_RETURN_NULL none
- FB.NP_CLOSING_NULL none
- FB.NP_DEREFERENCE_OF_READLINE_VALUE none
- FB.NP_DOES_NOT_HANDLE_NULL none
- FB.NP_EQUALS_SHOULD_HANDLE_NULL_ARGUMENT none
- FB.NP_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR none
- FB.NP_GUARANTEED_DEREF none
- FB.NP_GUARANTEED_DEREF_ON_EXCEPTION_PATH none
- FB.NP_IMMEDIATE_DEREFERENCE_OF_READLINE none
- FB.NP_LOAD_OF_KNOWN_NULL_VALUE none
- FB.NP_METHOD_PARAMETER_RELAXING_ANNOTATION none
- FB.NP_METHOD_PARAMETER_TIGHTENS_ANNOTATION none
- FB.NP_METHOD_RETURN_RELAXING_ANNOTATION none
- FB.NP_NONNULL_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR none
- FB.NP_NONNULL_PARAM_VIOLATION none
- FB.NP_NONNULL_RETURN_VIOLATION none
- FB.NP_NULL_INSTANCEOF none
- FB.NP_NULL_ON_SOME_PATH none
- FB.NP_NULL_ON_SOME_PATH_EXCEPTION none
- FB.NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE none
- FB.NP_NULL_ON_SOME_PATH_MIGHT_BE_INFEASIBLE none
- FB.NP_NULL_PARAM_DEREF none
- FB.NP_NULL_PARAM_DEREF_ALL_TARGETS_DANGEROUS none
- FB.NP_NULL_PARAM_DEREF_NONVIRTUAL none
- FB.NP_OPTIONAL_RETURN_NULL none
- FB.NP_PARAMETER_MUST_BE_NONNULL_BUT_MARKED_AS_NULLABLE none
- FB.NP_STORE_INTO_NONNULL_FIELD none
- FB.NP_TOSTRING_COULD_RETURN_NULL none
- FB.NP_UNWRITTEN_FIELD none
- FB.NP_UNWRITTEN_PUBLIC_OR_PROTECTED_FIELD none
- FB.PT_ABSOLUTE_PATH_TRAVERSAL none
- FB.PT_RELATIVE_PATH_TRAVERSAL none
- FB.RCN_REDUNDANT_COMPARISON_OF_NULL_AND_NONNULL_VALUE none
- FB.RCN_REDUNDANT_COMPARISON_TWO_NULL_VALUES none
- FB.RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE none
- FB.RCN_REDUNDANT_NULLCHECK_OF_NULL_VALUE none
- FB.RCN_REDUNDANT_NULLCHECK_WOULD_HAVE_BEEN_A_NPE none
- FB.REC_CATCH_EXCEPTION none
- FB.RV_RETURN_VALUE_IGNORED_BAD_PRACTICE none
- FB.SQL_NONCONSTANT_STRING_PASSED_TO_EXECUTE none
- FB.SQL_PREPARED_STATEMENT_GENERATED_FROM_NONCONSTANT_STRING none
- FB.XSS_REQUEST_PARAMETER_TO_JSP_WRITER none
- FB.XSS_REQUEST_PARAMETER_TO_SEND_ERROR none
- FB.XSS_REQUEST_PARAMETER_TO_SERVLET_WRITER none
- FORWARD_NULL deref_constant_null
- FORWARD_NULL deref_constant_zero
- FORWARD_NULL needs_null_check
- FORWARD_NULL none
- HEADER_INJECTION none
- INVALIDATE_ITERATOR map_put
- INVALIDATE_ITERATOR none
- JAVA_CODE_INJECTION none
- JCR_INJECTION none
- JSP_DYNAMIC_INCLUDE none
- JSP_SQL_INJECTION none
- LDAP_INJECTION none
- LDAP_NOT_CONSTANT none
- LOG_INJECTION none
- MISSING_HEADER_VALIDATION missing_header_validation
- MISSING_THROW none
- NOSQL_QUERY_INJECTION none
- NULL_RETURNS none
- NULL_RETURNS unimpl
- OGNL_INJECTION none
- OPEN_REDIRECT none
- ORM_LOAD_NULL_CHECK none
- OS_CMD_INJECTION command_as_array_of_args
- OS_CMD_INJECTION command_as_one_string
- OS_CMD_INJECTION none
- OVERFLOW_BEFORE_WIDEN none
- PATH_MANIPULATION none
- REGEX_INJECTION none
- RESOURCE_LEAK exceptional_path
- RESOURCE_LEAK none
- RESOURCE_LEAK socket
- RESOURCE_LEAK stream
- REVERSE_INULL none
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
- UNKNOWN_LANGUAGE_INJECTION none
- UNRESTRICTED_DISPATCH none
- UNSAFE_JNI none
- UNSAFE_NAMED_QUERY none
- UNSAFE_REFLECTION none
- URL_MANIPULATION bad_content_uri
- URL_MANIPULATION bad_intent_uri
- URL_MANIPULATION bad_web_uri
- VERBOSE_ERROR_REPORTING exception_information
- VERBOSE_ERROR_REPORTING stack_trace
- XML_INJECTION none
- XPATH_INJECTION none
- XSS none
- XSS stored_xss
|
- ANGULAR_BYPASS_SECURITY none
- ANGULAR_ELEMENT_REFERENCE none
- ANGULAR_EXPRESSION_INJECTION none
- ANGULAR_SCE_DISABLED angular_sce_disabled
- AWS_VALIDATION_DISABLED aws_parameters_validation
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
- CONFIG.MISSING_GLOBAL_EXCEPTION_HANDLER winston_exception_handling
- COOKIE_INJECTION none
- CSS_INJECTION none
- DOM_XSS none
- EXPRESS_SESSION_UNSAFE_MEMORYSTORE express_session_unsafe_memorystore
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
- FORWARD_NULL bad_null_value_use
- HEADER_INJECTION none
- LOCALSTORAGE_MANIPULATION none
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_count
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
- MULTER_MISCONFIGURATION multer_misconfiguration_of_limits
- NOSQL_QUERY_INJECTION none
- NO_EFFECT self_assign
- NULL_RETURNS none
- OPEN_REDIRECT none
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- REACT_DANGEROUS_INNERHTML react_set_unsafe_html
- REGEX_INJECTION none
- REVERSE_INULL none
- REVERSE_TABNABBING react_target_blank
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SESSIONSTORAGE_MANIPULATION none
- SQLI none
- SQLI nosink
- SQLI sink
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
- TEMPLATE_INJECTION none
- URL_MANIPULATION none
- VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
- WEAK_URL_SANITIZATION url_substring
- XSS none
|
- BAD_CERT_VERIFICATION bad_revocation_check
- HEADER_INJECTION none
- OS_CMD_INJECTION command_as_array_of_args
- OS_CMD_INJECTION command_as_one_string
- PATH_MANIPULATION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SQLI none
- SQLI nosink
- SQLI sink
- URL_MANIPULATION bad_content_uri
- URL_MANIPULATION bad_intent_uri
- URL_MANIPULATION bad_web_uri
|
- ALLOC_FREE_MISMATCH none
- ARRAY_VS_SINGLETON none
- BAD_ALLOC_ARITHMETIC none
- BAD_ALLOC_STRLEN none
- BAD_COMPARE comparator_misuse
- BAD_FREE address
- BAD_FREE alloca
- BAD_FREE array
- BAD_FREE first_field_address
- BAD_FREE function_pointer
- BAD_FREE none
- BUFFER_SIZE fixed_size_dest
- BUFFER_SIZE likely_overflow
- BUFFER_SIZE no_null_terminator
- BUFFER_SIZE no_null_terminator_warn
- BUFFER_SIZE none
- BUFFER_SIZE overflow
- BUFFER_SIZE overlapping_buffer
- CHECKED_RETURN library_function
- CHECKED_RETURN none
- CHECKED_RETURN short_read
- CHECKED_RETURN unchecked_arg
- CHECKED_RETURN user_required
- CTOR_DTOR_LEAK none
- DELETE_ARRAY non_array_delete
- DELETE_ARRAY none
- DELETE_ARRAY object
- DELETE_ARRAY scalar
- FORMAT_STRING_INJECTION none
- FORMAT_STRING_INJECTION paranoid
- FORWARD_NULL deref_constant_null
- FORWARD_NULL dynamic_cast
- FORWARD_NULL none
- FORWARD_NULL throws_on_null
- HEADER_INJECTION none
- INCOMPATIBLE_CAST overrun
- INTEGER_OVERFLOW array_index_read
- INTEGER_OVERFLOW array_index_write
- INTEGER_OVERFLOW const_overflow
- INTEGER_OVERFLOW critical_argument
- INTEGER_OVERFLOW none
- INTEGER_OVERFLOW pointer_deref_read
- INTEGER_OVERFLOW pointer_deref_write
- INTEGER_OVERFLOW return_value_error
- INVALIDATE_ITERATOR none
- MISMATCHED_ITERATOR none
- MISMATCHED_ITERATOR splice_iterator_mismatch
- MISSING_ASSIGN none
- MISSING_ASSIGN uncalled
- MISSING_COPY none
- MISSING_COPY uncalled
- NEGATIVE_RETURNS array_index_read
- NEGATIVE_RETURNS array_index_write
- NEGATIVE_RETURNS critical_argument
- NEGATIVE_RETURNS loop_bound
- NEGATIVE_RETURNS none
- NO_EFFECT bad_memset_fill_value
- NO_EFFECT bad_memset_zero_size
- NO_EFFECT incomplete_delete
- NO_EFFECT self_assign
- NULL_RETURNS none
- NULL_RETURNS unimpl
- OS_CMD_INJECTION none
- OVERFLOW_BEFORE_WIDEN none
- OVERRUN illegal_address
- OVERRUN none
- OVERRUN read
- OVERRUN strlen
- OVERRUN write
- PATH_MANIPULATION none
- READLINK none
- RESOURCE_LEAK exceptional_path
- RESOURCE_LEAK fds_handles
- RESOURCE_LEAK none
- REVERSE_INULL none
- REVERSE_NEGATIVE array_index_read
- REVERSE_NEGATIVE array_index_write
- REVERSE_NEGATIVE critical_argument
- REVERSE_NEGATIVE none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SIZECHECK ampersand_in_size
- SIZECHECK improper_new
- SIZECHECK incorrect_multiplication
- SIZECHECK likely_overflow
- SIZECHECK no_null_terminator
- SIZECHECK none
- SQLI none
- STRING_NULL none
- STRING_OVERFLOW fixed_size_dest
- STRING_OVERFLOW likely_overflow
- STRING_OVERFLOW none
- STRING_SIZE none
- TAINTED_SCALAR allocation
- TAINTED_SCALAR array_index_read
- TAINTED_SCALAR array_index_write
- TAINTED_SCALAR critical_argument
- TAINTED_SCALAR divisor
- TAINTED_SCALAR loop_bound
- TAINTED_SCALAR none
- TAINTED_SCALAR pointer_deref_read
- TAINTED_SCALAR pointer_deref_write
- TAINTED_STRING none
- UNCAUGHT_EXCEPT none
- UNINIT array_index_read
- UNINIT array_index_write
- UNINIT none
- UNINIT pointer_deref_read
- UNINIT pointer_deref_write
- UNINIT_CTOR none
- UNINIT_CTOR pointer
- URL_MANIPULATION none
- USER_POINTER none
- USE_AFTER_FREE deref_read_after_free
- USE_AFTER_FREE deref_write_after_free
- USE_AFTER_FREE double_free
- USE_AFTER_FREE none
- VIRTUAL_DTOR empty_dtor
- VIRTUAL_DTOR none
- WRAPPER_ESCAPE COM_deref_read_after_free
- WRAPPER_ESCAPE COM_deref_write_after_free
- WRAPPER_ESCAPE COM_use_after_free
- WRAPPER_ESCAPE deref_read_after_free
- WRAPPER_ESCAPE deref_write_after_free
- WRAPPER_ESCAPE none
- XPATH_INJECTION none
|
- FORWARD_NULL bad_null_value_use
- HEADER_INJECTION none
- NOSQL_QUERY_INJECTION none
- NO_EFFECT self_assign
- OPEN_REDIRECT none
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SQLI none
- SQLI nosink
- SQLI sink
- SYMFONY_EL_INJECTION none
- UNSAFE_REFLECTION none
- XSS none
|
- FORWARD_NULL bad_null_value_use
- NOSQL_QUERY_INJECTION none
- OPEN_REDIRECT none
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- REVERSE_INULL none
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SQLI none
- SQLI nosink
- SQLI sink
- XSS none
|
- DYNAMIC_OBJECT_ATTRIBUTES cve_2013_0276_hi
- FORWARD_NULL bad_null_value_use
- NO_EFFECT self_assign
- OPEN_REDIRECT open_redirect_hi
- OPEN_REDIRECT open_redirect_low
- OS_CMD_INJECTION command_injection_hi
- OS_CMD_INJECTION command_injection_med
- PATH_MANIPULATION dynamic_render_path_hi
- PATH_MANIPULATION dynamic_render_path_low
- PATH_MANIPULATION dynamic_render_path_med
- PATH_MANIPULATION dynamic_render_path_rce_hi
- PATH_MANIPULATION file_access_hi
- PATH_MANIPULATION file_access_low
- PATH_MANIPULATION file_access_med
- RAILS_DEVISE_CONFIG devise_reset_timeout_hi
- REGEX_INJECTION regex_dos_hi
- REGEX_INJECTION regex_dos_low
- REGEX_INJECTION regex_dos_med
- RESOURCE_LEAK unsafe_symbol_creation_low
- REVERSE_INULL none
- REVERSE_TABNABBING reverse_tabnabbing_low
- RUBY_VULNERABLE_LIBRARY cve_2010_3933_hi
- RUBY_VULNERABLE_LIBRARY cve_2011_2929_hi
- RUBY_VULNERABLE_LIBRARY cve_2011_2930_med
- RUBY_VULNERABLE_LIBRARY cve_2011_2931_hi
- RUBY_VULNERABLE_LIBRARY cve_2011_2932_hi
- RUBY_VULNERABLE_LIBRARY cve_2011_3186_med
- RUBY_VULNERABLE_LIBRARY cve_2012_2660_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_2661_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_2695_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_3463_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_3465_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_5664_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_0155_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_1855_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_1857_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_4491_med
- RUBY_VULNERABLE_LIBRARY cve_2013_6416_call_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_6416_med
- RUBY_VULNERABLE_LIBRARY cve_2013_6417_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_0080_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_0081_call_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_0081_med
- RUBY_VULNERABLE_LIBRARY cve_2014_3482_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_3483_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_low
- RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_med
- RUBY_VULNERABLE_LIBRARY cve_2014_3514_med
- RUBY_VULNERABLE_LIBRARY cve_2014_7829_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_3226_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_3226_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7577_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7578_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_7578_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7579_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_7579_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7580_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_7580_med
- RUBY_VULNERABLE_LIBRARY cve_2016_6317_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_3741_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_3741_med
- RUBY_VULNERABLE_LIBRARY cve_2018_3760_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_3760_low
- RUBY_VULNERABLE_LIBRARY cve_2018_8048_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_8048_med
- RUBY_VULNERABLE_LIBRARY safe_buffer_vuln_med
- RUBY_VULNERABLE_LIBRARY select_options_vuln_low
- RUBY_VULNERABLE_LIBRARY select_options_vuln_med
- RUBY_VULNERABLE_LIBRARY translate_vuln_hi
- RUBY_VULNERABLE_LIBRARY translate_vuln_med
- SCRIPT_CODE_INJECTION code_eval_hi
- SCRIPT_CODE_INJECTION code_eval_low
- SENSITIVE_DATA_LEAK detailed_exceptions_hi
- SENSITIVE_DATA_LEAK detailed_exceptions_med
- SQLI sql_injection_calculate_hi
- SQLI sql_injection_calculate_low
- SQLI sql_injection_calculate_med
- SQLI sql_injection_connection_hi
- SQLI sql_injection_connection_low
- SQLI sql_injection_connection_med
- SQLI sql_injection_delete_hi
- SQLI sql_injection_delete_low
- SQLI sql_injection_delete_med
- SQLI sql_injection_dynamic_finder_med
- SQLI sql_injection_exists_hi
- SQLI sql_injection_find_by_hi
- SQLI sql_injection_find_hi
- SQLI sql_injection_find_low
- SQLI sql_injection_find_med
- SQLI sql_injection_from_hi
- SQLI sql_injection_from_low
- SQLI sql_injection_from_med
- SQLI sql_injection_group_low
- SQLI sql_injection_group_med
- SQLI sql_injection_having_low
- SQLI sql_injection_having_med
- SQLI sql_injection_hi
- SQLI sql_injection_interp_hi
- SQLI sql_injection_interp_low
- SQLI sql_injection_interp_med
- SQLI sql_injection_joins_hi
- SQLI sql_injection_joins_low
- SQLI sql_injection_joins_med
- SQLI sql_injection_limit_offset_hi
- SQLI sql_injection_limit_offset_low
- SQLI sql_injection_low
- SQLI sql_injection_med
- SQLI sql_injection_not_low
- SQLI sql_injection_order_hi
- SQLI sql_injection_order_low
- SQLI sql_injection_order_med
- SQLI sql_injection_pluck_hi
- SQLI sql_injection_pluck_low
- SQLI sql_injection_pluck_med
- SQLI sql_injection_reorder_hi
- SQLI sql_injection_reorder_low
- SQLI sql_injection_reorder_med
- SQLI sql_injection_select_hi
- SQLI sql_injection_select_med
- SQLI sql_injection_where_hi
- SQLI sql_injection_where_low
- SQLI sql_injection_where_med
- UNESCAPED_HTML unescaped_output_low
- UNSAFE_REFLECTION dangerous_send_hi
- UNSAFE_REFLECTION unsafe_constantize_hi
- UNSAFE_REFLECTION unsafe_constantize_med
- XSS cross_site_scripting_hi
- XSS cross_site_scripting_inline_hi
- XSS cross_site_scripting_inline_med
- XSS cross_site_scripting_low
- XSS cross_site_scripting_med
- XSS cve_2011_0446_hi
- XSS cve_2012_3464_med
- XSS cve_2016_6316_hi
- XSS cve_2016_6316_med
- XSS unquoted_attribute_hi
- XSS unquoted_attribute_low
- XSS unquoted_attribute_med
- XSS xss_content_tag_hi
- XSS xss_content_tag_med
- XSS xss_link_to_hi
- XSS xss_link_to_href_hi
- XSS xss_link_to_href_low
- XSS xss_link_to_med
- XSS xss_to_json_hi
- XSS xss_to_json_med
|
- FORWARD_NULL deref_constant_null
- FORWARD_NULL none
- NO_EFFECT self_assign
- OVERFLOW_BEFORE_WIDEN none
- REVERSE_INULL none
|
- FORWARD_NULL deref_constant_null
- FORWARD_NULL none
- PATH_MANIPULATION none
- REGEX_INJECTION none
- REVERSE_INULL none
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SQLI none
- SQLI nosink
- SQLI sink
- UNEXPECTED_CONTROL_FLOW ignored_exception_to_optional
- XPATH_INJECTION none
|
- ANGULAR_BYPASS_SECURITY none
- ANGULAR_ELEMENT_REFERENCE none
- ANGULAR_EXPRESSION_INJECTION none
- ANGULAR_SCE_DISABLED angular_sce_disabled
- AWS_VALIDATION_DISABLED aws_parameters_validation
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
- CONFIG.MISSING_GLOBAL_EXCEPTION_HANDLER winston_exception_handling
- COOKIE_INJECTION none
- CSS_INJECTION none
- DOM_XSS none
- EXPRESS_SESSION_UNSAFE_MEMORYSTORE express_session_unsafe_memorystore
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
- FORWARD_NULL bad_null_value_use
- HEADER_INJECTION none
- LOCALSTORAGE_MANIPULATION none
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_count
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
- MULTER_MISCONFIGURATION multer_misconfiguration_of_limits
- NOSQL_QUERY_INJECTION none
- NO_EFFECT self_assign
- NULL_RETURNS none
- OPEN_REDIRECT none
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- REACT_DANGEROUS_INNERHTML react_set_unsafe_html
- REGEX_INJECTION none
- REVERSE_INULL none
- REVERSE_TABNABBING react_target_blank
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SESSIONSTORAGE_MANIPULATION none
- SQLI none
- SQLI nosink
- SQLI sink
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
- TEMPLATE_INJECTION none
- URL_MANIPULATION none
- VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
- WEAK_URL_SANITIZATION url_substring
- XSS none
|
- CONFIG.MISSING_CUSTOM_ERROR_PAGE none
- FORWARD_NULL deref_constant_null
- FORWARD_NULL deref_constant_zero
- FORWARD_NULL dynamic_cast
- FORWARD_NULL none
- FORWARD_NULL null_from_as
- FORWARD_NULL throws_on_null
- HEADER_INJECTION none
- LDAP_INJECTION none
- LDAP_NOT_CONSTANT none
- LOG_INJECTION none
- NULL_RETURNS none
- OPEN_REDIRECT none
- OS_CMD_INJECTION command_argument
- OS_CMD_INJECTION executable_file
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- REGEX_INJECTION none
- RESOURCE_LEAK channel
- RESOURCE_LEAK database
- RESOURCE_LEAK exceptional_path
- RESOURCE_LEAK none
- RESOURCE_LEAK socket
- RESOURCE_LEAK stream
- REVERSE_INULL none
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
- UNRESTRICTED_DISPATCH none
- UNSAFE_NAMED_QUERY none
- XML_INJECTION none
- XPATH_INJECTION none
- XSS none
- XSS stored_xss
|
| 877 CERT C++ Secure Coding Section 09 - Input Output (FIO) |
- CONFIG.DYNAMIC_DATA_HTML_COMMENT none
- GUARDED_BY_VIOLATION none
- INSECURE_COOKIE dotnet
- NON_STATIC_GUARDING_STATIC none
- PATH_MANIPULATION none
- RESOURCE_LEAK channel
- RESOURCE_LEAK database
- RESOURCE_LEAK exceptional_path
- RESOURCE_LEAK none
- RESOURCE_LEAK socket
- RESOURCE_LEAK stream
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- UNRESTRICTED_DISPATCH none
- VOLATILE_ATOMICITY compare
- VOLATILE_ATOMICITY none
- VOLATILE_ATOMICITY semantic
- VOLATILE_ATOMICITY threshold
|
- ALLOC_FREE_MISMATCH none
- ARRAY_VS_SINGLETON none
- BAD_ALLOC_ARITHMETIC none
- BAD_FREE address
- BAD_FREE alloca
- BAD_FREE array
- BAD_FREE first_field_address
- BAD_FREE function_pointer
- BAD_FREE none
- BUFFER_SIZE fixed_size_dest
- BUFFER_SIZE likely_overflow
- BUFFER_SIZE none
- BUFFER_SIZE overflow
- BUFFER_SIZE overlapping_buffer
- COM.ADDROF_LEAK none
- COM.BAD_FREE none
- COM.BSTR.ALLOC double_free
- COM.BSTR.ALLOC free_uninit
- COM.BSTR.ALLOC leak
- COM.BSTR.ALLOC none
- COM.BSTR.ALLOC use_after_free
- COM.BSTR.ALLOC use_uninit
- COM.BSTR.CONV none
- CTOR_DTOR_LEAK none
- DC.PREDICTABLE_KEY_PASSWORD none
- DC.STREAM_BUFFER none
- DC.STRING_BUFFER none
- DC.WEAK_CRYPTO none
- DELETE_ARRAY non_array_delete
- DELETE_ARRAY none
- DELETE_ARRAY object
- DELETE_ARRAY scalar
- FORMAT_STRING_INJECTION none
- FORMAT_STRING_INJECTION paranoid
- INCOMPATIBLE_CAST overrun
- INTEGER_OVERFLOW array_index_read
- INTEGER_OVERFLOW array_index_write
- INTEGER_OVERFLOW pointer_deref_read
- INTEGER_OVERFLOW pointer_deref_write
- INVALIDATE_ITERATOR none
- LOCK double_lock
- MISMATCHED_ITERATOR none
- MISMATCHED_ITERATOR splice_iterator_mismatch
- MISSING_ASSIGN none
- MISSING_ASSIGN uncalled
- MISSING_COPY none
- MISSING_COPY uncalled
- MISSING_LOCK none
- NO_EFFECT incomplete_delete
- OVERRUN illegal_address
- OVERRUN none
- OVERRUN read
- OVERRUN strlen
- OVERRUN write
- PATH_MANIPULATION none
- PW.NON_CONST_PRINTF_FORMAT_STRING none
- RESOURCE_LEAK exceptional_path
- RESOURCE_LEAK fds_handles
- RESOURCE_LEAK none
- REVERSE_NEGATIVE critical_argument
- SECURE_CODING none
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SIZECHECK likely_overflow
- STRING_OVERFLOW fixed_size_dest
- STRING_OVERFLOW likely_overflow
- STRING_OVERFLOW none
- STRING_SIZE none
- TAINTED_SCALAR allocation
- TAINTED_SCALAR array_index_read
- TAINTED_SCALAR array_index_write
- TAINTED_SCALAR critical_argument
- TAINTED_SCALAR divisor
- TAINTED_SCALAR loop_bound
- TAINTED_SCALAR none
- TAINTED_SCALAR pointer_deref_read
- TAINTED_SCALAR pointer_deref_write
- TOCTOU none
- USE_AFTER_FREE deref_read_after_free
- USE_AFTER_FREE deref_write_after_free
- USE_AFTER_FREE double_free
- USE_AFTER_FREE none
- VIRTUAL_DTOR empty_dtor
- VIRTUAL_DTOR none
- WRAPPER_ESCAPE COM_deref_read_after_free
- WRAPPER_ESCAPE COM_deref_write_after_free
- WRAPPER_ESCAPE COM_use_after_free
- WRAPPER_ESCAPE deref_read_after_free
- WRAPPER_ESCAPE deref_write_after_free
- WRAPPER_ESCAPE none
|
- ALLOC_FREE_MISMATCH none
- ARRAY_VS_SINGLETON none
- BAD_ALLOC_ARITHMETIC none
- BAD_FREE address
- BAD_FREE alloca
- BAD_FREE array
- BAD_FREE first_field_address
- BAD_FREE function_pointer
- BAD_FREE none
- BUFFER_SIZE fixed_size_dest
- BUFFER_SIZE likely_overflow
- BUFFER_SIZE none
- BUFFER_SIZE overflow
- BUFFER_SIZE overlapping_buffer
- CTOR_DTOR_LEAK none
- DC.PREDICTABLE_KEY_PASSWORD none
- DC.STREAM_BUFFER none
- DC.STRING_BUFFER none
- DC.WEAK_CRYPTO none
- DELETE_ARRAY non_array_delete
- DELETE_ARRAY none
- DELETE_ARRAY object
- DELETE_ARRAY scalar
- FORMAT_STRING_INJECTION none
- FORMAT_STRING_INJECTION paranoid
- INCOMPATIBLE_CAST overrun
- INTEGER_OVERFLOW array_index_read
- INTEGER_OVERFLOW array_index_write
- INTEGER_OVERFLOW pointer_deref_read
- INTEGER_OVERFLOW pointer_deref_write
- INVALIDATE_ITERATOR none
- LOCK double_lock
- MISMATCHED_ITERATOR none
- MISMATCHED_ITERATOR splice_iterator_mismatch
- MISSING_ASSIGN none
- MISSING_ASSIGN uncalled
- MISSING_COPY none
- MISSING_COPY uncalled
- MISSING_LOCK none
- NO_EFFECT incomplete_delete
- OVERRUN illegal_address
- OVERRUN none
- OVERRUN read
- OVERRUN strlen
- OVERRUN write
- PATH_MANIPULATION none
- PW.NON_CONST_PRINTF_FORMAT_STRING none
- RESOURCE_LEAK exceptional_path
- RESOURCE_LEAK fds_handles
- RESOURCE_LEAK none
- REVERSE_NEGATIVE critical_argument
- SECURE_CODING none
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SIZECHECK likely_overflow
- STRING_OVERFLOW fixed_size_dest
- STRING_OVERFLOW likely_overflow
- STRING_OVERFLOW none
- STRING_SIZE none
- TAINTED_SCALAR allocation
- TAINTED_SCALAR array_index_read
- TAINTED_SCALAR array_index_write
- TAINTED_SCALAR critical_argument
- TAINTED_SCALAR divisor
- TAINTED_SCALAR loop_bound
- TAINTED_SCALAR none
- TAINTED_SCALAR pointer_deref_read
- TAINTED_SCALAR pointer_deref_write
- TOCTOU none
- USE_AFTER_FREE deref_read_after_free
- USE_AFTER_FREE deref_write_after_free
- USE_AFTER_FREE double_free
- USE_AFTER_FREE none
- VIRTUAL_DTOR empty_dtor
- VIRTUAL_DTOR none
- WRAPPER_ESCAPE COM_deref_read_after_free
- WRAPPER_ESCAPE COM_deref_write_after_free
- WRAPPER_ESCAPE COM_use_after_free
- WRAPPER_ESCAPE deref_read_after_free
- WRAPPER_ESCAPE deref_write_after_free
- WRAPPER_ESCAPE none
|
- GUARDED_BY_VIOLATION none
- LOCK double_lock
- PATH_MANIPULATION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
|
- BAD_CERT_VERIFICATION bad_revocation_check
- CALL_SUPER finalize
- CONFIG.ANDROID_BACKUPS_ALLOWED android
- CONFIG.DYNAMIC_DATA_HTML_COMMENT none
- CONFIG.SPRING_BOOT_SENSITIVE_LOGGING spring_boot_logging
- DC.DANGEROUS none
- FB.DE_MIGHT_DROP none
- FB.DE_MIGHT_IGNORE none
- FB.IS2_INCONSISTENT_SYNC none
- FB.IS_FIELD_NOT_GUARDED none
- FB.IS_INCONSISTENT_SYNC none
- FB.PT_ABSOLUTE_PATH_TRAVERSAL none
- FB.PT_RELATIVE_PATH_TRAVERSAL none
- FB.STCAL_INVOKE_ON_STATIC_CALENDAR_INSTANCE none
- FB.STCAL_INVOKE_ON_STATIC_DATE_FORMAT_INSTANCE none
- FB.STCAL_STATIC_CALENDAR_INSTANCE none
- FB.STCAL_STATIC_SIMPLE_DATE_FORMAT_INSTANCE none
- GUARDED_BY_VIOLATION none
- GUARDED_BY_VIOLATION unlocked_read
- GUARDED_BY_VIOLATION unlocked_write
- INVALIDATE_ITERATOR map_put
- INVALIDATE_ITERATOR none
- JSP_DYNAMIC_INCLUDE none
- NON_STATIC_GUARDING_STATIC none
- PATH_MANIPULATION none
- RESOURCE_LEAK exceptional_path
- RESOURCE_LEAK none
- RESOURCE_LEAK socket
- RESOURCE_LEAK stream
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- UNRESTRICTED_DISPATCH none
- VOLATILE_ATOMICITY compare
- VOLATILE_ATOMICITY none
- VOLATILE_ATOMICITY semantic
- VOLATILE_ATOMICITY threshold
|
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
- CONFIG.SEQUELIZE_ENABLED_LOGGING sequelize_logging_enabled
- EXPRESS_SESSION_UNSAFE_MEMORYSTORE express_session_unsafe_memorystore
- EXPRESS_WINSTON_SENSITIVE_LOGGING error_logger
- EXPRESS_WINSTON_SENSITIVE_LOGGING meta_data
- EXPRESS_WINSTON_SENSITIVE_LOGGING request_logger
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
- INSECURE_ACL insecure_acl
- INSECURE_COOKIE client_sessions_express_session
- INSECURE_COOKIE hapi_server_session
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_count
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
- MULTER_MISCONFIGURATION multer_misconfiguration_of_limits
- PATH_MANIPULATION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
|
- BAD_CERT_VERIFICATION bad_revocation_check
- CONFIG.ANDROID_BACKUPS_ALLOWED android
- PATH_MANIPULATION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
|
- ALLOC_FREE_MISMATCH none
- ARRAY_VS_SINGLETON none
- BAD_ALLOC_ARITHMETIC none
- BAD_FREE address
- BAD_FREE alloca
- BAD_FREE array
- BAD_FREE first_field_address
- BAD_FREE function_pointer
- BAD_FREE none
- BUFFER_SIZE fixed_size_dest
- BUFFER_SIZE likely_overflow
- BUFFER_SIZE none
- BUFFER_SIZE overflow
- BUFFER_SIZE overlapping_buffer
- CTOR_DTOR_LEAK none
- DC.PREDICTABLE_KEY_PASSWORD none
- DC.STREAM_BUFFER none
- DC.STRING_BUFFER none
- DC.WEAK_CRYPTO none
- DELETE_ARRAY non_array_delete
- DELETE_ARRAY none
- DELETE_ARRAY object
- DELETE_ARRAY scalar
- FORMAT_STRING_INJECTION none
- FORMAT_STRING_INJECTION paranoid
- INCOMPATIBLE_CAST overrun
- INTEGER_OVERFLOW array_index_read
- INTEGER_OVERFLOW array_index_write
- INTEGER_OVERFLOW pointer_deref_read
- INTEGER_OVERFLOW pointer_deref_write
- INVALIDATE_ITERATOR none
- LOCK double_lock
- MISMATCHED_ITERATOR none
- MISMATCHED_ITERATOR splice_iterator_mismatch
- MISSING_ASSIGN none
- MISSING_ASSIGN uncalled
- MISSING_COPY none
- MISSING_COPY uncalled
- MISSING_LOCK none
- NO_EFFECT incomplete_delete
- OVERRUN illegal_address
- OVERRUN none
- OVERRUN read
- OVERRUN strlen
- OVERRUN write
- PATH_MANIPULATION none
- RESOURCE_LEAK exceptional_path
- RESOURCE_LEAK fds_handles
- RESOURCE_LEAK none
- REVERSE_NEGATIVE critical_argument
- SECURE_CODING none
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SIZECHECK likely_overflow
- STRING_OVERFLOW fixed_size_dest
- STRING_OVERFLOW likely_overflow
- STRING_OVERFLOW none
- STRING_SIZE none
- TAINTED_SCALAR allocation
- TAINTED_SCALAR array_index_read
- TAINTED_SCALAR array_index_write
- TAINTED_SCALAR critical_argument
- TAINTED_SCALAR divisor
- TAINTED_SCALAR loop_bound
- TAINTED_SCALAR none
- TAINTED_SCALAR pointer_deref_read
- TAINTED_SCALAR pointer_deref_write
- TOCTOU none
- USE_AFTER_FREE deref_read_after_free
- USE_AFTER_FREE deref_write_after_free
- USE_AFTER_FREE double_free
- USE_AFTER_FREE none
- VIRTUAL_DTOR empty_dtor
- VIRTUAL_DTOR none
- WRAPPER_ESCAPE COM_deref_read_after_free
- WRAPPER_ESCAPE COM_deref_write_after_free
- WRAPPER_ESCAPE COM_use_after_free
- WRAPPER_ESCAPE deref_read_after_free
- WRAPPER_ESCAPE deref_write_after_free
- WRAPPER_ESCAPE none
|
- PATH_MANIPULATION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
|
- PATH_MANIPULATION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
|
- INSECURE_COOKIE missing_httponly_low
- PATH_MANIPULATION dynamic_render_path_hi
- PATH_MANIPULATION dynamic_render_path_low
- PATH_MANIPULATION dynamic_render_path_med
- PATH_MANIPULATION dynamic_render_path_rce_hi
- PATH_MANIPULATION file_access_hi
- PATH_MANIPULATION file_access_low
- PATH_MANIPULATION file_access_med
- RAILS_DEVISE_CONFIG devise_reset_timeout_hi
- RESOURCE_LEAK unsafe_symbol_creation_low
- RUBY_VULNERABLE_LIBRARY cve_2011_2929_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_7829_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_3760_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_3760_low
- UNSAFE_SESSION_SETTING http_cookies_hi
|
|
- PATH_MANIPULATION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- UNEXPECTED_CONTROL_FLOW ignored_exception_to_optional
|
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
- CONFIG.SEQUELIZE_ENABLED_LOGGING sequelize_logging_enabled
- EXPRESS_SESSION_UNSAFE_MEMORYSTORE express_session_unsafe_memorystore
- EXPRESS_WINSTON_SENSITIVE_LOGGING error_logger
- EXPRESS_WINSTON_SENSITIVE_LOGGING meta_data
- EXPRESS_WINSTON_SENSITIVE_LOGGING request_logger
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
- INSECURE_ACL insecure_acl
- INSECURE_COOKIE client_sessions_express_session
- INSECURE_COOKIE hapi_server_session
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_count
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
- MULTER_MISCONFIGURATION multer_misconfiguration_of_limits
- PATH_MANIPULATION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
|
- CONFIG.DYNAMIC_DATA_HTML_COMMENT none
- PATH_MANIPULATION none
- RESOURCE_LEAK channel
- RESOURCE_LEAK database
- RESOURCE_LEAK exceptional_path
- RESOURCE_LEAK none
- RESOURCE_LEAK socket
- RESOURCE_LEAK stream
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- UNRESTRICTED_DISPATCH none
|
| 878 CERT C++ Secure Coding Section 10 - Environment (ENV) |
- HEADER_INJECTION none
- OS_CMD_INJECTION command_argument
- OS_CMD_INJECTION executable_file
- OS_CMD_INJECTION none
|
- ARRAY_VS_SINGLETON none
- BAD_ALLOC_ARITHMETIC none
- BUFFER_SIZE fixed_size_dest
- BUFFER_SIZE likely_overflow
- BUFFER_SIZE none
- BUFFER_SIZE overflow
- BUFFER_SIZE overlapping_buffer
- COM.BAD_FREE none
- COM.BSTR.ALLOC double_free
- COM.BSTR.ALLOC free_uninit
- COM.BSTR.ALLOC none
- COM.BSTR.ALLOC use_after_free
- COM.BSTR.ALLOC use_uninit
- COM.BSTR.CONV none
- HEADER_INJECTION none
- INCOMPATIBLE_CAST overrun
- INTEGER_OVERFLOW array_index_read
- INTEGER_OVERFLOW array_index_write
- INTEGER_OVERFLOW pointer_deref_read
- INTEGER_OVERFLOW pointer_deref_write
- INVALIDATE_ITERATOR none
- MISMATCHED_ITERATOR none
- MISMATCHED_ITERATOR splice_iterator_mismatch
- MISSING_ASSIGN none
- MISSING_ASSIGN uncalled
- MISSING_COPY none
- MISSING_COPY uncalled
- OS_CMD_INJECTION none
- OVERRUN illegal_address
- OVERRUN none
- OVERRUN read
- OVERRUN strlen
- OVERRUN write
- REVERSE_NEGATIVE critical_argument
- SIZECHECK likely_overflow
- STRING_OVERFLOW fixed_size_dest
- STRING_OVERFLOW likely_overflow
- STRING_OVERFLOW none
- STRING_SIZE none
- TAINTED_SCALAR allocation
- TAINTED_SCALAR array_index_read
- TAINTED_SCALAR array_index_write
- TAINTED_SCALAR critical_argument
- TAINTED_SCALAR divisor
- TAINTED_SCALAR loop_bound
- TAINTED_SCALAR none
- TAINTED_SCALAR pointer_deref_read
- TAINTED_SCALAR pointer_deref_write
- UNCAUGHT_EXCEPT none
- USE_AFTER_FREE deref_read_after_free
- USE_AFTER_FREE deref_write_after_free
- USE_AFTER_FREE double_free
- USE_AFTER_FREE none
- WEAK_GUARD dns
- WEAK_GUARD dns_sensitive_op
- WEAK_GUARD http_referer
- WEAK_GUARD http_referer_sensitive_op
- WEAK_GUARD ip_address
- WEAK_GUARD ip_address_sensitive_op
- WEAK_GUARD none
- WEAK_GUARD os_login
- WEAK_GUARD os_login_sensitive_op
- WEAK_GUARD principal_name
- WEAK_GUARD principal_name_sensitive_op
- WRAPPER_ESCAPE COM_deref_read_after_free
- WRAPPER_ESCAPE COM_deref_write_after_free
- WRAPPER_ESCAPE COM_use_after_free
- WRAPPER_ESCAPE deref_read_after_free
- WRAPPER_ESCAPE deref_write_after_free
- WRAPPER_ESCAPE none
|
- ARRAY_VS_SINGLETON none
- BAD_ALLOC_ARITHMETIC none
- BUFFER_SIZE fixed_size_dest
- BUFFER_SIZE likely_overflow
- BUFFER_SIZE none
- BUFFER_SIZE overflow
- BUFFER_SIZE overlapping_buffer
- HEADER_INJECTION none
- INCOMPATIBLE_CAST overrun
- INTEGER_OVERFLOW array_index_read
- INTEGER_OVERFLOW array_index_write
- INTEGER_OVERFLOW pointer_deref_read
- INTEGER_OVERFLOW pointer_deref_write
- INVALIDATE_ITERATOR none
- MISMATCHED_ITERATOR none
- MISMATCHED_ITERATOR splice_iterator_mismatch
- MISSING_ASSIGN none
- MISSING_ASSIGN uncalled
- MISSING_COPY none
- MISSING_COPY uncalled
- OS_CMD_INJECTION none
- OVERRUN illegal_address
- OVERRUN none
- OVERRUN read
- OVERRUN strlen
- OVERRUN write
- REVERSE_NEGATIVE critical_argument
- SIZECHECK likely_overflow
- STRING_OVERFLOW fixed_size_dest
- STRING_OVERFLOW likely_overflow
- STRING_OVERFLOW none
- STRING_SIZE none
- TAINTED_SCALAR allocation
- TAINTED_SCALAR array_index_read
- TAINTED_SCALAR array_index_write
- TAINTED_SCALAR critical_argument
- TAINTED_SCALAR divisor
- TAINTED_SCALAR loop_bound
- TAINTED_SCALAR none
- TAINTED_SCALAR pointer_deref_read
- TAINTED_SCALAR pointer_deref_write
- UNCAUGHT_EXCEPT none
- USE_AFTER_FREE deref_read_after_free
- USE_AFTER_FREE deref_write_after_free
- USE_AFTER_FREE double_free
- USE_AFTER_FREE none
- WEAK_GUARD dns
- WEAK_GUARD dns_sensitive_op
- WEAK_GUARD http_referer
- WEAK_GUARD http_referer_sensitive_op
- WEAK_GUARD ip_address
- WEAK_GUARD ip_address_sensitive_op
- WEAK_GUARD none
- WEAK_GUARD os_login
- WEAK_GUARD os_login_sensitive_op
- WEAK_GUARD principal_name
- WEAK_GUARD principal_name_sensitive_op
- WRAPPER_ESCAPE COM_deref_read_after_free
- WRAPPER_ESCAPE COM_deref_write_after_free
- WRAPPER_ESCAPE COM_use_after_free
- WRAPPER_ESCAPE deref_read_after_free
- WRAPPER_ESCAPE deref_write_after_free
- WRAPPER_ESCAPE none
|
- HEADER_INJECTION none
- OS_CMD_INJECTION command_as_one_string
- OS_CMD_INJECTION none
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
|
- FB.DM_EXIT none
- FB.REC_CATCH_EXCEPTION none
- HEADER_INJECTION none
- INVALIDATE_ITERATOR map_put
- INVALIDATE_ITERATOR none
- MISSING_HEADER_VALIDATION missing_header_validation
- OS_CMD_INJECTION command_as_array_of_args
- OS_CMD_INJECTION command_as_one_string
- OS_CMD_INJECTION none
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
- WEAK_GUARD dns
- WEAK_GUARD dns_sensitive_op
- WEAK_GUARD http_referer
- WEAK_GUARD http_referer_sensitive_op
- WEAK_GUARD ip_address
- WEAK_GUARD ip_address_sensitive_op
- WEAK_GUARD none
- WEAK_GUARD os_login
- WEAK_GUARD os_login_sensitive_op
- WEAK_GUARD principal_name
- WEAK_GUARD principal_name_sensitive_op
|
- HEADER_INJECTION none
- OS_CMD_INJECTION none
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
- WEAK_URL_SANITIZATION hostname_regular_expression
- WEAK_URL_SANITIZATION regular_expression_anchor
- WEAK_URL_SANITIZATION url_substring
|
- HEADER_INJECTION none
- OS_CMD_INJECTION command_as_array_of_args
- OS_CMD_INJECTION command_as_one_string
|
- ARRAY_VS_SINGLETON none
- BAD_ALLOC_ARITHMETIC none
- BUFFER_SIZE fixed_size_dest
- BUFFER_SIZE likely_overflow
- BUFFER_SIZE none
- BUFFER_SIZE overflow
- BUFFER_SIZE overlapping_buffer
- HEADER_INJECTION none
- INCOMPATIBLE_CAST overrun
- INTEGER_OVERFLOW array_index_read
- INTEGER_OVERFLOW array_index_write
- INTEGER_OVERFLOW pointer_deref_read
- INTEGER_OVERFLOW pointer_deref_write
- INVALIDATE_ITERATOR none
- MISMATCHED_ITERATOR none
- MISMATCHED_ITERATOR splice_iterator_mismatch
- MISSING_ASSIGN none
- MISSING_ASSIGN uncalled
- MISSING_COPY none
- MISSING_COPY uncalled
- OS_CMD_INJECTION none
- OVERRUN illegal_address
- OVERRUN none
- OVERRUN read
- OVERRUN strlen
- OVERRUN write
- REVERSE_NEGATIVE critical_argument
- SIZECHECK likely_overflow
- STRING_OVERFLOW fixed_size_dest
- STRING_OVERFLOW likely_overflow
- STRING_OVERFLOW none
- STRING_SIZE none
- TAINTED_SCALAR allocation
- TAINTED_SCALAR array_index_read
- TAINTED_SCALAR array_index_write
- TAINTED_SCALAR critical_argument
- TAINTED_SCALAR divisor
- TAINTED_SCALAR loop_bound
- TAINTED_SCALAR none
- TAINTED_SCALAR pointer_deref_read
- TAINTED_SCALAR pointer_deref_write
- UNCAUGHT_EXCEPT none
- USE_AFTER_FREE deref_read_after_free
- USE_AFTER_FREE deref_write_after_free
- USE_AFTER_FREE double_free
- USE_AFTER_FREE none
- WEAK_GUARD dns
- WEAK_GUARD dns_sensitive_op
- WEAK_GUARD http_referer
- WEAK_GUARD http_referer_sensitive_op
- WEAK_GUARD ip_address
- WEAK_GUARD ip_address_sensitive_op
- WEAK_GUARD none
- WEAK_GUARD os_login
- WEAK_GUARD os_login_sensitive_op
- WEAK_GUARD principal_name
- WEAK_GUARD principal_name_sensitive_op
- WRAPPER_ESCAPE COM_deref_read_after_free
- WRAPPER_ESCAPE COM_deref_write_after_free
- WRAPPER_ESCAPE COM_use_after_free
- WRAPPER_ESCAPE deref_read_after_free
- WRAPPER_ESCAPE deref_write_after_free
- WRAPPER_ESCAPE none
|
- HEADER_INJECTION none
- OS_CMD_INJECTION none
|
|
- OS_CMD_INJECTION command_injection_hi
- OS_CMD_INJECTION command_injection_med
|
|
|
- HEADER_INJECTION none
- OS_CMD_INJECTION none
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
- WEAK_URL_SANITIZATION hostname_regular_expression
- WEAK_URL_SANITIZATION regular_expression_anchor
- WEAK_URL_SANITIZATION url_substring
|
- HEADER_INJECTION none
- OS_CMD_INJECTION command_argument
- OS_CMD_INJECTION executable_file
- OS_CMD_INJECTION none
|
| 879 CERT C++ Secure Coding Section 11 - Signals (SIG) |
- BAD_LOCK_OBJECT boxed_lock
- BAD_LOCK_OBJECT interned_string_lock
- BAD_LOCK_OBJECT none
- BAD_LOCK_OBJECT single_thread_lock
- BAD_LOCK_OBJECT unsafe_assign_to_locked_field
- GUARDED_BY_VIOLATION none
- LOCK_EVASION none
- LOCK_INVERSION none
- NON_STATIC_GUARDING_STATIC none
|
- ATOMICITY none
- LOCK double_lock
- LOCK missing_unlock
- LOCK none
- MISSING_LOCK none
- ORDER_REVERSAL none
- SLEEP none
|
- ATOMICITY none
- LOCK double_lock
- LOCK missing_unlock
- LOCK none
- MISSING_LOCK none
- ORDER_REVERSAL none
- SLEEP none
|
- ATOMICITY none
- GUARDED_BY_VIOLATION none
- LOCK double_lock
- LOCK missing_unlock
- LOCK none
- LOCK_INVERSION none
- SLEEP none
|
- ATOMICITY none
- BAD_LOCK_OBJECT boxed_lock
- BAD_LOCK_OBJECT interned_string_lock
- BAD_LOCK_OBJECT none
- BAD_LOCK_OBJECT single_thread_lock
- BAD_LOCK_OBJECT unsafe_assign_to_locked_field
- DC.DEADLOCK none
- FB.DC_DOUBLECHECK none
- FB.DC_PARTIALLY_CONSTRUCTED none
- FB.LI_LAZY_INIT_STATIC none
- FB.LI_LAZY_INIT_UPDATE_STATIC none
- FB.RU_INVOKE_RUN none
- GUARDED_BY_VIOLATION none
- GUARDED_BY_VIOLATION unlocked_read
- GUARDED_BY_VIOLATION unlocked_write
- LOCK_EVASION none
- LOCK_INVERSION none
- NON_STATIC_GUARDING_STATIC none
- SERVLET_ATOMICITY attribute_init_race
- SERVLET_ATOMICITY none
- SERVLET_ATOMICITY violation_on_session_object
- SINGLETON_RACE none
|
|
|
- ATOMICITY none
- LOCK double_lock
- LOCK missing_unlock
- LOCK none
- MISSING_LOCK none
- ORDER_REVERSAL none
- SLEEP none
|
|
|
|
|
|
|
|
| 880 CERT C++ Secure Coding Section 12 - Exceptions and Error Handling (ERR) |
- CONFIG.MISSING_CUSTOM_ERROR_PAGE none
- MISSING_THROW none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
|
- AUTOSAR C++14 A15-3-3 none
- BAD_COMPARE comparator_misuse
- CHECKED_RETURN library_function
- CHECKED_RETURN none
- CHECKED_RETURN returns_error_info
- CHECKED_RETURN short_read
- CHECKED_RETURN unchecked_arg
- CHECKED_RETURN user_required
- MISRA C++-2008 Rule 15-3-2 none
- NEGATIVE_RETURNS none
- REVERSE_NEGATIVE none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- TAINTED_SCALAR allocation
- TAINTED_SCALAR array_index_read
- TAINTED_SCALAR array_index_write
- TAINTED_SCALAR critical_argument
- TAINTED_SCALAR divisor
- TAINTED_SCALAR loop_bound
- TAINTED_SCALAR none
- TAINTED_SCALAR pointer_deref_read
- TAINTED_SCALAR pointer_deref_write
- UNCAUGHT_EXCEPT none
|
- AUTOSAR C++14 A15-3-3 none
- BAD_COMPARE comparator_misuse
- CHECKED_RETURN library_function
- CHECKED_RETURN none
- CHECKED_RETURN returns_error_info
- CHECKED_RETURN short_read
- CHECKED_RETURN unchecked_arg
- CHECKED_RETURN user_required
- MISRA C++-2008 Rule 15-3-2 none
- NEGATIVE_RETURNS none
- REVERSE_NEGATIVE none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- TAINTED_SCALAR allocation
- TAINTED_SCALAR array_index_read
- TAINTED_SCALAR array_index_write
- TAINTED_SCALAR critical_argument
- TAINTED_SCALAR divisor
- TAINTED_SCALAR loop_bound
- TAINTED_SCALAR none
- TAINTED_SCALAR pointer_deref_read
- TAINTED_SCALAR pointer_deref_write
- UNCAUGHT_EXCEPT none
|
- CHECKED_RETURN none
- CHECKED_RETURN unchecked_arg
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
|
- CHECKED_RETURN library_function
- CHECKED_RETURN none
- CHECKED_RETURN short_read
- CHECKED_RETURN user_required
- CONFIG.MISSING_GLOBAL_EXCEPTION_HANDLER none
- CONFIG.SPRING_BOOT_SENSITIVE_LOGGING spring_boot_logging
- FB.DE_MIGHT_DROP none
- FB.DE_MIGHT_IGNORE none
- FB.DM_EXIT none
- FB.REC_CATCH_EXCEPTION none
- FB.RV_RETURN_VALUE_IGNORED_BAD_PRACTICE none
- MISSING_THROW none
- ORM_LOAD_NULL_CHECK none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- VERBOSE_ERROR_REPORTING exception_information
- VERBOSE_ERROR_REPORTING stack_trace
|
- CONFIG.MISSING_GLOBAL_EXCEPTION_HANDLER winston_exception_handling
- CONFIG.SEQUELIZE_ENABLED_LOGGING sequelize_logging_enabled
- EXPRESS_WINSTON_SENSITIVE_LOGGING error_logger
- EXPRESS_WINSTON_SENSITIVE_LOGGING meta_data
- EXPRESS_WINSTON_SENSITIVE_LOGGING request_logger
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
|
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
|
- BAD_COMPARE comparator_misuse
- CHECKED_RETURN library_function
- CHECKED_RETURN none
- CHECKED_RETURN short_read
- CHECKED_RETURN unchecked_arg
- CHECKED_RETURN user_required
- NEGATIVE_RETURNS none
- REVERSE_NEGATIVE none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- TAINTED_SCALAR allocation
- TAINTED_SCALAR array_index_read
- TAINTED_SCALAR array_index_write
- TAINTED_SCALAR critical_argument
- TAINTED_SCALAR divisor
- TAINTED_SCALAR loop_bound
- TAINTED_SCALAR none
- TAINTED_SCALAR pointer_deref_read
- TAINTED_SCALAR pointer_deref_write
- UNCAUGHT_EXCEPT none
|
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
|
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
|
- SENSITIVE_DATA_LEAK detailed_exceptions_hi
- SENSITIVE_DATA_LEAK detailed_exceptions_med
|
|
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- UNEXPECTED_CONTROL_FLOW ignored_exception_to_optional
|
- CONFIG.MISSING_GLOBAL_EXCEPTION_HANDLER winston_exception_handling
- CONFIG.SEQUELIZE_ENABLED_LOGGING sequelize_logging_enabled
- EXPRESS_WINSTON_SENSITIVE_LOGGING error_logger
- EXPRESS_WINSTON_SENSITIVE_LOGGING meta_data
- EXPRESS_WINSTON_SENSITIVE_LOGGING request_logger
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
|
- CONFIG.MISSING_CUSTOM_ERROR_PAGE none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
|
| 881 CERT C++ Secure Coding Section 13 - Object Oriented Programming (OOP) |
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
|
- CALL_SUPER clone
- CONFIG.SPRING_BOOT_SENSITIVE_LOGGING spring_boot_logging
- CONFIG.SPRING_SECURITY_DEBUG_MODE spring_debug_mode_enabled
- FB.CN_IDIOM none
- FB.CN_IDIOM_NO_SUPER_CALL none
- FB.CN_IMPLEMENTS_CLONE_BUT_NOT_CLONEABLE none
- FB.EI_EXPOSE_REP none
- FB.EI_EXPOSE_REP2 none
- FB.FI_PUBLIC_SHOULD_BE_PROTECTED none
- FB.MS_CANNOT_BE_FINAL none
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- TRUST_BOUNDARY_VIOLATION none
|
- CONFIG.ENABLED_DEBUG_MODE debug_mode_enabled
- CONFIG.SEQUELIZE_ENABLED_LOGGING sequelize_logging_enabled
- EXPRESS_WINSTON_SENSITIVE_LOGGING error_logger
- EXPRESS_WINSTON_SENSITIVE_LOGGING meta_data
- EXPRESS_WINSTON_SENSITIVE_LOGGING request_logger
- INSECURE_COOKIE client_sessions_express_session
- INSECURE_COOKIE hapi_server_session
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
|
|
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
|
- CONFIG.ENABLED_DEBUG_MODE debug_mode_enabled
- CONFIG.SEQUELIZE_ENABLED_LOGGING sequelize_logging_enabled
- EXPRESS_WINSTON_SENSITIVE_LOGGING error_logger
- EXPRESS_WINSTON_SENSITIVE_LOGGING meta_data
- EXPRESS_WINSTON_SENSITIVE_LOGGING request_logger
- INSECURE_COOKIE client_sessions_express_session
- INSECURE_COOKIE hapi_server_session
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
|
| 882 CERT C++ Secure Coding Section 14 - Concurrency (CON) |
- GUARDED_BY_VIOLATION none
- NON_STATIC_GUARDING_STATIC none
- RESOURCE_LEAK channel
- RESOURCE_LEAK database
- RESOURCE_LEAK exceptional_path
- RESOURCE_LEAK none
- RESOURCE_LEAK socket
- RESOURCE_LEAK stream
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- VOLATILE_ATOMICITY compare
- VOLATILE_ATOMICITY none
- VOLATILE_ATOMICITY semantic
- VOLATILE_ATOMICITY threshold
|
- ALLOC_FREE_MISMATCH none
- BAD_FREE address
- BAD_FREE alloca
- BAD_FREE array
- BAD_FREE first_field_address
- BAD_FREE function_pointer
- BAD_FREE none
- COM.ADDROF_LEAK none
- COM.BAD_FREE none
- COM.BSTR.ALLOC leak
- CTOR_DTOR_LEAK none
- DELETE_ARRAY non_array_delete
- DELETE_ARRAY none
- DELETE_ARRAY object
- DELETE_ARRAY scalar
- MISSING_LOCK none
- NO_EFFECT incomplete_delete
- RESOURCE_LEAK exceptional_path
- RESOURCE_LEAK fds_handles
- RESOURCE_LEAK none
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- TOCTOU none
- VIRTUAL_DTOR empty_dtor
- VIRTUAL_DTOR none
|
- ALLOC_FREE_MISMATCH none
- BAD_FREE address
- BAD_FREE alloca
- BAD_FREE array
- BAD_FREE first_field_address
- BAD_FREE function_pointer
- BAD_FREE none
- CTOR_DTOR_LEAK none
- DELETE_ARRAY non_array_delete
- DELETE_ARRAY none
- DELETE_ARRAY object
- DELETE_ARRAY scalar
- MISSING_LOCK none
- NO_EFFECT incomplete_delete
- RESOURCE_LEAK exceptional_path
- RESOURCE_LEAK fds_handles
- RESOURCE_LEAK none
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- TOCTOU none
- VIRTUAL_DTOR empty_dtor
- VIRTUAL_DTOR none
|
- GUARDED_BY_VIOLATION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
|
- BAD_CERT_VERIFICATION bad_revocation_check
- CALL_SUPER finalize
- FB.IS2_INCONSISTENT_SYNC none
- FB.IS_FIELD_NOT_GUARDED none
- FB.IS_INCONSISTENT_SYNC none
- FB.STCAL_INVOKE_ON_STATIC_CALENDAR_INSTANCE none
- FB.STCAL_INVOKE_ON_STATIC_DATE_FORMAT_INSTANCE none
- FB.STCAL_STATIC_CALENDAR_INSTANCE none
- FB.STCAL_STATIC_SIMPLE_DATE_FORMAT_INSTANCE none
- GUARDED_BY_VIOLATION none
- GUARDED_BY_VIOLATION unlocked_read
- GUARDED_BY_VIOLATION unlocked_write
- NON_STATIC_GUARDING_STATIC none
- RESOURCE_LEAK exceptional_path
- RESOURCE_LEAK none
- RESOURCE_LEAK socket
- RESOURCE_LEAK stream
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- VOLATILE_ATOMICITY compare
- VOLATILE_ATOMICITY none
- VOLATILE_ATOMICITY semantic
- VOLATILE_ATOMICITY threshold
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
|
- BAD_CERT_VERIFICATION bad_revocation_check
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
|
- ALLOC_FREE_MISMATCH none
- BAD_FREE address
- BAD_FREE alloca
- BAD_FREE array
- BAD_FREE first_field_address
- BAD_FREE function_pointer
- BAD_FREE none
- CTOR_DTOR_LEAK none
- DELETE_ARRAY non_array_delete
- DELETE_ARRAY none
- DELETE_ARRAY object
- DELETE_ARRAY scalar
- MISSING_LOCK none
- NO_EFFECT incomplete_delete
- RESOURCE_LEAK exceptional_path
- RESOURCE_LEAK fds_handles
- RESOURCE_LEAK none
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- TOCTOU none
- VIRTUAL_DTOR empty_dtor
- VIRTUAL_DTOR none
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
|
- RAILS_DEVISE_CONFIG devise_reset_timeout_hi
- RESOURCE_LEAK unsafe_symbol_creation_low
|
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
|
- RESOURCE_LEAK channel
- RESOURCE_LEAK database
- RESOURCE_LEAK exceptional_path
- RESOURCE_LEAK none
- RESOURCE_LEAK socket
- RESOURCE_LEAK stream
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
|
| 883 CERT C++ Secure Coding Section 49 - Miscellaneous (MSC) |
- BAD_EQ referential
- BAD_EQ_TYPES none
- CONFIG.CONNECTION_STRING_PASSWORD none
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- DEADCODE dead_case_in_switch
- DEADCODE dead_default_in_switch
- DEADCODE effectively_constant
- DEADCODE none
- DEADCODE redundant_test
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HEADER_INJECTION none
- INSECURE_RANDOM insecure_random_used
- INSECURE_RANDOM insecure_random_value
- LDAP_INJECTION none
- LDAP_NOT_CONSTANT none
- LOG_INJECTION none
- NOSQL_QUERY_INJECTION none
- OPEN_REDIRECT none
- OS_CMD_INJECTION command_argument
- OS_CMD_INJECTION executable_file
- OS_CMD_INJECTION none
- OVERFLOW_BEFORE_WIDEN none
- PATH_MANIPULATION none
- REGEX_INJECTION none
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
- UNKNOWN_LANGUAGE_INJECTION none
- UNREACHABLE none
- UNRESTRICTED_DISPATCH none
- UNSAFE_NAMED_QUERY none
- UNUSED_VALUE adjacent
- UNUSED_VALUE none
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
- XML_INJECTION none
- XPATH_INJECTION none
- XSS none
- XSS stored_xss
|
- ARRAY_VS_SINGLETON none
- BAD_ALLOC_ARITHMETIC none
- BAD_COMPARE string_lit_comparison
- BUFFER_SIZE fixed_size_dest
- BUFFER_SIZE likely_overflow
- BUFFER_SIZE no_null_terminator
- BUFFER_SIZE no_null_terminator_warn
- BUFFER_SIZE none
- BUFFER_SIZE overflow
- BUFFER_SIZE overlapping_buffer
- CHAR_IO none
- COM.BAD_FREE none
- COM.BSTR.ALLOC double_free
- COM.BSTR.ALLOC free_uninit
- COM.BSTR.ALLOC none
- COM.BSTR.ALLOC use_after_free
- COM.BSTR.ALLOC use_uninit
- COM.BSTR.CONV none
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- DEADCODE dead_case_in_switch
- DEADCODE dead_default_in_switch
- DEADCODE effectively_constant
- DEADCODE none
- DEADCODE redundant_test
- FORMAT_STRING_INJECTION none
- FORMAT_STRING_INJECTION paranoid
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HEADER_INJECTION none
- INCOMPATIBLE_CAST float_vs_integral
- INCOMPATIBLE_CAST none
- INCOMPATIBLE_CAST overrun
- INTEGER_OVERFLOW array_index_read
- INTEGER_OVERFLOW array_index_write
- INTEGER_OVERFLOW const_overflow
- INTEGER_OVERFLOW critical_argument
- INTEGER_OVERFLOW none
- INTEGER_OVERFLOW pointer_deref_read
- INTEGER_OVERFLOW pointer_deref_write
- INTEGER_OVERFLOW return_value_error
- INVALIDATE_ITERATOR none
- MISMATCHED_ITERATOR none
- MISMATCHED_ITERATOR splice_iterator_mismatch
- MISRA_CAST bitwise_op_bad_cast
- MISRA_CAST bitwise_op_no_cast
- MISRA_CAST float_complex_conversion
- MISRA_CAST float_narrowing_conversion
- MISRA_CAST float_non_constant_arg_conversion
- MISRA_CAST float_non_constant_conversion
- MISRA_CAST float_non_constant_rtn_conversion
- MISRA_CAST float_to_integer_cast
- MISRA_CAST float_to_integer_conversion
- MISRA_CAST float_widening_cast
- MISRA_CAST integer_complex_conversion
- MISRA_CAST integer_narrowing_conversion
- MISRA_CAST integer_non_constant_arg_conversion
- MISRA_CAST integer_non_constant_conversion
- MISRA_CAST integer_non_constant_rtn_conversion
- MISRA_CAST integer_signedness_changing_cast
- MISRA_CAST integer_signedness_changing_conversion
- MISRA_CAST integer_to_float_cast
- MISRA_CAST integer_to_float_conversion
- MISRA_CAST integer_widening_cast
- MISRA_CAST none
- MISSING_ASSIGN none
- MISSING_ASSIGN uncalled
- MISSING_COPY none
- MISSING_COPY uncalled
- NEGATIVE_RETURNS array_index_read
- NEGATIVE_RETURNS array_index_write
- NEGATIVE_RETURNS loop_bound
- NO_EFFECT bad_memset_truncated_fill
- NO_EFFECT extra_comma
- NO_EFFECT no_effect_test
- NO_EFFECT unsigned_compare
- NO_EFFECT unsigned_compare_macros
- NO_EFFECT unsigned_enums
- OS_CMD_INJECTION none
- OVERFLOW_BEFORE_WIDEN none
- OVERRUN illegal_address
- OVERRUN none
- OVERRUN read
- OVERRUN strlen
- OVERRUN write
- PATH_MANIPULATION none
- PW.ASSIGN_WHERE_COMPARE_MEANT none
- PW.BAD_CAST none
- PW.CONVERSION_TO_POINTER_LOSES_BITS none
- PW.INTEGER_OVERFLOW none
- PW.INTEGER_TOO_LARGE none
- PW.NON_CONST_PRINTF_FORMAT_STRING none
- PW.SHIFT_COUNT_TOO_LARGE none
- PW.UNSIGNED_COMPARE_WITH_NEGATIVE none
- READLINK none
- REVERSE_NEGATIVE array_index_read
- REVERSE_NEGATIVE array_index_write
- REVERSE_NEGATIVE critical_argument
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SIGN_EXTENSION none
- SIZECHECK likely_overflow
- SIZECHECK no_null_terminator
- SQLI none
- STRING_NULL none
- STRING_OVERFLOW fixed_size_dest
- STRING_OVERFLOW likely_overflow
- STRING_OVERFLOW none
- STRING_SIZE none
- TAINTED_SCALAR allocation
- TAINTED_SCALAR array_index_read
- TAINTED_SCALAR array_index_write
- TAINTED_SCALAR critical_argument
- TAINTED_SCALAR divisor
- TAINTED_SCALAR loop_bound
- TAINTED_SCALAR none
- TAINTED_SCALAR pointer_deref_read
- TAINTED_SCALAR pointer_deref_write
- TAINTED_STRING none
- UNREACHABLE none
- UNUSED_VALUE adjacent
- UNUSED_VALUE none
- URL_MANIPULATION none
- USER_POINTER none
- USE_AFTER_FREE deref_read_after_free
- USE_AFTER_FREE deref_write_after_free
- USE_AFTER_FREE double_free
- USE_AFTER_FREE none
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
- WRAPPER_ESCAPE COM_deref_read_after_free
- WRAPPER_ESCAPE COM_deref_write_after_free
- WRAPPER_ESCAPE COM_use_after_free
- WRAPPER_ESCAPE deref_read_after_free
- WRAPPER_ESCAPE deref_write_after_free
- WRAPPER_ESCAPE none
- XPATH_INJECTION none
- Y2K38_SAFETY declaration_with_small_time_t
- Y2K38_SAFETY truncation_of_time_t
|
- ARRAY_VS_SINGLETON none
- BAD_ALLOC_ARITHMETIC none
- BAD_COMPARE string_lit_comparison
- BUFFER_SIZE fixed_size_dest
- BUFFER_SIZE likely_overflow
- BUFFER_SIZE no_null_terminator
- BUFFER_SIZE no_null_terminator_warn
- BUFFER_SIZE none
- BUFFER_SIZE overflow
- BUFFER_SIZE overlapping_buffer
- CHAR_IO none
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- DEADCODE dead_case_in_switch
- DEADCODE dead_default_in_switch
- DEADCODE effectively_constant
- DEADCODE none
- DEADCODE redundant_test
- FORMAT_STRING_INJECTION none
- FORMAT_STRING_INJECTION paranoid
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HEADER_INJECTION none
- INCOMPATIBLE_CAST float_vs_integral
- INCOMPATIBLE_CAST none
- INCOMPATIBLE_CAST overrun
- INTEGER_OVERFLOW array_index_read
- INTEGER_OVERFLOW array_index_write
- INTEGER_OVERFLOW const_overflow
- INTEGER_OVERFLOW critical_argument
- INTEGER_OVERFLOW none
- INTEGER_OVERFLOW pointer_deref_read
- INTEGER_OVERFLOW pointer_deref_write
- INTEGER_OVERFLOW return_value_error
- INVALIDATE_ITERATOR none
- MISMATCHED_ITERATOR none
- MISMATCHED_ITERATOR splice_iterator_mismatch
- MISRA_CAST bitwise_op_bad_cast
- MISRA_CAST bitwise_op_no_cast
- MISRA_CAST float_complex_conversion
- MISRA_CAST float_narrowing_conversion
- MISRA_CAST float_non_constant_arg_conversion
- MISRA_CAST float_non_constant_conversion
- MISRA_CAST float_non_constant_rtn_conversion
- MISRA_CAST float_to_integer_cast
- MISRA_CAST float_to_integer_conversion
- MISRA_CAST float_widening_cast
- MISRA_CAST integer_complex_conversion
- MISRA_CAST integer_narrowing_conversion
- MISRA_CAST integer_non_constant_arg_conversion
- MISRA_CAST integer_non_constant_conversion
- MISRA_CAST integer_non_constant_rtn_conversion
- MISRA_CAST integer_signedness_changing_cast
- MISRA_CAST integer_signedness_changing_conversion
- MISRA_CAST integer_to_float_cast
- MISRA_CAST integer_to_float_conversion
- MISRA_CAST integer_widening_cast
- MISRA_CAST none
- MISSING_ASSIGN none
- MISSING_ASSIGN uncalled
- MISSING_COPY none
- MISSING_COPY uncalled
- NEGATIVE_RETURNS array_index_read
- NEGATIVE_RETURNS array_index_write
- NEGATIVE_RETURNS loop_bound
- NO_EFFECT bad_memset_truncated_fill
- NO_EFFECT extra_comma
- NO_EFFECT no_effect_test
- NO_EFFECT unsigned_compare
- NO_EFFECT unsigned_compare_macros
- NO_EFFECT unsigned_enums
- OS_CMD_INJECTION none
- OVERFLOW_BEFORE_WIDEN none
- OVERRUN illegal_address
- OVERRUN none
- OVERRUN read
- OVERRUN strlen
- OVERRUN write
- PATH_MANIPULATION none
- PW.ASSIGN_WHERE_COMPARE_MEANT none
- PW.BAD_CAST none
- PW.CONVERSION_TO_POINTER_LOSES_BITS none
- PW.INTEGER_OVERFLOW none
- PW.INTEGER_TOO_LARGE none
- PW.NON_CONST_PRINTF_FORMAT_STRING none
- PW.SHIFT_COUNT_TOO_LARGE none
- PW.UNSIGNED_COMPARE_WITH_NEGATIVE none
- READLINK none
- REVERSE_NEGATIVE array_index_read
- REVERSE_NEGATIVE array_index_write
- REVERSE_NEGATIVE critical_argument
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SIGN_EXTENSION none
- SIZECHECK likely_overflow
- SIZECHECK no_null_terminator
- SQLI none
- STRING_NULL none
- STRING_OVERFLOW fixed_size_dest
- STRING_OVERFLOW likely_overflow
- STRING_OVERFLOW none
- STRING_SIZE none
- TAINTED_SCALAR allocation
- TAINTED_SCALAR array_index_read
- TAINTED_SCALAR array_index_write
- TAINTED_SCALAR critical_argument
- TAINTED_SCALAR divisor
- TAINTED_SCALAR loop_bound
- TAINTED_SCALAR none
- TAINTED_SCALAR pointer_deref_read
- TAINTED_SCALAR pointer_deref_write
- TAINTED_STRING none
- UNREACHABLE none
- UNUSED_VALUE adjacent
- UNUSED_VALUE none
- URL_MANIPULATION none
- USER_POINTER none
- USE_AFTER_FREE deref_read_after_free
- USE_AFTER_FREE deref_write_after_free
- USE_AFTER_FREE double_free
- USE_AFTER_FREE none
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
- WRAPPER_ESCAPE COM_deref_read_after_free
- WRAPPER_ESCAPE COM_deref_write_after_free
- WRAPPER_ESCAPE COM_use_after_free
- WRAPPER_ESCAPE deref_read_after_free
- WRAPPER_ESCAPE deref_write_after_free
- WRAPPER_ESCAPE none
- XPATH_INJECTION none
|
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- DEADCODE dead_case_in_switch
- DEADCODE dead_default_in_switch
- DEADCODE effectively_constant
- DEADCODE none
- DEADCODE redundant_test
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HEADER_INJECTION none
- NOSQL_QUERY_INJECTION none
- OPEN_REDIRECT none
- OS_CMD_INJECTION command_as_one_string
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SQLI none
- SQLI nosink
- SQLI sink
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
- TEMPLATE_INJECTION none
- UNUSED_VALUE adjacent
- UNUSED_VALUE none
- URL_MANIPULATION none
- XSS none
|
- CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
- CONFIG.MYBATIS_MAPPER_SQLI none
- CONFIG.SPRING_SECURITY_DEPRECATED_XSS_HEADER deprecated_xss_header
- CONFIG.SPRING_SECURITY_HARDCODED_CREDENTIALS none
- CONFIG.SPRING_SECURITY_REMEMBER_ME_HARDCODED_KEY none
- CONFIG.SPRING_SECURITY_WEAK_PASSWORD_HASH weak_encoding_for_password
- CONFIG.STRUTS2_CONFIG_BROWSER_PLUGIN none
- CONFIG.STRUTS2_DYNAMIC_METHOD_INVOCATION none
- CONFIG.STRUTS2_ENABLED_DEV_MODE none
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
- DEADCODE dead_case_in_switch
- DEADCODE dead_default_in_switch
- DEADCODE effectively_constant
- DEADCODE none
- DEADCODE redundant_test
- EL_INJECTION none
- FB.BC_IMPOSSIBLE_CAST none
- FB.BC_IMPOSSIBLE_DOWNCAST none
- FB.BC_IMPOSSIBLE_DOWNCAST_OF_TOARRAY none
- FB.BC_IMPOSSIBLE_INSTANCEOF none
- FB.BC_VACUOUS_INSTANCEOF none
- FB.BX_BOXING_IMMEDIATELY_UNBOXED_TO_PERFORM_COERCION none
- FB.DLS_DEAD_LOCAL_INCREMENT_IN_RETURN none
- FB.DLS_DEAD_LOCAL_STORE none
- FB.DLS_DEAD_LOCAL_STORE_IN_RETURN none
- FB.DLS_DEAD_LOCAL_STORE_OF_NULL none
- FB.DLS_DEAD_LOCAL_STORE_SHADOWS_FIELD none
- FB.DLS_DEAD_STORE_OF_CLASS_LITERAL none
- FB.DLS_OVERWRITTEN_INCREMENT none
- FB.DMI_CONSTANT_DB_PASSWORD none
- FB.DMI_EMPTY_DB_PASSWORD none
- FB.EQ_ABSTRACT_SELF none
- FB.EQ_ALWAYS_FALSE none
- FB.EQ_ALWAYS_TRUE none
- FB.EQ_CHECK_FOR_OPERAND_NOT_COMPATIBLE_WITH_THIS none
- FB.EQ_COMPARETO_USE_OBJECT_EQUALS none
- FB.EQ_COMPARING_CLASS_NAMES none
- FB.EQ_DOESNT_OVERRIDE_EQUALS none
- FB.EQ_DONT_DEFINE_EQUALS_FOR_ENUM none
- FB.EQ_GETCLASS_AND_CLASS_CONSTANT none
- FB.EQ_OTHER_NO_OBJECT none
- FB.EQ_OTHER_USE_OBJECT none
- FB.EQ_OVERRIDING_EQUALS_NOT_SYMMETRIC none
- FB.EQ_SELF_NO_OBJECT none
- FB.EQ_SELF_USE_OBJECT none
- FB.EQ_UNUSUAL none
- FB.ES_COMPARING_PARAMETER_STRING_WITH_EQ none
- FB.ES_COMPARING_STRINGS_WITH_EQ none
- FB.HRS_REQUEST_PARAMETER_TO_COOKIE none
- FB.HRS_REQUEST_PARAMETER_TO_HTTP_HEADER none
- FB.ICAST_BAD_SHIFT_AMOUNT none
- FB.ICAST_IDIV_CAST_TO_DOUBLE none
- FB.ICAST_INTEGER_MULTIPLY_CAST_TO_LONG none
- FB.ICAST_INT_2_LONG_AS_INSTANT none
- FB.ICAST_INT_CAST_TO_DOUBLE_PASSED_TO_CEIL none
- FB.ICAST_INT_CAST_TO_FLOAT_PASSED_TO_ROUND none
- FB.ICAST_QUESTIONABLE_UNSIGNED_RIGHT_SHIFT none
- FB.IP_PARAMETER_IS_DEAD_BUT_OVERWRITTEN none
- FB.PT_ABSOLUTE_PATH_TRAVERSAL none
- FB.PT_RELATIVE_PATH_TRAVERSAL none
- FB.QBA_QUESTIONABLE_BOOLEAN_ASSIGNMENT none
- FB.RE_BAD_SYNTAX_FOR_REGULAR_EXPRESSION none
- FB.RE_CANT_USE_FILE_SEPARATOR_AS_REGULAR_EXPRESSION none
- FB.RE_POSSIBLE_UNINTENDED_PATTERN none
- FB.SQL_NONCONSTANT_STRING_PASSED_TO_EXECUTE none
- FB.SQL_PREPARED_STATEMENT_GENERATED_FROM_NONCONSTANT_STRING none
- FB.XSS_REQUEST_PARAMETER_TO_JSP_WRITER none
- FB.XSS_REQUEST_PARAMETER_TO_SEND_ERROR none
- FB.XSS_REQUEST_PARAMETER_TO_SERVLET_WRITER none
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HEADER_INJECTION none
- HIBERNATE_BAD_HASHCODE bad_equals
- INSECURE_HTTP_FIREWALL spring_security
- INSECURE_RANDOM insecure_random_used
- INSECURE_RANDOM insecure_random_value
- INSECURE_REMEMBER_ME_COOKIE remember_me_cookie
- INVALIDATE_ITERATOR map_put
- INVALIDATE_ITERATOR none
- JAVA_CODE_INJECTION none
- JCR_INJECTION none
- JSP_DYNAMIC_INCLUDE none
- JSP_SQL_INJECTION none
- LDAP_INJECTION none
- LDAP_NOT_CONSTANT none
- LOG_INJECTION none
- MISSING_HEADER_VALIDATION missing_header_validation
- MOBILE_ID_MISUSE none
- NOSQL_QUERY_INJECTION none
- OGNL_INJECTION none
- OPEN_REDIRECT none
- OS_CMD_INJECTION command_as_array_of_args
- OS_CMD_INJECTION command_as_one_string
- OS_CMD_INJECTION none
- OVERFLOW_BEFORE_WIDEN none
- PATH_MANIPULATION none
- PREDICTABLE_RANDOM_SEED random_seed
- PREDICTABLE_RANDOM_SEED secure_random_seed_const
- PREDICTABLE_RANDOM_SEED secure_random_seed_sys_time
- REGEX_CONFUSION none
- REGEX_INJECTION none
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
- UNKNOWN_LANGUAGE_INJECTION none
- UNREACHABLE none
- UNRESTRICTED_DISPATCH none
- UNSAFE_JNI none
- UNSAFE_NAMED_QUERY none
- UNSAFE_REFLECTION none
- UNUSED_VALUE adjacent
- UNUSED_VALUE none
- URL_MANIPULATION bad_content_uri
- URL_MANIPULATION bad_intent_uri
- URL_MANIPULATION bad_web_uri
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
- XML_INJECTION none
- XPATH_INJECTION none
- XSS none
- XSS stored_xss
|
- ANGULAR_BYPASS_SECURITY none
- ANGULAR_ELEMENT_REFERENCE none
- ANGULAR_EXPRESSION_INJECTION none
- ANGULAR_SCE_DISABLED angular_sce_disabled
- AWS_VALIDATION_DISABLED aws_parameters_validation
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
- CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_intent_whitelist
- CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_navigation_whitelist
- CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_network_request_whitelist
- CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
- CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- COOKIE_INJECTION none
- CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
- CSS_INJECTION none
- DEADCODE none
- DEADCODE redundant_test
- DOM_XSS none
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HEADER_INJECTION none
- INSECURE_COOKIE client_sessions_express_session
- INSECURE_COOKIE hapi_server_session
- INSECURE_RANDOM insecure_random_used
- INSECURE_RANDOM insecure_random_value
- INSECURE_SALT hardcoded
- LOCALSTORAGE_MANIPULATION none
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
- NOSQL_QUERY_INJECTION none
- OPEN_REDIRECT none
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- REACT_DANGEROUS_INNERHTML react_set_unsafe_html
- REGEX_INJECTION none
- REVERSE_TABNABBING react_target_blank
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO insecure_cipher
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SA.RISKY_CRYPTO ssl_protocol
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SESSIONSTORAGE_MANIPULATION none
- SQLI none
- SQLI nosink
- SQLI sink
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
- TEMPLATE_INJECTION none
- UNREACHABLE none
- URL_MANIPULATION none
- VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
- WEAK_URL_SANITIZATION hostname_regular_expression
- WEAK_URL_SANITIZATION regular_expression_anchor
- WEAK_URL_SANITIZATION url_substring
- XSS none
|
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HEADER_INJECTION none
- INSECURE_RANDOM insecure_random_used
- INSECURE_RANDOM insecure_random_value
- MOBILE_ID_MISUSE none
- OS_CMD_INJECTION command_as_array_of_args
- OS_CMD_INJECTION command_as_one_string
- PATH_MANIPULATION none
- PREDICTABLE_RANDOM_SEED random_seed
- PREDICTABLE_RANDOM_SEED secure_random_seed_const
- PREDICTABLE_RANDOM_SEED secure_random_seed_sys_time
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SQLI none
- SQLI nosink
- SQLI sink
- URL_MANIPULATION bad_content_uri
- URL_MANIPULATION bad_intent_uri
- URL_MANIPULATION bad_web_uri
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
|
- ARRAY_VS_SINGLETON none
- BAD_ALLOC_ARITHMETIC none
- BAD_COMPARE string_lit_comparison
- BUFFER_SIZE fixed_size_dest
- BUFFER_SIZE likely_overflow
- BUFFER_SIZE no_null_terminator
- BUFFER_SIZE no_null_terminator_warn
- BUFFER_SIZE none
- BUFFER_SIZE overflow
- BUFFER_SIZE overlapping_buffer
- CHAR_IO none
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- DEADCODE dead_case_in_switch
- DEADCODE dead_default_in_switch
- DEADCODE effectively_constant
- DEADCODE none
- DEADCODE redundant_test
- FORMAT_STRING_INJECTION none
- FORMAT_STRING_INJECTION paranoid
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HEADER_INJECTION none
- INCOMPATIBLE_CAST float_vs_integral
- INCOMPATIBLE_CAST none
- INCOMPATIBLE_CAST overrun
- INTEGER_OVERFLOW array_index_read
- INTEGER_OVERFLOW array_index_write
- INTEGER_OVERFLOW const_overflow
- INTEGER_OVERFLOW critical_argument
- INTEGER_OVERFLOW none
- INTEGER_OVERFLOW pointer_deref_read
- INTEGER_OVERFLOW pointer_deref_write
- INTEGER_OVERFLOW return_value_error
- INVALIDATE_ITERATOR none
- MISMATCHED_ITERATOR none
- MISMATCHED_ITERATOR splice_iterator_mismatch
- MISRA_CAST bitwise_op_bad_cast
- MISRA_CAST bitwise_op_no_cast
- MISRA_CAST float_complex_conversion
- MISRA_CAST float_narrowing_conversion
- MISRA_CAST float_non_constant_arg_conversion
- MISRA_CAST float_non_constant_conversion
- MISRA_CAST float_non_constant_rtn_conversion
- MISRA_CAST float_to_integer_cast
- MISRA_CAST float_to_integer_conversion
- MISRA_CAST float_widening_cast
- MISRA_CAST integer_complex_conversion
- MISRA_CAST integer_narrowing_conversion
- MISRA_CAST integer_non_constant_arg_conversion
- MISRA_CAST integer_non_constant_conversion
- MISRA_CAST integer_non_constant_rtn_conversion
- MISRA_CAST integer_signedness_changing_cast
- MISRA_CAST integer_signedness_changing_conversion
- MISRA_CAST integer_to_float_cast
- MISRA_CAST integer_to_float_conversion
- MISRA_CAST integer_widening_cast
- MISRA_CAST none
- MISSING_ASSIGN none
- MISSING_ASSIGN uncalled
- MISSING_COPY none
- MISSING_COPY uncalled
- NEGATIVE_RETURNS array_index_read
- NEGATIVE_RETURNS array_index_write
- NEGATIVE_RETURNS loop_bound
- NO_EFFECT bad_memset_truncated_fill
- NO_EFFECT extra_comma
- NO_EFFECT no_effect_test
- NO_EFFECT unsigned_compare
- NO_EFFECT unsigned_compare_macros
- NO_EFFECT unsigned_enums
- OS_CMD_INJECTION none
- OVERFLOW_BEFORE_WIDEN none
- OVERRUN illegal_address
- OVERRUN none
- OVERRUN read
- OVERRUN strlen
- OVERRUN write
- PATH_MANIPULATION none
- READLINK none
- REVERSE_NEGATIVE array_index_read
- REVERSE_NEGATIVE array_index_write
- REVERSE_NEGATIVE critical_argument
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SIGN_EXTENSION none
- SIZECHECK likely_overflow
- SIZECHECK no_null_terminator
- SQLI none
- STRING_NULL none
- STRING_OVERFLOW fixed_size_dest
- STRING_OVERFLOW likely_overflow
- STRING_OVERFLOW none
- STRING_SIZE none
- TAINTED_SCALAR allocation
- TAINTED_SCALAR array_index_read
- TAINTED_SCALAR array_index_write
- TAINTED_SCALAR critical_argument
- TAINTED_SCALAR divisor
- TAINTED_SCALAR loop_bound
- TAINTED_SCALAR none
- TAINTED_SCALAR pointer_deref_read
- TAINTED_SCALAR pointer_deref_write
- TAINTED_STRING none
- UNREACHABLE none
- UNUSED_VALUE adjacent
- UNUSED_VALUE none
- URL_MANIPULATION none
- USER_POINTER none
- USE_AFTER_FREE deref_read_after_free
- USE_AFTER_FREE deref_write_after_free
- USE_AFTER_FREE double_free
- USE_AFTER_FREE none
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
- WRAPPER_ESCAPE COM_deref_read_after_free
- WRAPPER_ESCAPE COM_deref_write_after_free
- WRAPPER_ESCAPE COM_use_after_free
- WRAPPER_ESCAPE deref_read_after_free
- WRAPPER_ESCAPE deref_write_after_free
- WRAPPER_ESCAPE none
- XPATH_INJECTION none
|
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- DEADCODE none
- DEADCODE redundant_test
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HEADER_INJECTION none
- NOSQL_QUERY_INJECTION none
- OPEN_REDIRECT none
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SQLI none
- SQLI nosink
- SQLI sink
- SYMFONY_EL_INJECTION none
- UNREACHABLE none
- UNSAFE_REFLECTION none
- XSS none
|
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- DEADCODE none
- DEADCODE redundant_test
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- NOSQL_QUERY_INJECTION none
- OPEN_REDIRECT none
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SQLI none
- SQLI nosink
- SQLI sink
- UNREACHABLE none
- XSS none
|
- BLACKLIST_FOR_AUTHN auth_blacklist_med
- BLACKLIST_FOR_AUTHN csrf_blacklist_med
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- DEADCODE none
- DEADCODE redundant_test
- DYNAMIC_OBJECT_ATTRIBUTES cve_2013_0276_hi
- DYNAMIC_OBJECT_ATTRIBUTES dangerous_attr_accessible_hi
- DYNAMIC_OBJECT_ATTRIBUTES dangerous_attr_accessible_low
- DYNAMIC_OBJECT_ATTRIBUTES dangerous_attr_accessible_med
- DYNAMIC_OBJECT_ATTRIBUTES dangerous_permit_key_hi
- DYNAMIC_OBJECT_ATTRIBUTES dangerous_permit_key_med
- HARDCODED_CREDENTIALS secret_in_source_med
- OPEN_REDIRECT open_redirect_hi
- OPEN_REDIRECT open_redirect_low
- OS_CMD_INJECTION command_injection_hi
- OS_CMD_INJECTION command_injection_med
- PATH_MANIPULATION dynamic_render_path_hi
- PATH_MANIPULATION dynamic_render_path_low
- PATH_MANIPULATION dynamic_render_path_med
- PATH_MANIPULATION dynamic_render_path_rce_hi
- PATH_MANIPULATION file_access_hi
- PATH_MANIPULATION file_access_low
- PATH_MANIPULATION file_access_med
- RAILS_DEVISE_CONFIG devise_encryptor_hi
- REGEX_INJECTION regex_dos_hi
- REGEX_INJECTION regex_dos_low
- REGEX_INJECTION regex_dos_med
- REGEX_MISSING_ANCHOR validation_regex_hi
- REVERSE_TABNABBING reverse_tabnabbing_low
- RUBY_VULNERABLE_LIBRARY cve_2010_3933_hi
- RUBY_VULNERABLE_LIBRARY cve_2011_2929_hi
- RUBY_VULNERABLE_LIBRARY cve_2011_2930_med
- RUBY_VULNERABLE_LIBRARY cve_2011_2931_hi
- RUBY_VULNERABLE_LIBRARY cve_2011_2932_hi
- RUBY_VULNERABLE_LIBRARY cve_2011_3186_med
- RUBY_VULNERABLE_LIBRARY cve_2012_2660_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_2661_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_2695_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_3463_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_3465_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_5664_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_0155_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_1855_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_1857_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_4491_med
- RUBY_VULNERABLE_LIBRARY cve_2013_6416_call_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_6416_med
- RUBY_VULNERABLE_LIBRARY cve_2013_6417_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_0080_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_0081_call_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_0081_med
- RUBY_VULNERABLE_LIBRARY cve_2014_3482_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_3483_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_low
- RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_med
- RUBY_VULNERABLE_LIBRARY cve_2014_3514_med
- RUBY_VULNERABLE_LIBRARY cve_2014_7829_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_3226_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_3226_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7577_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7578_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_7578_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7579_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_7579_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7580_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_7580_med
- RUBY_VULNERABLE_LIBRARY cve_2016_6317_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_3741_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_3741_med
- RUBY_VULNERABLE_LIBRARY cve_2018_3760_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_3760_low
- RUBY_VULNERABLE_LIBRARY cve_2018_8048_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_8048_med
- RUBY_VULNERABLE_LIBRARY safe_buffer_vuln_med
- RUBY_VULNERABLE_LIBRARY select_options_vuln_low
- RUBY_VULNERABLE_LIBRARY select_options_vuln_med
- RUBY_VULNERABLE_LIBRARY translate_vuln_hi
- RUBY_VULNERABLE_LIBRARY translate_vuln_med
- SCRIPT_CODE_INJECTION code_eval_hi
- SCRIPT_CODE_INJECTION code_eval_low
- SQLI sql_injection_calculate_hi
- SQLI sql_injection_calculate_low
- SQLI sql_injection_calculate_med
- SQLI sql_injection_connection_hi
- SQLI sql_injection_connection_low
- SQLI sql_injection_connection_med
- SQLI sql_injection_delete_hi
- SQLI sql_injection_delete_low
- SQLI sql_injection_delete_med
- SQLI sql_injection_dynamic_finder_med
- SQLI sql_injection_exists_hi
- SQLI sql_injection_find_by_hi
- SQLI sql_injection_find_hi
- SQLI sql_injection_find_low
- SQLI sql_injection_find_med
- SQLI sql_injection_from_hi
- SQLI sql_injection_from_low
- SQLI sql_injection_from_med
- SQLI sql_injection_group_low
- SQLI sql_injection_group_med
- SQLI sql_injection_having_low
- SQLI sql_injection_having_med
- SQLI sql_injection_hi
- SQLI sql_injection_interp_hi
- SQLI sql_injection_interp_low
- SQLI sql_injection_interp_med
- SQLI sql_injection_joins_hi
- SQLI sql_injection_joins_low
- SQLI sql_injection_joins_med
- SQLI sql_injection_limit_offset_hi
- SQLI sql_injection_limit_offset_low
- SQLI sql_injection_low
- SQLI sql_injection_med
- SQLI sql_injection_not_low
- SQLI sql_injection_order_hi
- SQLI sql_injection_order_low
- SQLI sql_injection_order_med
- SQLI sql_injection_pluck_hi
- SQLI sql_injection_pluck_low
- SQLI sql_injection_pluck_med
- SQLI sql_injection_reorder_hi
- SQLI sql_injection_reorder_low
- SQLI sql_injection_reorder_med
- SQLI sql_injection_select_hi
- SQLI sql_injection_select_med
- SQLI sql_injection_where_hi
- SQLI sql_injection_where_low
- SQLI sql_injection_where_med
- UNESCAPED_HTML unescaped_output_low
- UNREACHABLE none
- UNSAFE_BASIC_AUTH basic_auth_password_hi
- UNSAFE_REFLECTION dangerous_send_hi
- UNSAFE_REFLECTION unsafe_constantize_hi
- UNSAFE_REFLECTION unsafe_constantize_med
- UNSAFE_SESSION_SETTING session_secret_hi
- WEAK_PASSWORD_HASH weak_hash_digest_hi
- WEAK_PASSWORD_HASH weak_hash_digest_med
- WEAK_PASSWORD_HASH weak_hash_hmac_med
- XSS cross_site_scripting_hi
- XSS cross_site_scripting_inline_hi
- XSS cross_site_scripting_inline_med
- XSS cross_site_scripting_low
- XSS cross_site_scripting_med
- XSS cve_2011_0446_hi
- XSS cve_2012_3464_med
- XSS cve_2016_6316_hi
- XSS cve_2016_6316_med
- XSS unquoted_attribute_hi
- XSS unquoted_attribute_low
- XSS unquoted_attribute_med
- XSS xss_content_tag_hi
- XSS xss_content_tag_med
- XSS xss_link_to_hi
- XSS xss_link_to_href_hi
- XSS xss_link_to_href_low
- XSS xss_link_to_med
- XSS xss_to_json_hi
- XSS xss_to_json_med
|
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- DEADCODE dead_case_in_switch
- DEADCODE dead_default_in_switch
- DEADCODE effectively_constant
- DEADCODE none
- DEADCODE redundant_test
- OVERFLOW_BEFORE_WIDEN none
- UNREACHABLE none
|
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- DEADCODE dead_case_in_switch
- DEADCODE dead_default_in_switch
- DEADCODE effectively_constant
- DEADCODE none
- DEADCODE redundant_test
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- PATH_MANIPULATION none
- REGEX_INJECTION none
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SQLI none
- SQLI nosink
- SQLI sink
- XPATH_INJECTION none
|
- ANGULAR_BYPASS_SECURITY none
- ANGULAR_ELEMENT_REFERENCE none
- ANGULAR_EXPRESSION_INJECTION none
- ANGULAR_SCE_DISABLED angular_sce_disabled
- AWS_VALIDATION_DISABLED aws_parameters_validation
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
- CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_intent_whitelist
- CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_navigation_whitelist
- CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_network_request_whitelist
- CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
- CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- COOKIE_INJECTION none
- CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
- CSS_INJECTION none
- DEADCODE none
- DEADCODE redundant_test
- DOM_XSS none
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HEADER_INJECTION none
- INSECURE_COOKIE client_sessions_express_session
- INSECURE_COOKIE hapi_server_session
- INSECURE_RANDOM insecure_random_used
- INSECURE_RANDOM insecure_random_value
- INSECURE_SALT hardcoded
- LOCALSTORAGE_MANIPULATION none
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
- NOSQL_QUERY_INJECTION none
- OPEN_REDIRECT none
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- REACT_DANGEROUS_INNERHTML react_set_unsafe_html
- REGEX_INJECTION none
- REVERSE_TABNABBING react_target_blank
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO insecure_cipher
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SA.RISKY_CRYPTO ssl_protocol
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SESSIONSTORAGE_MANIPULATION none
- SQLI none
- SQLI nosink
- SQLI sink
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
- TEMPLATE_INJECTION none
- UNREACHABLE none
- URL_MANIPULATION none
- VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
- WEAK_URL_SANITIZATION hostname_regular_expression
- WEAK_URL_SANITIZATION regular_expression_anchor
- WEAK_URL_SANITIZATION url_substring
- XSS none
|
- DEADCODE dead_case_in_switch
- DEADCODE dead_default_in_switch
- DEADCODE effectively_constant
- DEADCODE none
- DEADCODE redundant_test
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HEADER_INJECTION none
- INSECURE_RANDOM insecure_random_used
- INSECURE_RANDOM insecure_random_value
- LDAP_INJECTION none
- LDAP_NOT_CONSTANT none
- LOG_INJECTION none
- OPEN_REDIRECT none
- OS_CMD_INJECTION command_argument
- OS_CMD_INJECTION executable_file
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- REGEX_INJECTION none
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
- UNREACHABLE none
- UNRESTRICTED_DISPATCH none
- UNSAFE_NAMED_QUERY none
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
- XML_INJECTION none
- XPATH_INJECTION none
- XSS none
- XSS stored_xss
|
| 884 CWE Cross-section |
- BAD_EQ referential
- BAD_EQ_TYPES none
- CONFIG.CONNECTION_STRING_PASSWORD none
- CONFIG.DEAD_AUTHORIZATION_RULE dead_allow_rule
- CONFIG.DEAD_AUTHORIZATION_RULE dead_deny_rule
- CONFIG.MISSING_CUSTOM_ERROR_PAGE none
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT missing_parentheses
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- CSRF database_update
- CSRF filesystem_modification
- CSRF none
- DEADCODE dead_case_in_switch
- DEADCODE dead_default_in_switch
- DEADCODE effectively_constant
- DEADCODE none
- DEADCODE redundant_test
- DIVIDE_BY_ZERO float_divisor
- DIVIDE_BY_ZERO none
- FORWARD_NULL deref_constant_null
- FORWARD_NULL deref_constant_zero
- FORWARD_NULL dynamic_cast
- FORWARD_NULL none
- FORWARD_NULL null_from_as
- FORWARD_NULL throws_on_null
- GUARDED_BY_VIOLATION none
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HEADER_INJECTION none
- INFINITE_LOOP no_escape
- INFINITE_LOOP none
- INSECURE_COOKIE dotnet
- INSECURE_RANDOM insecure_random_used
- INSECURE_RANDOM insecure_random_value
- LDAP_INJECTION none
- LDAP_NOT_CONSTANT none
- LOCK_INVERSION none
- LOG_INJECTION none
- MISSING_AUTHZ none
- MISSING_THROW none
- NESTING_INDENT_MISMATCH bad_indentation
- NESTING_INDENT_MISMATCH none
- NON_STATIC_GUARDING_STATIC none
- NOSQL_QUERY_INJECTION none
- NULL_RETURNS none
- NULL_RETURNS unimpl
- OPEN_REDIRECT none
- OS_CMD_INJECTION command_argument
- OS_CMD_INJECTION executable_file
- OS_CMD_INJECTION none
- OVERFLOW_BEFORE_WIDEN none
- PATH_MANIPULATION none
- REGEX_INJECTION none
- REVERSE_INULL none
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
- SWAPPED_ARGUMENTS none
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- UNKNOWN_LANGUAGE_INJECTION none
- UNLOGGED_SECURITY_EXCEPTION unlogged_security_exception
- UNREACHABLE none
- UNRESTRICTED_DISPATCH none
- UNSAFE_DESERIALIZATION none
- UNSAFE_NAMED_QUERY none
- UNUSED_VALUE adjacent
- UNUSED_VALUE none
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
- XML_EXTERNAL_ENTITY entity_expansion
- XML_EXTERNAL_ENTITY unrestricted_dtds
- XPATH_INJECTION none
- XSS none
- XSS stored_xss
|
- ALLOC_FREE_MISMATCH none
- ARRAY_VS_SINGLETON none
- AUTOSAR C++14 A15-3-3 none
- BAD_ALLOC_ARITHMETIC none
- BAD_ALLOC_STRLEN none
- BAD_COMPARE comparator_misuse
- BAD_COMPARE misuse_of_not
- BAD_COMPARE none
- BAD_COMPARE string_lit_comparison
- BAD_FREE address
- BAD_FREE alloca
- BAD_FREE array
- BAD_FREE first_field_address
- BAD_FREE function_pointer
- BAD_FREE none
- BAD_SIZEOF none
- BAD_SIZEOF sizeof_ptr_expr
- BUFFER_SIZE fixed_size_dest
- BUFFER_SIZE likely_overflow
- BUFFER_SIZE no_null_terminator
- BUFFER_SIZE no_null_terminator_warn
- BUFFER_SIZE none
- BUFFER_SIZE overflow
- BUFFER_SIZE overlapping_buffer
- CHAR_IO none
- CHECKED_RETURN library_function
- CHECKED_RETURN none
- CHECKED_RETURN returns_error_info
- CHECKED_RETURN short_read
- CHECKED_RETURN unchecked_arg
- CHECKED_RETURN user_required
- COM.ADDROF_LEAK none
- COM.BAD_FREE none
- COM.BSTR.ALLOC double_free
- COM.BSTR.ALLOC free_uninit
- COM.BSTR.ALLOC leak
- COM.BSTR.ALLOC none
- COM.BSTR.ALLOC use_after_free
- COM.BSTR.ALLOC use_uninit
- COM.BSTR.CONV none
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT missing_parentheses
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- CTOR_DTOR_LEAK none
- DC.PREDICTABLE_KEY_PASSWORD none
- DC.STREAM_BUFFER none
- DC.STRING_BUFFER none
- DC.WEAK_CRYPTO none
- DEADCODE dead_case_in_switch
- DEADCODE dead_default_in_switch
- DEADCODE effectively_constant
- DEADCODE none
- DEADCODE redundant_test
- DIVIDE_BY_ZERO float_divisor
- DIVIDE_BY_ZERO none
- FORMAT_STRING_INJECTION none
- FORMAT_STRING_INJECTION paranoid
- FORWARD_NULL deref_constant_null
- FORWARD_NULL dynamic_cast
- FORWARD_NULL none
- FORWARD_NULL throws_on_null
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HEADER_INJECTION none
- INFINITE_LOOP no_escape
- INFINITE_LOOP none
- INTEGER_OVERFLOW array_index_read
- INTEGER_OVERFLOW array_index_write
- INTEGER_OVERFLOW const_overflow
- INTEGER_OVERFLOW critical_argument
- INTEGER_OVERFLOW none
- INTEGER_OVERFLOW pointer_deref_read
- INTEGER_OVERFLOW pointer_deref_write
- INTEGER_OVERFLOW return_value_error
- LOCK double_lock
- LOCK lock_assert
- LOCK missing_unlock
- LOCK none
- MISRA C++-2008 Rule 15-3-2 none
- MISRA_CAST bitwise_op_bad_cast
- MISRA_CAST bitwise_op_no_cast
- MISRA_CAST float_complex_conversion
- MISRA_CAST float_narrowing_conversion
- MISRA_CAST float_non_constant_arg_conversion
- MISRA_CAST float_non_constant_conversion
- MISRA_CAST float_non_constant_rtn_conversion
- MISRA_CAST float_to_integer_cast
- MISRA_CAST float_to_integer_conversion
- MISRA_CAST float_widening_cast
- MISRA_CAST integer_complex_conversion
- MISRA_CAST integer_narrowing_conversion
- MISRA_CAST integer_non_constant_arg_conversion
- MISRA_CAST integer_non_constant_conversion
- MISRA_CAST integer_non_constant_rtn_conversion
- MISRA_CAST integer_signedness_changing_cast
- MISRA_CAST integer_signedness_changing_conversion
- MISRA_CAST integer_to_float_cast
- MISRA_CAST integer_to_float_conversion
- MISRA_CAST integer_widening_cast
- MISRA_CAST none
- MISSING_ASSIGN none
- MISSING_ASSIGN uncalled
- MISSING_BREAK none
- MISSING_COPY none
- MISSING_COPY uncalled
- MISSING_LOCK none
- NEGATIVE_RETURNS array_index_read
- NEGATIVE_RETURNS array_index_write
- NEGATIVE_RETURNS critical_argument
- NESTING_INDENT_MISMATCH bad_indentation
- NESTING_INDENT_MISMATCH none
- NO_EFFECT bad_memset_truncated_fill
- NO_EFFECT bad_memset_zero_size
- NO_EFFECT extra_comma
- NO_EFFECT incomplete_delete
- NO_EFFECT no_effect_test
- NO_EFFECT unsigned_compare
- NO_EFFECT unsigned_compare_macros
- NO_EFFECT unsigned_enums
- NULL_RETURNS none
- NULL_RETURNS unimpl
- ORDER_REVERSAL none
- OS_CMD_INJECTION none
- OVERFLOW_BEFORE_WIDEN none
- OVERRUN illegal_address
- OVERRUN none
- OVERRUN read
- OVERRUN strlen
- OVERRUN write
- PATH_MANIPULATION none
- PRINTF_ARGS extra_printf_arg
- PRINTF_ARGS invalid_type_printf_arg
- PRINTF_ARGS missing_printf_arg
- PW.ASSIGN_WHERE_COMPARE_MEANT none
- PW.BAD_PRINTF_FORMAT_STRING none
- PW.DIVIDE_BY_ZERO none
- PW.INTEGER_OVERFLOW none
- PW.INTEGER_TOO_LARGE none
- PW.NON_CONST_PRINTF_FORMAT_STRING none
- PW.RETURN_PTR_TO_LOCAL_TEMP none
- PW.SHIFT_COUNT_TOO_LARGE none
- PW.TOO_FEW_PRINTF_ARGS none
- PW.TOO_MANY_PRINTF_ARGS none
- PW.UNSIGNED_COMPARE_WITH_NEGATIVE none
- READLINK none
- RESOURCE_LEAK fds_handles
- RETURN_LOCAL escape_local_addr_to_fields_or_globals
- RETURN_LOCAL none
- REVERSE_INULL none
- REVERSE_NEGATIVE array_index_read
- REVERSE_NEGATIVE array_index_write
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SECURE_CODING none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SIGN_EXTENSION none
- SIZECHECK ampersand_in_size
- SIZECHECK improper_new
- SIZECHECK incorrect_multiplication
- SIZECHECK likely_overflow
- SIZECHECK no_null_terminator
- SIZECHECK none
- SIZEOF_MISMATCH missing_parentheses
- SIZEOF_MISMATCH sizeof_punning
- SLEEP none
- SQLI none
- STACK_USE none
- STRING_NULL none
- STRING_OVERFLOW fixed_size_dest
- STRING_OVERFLOW likely_overflow
- STRING_OVERFLOW none
- STRING_SIZE none
- SWAPPED_ARGUMENTS none
- TAINTED_SCALAR allocation
- TAINTED_SCALAR array_index_read
- TAINTED_SCALAR array_index_write
- TAINTED_SCALAR critical_argument
- TAINTED_SCALAR divisor
- TAINTED_SCALAR loop_bound
- TAINTED_SCALAR none
- TAINTED_SCALAR pointer_deref_read
- TAINTED_SCALAR pointer_deref_write
- TOCTOU none
- UNCAUGHT_EXCEPT none
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- UNREACHABLE none
- UNUSED_VALUE adjacent
- UNUSED_VALUE none
- URL_MANIPULATION none
- USE_AFTER_FREE deref_read_after_free
- USE_AFTER_FREE deref_write_after_free
- USE_AFTER_FREE double_close
- USE_AFTER_FREE double_free
- USE_AFTER_FREE none
- USE_AFTER_FREE use_after_close
- VIRTUAL_DTOR empty_dtor
- VIRTUAL_DTOR none
- WEAK_GUARD dns
- WEAK_GUARD dns_sensitive_op
- WEAK_GUARD http_referer
- WEAK_GUARD http_referer_sensitive_op
- WEAK_GUARD ip_address
- WEAK_GUARD ip_address_sensitive_op
- WEAK_GUARD none
- WEAK_GUARD os_login
- WEAK_GUARD os_login_sensitive_op
- WEAK_GUARD principal_name
- WEAK_GUARD principal_name_sensitive_op
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
- WRAPPER_ESCAPE COM_deref_read_after_free
- WRAPPER_ESCAPE COM_deref_write_after_free
- WRAPPER_ESCAPE COM_use_after_free
- WRAPPER_ESCAPE deref_read_after_free
- WRAPPER_ESCAPE deref_write_after_free
- WRAPPER_ESCAPE none
- XPATH_INJECTION none
- Y2K38_SAFETY declaration_with_small_time_t
- Y2K38_SAFETY truncation_of_time_t
|
- ALLOC_FREE_MISMATCH none
- ARRAY_VS_SINGLETON none
- AUTOSAR C++14 A15-3-3 none
- BAD_ALLOC_ARITHMETIC none
- BAD_ALLOC_STRLEN none
- BAD_COMPARE comparator_misuse
- BAD_COMPARE misuse_of_not
- BAD_COMPARE none
- BAD_COMPARE string_lit_comparison
- BAD_FREE address
- BAD_FREE alloca
- BAD_FREE array
- BAD_FREE first_field_address
- BAD_FREE function_pointer
- BAD_FREE none
- BAD_SIZEOF none
- BAD_SIZEOF sizeof_ptr_expr
- BUFFER_SIZE fixed_size_dest
- BUFFER_SIZE likely_overflow
- BUFFER_SIZE no_null_terminator
- BUFFER_SIZE no_null_terminator_warn
- BUFFER_SIZE none
- BUFFER_SIZE overflow
- BUFFER_SIZE overlapping_buffer
- CHAR_IO none
- CHECKED_RETURN library_function
- CHECKED_RETURN none
- CHECKED_RETURN returns_error_info
- CHECKED_RETURN short_read
- CHECKED_RETURN unchecked_arg
- CHECKED_RETURN user_required
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT missing_parentheses
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- CTOR_DTOR_LEAK none
- DC.PREDICTABLE_KEY_PASSWORD none
- DC.STREAM_BUFFER none
- DC.STRING_BUFFER none
- DC.WEAK_CRYPTO none
- DEADCODE dead_case_in_switch
- DEADCODE dead_default_in_switch
- DEADCODE effectively_constant
- DEADCODE none
- DEADCODE redundant_test
- DIVIDE_BY_ZERO float_divisor
- DIVIDE_BY_ZERO none
- FORMAT_STRING_INJECTION none
- FORMAT_STRING_INJECTION paranoid
- FORWARD_NULL deref_constant_null
- FORWARD_NULL dynamic_cast
- FORWARD_NULL none
- FORWARD_NULL throws_on_null
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HEADER_INJECTION none
- INFINITE_LOOP no_escape
- INFINITE_LOOP none
- INTEGER_OVERFLOW array_index_read
- INTEGER_OVERFLOW array_index_write
- INTEGER_OVERFLOW const_overflow
- INTEGER_OVERFLOW critical_argument
- INTEGER_OVERFLOW none
- INTEGER_OVERFLOW pointer_deref_read
- INTEGER_OVERFLOW pointer_deref_write
- INTEGER_OVERFLOW return_value_error
- LOCK double_lock
- LOCK lock_assert
- LOCK missing_unlock
- LOCK none
- MISRA C++-2008 Rule 15-3-2 none
- MISRA_CAST bitwise_op_bad_cast
- MISRA_CAST bitwise_op_no_cast
- MISRA_CAST float_complex_conversion
- MISRA_CAST float_narrowing_conversion
- MISRA_CAST float_non_constant_arg_conversion
- MISRA_CAST float_non_constant_conversion
- MISRA_CAST float_non_constant_rtn_conversion
- MISRA_CAST float_to_integer_cast
- MISRA_CAST float_to_integer_conversion
- MISRA_CAST float_widening_cast
- MISRA_CAST integer_complex_conversion
- MISRA_CAST integer_narrowing_conversion
- MISRA_CAST integer_non_constant_arg_conversion
- MISRA_CAST integer_non_constant_conversion
- MISRA_CAST integer_non_constant_rtn_conversion
- MISRA_CAST integer_signedness_changing_cast
- MISRA_CAST integer_signedness_changing_conversion
- MISRA_CAST integer_to_float_cast
- MISRA_CAST integer_to_float_conversion
- MISRA_CAST integer_widening_cast
- MISRA_CAST none
- MISSING_ASSIGN none
- MISSING_ASSIGN uncalled
- MISSING_BREAK none
- MISSING_COPY none
- MISSING_COPY uncalled
- MISSING_LOCK none
- NEGATIVE_RETURNS array_index_read
- NEGATIVE_RETURNS array_index_write
- NEGATIVE_RETURNS critical_argument
- NESTING_INDENT_MISMATCH bad_indentation
- NESTING_INDENT_MISMATCH none
- NO_EFFECT bad_memset_truncated_fill
- NO_EFFECT bad_memset_zero_size
- NO_EFFECT extra_comma
- NO_EFFECT incomplete_delete
- NO_EFFECT no_effect_test
- NO_EFFECT unsigned_compare
- NO_EFFECT unsigned_compare_macros
- NO_EFFECT unsigned_enums
- NULL_RETURNS none
- NULL_RETURNS unimpl
- ORDER_REVERSAL none
- OS_CMD_INJECTION none
- OVERFLOW_BEFORE_WIDEN none
- OVERRUN illegal_address
- OVERRUN none
- OVERRUN read
- OVERRUN strlen
- OVERRUN write
- PATH_MANIPULATION none
- PRINTF_ARGS extra_printf_arg
- PRINTF_ARGS invalid_type_printf_arg
- PRINTF_ARGS missing_printf_arg
- PW.ASSIGN_WHERE_COMPARE_MEANT none
- PW.BAD_PRINTF_FORMAT_STRING none
- PW.DIVIDE_BY_ZERO none
- PW.INTEGER_OVERFLOW none
- PW.INTEGER_TOO_LARGE none
- PW.NON_CONST_PRINTF_FORMAT_STRING none
- PW.RETURN_PTR_TO_LOCAL_TEMP none
- PW.SHIFT_COUNT_TOO_LARGE none
- PW.TOO_FEW_PRINTF_ARGS none
- PW.TOO_MANY_PRINTF_ARGS none
- PW.UNSIGNED_COMPARE_WITH_NEGATIVE none
- READLINK none
- RESOURCE_LEAK fds_handles
- RETURN_LOCAL escape_local_addr_to_fields_or_globals
- RETURN_LOCAL none
- REVERSE_INULL none
- REVERSE_NEGATIVE array_index_read
- REVERSE_NEGATIVE array_index_write
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SECURE_CODING none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SIGN_EXTENSION none
- SIZECHECK ampersand_in_size
- SIZECHECK improper_new
- SIZECHECK incorrect_multiplication
- SIZECHECK likely_overflow
- SIZECHECK no_null_terminator
- SIZECHECK none
- SIZEOF_MISMATCH missing_parentheses
- SIZEOF_MISMATCH sizeof_punning
- SLEEP none
- SQLI none
- STACK_USE none
- STRING_NULL none
- STRING_OVERFLOW fixed_size_dest
- STRING_OVERFLOW likely_overflow
- STRING_OVERFLOW none
- STRING_SIZE none
- SWAPPED_ARGUMENTS none
- TAINTED_SCALAR allocation
- TAINTED_SCALAR array_index_read
- TAINTED_SCALAR array_index_write
- TAINTED_SCALAR critical_argument
- TAINTED_SCALAR divisor
- TAINTED_SCALAR loop_bound
- TAINTED_SCALAR none
- TAINTED_SCALAR pointer_deref_read
- TAINTED_SCALAR pointer_deref_write
- TOCTOU none
- UNCAUGHT_EXCEPT none
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- UNREACHABLE none
- UNUSED_VALUE adjacent
- UNUSED_VALUE none
- URL_MANIPULATION none
- USE_AFTER_FREE deref_read_after_free
- USE_AFTER_FREE deref_write_after_free
- USE_AFTER_FREE double_close
- USE_AFTER_FREE double_free
- USE_AFTER_FREE none
- USE_AFTER_FREE use_after_close
- VIRTUAL_DTOR empty_dtor
- VIRTUAL_DTOR none
- WEAK_GUARD dns
- WEAK_GUARD dns_sensitive_op
- WEAK_GUARD http_referer
- WEAK_GUARD http_referer_sensitive_op
- WEAK_GUARD ip_address
- WEAK_GUARD ip_address_sensitive_op
- WEAK_GUARD none
- WEAK_GUARD os_login
- WEAK_GUARD os_login_sensitive_op
- WEAK_GUARD principal_name
- WEAK_GUARD principal_name_sensitive_op
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
- WRAPPER_ESCAPE COM_deref_read_after_free
- WRAPPER_ESCAPE COM_deref_write_after_free
- WRAPPER_ESCAPE COM_use_after_free
- WRAPPER_ESCAPE deref_read_after_free
- WRAPPER_ESCAPE deref_write_after_free
- WRAPPER_ESCAPE none
- XPATH_INJECTION none
|
- CHECKED_RETURN none
- CHECKED_RETURN unchecked_arg
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT missing_parentheses
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- DEADCODE dead_case_in_switch
- DEADCODE dead_default_in_switch
- DEADCODE effectively_constant
- DEADCODE none
- DEADCODE redundant_test
- DISTRUSTED_DATA_DESERIALIZATION none
- DIVIDE_BY_ZERO float_divisor
- DIVIDE_BY_ZERO none
- FORWARD_NULL deref_constant_null
- FORWARD_NULL none
- GUARDED_BY_VIOLATION none
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HEADER_INJECTION none
- INFINITE_LOOP no_escape
- INFINITE_LOOP none
- INSUFFICIENT_LOGGING logging_obligation
- LOCK double_lock
- LOCK lock_assert
- LOCK missing_unlock
- LOCK none
- LOCK_INVERSION none
- NOSQL_QUERY_INJECTION none
- NULL_RETURNS none
- NULL_RETURNS unimpl
- OPEN_REDIRECT none
- OS_CMD_INJECTION command_as_one_string
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- REVERSE_INULL none
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SLEEP none
- SQLI none
- SQLI nosink
- SQLI sink
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
- TEMPLATE_INJECTION none
- UNUSED_VALUE adjacent
- UNUSED_VALUE none
- URL_MANIPULATION none
- XML_EXTERNAL_ENTITY entity_expansion
- XSS none
|
- BAD_CERT_VERIFICATION bad_hostname_verifier
- BAD_CERT_VERIFICATION bad_revocation_check
- BAD_CERT_VERIFICATION bad_ssl_session
- BAD_CERT_VERIFICATION bad_trust_manager
- CHECKED_RETURN library_function
- CHECKED_RETURN none
- CHECKED_RETURN short_read
- CHECKED_RETURN user_required
- CONFIG.DWR_DEBUG_MODE none
- CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
- CONFIG.JAVAEE_MISSING_SERVLET_MAPPING javaee
- CONFIG.MISSING_GLOBAL_EXCEPTION_HANDLER none
- CONFIG.MISSING_JSF2_SECURITY_CONSTRAINT none
- CONFIG.MYBATIS_MAPPER_SQLI none
- CONFIG.SPRING_BOOT_SSL_DISABLED spring_boot_certificate_validation_skipped
- CONFIG.SPRING_SECURITY_CSRF_PROTECTION_DISABLED spring_security
- CONFIG.SPRING_SECURITY_DEPRECATED_XSS_HEADER deprecated_xss_header
- CONFIG.SPRING_SECURITY_DISABLE_AUTH_TAGS none
- CONFIG.SPRING_SECURITY_HARDCODED_CREDENTIALS none
- CONFIG.SPRING_SECURITY_LOGIN_OVER_HTTP spring_security_login_over_http
- CONFIG.SPRING_SECURITY_REMEMBER_ME_HARDCODED_KEY none
- CONFIG.SPRING_SECURITY_WEAK_PASSWORD_HASH weak_encoding_for_password
- CONFIG.STRUTS2_CONFIG_BROWSER_PLUGIN none
- CONFIG.STRUTS2_DYNAMIC_METHOD_INVOCATION none
- CONFIG.STRUTS2_ENABLED_DEV_MODE none
- CONFIG.UNSAFE_SESSION_TIMEOUT none
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT missing_parentheses
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- CORS_MISCONFIGURATION cors_with_credentials_http_origin
- CORS_MISCONFIGURATION cors_with_credentials_null_origin
- CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
- CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
- CSRF database_update
- CSRF filesystem_modification
- CSRF none
- DC.DANGEROUS none
- DC.DEADLOCK none
- DEADCODE dead_case_in_switch
- DEADCODE dead_default_in_switch
- DEADCODE effectively_constant
- DEADCODE none
- DEADCODE redundant_test
- DISABLED_ENCRYPTION text_encryptor
- DIVIDE_BY_ZERO float_divisor
- DIVIDE_BY_ZERO none
- FB.BC_IMPOSSIBLE_CAST none
- FB.BC_IMPOSSIBLE_DOWNCAST none
- FB.BC_IMPOSSIBLE_DOWNCAST_OF_TOARRAY none
- FB.BC_IMPOSSIBLE_INSTANCEOF none
- FB.BC_NULL_INSTANCEOF none
- FB.BC_VACUOUS_INSTANCEOF none
- FB.BX_BOXING_IMMEDIATELY_UNBOXED_TO_PERFORM_COERCION none
- FB.DC_DOUBLECHECK none
- FB.DC_PARTIALLY_CONSTRUCTED none
- FB.DLS_DEAD_LOCAL_INCREMENT_IN_RETURN none
- FB.DLS_DEAD_LOCAL_STORE none
- FB.DLS_DEAD_LOCAL_STORE_IN_RETURN none
- FB.DLS_DEAD_LOCAL_STORE_OF_NULL none
- FB.DLS_DEAD_LOCAL_STORE_SHADOWS_FIELD none
- FB.DLS_DEAD_STORE_OF_CLASS_LITERAL none
- FB.DLS_OVERWRITTEN_INCREMENT none
- FB.DMI_CONSTANT_DB_PASSWORD none
- FB.DMI_EMPTY_DB_PASSWORD none
- FB.EI_EXPOSE_REP none
- FB.EI_EXPOSE_REP2 none
- FB.EQ_ABSTRACT_SELF none
- FB.EQ_ALWAYS_FALSE none
- FB.EQ_ALWAYS_TRUE none
- FB.EQ_CHECK_FOR_OPERAND_NOT_COMPATIBLE_WITH_THIS none
- FB.EQ_COMPARETO_USE_OBJECT_EQUALS none
- FB.EQ_COMPARING_CLASS_NAMES none
- FB.EQ_DOESNT_OVERRIDE_EQUALS none
- FB.EQ_DONT_DEFINE_EQUALS_FOR_ENUM none
- FB.EQ_GETCLASS_AND_CLASS_CONSTANT none
- FB.EQ_OTHER_NO_OBJECT none
- FB.EQ_OTHER_USE_OBJECT none
- FB.EQ_OVERRIDING_EQUALS_NOT_SYMMETRIC none
- FB.EQ_SELF_NO_OBJECT none
- FB.EQ_SELF_USE_OBJECT none
- FB.EQ_UNUSUAL none
- FB.ES_COMPARING_PARAMETER_STRING_WITH_EQ none
- FB.ES_COMPARING_STRINGS_WITH_EQ none
- FB.HRS_REQUEST_PARAMETER_TO_COOKIE none
- FB.HRS_REQUEST_PARAMETER_TO_HTTP_HEADER none
- FB.ICAST_BAD_SHIFT_AMOUNT none
- FB.ICAST_IDIV_CAST_TO_DOUBLE none
- FB.ICAST_INTEGER_MULTIPLY_CAST_TO_LONG none
- FB.ICAST_INT_2_LONG_AS_INSTANT none
- FB.ICAST_INT_CAST_TO_DOUBLE_PASSED_TO_CEIL none
- FB.ICAST_INT_CAST_TO_FLOAT_PASSED_TO_ROUND none
- FB.ICAST_QUESTIONABLE_UNSIGNED_RIGHT_SHIFT none
- FB.IL_INFINITE_RECURSIVE_LOOP none
- FB.IP_PARAMETER_IS_DEAD_BUT_OVERWRITTEN none
- FB.NP_ALWAYS_NULL none
- FB.NP_ALWAYS_NULL_EXCEPTION none
- FB.NP_ARGUMENT_MIGHT_BE_NULL none
- FB.NP_BOOLEAN_RETURN_NULL none
- FB.NP_CLONE_COULD_RETURN_NULL none
- FB.NP_CLOSING_NULL none
- FB.NP_DEREFERENCE_OF_READLINE_VALUE none
- FB.NP_DOES_NOT_HANDLE_NULL none
- FB.NP_EQUALS_SHOULD_HANDLE_NULL_ARGUMENT none
- FB.NP_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR none
- FB.NP_GUARANTEED_DEREF none
- FB.NP_GUARANTEED_DEREF_ON_EXCEPTION_PATH none
- FB.NP_IMMEDIATE_DEREFERENCE_OF_READLINE none
- FB.NP_LOAD_OF_KNOWN_NULL_VALUE none
- FB.NP_METHOD_PARAMETER_RELAXING_ANNOTATION none
- FB.NP_METHOD_PARAMETER_TIGHTENS_ANNOTATION none
- FB.NP_METHOD_RETURN_RELAXING_ANNOTATION none
- FB.NP_NONNULL_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR none
- FB.NP_NONNULL_PARAM_VIOLATION none
- FB.NP_NONNULL_RETURN_VIOLATION none
- FB.NP_NULL_INSTANCEOF none
- FB.NP_NULL_ON_SOME_PATH none
- FB.NP_NULL_ON_SOME_PATH_EXCEPTION none
- FB.NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE none
- FB.NP_NULL_ON_SOME_PATH_MIGHT_BE_INFEASIBLE none
- FB.NP_NULL_PARAM_DEREF none
- FB.NP_NULL_PARAM_DEREF_ALL_TARGETS_DANGEROUS none
- FB.NP_NULL_PARAM_DEREF_NONVIRTUAL none
- FB.NP_OPTIONAL_RETURN_NULL none
- FB.NP_PARAMETER_MUST_BE_NONNULL_BUT_MARKED_AS_NULLABLE none
- FB.NP_STORE_INTO_NONNULL_FIELD none
- FB.NP_TOSTRING_COULD_RETURN_NULL none
- FB.NP_UNWRITTEN_FIELD none
- FB.NP_UNWRITTEN_PUBLIC_OR_PROTECTED_FIELD none
- FB.PT_ABSOLUTE_PATH_TRAVERSAL none
- FB.PT_RELATIVE_PATH_TRAVERSAL none
- FB.QBA_QUESTIONABLE_BOOLEAN_ASSIGNMENT none
- FB.RCN_REDUNDANT_COMPARISON_OF_NULL_AND_NONNULL_VALUE none
- FB.RCN_REDUNDANT_COMPARISON_TWO_NULL_VALUES none
- FB.RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE none
- FB.RCN_REDUNDANT_NULLCHECK_OF_NULL_VALUE none
- FB.RCN_REDUNDANT_NULLCHECK_WOULD_HAVE_BEEN_A_NPE none
- FB.RE_BAD_SYNTAX_FOR_REGULAR_EXPRESSION none
- FB.RE_CANT_USE_FILE_SEPARATOR_AS_REGULAR_EXPRESSION none
- FB.RE_POSSIBLE_UNINTENDED_PATTERN none
- FB.RV_RETURN_VALUE_IGNORED_BAD_PRACTICE none
- FB.SF_DEAD_STORE_DUE_TO_SWITCH_FALLTHROUGH none
- FB.SF_DEAD_STORE_DUE_TO_SWITCH_FALLTHROUGH_TO_THROW none
- FB.SF_SWITCH_FALLTHROUGH none
- FB.SQL_NONCONSTANT_STRING_PASSED_TO_EXECUTE none
- FB.SQL_PREPARED_STATEMENT_GENERATED_FROM_NONCONSTANT_STRING none
- FB.XSS_REQUEST_PARAMETER_TO_JSP_WRITER none
- FB.XSS_REQUEST_PARAMETER_TO_SEND_ERROR none
- FB.XSS_REQUEST_PARAMETER_TO_SERVLET_WRITER none
- FORWARD_NULL deref_constant_null
- FORWARD_NULL deref_constant_zero
- FORWARD_NULL needs_null_check
- FORWARD_NULL none
- GUARDED_BY_VIOLATION none
- GUARDED_BY_VIOLATION unlocked_read
- GUARDED_BY_VIOLATION unlocked_write
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HEADER_INJECTION none
- INFINITE_LOOP no_escape
- INFINITE_LOOP none
- INSECURE_COMMUNICATION insecure_communication
- INSECURE_COMMUNICATION none
- INSECURE_COMMUNICATION unencrypted_connection
- INSECURE_RANDOM insecure_random_used
- INSECURE_RANDOM insecure_random_value
- JAVA_CODE_INJECTION none
- JCR_INJECTION none
- JSP_DYNAMIC_INCLUDE none
- JSP_SQL_INJECTION none
- LDAP_INJECTION none
- LDAP_NOT_CONSTANT none
- LOCK_INVERSION none
- LOG_INJECTION none
- MISSING_AUTHZ none
- MISSING_BREAK none
- MISSING_HEADER_VALIDATION missing_header_validation
- MISSING_THROW none
- NESTING_INDENT_MISMATCH bad_indentation
- NESTING_INDENT_MISMATCH none
- NON_STATIC_GUARDING_STATIC none
- NOSQL_QUERY_INJECTION none
- NULL_RETURNS none
- NULL_RETURNS unimpl
- OGNL_INJECTION none
- OPEN_REDIRECT none
- ORM_LOAD_NULL_CHECK none
- OS_CMD_INJECTION command_as_array_of_args
- OS_CMD_INJECTION command_as_one_string
- OS_CMD_INJECTION none
- OVERFLOW_BEFORE_WIDEN none
- PATH_MANIPULATION none
- PREDICTABLE_RANDOM_SEED random_seed
- PREDICTABLE_RANDOM_SEED secure_random_seed_const
- PREDICTABLE_RANDOM_SEED secure_random_seed_sys_time
- REGEX_CONFUSION none
- REGEX_INJECTION none
- REVERSE_INULL none
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SERVLET_ATOMICITY attribute_init_race
- SERVLET_ATOMICITY none
- SERVLET_ATOMICITY violation_on_session_object
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
- SWAPPED_ARGUMENTS none
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- UNKNOWN_LANGUAGE_INJECTION none
- UNLIMITED_CONCURRENT_SESSIONS unlimited_concurrent_sessions
- UNLOGGED_SECURITY_EXCEPTION unlogged_security_exception
- UNREACHABLE none
- UNRESTRICTED_DISPATCH none
- UNSAFE_DESERIALIZATION none
- UNSAFE_JNI none
- UNSAFE_NAMED_QUERY none
- UNSAFE_REFLECTION none
- UNUSED_VALUE adjacent
- UNUSED_VALUE none
- URL_MANIPULATION bad_content_uri
- URL_MANIPULATION bad_intent_uri
- URL_MANIPULATION bad_web_uri
- USE_AFTER_FREE none
- VERBOSE_ERROR_REPORTING exception_information
- VERBOSE_ERROR_REPORTING stack_trace
- WEAK_GUARD dns
- WEAK_GUARD dns_sensitive_op
- WEAK_GUARD http_referer
- WEAK_GUARD http_referer_sensitive_op
- WEAK_GUARD ip_address
- WEAK_GUARD ip_address_sensitive_op
- WEAK_GUARD none
- WEAK_GUARD os_login
- WEAK_GUARD os_login_sensitive_op
- WEAK_GUARD principal_name
- WEAK_GUARD principal_name_sensitive_op
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
- XML_EXTERNAL_ENTITY entity_expansion
- XML_EXTERNAL_ENTITY unrestricted_dtds
- XPATH_INJECTION none
- XSS none
- XSS stored_xss
|
- ANGULAR_BYPASS_SECURITY none
- ANGULAR_ELEMENT_REFERENCE none
- ANGULAR_EXPRESSION_INJECTION none
- ANGULAR_SCE_DISABLED angular_sce_disabled
- AWS_SSL_DISABLED aws_ssl_disabled
- AWS_VALIDATION_DISABLED aws_credentials_validation
- AWS_VALIDATION_DISABLED aws_parameters_validation
- BAD_CERT_VERIFICATION bad_cert_verification
- BAD_CERT_VERIFICATION certificate_validation_disabled
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_fields
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_filesize
- CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
- CONFIG.CORDOVA_EXCESSIVE_LOGGING cordova
- CONFIG.CSURF_IGNORE_METHODS csurf_ignore_methods
- CONFIG.HANA_XS_PREVENT_XSRF_DISABLED none
- CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
- CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
- CONFIG.JSONWEBTOKEN_NON_EXPIRING_TOKEN jwt_non_expiring_token
- CONFIG.MISSING_GLOBAL_EXCEPTION_HANDLER winston_exception_handling
- CONFIG.REQUEST_STRICTSSL_DISABLED request_strictssl_disabled
- CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
- CONFIG.SOCKETIO_MAXHTTPBUFFERSIZE_SET_TOO_LARGE socketio_max_buffer_size
- CONFIG.SOCKETIO_ORIGINS_ACCEPT_ALL socketio_all_origins
- CONFIG.UNSAFE_SESSION_TIMEOUT client_sessions_unsafe_session_timeout
- CONFIG.UNSAFE_SESSION_TIMEOUT connect_mongo_session_timeout_too_long
- CONFIG.UNSAFE_SESSION_TIMEOUT connect_redis_session_timeout_too_long
- CONFIG.UNSAFE_SESSION_TIMEOUT google_cloud_connect_datastore_unsafe_session_timeout
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT missing_parentheses
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- CORS_MISCONFIGURATION cors_with_credentials_all_origin
- CORS_MISCONFIGURATION cors_with_credentials_http_origin
- CORS_MISCONFIGURATION cors_with_credentials_null_origin
- CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
- CORS_MISCONFIGURATION_AUDIT cors_headers_allowed
- CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
- CORS_MISCONFIGURATION_AUDIT cors_preflight_age_too_long
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_all_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_http_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_null_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
- CSRF database_update
- CSRF filesystem_modification
- CSRF none
- CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_cookie_name
- CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_no_validation
- CSRF_MISCONFIGURATION_HAPI_CRUMB insecure_cookie
- CSRF_MISCONFIGURATION_HAPI_CRUMB insufficient_token_entropy
- DEADCODE none
- DEADCODE redundant_test
- DOM_XSS none
- EXPLICIT_THIS_EXPECTED none
- EXPRESS_SESSION_UNSAFE_MEMORYSTORE express_session_unsafe_memorystore
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_fields
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_filesize
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_use_temp_files
- FORWARD_NULL bad_null_value_use
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HEADER_INJECTION none
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_max_age
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_set_if
- IDENTIFIER_TYPO none
- INSECURE_ACL insecure_acl
- INSECURE_COMMUNICATION insecure_connection
- INSECURE_COOKIE client_sessions_express_session
- INSECURE_COOKIE hapi_server_session
- INSECURE_RANDOM insecure_random_used
- INSECURE_RANDOM insecure_random_value
- INSECURE_SALT hardcoded
- INSUFFICIENT_LOGGING logging_obligation
- INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_aws
- INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_google
- JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_exipration
- JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_not_before
- LOCALSTORAGE_MANIPULATION none
- MISSING_AUTHZ none
- MISSING_BREAK none
- MISSING_IFRAME_SANDBOX none
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_count
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
- MULTER_MISCONFIGURATION multer_misconfiguration_of_limits
- MULTER_MISCONFIGURATION multer_misconfiguration_of_storage
- NESTING_INDENT_MISMATCH bad_indentation
- NESTING_INDENT_MISMATCH none
- NOSQL_QUERY_INJECTION none
- NULL_RETURNS none
- OPEN_REDIRECT none
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- REACT_DANGEROUS_INNERHTML react_set_unsafe_html
- REGEX_INJECTION none
- REVERSE_INULL none
- REVERSE_TABNABBING react_target_blank
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO insecure_cipher
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SA.RISKY_CRYPTO ssl_protocol
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SESSIONSTORAGE_MANIPULATION none
- SQLI none
- SQLI nosink
- SQLI sink
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
- TEMPLATE_INJECTION none
- TEMPORARY_CREDENTIALS_DURATION temporary_credentials_duration
- UNREACHABLE none
- UNSAFE_DESERIALIZATION none
- URL_MANIPULATION none
- VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
- WEAK_URL_SANITIZATION hostname_regular_expression
- WEAK_URL_SANITIZATION regular_expression_anchor
- WEAK_URL_SANITIZATION url_substring
- XML_EXTERNAL_ENTITY entity_expansion
- XSS none
|
- BAD_CERT_VERIFICATION bad_hostname_verifier
- BAD_CERT_VERIFICATION bad_revocation_check
- BAD_CERT_VERIFICATION bad_ssl_session
- BAD_CERT_VERIFICATION bad_trust_manager
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HEADER_INJECTION none
- INSECURE_COMMUNICATION none
- INSECURE_RANDOM insecure_random_used
- INSECURE_RANDOM insecure_random_value
- OS_CMD_INJECTION command_as_array_of_args
- OS_CMD_INJECTION command_as_one_string
- PATH_MANIPULATION none
- PREDICTABLE_RANDOM_SEED random_seed
- PREDICTABLE_RANDOM_SEED secure_random_seed_const
- PREDICTABLE_RANDOM_SEED secure_random_seed_sys_time
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- UNSAFE_DESERIALIZATION none
- URL_MANIPULATION bad_content_uri
- URL_MANIPULATION bad_intent_uri
- URL_MANIPULATION bad_web_uri
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
- XML_EXTERNAL_ENTITY entity_expansion
- XML_EXTERNAL_ENTITY unrestricted_dtds
|
- ALLOC_FREE_MISMATCH none
- ARRAY_VS_SINGLETON none
- BAD_ALLOC_ARITHMETIC none
- BAD_ALLOC_STRLEN none
- BAD_COMPARE comparator_misuse
- BAD_COMPARE misuse_of_not
- BAD_COMPARE none
- BAD_COMPARE string_lit_comparison
- BAD_FREE address
- BAD_FREE alloca
- BAD_FREE array
- BAD_FREE first_field_address
- BAD_FREE function_pointer
- BAD_FREE none
- BAD_SIZEOF none
- BAD_SIZEOF sizeof_ptr_expr
- BUFFER_SIZE fixed_size_dest
- BUFFER_SIZE likely_overflow
- BUFFER_SIZE no_null_terminator
- BUFFER_SIZE no_null_terminator_warn
- BUFFER_SIZE none
- BUFFER_SIZE overflow
- BUFFER_SIZE overlapping_buffer
- CHAR_IO none
- CHECKED_RETURN library_function
- CHECKED_RETURN none
- CHECKED_RETURN short_read
- CHECKED_RETURN unchecked_arg
- CHECKED_RETURN user_required
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT missing_parentheses
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- CTOR_DTOR_LEAK none
- DC.PREDICTABLE_KEY_PASSWORD none
- DC.STREAM_BUFFER none
- DC.STRING_BUFFER none
- DC.WEAK_CRYPTO none
- DEADCODE dead_case_in_switch
- DEADCODE dead_default_in_switch
- DEADCODE effectively_constant
- DEADCODE none
- DEADCODE redundant_test
- DIVIDE_BY_ZERO float_divisor
- DIVIDE_BY_ZERO none
- FORMAT_STRING_INJECTION none
- FORMAT_STRING_INJECTION paranoid
- FORWARD_NULL deref_constant_null
- FORWARD_NULL dynamic_cast
- FORWARD_NULL none
- FORWARD_NULL throws_on_null
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HEADER_INJECTION none
- INFINITE_LOOP no_escape
- INFINITE_LOOP none
- INTEGER_OVERFLOW array_index_read
- INTEGER_OVERFLOW array_index_write
- INTEGER_OVERFLOW const_overflow
- INTEGER_OVERFLOW critical_argument
- INTEGER_OVERFLOW none
- INTEGER_OVERFLOW pointer_deref_read
- INTEGER_OVERFLOW pointer_deref_write
- INTEGER_OVERFLOW return_value_error
- LOCK double_lock
- LOCK lock_assert
- LOCK missing_unlock
- LOCK none
- MISRA_CAST bitwise_op_bad_cast
- MISRA_CAST bitwise_op_no_cast
- MISRA_CAST float_complex_conversion
- MISRA_CAST float_narrowing_conversion
- MISRA_CAST float_non_constant_arg_conversion
- MISRA_CAST float_non_constant_conversion
- MISRA_CAST float_non_constant_rtn_conversion
- MISRA_CAST float_to_integer_cast
- MISRA_CAST float_to_integer_conversion
- MISRA_CAST float_widening_cast
- MISRA_CAST integer_complex_conversion
- MISRA_CAST integer_narrowing_conversion
- MISRA_CAST integer_non_constant_arg_conversion
- MISRA_CAST integer_non_constant_conversion
- MISRA_CAST integer_non_constant_rtn_conversion
- MISRA_CAST integer_signedness_changing_cast
- MISRA_CAST integer_signedness_changing_conversion
- MISRA_CAST integer_to_float_cast
- MISRA_CAST integer_to_float_conversion
- MISRA_CAST integer_widening_cast
- MISRA_CAST none
- MISSING_ASSIGN none
- MISSING_ASSIGN uncalled
- MISSING_BREAK none
- MISSING_COPY none
- MISSING_COPY uncalled
- MISSING_LOCK none
- NEGATIVE_RETURNS array_index_read
- NEGATIVE_RETURNS array_index_write
- NEGATIVE_RETURNS critical_argument
- NESTING_INDENT_MISMATCH bad_indentation
- NESTING_INDENT_MISMATCH none
- NO_EFFECT bad_memset_truncated_fill
- NO_EFFECT bad_memset_zero_size
- NO_EFFECT extra_comma
- NO_EFFECT incomplete_delete
- NO_EFFECT no_effect_test
- NO_EFFECT unsigned_compare
- NO_EFFECT unsigned_compare_macros
- NO_EFFECT unsigned_enums
- NULL_RETURNS none
- NULL_RETURNS unimpl
- ORDER_REVERSAL none
- OS_CMD_INJECTION none
- OVERFLOW_BEFORE_WIDEN none
- OVERRUN illegal_address
- OVERRUN none
- OVERRUN read
- OVERRUN strlen
- OVERRUN write
- PATH_MANIPULATION none
- PRINTF_ARGS extra_printf_arg
- PRINTF_ARGS invalid_type_printf_arg
- PRINTF_ARGS missing_printf_arg
- READLINK none
- RESOURCE_LEAK fds_handles
- RETURN_LOCAL escape_local_addr_to_fields_or_globals
- RETURN_LOCAL none
- REVERSE_INULL none
- REVERSE_NEGATIVE array_index_read
- REVERSE_NEGATIVE array_index_write
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SECURE_CODING none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SIGN_EXTENSION none
- SIZECHECK ampersand_in_size
- SIZECHECK improper_new
- SIZECHECK incorrect_multiplication
- SIZECHECK likely_overflow
- SIZECHECK no_null_terminator
- SIZECHECK none
- SIZEOF_MISMATCH missing_parentheses
- SIZEOF_MISMATCH sizeof_punning
- SLEEP none
- SQLI none
- STACK_USE none
- STRING_NULL none
- STRING_OVERFLOW fixed_size_dest
- STRING_OVERFLOW likely_overflow
- STRING_OVERFLOW none
- STRING_SIZE none
- SWAPPED_ARGUMENTS none
- TAINTED_SCALAR allocation
- TAINTED_SCALAR array_index_read
- TAINTED_SCALAR array_index_write
- TAINTED_SCALAR critical_argument
- TAINTED_SCALAR divisor
- TAINTED_SCALAR loop_bound
- TAINTED_SCALAR none
- TAINTED_SCALAR pointer_deref_read
- TAINTED_SCALAR pointer_deref_write
- TOCTOU none
- UNCAUGHT_EXCEPT none
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- UNREACHABLE none
- UNUSED_VALUE adjacent
- UNUSED_VALUE none
- URL_MANIPULATION none
- USE_AFTER_FREE deref_read_after_free
- USE_AFTER_FREE deref_write_after_free
- USE_AFTER_FREE double_close
- USE_AFTER_FREE double_free
- USE_AFTER_FREE none
- USE_AFTER_FREE use_after_close
- VIRTUAL_DTOR empty_dtor
- VIRTUAL_DTOR none
- WEAK_GUARD dns
- WEAK_GUARD dns_sensitive_op
- WEAK_GUARD http_referer
- WEAK_GUARD http_referer_sensitive_op
- WEAK_GUARD ip_address
- WEAK_GUARD ip_address_sensitive_op
- WEAK_GUARD none
- WEAK_GUARD os_login
- WEAK_GUARD os_login_sensitive_op
- WEAK_GUARD principal_name
- WEAK_GUARD principal_name_sensitive_op
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
- WRAPPER_ESCAPE COM_deref_read_after_free
- WRAPPER_ESCAPE COM_deref_write_after_free
- WRAPPER_ESCAPE COM_use_after_free
- WRAPPER_ESCAPE deref_read_after_free
- WRAPPER_ESCAPE deref_write_after_free
- WRAPPER_ESCAPE none
- XPATH_INJECTION none
|
- CONFIG.SYMFONY_CSRF_PROTECTION_DISABLED none
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT missing_parentheses
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- DEADCODE none
- DEADCODE redundant_test
- FORWARD_NULL bad_null_value_use
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HEADER_INJECTION none
- IDENTIFIER_TYPO none
- MISSING_AUTHZ none
- MISSING_BREAK none
- NESTING_INDENT_MISMATCH bad_indentation
- NESTING_INDENT_MISMATCH none
- NOSQL_QUERY_INJECTION none
- OPEN_REDIRECT none
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- UNREACHABLE none
- UNSAFE_DESERIALIZATION none
- UNSAFE_REFLECTION none
- XSS none
|
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT missing_parentheses
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- CSRF database_update
- CSRF none
- DEADCODE none
- DEADCODE redundant_test
- FORWARD_NULL bad_null_value_use
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- IDENTIFIER_TYPO none
- MISSING_AUTHZ none
- NOSQL_QUERY_INJECTION none
- OPEN_REDIRECT none
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- REVERSE_INULL none
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- UNREACHABLE none
- UNSAFE_DESERIALIZATION none
- XSS none
|
- BAD_CERT_VERIFICATION ssl_verification_bypass_hi
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT missing_parentheses
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- COOKIE_SERIALIZER_CONFIG unsafe_cookie_serialization_med
- CSRF csrf_not_protected_by_raising_exception_med
- CSRF csrf_protection_disabled_hi
- CSRF csrf_protection_missing_hi
- CSRF cve_2011_0447_hi
- DEADCODE none
- DEADCODE redundant_test
- DIVIDE_BY_ZERO divide_by_zero_low
- DIVIDE_BY_ZERO divide_by_zero_med
- DYNAMIC_OBJECT_ATTRIBUTES cve_2013_0276_hi
- FORWARD_NULL bad_null_value_use
- HARDCODED_CREDENTIALS secret_in_source_med
- IDENTIFIER_TYPO none
- INSECURE_COOKIE missing_httponly_low
- INSECURE_DIRECT_OBJECT_REFERENCE unscoped_find_low
- OPEN_REDIRECT open_redirect_hi
- OPEN_REDIRECT open_redirect_low
- OS_CMD_INJECTION command_injection_hi
- OS_CMD_INJECTION command_injection_med
- PATH_MANIPULATION dynamic_render_path_hi
- PATH_MANIPULATION dynamic_render_path_low
- PATH_MANIPULATION dynamic_render_path_med
- PATH_MANIPULATION dynamic_render_path_rce_hi
- PATH_MANIPULATION file_access_hi
- PATH_MANIPULATION file_access_low
- PATH_MANIPULATION file_access_med
- RAILS_DEFAULT_ROUTES all_default_routes_hi
- RAILS_DEFAULT_ROUTES controller_default_routes_med
- RAILS_DEFAULT_ROUTES cve_2014_0130_hi
- RAILS_DEFAULT_ROUTES cve_2014_0130_med
- RAILS_DEVISE_CONFIG devise_encryptor_hi
- RAILS_DEVISE_CONFIG devise_lock_strategy_low
- RAILS_DEVISE_CONFIG devise_password_length_max_low
- RAILS_DEVISE_CONFIG devise_password_length_max_med
- RAILS_DEVISE_CONFIG devise_password_length_min_low
- RAILS_DEVISE_CONFIG devise_password_length_min_med
- RAILS_DEVISE_CONFIG devise_reset_timeout_hi
- RAILS_MISSING_FILTER_ACTION missing_action_filter_low
- REGEX_INJECTION regex_dos_hi
- REGEX_INJECTION regex_dos_low
- REGEX_INJECTION regex_dos_med
- REGEX_MISSING_ANCHOR validation_regex_hi
- RESOURCE_LEAK unsafe_symbol_creation_low
- REVERSE_INULL none
- REVERSE_TABNABBING reverse_tabnabbing_low
- RUBY_VULNERABLE_LIBRARY cve_2010_3933_hi
- RUBY_VULNERABLE_LIBRARY cve_2011_2929_hi
- RUBY_VULNERABLE_LIBRARY cve_2011_2930_med
- RUBY_VULNERABLE_LIBRARY cve_2011_2931_hi
- RUBY_VULNERABLE_LIBRARY cve_2011_2932_hi
- RUBY_VULNERABLE_LIBRARY cve_2011_3186_med
- RUBY_VULNERABLE_LIBRARY cve_2012_2660_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_2661_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_2695_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_3424_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_3424_low
- RUBY_VULNERABLE_LIBRARY cve_2012_3463_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_3465_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_5664_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_0155_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_0156_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_0269_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_0269_low
- RUBY_VULNERABLE_LIBRARY cve_2013_0269_med
- RUBY_VULNERABLE_LIBRARY cve_2013_0277_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_0277_med
- RUBY_VULNERABLE_LIBRARY cve_2013_0333_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_1854_med
- RUBY_VULNERABLE_LIBRARY cve_2013_1855_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_1857_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_4491_med
- RUBY_VULNERABLE_LIBRARY cve_2013_6414_med
- RUBY_VULNERABLE_LIBRARY cve_2013_6416_call_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_6416_med
- RUBY_VULNERABLE_LIBRARY cve_2013_6417_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_0080_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_0081_call_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_0081_med
- RUBY_VULNERABLE_LIBRARY cve_2014_0082_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_3482_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_3483_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_low
- RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_med
- RUBY_VULNERABLE_LIBRARY cve_2014_3514_med
- RUBY_VULNERABLE_LIBRARY cve_2014_7829_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_3226_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_3226_med
- RUBY_VULNERABLE_LIBRARY cve_2015_3227_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7577_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7578_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_7578_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7579_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_7579_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7580_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_7580_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7581_med
- RUBY_VULNERABLE_LIBRARY cve_2016_0751_med
- RUBY_VULNERABLE_LIBRARY cve_2016_6317_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_3741_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_3741_med
- RUBY_VULNERABLE_LIBRARY cve_2018_3760_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_3760_low
- RUBY_VULNERABLE_LIBRARY cve_2018_8048_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_8048_med
- RUBY_VULNERABLE_LIBRARY safe_buffer_vuln_med
- RUBY_VULNERABLE_LIBRARY select_options_vuln_low
- RUBY_VULNERABLE_LIBRARY select_options_vuln_med
- RUBY_VULNERABLE_LIBRARY translate_vuln_hi
- RUBY_VULNERABLE_LIBRARY translate_vuln_med
- SCRIPT_CODE_INJECTION code_eval_hi
- SCRIPT_CODE_INJECTION code_eval_low
- SENSITIVE_DATA_LEAK detailed_exceptions_hi
- SENSITIVE_DATA_LEAK detailed_exceptions_med
- SESSION_MANIPULATION session_key_manipulation_hi
- SESSION_MANIPULATION session_key_manipulation_med
- SQLI sql_injection_calculate_hi
- SQLI sql_injection_calculate_low
- SQLI sql_injection_calculate_med
- SQLI sql_injection_connection_hi
- SQLI sql_injection_connection_low
- SQLI sql_injection_connection_med
- SQLI sql_injection_delete_hi
- SQLI sql_injection_delete_low
- SQLI sql_injection_delete_med
- SQLI sql_injection_dynamic_finder_med
- SQLI sql_injection_exists_hi
- SQLI sql_injection_find_by_hi
- SQLI sql_injection_find_hi
- SQLI sql_injection_find_low
- SQLI sql_injection_find_med
- SQLI sql_injection_from_hi
- SQLI sql_injection_from_low
- SQLI sql_injection_from_med
- SQLI sql_injection_group_low
- SQLI sql_injection_group_med
- SQLI sql_injection_having_low
- SQLI sql_injection_having_med
- SQLI sql_injection_hi
- SQLI sql_injection_interp_hi
- SQLI sql_injection_interp_low
- SQLI sql_injection_interp_med
- SQLI sql_injection_joins_hi
- SQLI sql_injection_joins_low
- SQLI sql_injection_joins_med
- SQLI sql_injection_limit_offset_hi
- SQLI sql_injection_limit_offset_low
- SQLI sql_injection_low
- SQLI sql_injection_med
- SQLI sql_injection_not_low
- SQLI sql_injection_order_hi
- SQLI sql_injection_order_low
- SQLI sql_injection_order_med
- SQLI sql_injection_pluck_hi
- SQLI sql_injection_pluck_low
- SQLI sql_injection_pluck_med
- SQLI sql_injection_reorder_hi
- SQLI sql_injection_reorder_low
- SQLI sql_injection_reorder_med
- SQLI sql_injection_select_hi
- SQLI sql_injection_select_med
- SQLI sql_injection_where_hi
- SQLI sql_injection_where_low
- SQLI sql_injection_where_med
- STRICT_TRANSPORT_SECURITY force_ssl_disabled_med
- UNESCAPED_HTML unescaped_output_low
- UNREACHABLE none
- UNSAFE_BASIC_AUTH basic_auth_password_hi
- UNSAFE_DESERIALIZATION unsafe_deserialize_hi
- UNSAFE_DESERIALIZATION unsafe_deserialize_med
- UNSAFE_REFLECTION dangerous_send_hi
- UNSAFE_REFLECTION unsafe_constantize_hi
- UNSAFE_REFLECTION unsafe_constantize_med
- UNSAFE_SESSION_SETTING http_cookies_hi
- UNSAFE_SESSION_SETTING session_secret_hi
- WEAK_PASSWORD_HASH weak_hash_digest_hi
- WEAK_PASSWORD_HASH weak_hash_digest_med
- WEAK_PASSWORD_HASH weak_hash_hmac_med
- XSS cross_site_scripting_hi
- XSS cross_site_scripting_inline_hi
- XSS cross_site_scripting_inline_med
- XSS cross_site_scripting_low
- XSS cross_site_scripting_med
- XSS cve_2011_0446_hi
- XSS cve_2012_3464_med
- XSS cve_2016_6316_hi
- XSS cve_2016_6316_med
- XSS unquoted_attribute_hi
- XSS unquoted_attribute_low
- XSS unquoted_attribute_med
- XSS xss_content_tag_hi
- XSS xss_content_tag_med
- XSS xss_link_to_hi
- XSS xss_link_to_href_hi
- XSS xss_link_to_href_low
- XSS xss_link_to_med
- XSS xss_to_json_hi
- XSS xss_to_json_med
|
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT missing_parentheses
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- DEADCODE dead_case_in_switch
- DEADCODE dead_default_in_switch
- DEADCODE effectively_constant
- DEADCODE none
- DEADCODE redundant_test
- FORWARD_NULL deref_constant_null
- FORWARD_NULL none
- NESTING_INDENT_MISMATCH bad_indentation
- NESTING_INDENT_MISMATCH none
- OVERFLOW_BEFORE_WIDEN none
- REVERSE_INULL none
- UNREACHABLE none
|
- BAD_CERT_VERIFICATION bad_trust_manager
- BAD_CERT_VERIFICATION none
- CONFIG.ATS_INSECURE none
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- CUSTOM_KEYBOARD_DATA_LEAK none
- DEADCODE dead_case_in_switch
- DEADCODE dead_default_in_switch
- DEADCODE effectively_constant
- DEADCODE none
- DEADCODE redundant_test
- FORWARD_NULL deref_constant_null
- FORWARD_NULL none
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- INSECURE_COMMUNICATION none
- INSECURE_MULTIPEER_CONNECTION none
- PATH_MANIPULATION none
- REGEX_INJECTION none
- REVERSE_INULL none
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- XPATH_INJECTION none
|
- ANGULAR_BYPASS_SECURITY none
- ANGULAR_ELEMENT_REFERENCE none
- ANGULAR_EXPRESSION_INJECTION none
- ANGULAR_SCE_DISABLED angular_sce_disabled
- AWS_SSL_DISABLED aws_ssl_disabled
- AWS_VALIDATION_DISABLED aws_credentials_validation
- AWS_VALIDATION_DISABLED aws_parameters_validation
- BAD_CERT_VERIFICATION bad_cert_verification
- BAD_CERT_VERIFICATION certificate_validation_disabled
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_fields
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_filesize
- CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
- CONFIG.CORDOVA_EXCESSIVE_LOGGING cordova
- CONFIG.CSURF_IGNORE_METHODS csurf_ignore_methods
- CONFIG.HANA_XS_PREVENT_XSRF_DISABLED none
- CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
- CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
- CONFIG.JSONWEBTOKEN_NON_EXPIRING_TOKEN jwt_non_expiring_token
- CONFIG.MISSING_GLOBAL_EXCEPTION_HANDLER winston_exception_handling
- CONFIG.REQUEST_STRICTSSL_DISABLED request_strictssl_disabled
- CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
- CONFIG.SOCKETIO_MAXHTTPBUFFERSIZE_SET_TOO_LARGE socketio_max_buffer_size
- CONFIG.SOCKETIO_ORIGINS_ACCEPT_ALL socketio_all_origins
- CONFIG.UNSAFE_SESSION_TIMEOUT client_sessions_unsafe_session_timeout
- CONFIG.UNSAFE_SESSION_TIMEOUT connect_mongo_session_timeout_too_long
- CONFIG.UNSAFE_SESSION_TIMEOUT connect_redis_session_timeout_too_long
- CONFIG.UNSAFE_SESSION_TIMEOUT google_cloud_connect_datastore_unsafe_session_timeout
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT missing_parentheses
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- CORS_MISCONFIGURATION cors_with_credentials_all_origin
- CORS_MISCONFIGURATION cors_with_credentials_http_origin
- CORS_MISCONFIGURATION cors_with_credentials_null_origin
- CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
- CORS_MISCONFIGURATION_AUDIT cors_headers_allowed
- CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
- CORS_MISCONFIGURATION_AUDIT cors_preflight_age_too_long
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_all_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_http_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_null_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
- CSRF database_update
- CSRF filesystem_modification
- CSRF none
- CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_cookie_name
- CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_no_validation
- CSRF_MISCONFIGURATION_HAPI_CRUMB insecure_cookie
- CSRF_MISCONFIGURATION_HAPI_CRUMB insufficient_token_entropy
- DEADCODE none
- DEADCODE redundant_test
- DOM_XSS none
- EXPLICIT_THIS_EXPECTED none
- EXPRESS_SESSION_UNSAFE_MEMORYSTORE express_session_unsafe_memorystore
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_fields
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_filesize
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_use_temp_files
- FORWARD_NULL bad_null_value_use
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HEADER_INJECTION none
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_max_age
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_set_if
- IDENTIFIER_TYPO none
- INSECURE_ACL insecure_acl
- INSECURE_COMMUNICATION insecure_connection
- INSECURE_COOKIE client_sessions_express_session
- INSECURE_COOKIE hapi_server_session
- INSECURE_RANDOM insecure_random_used
- INSECURE_RANDOM insecure_random_value
- INSECURE_SALT hardcoded
- INSUFFICIENT_LOGGING logging_obligation
- INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_aws
- INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_google
- JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_exipration
- JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_not_before
- LOCALSTORAGE_MANIPULATION none
- MISSING_AUTHZ none
- MISSING_BREAK none
- MISSING_IFRAME_SANDBOX none
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_count
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
- MULTER_MISCONFIGURATION multer_misconfiguration_of_limits
- MULTER_MISCONFIGURATION multer_misconfiguration_of_storage
- NESTING_INDENT_MISMATCH bad_indentation
- NESTING_INDENT_MISMATCH none
- NOSQL_QUERY_INJECTION none
- NULL_RETURNS none
- OPEN_REDIRECT none
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- REACT_DANGEROUS_INNERHTML react_set_unsafe_html
- REGEX_INJECTION none
- REVERSE_INULL none
- REVERSE_TABNABBING react_target_blank
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO insecure_cipher
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SA.RISKY_CRYPTO ssl_protocol
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SESSIONSTORAGE_MANIPULATION none
- SQLI none
- SQLI nosink
- SQLI sink
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
- TEMPLATE_INJECTION none
- TEMPORARY_CREDENTIALS_DURATION temporary_credentials_duration
- UNREACHABLE none
- UNSAFE_DESERIALIZATION none
- URL_MANIPULATION none
- VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
- WEAK_URL_SANITIZATION hostname_regular_expression
- WEAK_URL_SANITIZATION regular_expression_anchor
- WEAK_URL_SANITIZATION url_substring
- XML_EXTERNAL_ENTITY entity_expansion
- XSS none
|
- CONFIG.MISSING_CUSTOM_ERROR_PAGE none
- CSRF database_update
- CSRF filesystem_modification
- CSRF none
- DEADCODE dead_case_in_switch
- DEADCODE dead_default_in_switch
- DEADCODE effectively_constant
- DEADCODE none
- DEADCODE redundant_test
- DIVIDE_BY_ZERO float_divisor
- DIVIDE_BY_ZERO none
- FORWARD_NULL deref_constant_null
- FORWARD_NULL deref_constant_zero
- FORWARD_NULL dynamic_cast
- FORWARD_NULL none
- FORWARD_NULL null_from_as
- FORWARD_NULL throws_on_null
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HEADER_INJECTION none
- INFINITE_LOOP no_escape
- INFINITE_LOOP none
- INSECURE_RANDOM insecure_random_used
- INSECURE_RANDOM insecure_random_value
- LDAP_INJECTION none
- LDAP_NOT_CONSTANT none
- LOG_INJECTION none
- MISSING_AUTHZ none
- NULL_RETURNS none
- OPEN_REDIRECT none
- OS_CMD_INJECTION command_argument
- OS_CMD_INJECTION executable_file
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- REGEX_INJECTION none
- REVERSE_INULL none
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
- SWAPPED_ARGUMENTS none
- UNLOGGED_SECURITY_EXCEPTION unlogged_security_exception
- UNREACHABLE none
- UNRESTRICTED_DISPATCH none
- UNSAFE_DESERIALIZATION none
- UNSAFE_NAMED_QUERY none
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
- XML_EXTERNAL_ENTITY entity_expansion
- XML_EXTERNAL_ENTITY unrestricted_dtds
- XPATH_INJECTION none
- XSS none
- XSS stored_xss
|
| 885 SFP Primary Cluster: Risky Values |
- BAD_EQ_TYPES none
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- DIVIDE_BY_ZERO float_divisor
- DIVIDE_BY_ZERO none
- OVERFLOW_BEFORE_WIDEN none
- SWAPPED_ARGUMENTS none
|
- BAD_COMPARE none
- BAD_COMPARE string_lit_comparison
- CHAR_IO none
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- DIVIDE_BY_ZERO float_divisor
- DIVIDE_BY_ZERO none
- INCOMPATIBLE_CAST float_vs_integral
- INCOMPATIBLE_CAST none
- INTEGER_OVERFLOW array_index_read
- INTEGER_OVERFLOW array_index_write
- INTEGER_OVERFLOW const_overflow
- INTEGER_OVERFLOW critical_argument
- INTEGER_OVERFLOW none
- INTEGER_OVERFLOW pointer_deref_read
- INTEGER_OVERFLOW pointer_deref_write
- INTEGER_OVERFLOW return_value_error
- MISRA_CAST bitwise_op_bad_cast
- MISRA_CAST bitwise_op_no_cast
- MISRA_CAST float_complex_conversion
- MISRA_CAST float_narrowing_conversion
- MISRA_CAST float_non_constant_arg_conversion
- MISRA_CAST float_non_constant_conversion
- MISRA_CAST float_non_constant_rtn_conversion
- MISRA_CAST float_to_integer_cast
- MISRA_CAST float_to_integer_conversion
- MISRA_CAST float_widening_cast
- MISRA_CAST integer_complex_conversion
- MISRA_CAST integer_narrowing_conversion
- MISRA_CAST integer_non_constant_arg_conversion
- MISRA_CAST integer_non_constant_conversion
- MISRA_CAST integer_non_constant_rtn_conversion
- MISRA_CAST integer_signedness_changing_cast
- MISRA_CAST integer_signedness_changing_conversion
- MISRA_CAST integer_to_float_cast
- MISRA_CAST integer_to_float_conversion
- MISRA_CAST integer_widening_cast
- MISRA_CAST none
- NEGATIVE_RETURNS critical_argument
- NO_EFFECT bad_memset_truncated_fill
- NO_EFFECT bad_memset_zero_size
- NO_EFFECT extra_comma
- NO_EFFECT no_effect_test
- NO_EFFECT unsigned_compare
- NO_EFFECT unsigned_compare_macros
- NO_EFFECT unsigned_enums
- OVERFLOW_BEFORE_WIDEN none
- PRINTF_ARGS extra_printf_arg
- PRINTF_ARGS invalid_printf_format_string
- PRINTF_ARGS invalid_type_printf_arg
- PRINTF_ARGS missing_printf_arg
- PW.ASSIGN_WHERE_COMPARE_MEANT none
- PW.BAD_CAST none
- PW.BAD_PRINTF_FORMAT_STRING none
- PW.BRANCH_PAST_INITIALIZATION none
- PW.CONVERSION_TO_POINTER_LOSES_BITS none
- PW.DIVIDE_BY_ZERO none
- PW.INTEGER_OVERFLOW none
- PW.INTEGER_TOO_LARGE none
- PW.RETURN_PTR_TO_LOCAL_TEMP none
- PW.SHIFT_COUNT_TOO_LARGE none
- PW.TOO_FEW_PRINTF_ARGS none
- PW.TOO_MANY_PRINTF_ARGS none
- PW.UNSIGNED_COMPARE_WITH_NEGATIVE none
- RETURN_LOCAL escape_local_addr_to_fields_or_globals
- RETURN_LOCAL none
- SIGN_EXTENSION none
- SWAPPED_ARGUMENTS none
- TAINTED_SCALAR divisor
- UNINIT array_index_read
- UNINIT array_index_write
- UNINIT none
- UNINIT pointer_deref_read
- UNINIT pointer_deref_write
- UNINIT_CTOR none
- UNINIT_CTOR pointer
- Y2K38_SAFETY declaration_with_small_time_t
- Y2K38_SAFETY truncation_of_time_t
|
- BAD_COMPARE none
- BAD_COMPARE string_lit_comparison
- CHAR_IO none
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- DIVIDE_BY_ZERO float_divisor
- DIVIDE_BY_ZERO none
- INCOMPATIBLE_CAST float_vs_integral
- INCOMPATIBLE_CAST none
- INTEGER_OVERFLOW array_index_read
- INTEGER_OVERFLOW array_index_write
- INTEGER_OVERFLOW const_overflow
- INTEGER_OVERFLOW critical_argument
- INTEGER_OVERFLOW none
- INTEGER_OVERFLOW pointer_deref_read
- INTEGER_OVERFLOW pointer_deref_write
- INTEGER_OVERFLOW return_value_error
- MISRA_CAST bitwise_op_bad_cast
- MISRA_CAST bitwise_op_no_cast
- MISRA_CAST float_complex_conversion
- MISRA_CAST float_narrowing_conversion
- MISRA_CAST float_non_constant_arg_conversion
- MISRA_CAST float_non_constant_conversion
- MISRA_CAST float_non_constant_rtn_conversion
- MISRA_CAST float_to_integer_cast
- MISRA_CAST float_to_integer_conversion
- MISRA_CAST float_widening_cast
- MISRA_CAST integer_complex_conversion
- MISRA_CAST integer_narrowing_conversion
- MISRA_CAST integer_non_constant_arg_conversion
- MISRA_CAST integer_non_constant_conversion
- MISRA_CAST integer_non_constant_rtn_conversion
- MISRA_CAST integer_signedness_changing_cast
- MISRA_CAST integer_signedness_changing_conversion
- MISRA_CAST integer_to_float_cast
- MISRA_CAST integer_to_float_conversion
- MISRA_CAST integer_widening_cast
- MISRA_CAST none
- NEGATIVE_RETURNS critical_argument
- NO_EFFECT bad_memset_truncated_fill
- NO_EFFECT bad_memset_zero_size
- NO_EFFECT extra_comma
- NO_EFFECT no_effect_test
- NO_EFFECT unsigned_compare
- NO_EFFECT unsigned_compare_macros
- NO_EFFECT unsigned_enums
- OVERFLOW_BEFORE_WIDEN none
- PRINTF_ARGS extra_printf_arg
- PRINTF_ARGS invalid_printf_format_string
- PRINTF_ARGS invalid_type_printf_arg
- PRINTF_ARGS missing_printf_arg
- PW.ASSIGN_WHERE_COMPARE_MEANT none
- PW.BAD_CAST none
- PW.BAD_PRINTF_FORMAT_STRING none
- PW.BRANCH_PAST_INITIALIZATION none
- PW.CONVERSION_TO_POINTER_LOSES_BITS none
- PW.DIVIDE_BY_ZERO none
- PW.INTEGER_OVERFLOW none
- PW.INTEGER_TOO_LARGE none
- PW.RETURN_PTR_TO_LOCAL_TEMP none
- PW.SHIFT_COUNT_TOO_LARGE none
- PW.TOO_FEW_PRINTF_ARGS none
- PW.TOO_MANY_PRINTF_ARGS none
- PW.UNSIGNED_COMPARE_WITH_NEGATIVE none
- RETURN_LOCAL escape_local_addr_to_fields_or_globals
- RETURN_LOCAL none
- SIGN_EXTENSION none
- SWAPPED_ARGUMENTS none
- TAINTED_SCALAR divisor
- UNINIT array_index_read
- UNINIT array_index_write
- UNINIT none
- UNINIT pointer_deref_read
- UNINIT pointer_deref_write
- UNINIT_CTOR none
- UNINIT_CTOR pointer
|
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- DIVIDE_BY_ZERO float_divisor
- DIVIDE_BY_ZERO none
|
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- DIVIDE_BY_ZERO float_divisor
- DIVIDE_BY_ZERO none
- FB.BC_IMPOSSIBLE_CAST none
- FB.BC_IMPOSSIBLE_DOWNCAST none
- FB.BC_IMPOSSIBLE_DOWNCAST_OF_TOARRAY none
- FB.BC_IMPOSSIBLE_INSTANCEOF none
- FB.BC_VACUOUS_INSTANCEOF none
- FB.BX_BOXING_IMMEDIATELY_UNBOXED_TO_PERFORM_COERCION none
- FB.ES_COMPARING_PARAMETER_STRING_WITH_EQ none
- FB.ES_COMPARING_STRINGS_WITH_EQ none
- FB.ICAST_BAD_SHIFT_AMOUNT none
- FB.ICAST_IDIV_CAST_TO_DOUBLE none
- FB.ICAST_INTEGER_MULTIPLY_CAST_TO_LONG none
- FB.ICAST_INT_2_LONG_AS_INSTANT none
- FB.ICAST_INT_CAST_TO_DOUBLE_PASSED_TO_CEIL none
- FB.ICAST_INT_CAST_TO_FLOAT_PASSED_TO_ROUND none
- FB.ICAST_QUESTIONABLE_UNSIGNED_RIGHT_SHIFT none
- FB.J2EE_STORE_OF_NON_SERIALIZABLE_OBJECT_INTO_SESSION none
- FB.QBA_QUESTIONABLE_BOOLEAN_ASSIGNMENT none
- OVERFLOW_BEFORE_WIDEN none
- SWAPPED_ARGUMENTS none
|
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- EXPLICIT_THIS_EXPECTED none
- IDENTIFIER_TYPO none
|
|
- BAD_COMPARE none
- BAD_COMPARE string_lit_comparison
- CHAR_IO none
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- DIVIDE_BY_ZERO float_divisor
- DIVIDE_BY_ZERO none
- INCOMPATIBLE_CAST float_vs_integral
- INCOMPATIBLE_CAST none
- INTEGER_OVERFLOW array_index_read
- INTEGER_OVERFLOW array_index_write
- INTEGER_OVERFLOW const_overflow
- INTEGER_OVERFLOW critical_argument
- INTEGER_OVERFLOW none
- INTEGER_OVERFLOW pointer_deref_read
- INTEGER_OVERFLOW pointer_deref_write
- INTEGER_OVERFLOW return_value_error
- MISRA_CAST bitwise_op_bad_cast
- MISRA_CAST bitwise_op_no_cast
- MISRA_CAST float_complex_conversion
- MISRA_CAST float_narrowing_conversion
- MISRA_CAST float_non_constant_arg_conversion
- MISRA_CAST float_non_constant_conversion
- MISRA_CAST float_non_constant_rtn_conversion
- MISRA_CAST float_to_integer_cast
- MISRA_CAST float_to_integer_conversion
- MISRA_CAST float_widening_cast
- MISRA_CAST integer_complex_conversion
- MISRA_CAST integer_narrowing_conversion
- MISRA_CAST integer_non_constant_arg_conversion
- MISRA_CAST integer_non_constant_conversion
- MISRA_CAST integer_non_constant_rtn_conversion
- MISRA_CAST integer_signedness_changing_cast
- MISRA_CAST integer_signedness_changing_conversion
- MISRA_CAST integer_to_float_cast
- MISRA_CAST integer_to_float_conversion
- MISRA_CAST integer_widening_cast
- MISRA_CAST none
- NEGATIVE_RETURNS critical_argument
- NO_EFFECT bad_memset_truncated_fill
- NO_EFFECT bad_memset_zero_size
- NO_EFFECT extra_comma
- NO_EFFECT no_effect_test
- NO_EFFECT unsigned_compare
- NO_EFFECT unsigned_compare_macros
- NO_EFFECT unsigned_enums
- OVERFLOW_BEFORE_WIDEN none
- PRINTF_ARGS extra_printf_arg
- PRINTF_ARGS invalid_printf_format_string
- PRINTF_ARGS invalid_type_printf_arg
- PRINTF_ARGS missing_printf_arg
- RETURN_LOCAL escape_local_addr_to_fields_or_globals
- RETURN_LOCAL none
- SIGN_EXTENSION none
- SWAPPED_ARGUMENTS none
- TAINTED_SCALAR divisor
- UNINIT array_index_read
- UNINIT array_index_write
- UNINIT none
- UNINIT pointer_deref_read
- UNINIT pointer_deref_write
- UNINIT_CTOR none
- UNINIT_CTOR pointer
|
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- IDENTIFIER_TYPO none
|
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- IDENTIFIER_TYPO none
|
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- DIVIDE_BY_ZERO divide_by_zero_low
- DIVIDE_BY_ZERO divide_by_zero_med
- IDENTIFIER_TYPO none
- SQLI sql_injection_dynamic_finder_med
|
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- OVERFLOW_BEFORE_WIDEN none
|
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
|
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- EXPLICIT_THIS_EXPECTED none
- IDENTIFIER_TYPO none
|
- DIVIDE_BY_ZERO float_divisor
- DIVIDE_BY_ZERO none
- SWAPPED_ARGUMENTS none
|
| 886 SFP Primary Cluster: Unused entities |
- BAD_EQ_TYPES none
- DEADCODE dead_case_in_switch
- DEADCODE dead_default_in_switch
- DEADCODE effectively_constant
- DEADCODE none
- DEADCODE redundant_test
- UNREACHABLE none
- UNUSED_VALUE adjacent
- UNUSED_VALUE none
|
- DEADCODE dead_case_in_switch
- DEADCODE dead_default_in_switch
- DEADCODE effectively_constant
- DEADCODE none
- DEADCODE redundant_test
- NO_EFFECT no_effect_test
- NO_EFFECT unsigned_compare
- NO_EFFECT unsigned_compare_macros
- NO_EFFECT unsigned_enums
- PW.UNSIGNED_COMPARE_WITH_NEGATIVE none
- UNREACHABLE none
- UNUSED_VALUE adjacent
- UNUSED_VALUE none
|
- DEADCODE dead_case_in_switch
- DEADCODE dead_default_in_switch
- DEADCODE effectively_constant
- DEADCODE none
- DEADCODE redundant_test
- NO_EFFECT no_effect_test
- NO_EFFECT unsigned_compare
- NO_EFFECT unsigned_compare_macros
- NO_EFFECT unsigned_enums
- PW.UNSIGNED_COMPARE_WITH_NEGATIVE none
- UNREACHABLE none
- UNUSED_VALUE adjacent
- UNUSED_VALUE none
|
- DEADCODE dead_case_in_switch
- DEADCODE dead_default_in_switch
- DEADCODE effectively_constant
- DEADCODE none
- DEADCODE redundant_test
- UNUSED_VALUE adjacent
- UNUSED_VALUE none
|
- DEADCODE dead_case_in_switch
- DEADCODE dead_default_in_switch
- DEADCODE effectively_constant
- DEADCODE none
- DEADCODE redundant_test
- FB.BC_IMPOSSIBLE_CAST none
- FB.BC_IMPOSSIBLE_DOWNCAST none
- FB.BC_IMPOSSIBLE_DOWNCAST_OF_TOARRAY none
- FB.BC_IMPOSSIBLE_INSTANCEOF none
- FB.BC_VACUOUS_INSTANCEOF none
- FB.DLS_DEAD_LOCAL_INCREMENT_IN_RETURN none
- FB.DLS_DEAD_LOCAL_STORE none
- FB.DLS_DEAD_LOCAL_STORE_IN_RETURN none
- FB.DLS_DEAD_LOCAL_STORE_OF_NULL none
- FB.DLS_DEAD_LOCAL_STORE_SHADOWS_FIELD none
- FB.DLS_DEAD_STORE_OF_CLASS_LITERAL none
- FB.DLS_OVERWRITTEN_INCREMENT none
- FB.IP_PARAMETER_IS_DEAD_BUT_OVERWRITTEN none
- UNREACHABLE none
- UNUSED_VALUE adjacent
- UNUSED_VALUE none
|
- DEADCODE none
- DEADCODE redundant_test
- UNREACHABLE none
|
|
- DEADCODE dead_case_in_switch
- DEADCODE dead_default_in_switch
- DEADCODE effectively_constant
- DEADCODE none
- DEADCODE redundant_test
- NO_EFFECT no_effect_test
- NO_EFFECT unsigned_compare
- NO_EFFECT unsigned_compare_macros
- NO_EFFECT unsigned_enums
- UNREACHABLE none
- UNUSED_VALUE adjacent
- UNUSED_VALUE none
|
- DEADCODE none
- DEADCODE redundant_test
- UNREACHABLE none
|
- DEADCODE none
- DEADCODE redundant_test
- UNREACHABLE none
|
- DEADCODE none
- DEADCODE redundant_test
- UNREACHABLE none
|
- DEADCODE dead_case_in_switch
- DEADCODE dead_default_in_switch
- DEADCODE effectively_constant
- DEADCODE none
- DEADCODE redundant_test
- UNREACHABLE none
|
- DEADCODE dead_case_in_switch
- DEADCODE dead_default_in_switch
- DEADCODE effectively_constant
- DEADCODE none
- DEADCODE redundant_test
|
- DEADCODE none
- DEADCODE redundant_test
- UNREACHABLE none
|
- DEADCODE dead_case_in_switch
- DEADCODE dead_default_in_switch
- DEADCODE effectively_constant
- DEADCODE none
- DEADCODE redundant_test
- UNREACHABLE none
|
| 887 SFP Primary Cluster: API |
- CALL_SUPER none
- MISSING_RESTORE likely
- MISSING_RESTORE none
- MISSING_RESTORE possible
- SWAPPED_ARGUMENTS none
|
- BAD_COMPARE comparator_misuse
- BAD_COMPARE none
- CHECKED_RETURN library_function
- CHECKED_RETURN none
- CHECKED_RETURN returns_error_info
- CHECKED_RETURN short_read
- CHECKED_RETURN unchecked_arg
- CHECKED_RETURN user_required
- CHROOT none
- COM.BSTR.ALLOC double_free
- DC.PREDICTABLE_KEY_PASSWORD none
- DC.STREAM_BUFFER none
- DC.STRING_BUFFER none
- DC.WEAK_CRYPTO none
- DELETE_VOID none
- EVALUATION_ORDER none
- INCOMPATIBLE_CAST endianness
- INVALIDATE_ITERATOR none
- LOCK double_lock
- LOCK lock_assert
- MISSING_RESTORE likely
- MISSING_RESTORE none
- MISSING_RESTORE possible
- NEGATIVE_RETURNS critical_argument
- OPEN_ARGS none
- PRINTF_ARGS extra_printf_arg
- PRINTF_ARGS invalid_printf_format_string
- PRINTF_ARGS invalid_type_printf_arg
- PRINTF_ARGS missing_printf_arg
- PW.BAD_PRINTF_FORMAT_STRING none
- PW.TOO_FEW_PRINTF_ARGS none
- PW.TOO_MANY_PRINTF_ARGS none
- SECURE_CODING none
- SWAPPED_ARGUMENTS none
- UNCAUGHT_EXCEPT none
- USE_AFTER_FREE double_free
- VARARGS none
- WEAK_GUARD dns
- WEAK_GUARD dns_sensitive_op
|
- BAD_COMPARE comparator_misuse
- BAD_COMPARE none
- CHECKED_RETURN library_function
- CHECKED_RETURN none
- CHECKED_RETURN returns_error_info
- CHECKED_RETURN short_read
- CHECKED_RETURN unchecked_arg
- CHECKED_RETURN user_required
- CHROOT none
- DC.PREDICTABLE_KEY_PASSWORD none
- DC.STREAM_BUFFER none
- DC.STRING_BUFFER none
- DC.WEAK_CRYPTO none
- DELETE_VOID none
- EVALUATION_ORDER none
- INCOMPATIBLE_CAST endianness
- INVALIDATE_ITERATOR none
- LOCK double_lock
- LOCK lock_assert
- MISSING_RESTORE likely
- MISSING_RESTORE none
- MISSING_RESTORE possible
- NEGATIVE_RETURNS critical_argument
- OPEN_ARGS none
- PRINTF_ARGS extra_printf_arg
- PRINTF_ARGS invalid_printf_format_string
- PRINTF_ARGS invalid_type_printf_arg
- PRINTF_ARGS missing_printf_arg
- PW.BAD_PRINTF_FORMAT_STRING none
- PW.TOO_FEW_PRINTF_ARGS none
- PW.TOO_MANY_PRINTF_ARGS none
- SECURE_CODING none
- SWAPPED_ARGUMENTS none
- UNCAUGHT_EXCEPT none
- USE_AFTER_FREE double_free
- VARARGS none
- WEAK_GUARD dns
- WEAK_GUARD dns_sensitive_op
|
- CHECKED_RETURN none
- CHECKED_RETURN unchecked_arg
- LOCK double_lock
- LOCK lock_assert
|
- ATTRIBUTE_NAME_CONFLICT jsp_tag
- BAD_CERT_VERIFICATION bad_trust_manager
- CALL_SUPER clone
- CALL_SUPER finalize
- CALL_SUPER none
- CHECKED_RETURN library_function
- CHECKED_RETURN none
- CHECKED_RETURN short_read
- CHECKED_RETURN user_required
- CONFIG.HTTP_VERB_TAMPERING none
- DC.DANGEROUS none
- FB.AM_CREATES_EMPTY_JAR_FILE_ENTRY none
- FB.AM_CREATES_EMPTY_ZIP_FILE_ENTRY none
- FB.CN_IDIOM none
- FB.CN_IDIOM_NO_SUPER_CALL none
- FB.CN_IMPLEMENTS_CLONE_BUT_NOT_CLONEABLE none
- FB.DMI_ANNOTATION_IS_NOT_VISIBLE_TO_REFLECTION none
- FB.DMI_ARGUMENTS_WRONG_ORDER none
- FB.DMI_BAD_MONTH none
- FB.DMI_BIGDECIMAL_CONSTRUCTED_FROM_DOUBLE none
- FB.DMI_BLOCKING_METHODS_ON_URL none
- FB.DMI_CALLING_NEXT_FROM_HASNEXT none
- FB.DMI_COLLECTIONS_SHOULD_NOT_CONTAIN_THEMSELVES none
- FB.DMI_COLLECTION_OF_URLS none
- FB.DMI_DOH none
- FB.DMI_ENTRY_SETS_MAY_REUSE_ENTRY_OBJECTS none
- FB.DMI_FUTILE_ATTEMPT_TO_CHANGE_MAXPOOL_SIZE_OF_SCHEDULED_THREAD none
- FB.DMI_HARDCODED_ABSOLUTE_FILENAME none
- FB.DMI_INVOKING_HASHCODE_ON_ARRAY none
- FB.DMI_INVOKING_TOSTRING_ON_ANONYMOUS_ARRAY none
- FB.DMI_INVOKING_TOSTRING_ON_ARRAY none
- FB.DMI_LONG_BITS_TO_DOUBLE_INVOKED_ON_INT none
- FB.DMI_NONSERIALIZABLE_OBJECT_WRITTEN none
- FB.DMI_RANDOM_USED_ONLY_ONCE none
- FB.DMI_SCHEDULED_THREAD_POOL_EXECUTOR_WITH_ZERO_CORE_THREADS none
- FB.DMI_THREAD_PASSED_WHERE_RUNNABLE_EXPECTED none
- FB.DMI_UNSUPPORTED_METHOD none
- FB.DMI_USELESS_SUBSTRING none
- FB.DMI_USING_REMOVEALL_TO_CLEAR_COLLECTION none
- FB.DMI_VACUOUS_CALL_TO_EASYMOCK_METHOD none
- FB.DMI_VACUOUS_SELF_COLLECTION_CALL none
- FB.DM_EXIT none
- FB.FI_EMPTY none
- FB.FI_EXPLICIT_INVOCATION none
- FB.FI_FINALIZER_NULLS_FIELDS none
- FB.FI_FINALIZER_ONLY_NULLS_FIELDS none
- FB.FI_MISSING_SUPER_CALL none
- FB.FI_NULLIFY_SUPER none
- FB.FI_USELESS none
- FB.J2EE_STORE_OF_NON_SERIALIZABLE_OBJECT_INTO_SESSION none
- FB.RU_INVOKE_RUN none
- FB.RV_01_TO_INT none
- FB.RV_ABSOLUTE_VALUE_OF_HASHCODE none
- FB.RV_ABSOLUTE_VALUE_OF_RANDOM_INT none
- FB.RV_CHECK_COMPARETO_FOR_SPECIFIC_RETURN_VALUE none
- FB.RV_CHECK_FOR_POSITIVE_INDEXOF none
- FB.RV_DONT_JUST_NULL_CHECK_READLINE none
- FB.RV_EXCEPTION_NOT_THROWN none
- FB.RV_NEGATING_RESULT_OF_COMPARETO none
- FB.RV_REM_OF_HASHCODE none
- FB.RV_REM_OF_RANDOM_INT none
- FB.RV_RETURN_VALUE_IGNORED none
- FB.RV_RETURN_VALUE_IGNORED2 none
- FB.RV_RETURN_VALUE_IGNORED_BAD_PRACTICE none
- FB.RV_RETURN_VALUE_IGNORED_INFERRED none
- FB.RV_RETURN_VALUE_IGNORED_NO_SIDE_EFFECT none
- FB.RV_RETURN_VALUE_OF_PUTIFABSENT_IGNORED none
- INSECURE_HTTP_FIREWALL spring_security
- INVALIDATE_ITERATOR map_put
- INVALIDATE_ITERATOR none
- MISSING_RESTORE likely
- MISSING_RESTORE none
- MISSING_RESTORE possible
- ORM_LOAD_NULL_CHECK none
- SWAPPED_ARGUMENTS none
- WEAK_GUARD dns
- WEAK_GUARD dns_sensitive_op
|
- EXPLICIT_THIS_EXPECTED none
- IDENTIFIER_TYPO none
|
- BAD_CERT_VERIFICATION bad_trust_manager
|
- BAD_COMPARE comparator_misuse
- BAD_COMPARE none
- CHECKED_RETURN library_function
- CHECKED_RETURN none
- CHECKED_RETURN short_read
- CHECKED_RETURN unchecked_arg
- CHECKED_RETURN user_required
- CHROOT none
- DC.PREDICTABLE_KEY_PASSWORD none
- DC.STREAM_BUFFER none
- DC.STRING_BUFFER none
- DC.WEAK_CRYPTO none
- DELETE_VOID none
- EVALUATION_ORDER none
- INCOMPATIBLE_CAST endianness
- INVALIDATE_ITERATOR none
- LOCK double_lock
- LOCK lock_assert
- MISSING_RESTORE likely
- MISSING_RESTORE none
- MISSING_RESTORE possible
- NEGATIVE_RETURNS critical_argument
- OPEN_ARGS none
- PRINTF_ARGS extra_printf_arg
- PRINTF_ARGS invalid_printf_format_string
- PRINTF_ARGS invalid_type_printf_arg
- PRINTF_ARGS missing_printf_arg
- SECURE_CODING none
- SWAPPED_ARGUMENTS none
- UNCAUGHT_EXCEPT none
- USE_AFTER_FREE double_free
- VARARGS none
- WEAK_GUARD dns
- WEAK_GUARD dns_sensitive_op
|
|
|
|
|
- BAD_CERT_VERIFICATION bad_trust_manager
|
- EXPLICIT_THIS_EXPECTED none
- IDENTIFIER_TYPO none
|
- CALL_SUPER none
- SWAPPED_ARGUMENTS none
|
| 888 Software Fault Pattern (SFP) Clusters |
- ASPNET_MVC_VERSION_HEADER none
- BAD_EQ referential
- BAD_EQ_TYPES none
- BAD_LOCK_OBJECT boxed_lock
- BAD_LOCK_OBJECT interned_string_lock
- BAD_LOCK_OBJECT none
- BAD_LOCK_OBJECT single_thread_lock
- BAD_LOCK_OBJECT unsafe_assign_to_locked_field
- CALL_SUPER none
- CONFIG.ASPNET_VERSION_HEADER none
- CONFIG.CONNECTION_STRING_PASSWORD none
- CONFIG.COOKIES_MISSING_HTTPONLY none
- CONFIG.DEAD_AUTHORIZATION_RULE dead_allow_rule
- CONFIG.DEAD_AUTHORIZATION_RULE dead_deny_rule
- CONFIG.DYNAMIC_DATA_HTML_COMMENT none
- CONFIG.ENABLED_DEBUG_MODE none
- CONFIG.ENABLED_TRACE_MODE none
- CONFIG.MISSING_CUSTOM_ERROR_PAGE none
- CONSTANT_EXPRESSION_RESULT bit_and_with_zero
- CONSTANT_EXPRESSION_RESULT extra_high_bits
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT missing_parentheses
- CONSTANT_EXPRESSION_RESULT none
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT result_independent_of_operands
- CONSTANT_EXPRESSION_RESULT same_on_both_sides
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- COPY_PASTE_ERROR none
- CSRF database_update
- CSRF filesystem_modification
- CSRF none
- DEADCODE dead_case_in_switch
- DEADCODE dead_default_in_switch
- DEADCODE effectively_constant
- DEADCODE none
- DEADCODE redundant_test
- DIVIDE_BY_ZERO float_divisor
- DIVIDE_BY_ZERO none
- FORWARD_NULL deref_constant_null
- FORWARD_NULL deref_constant_zero
- FORWARD_NULL dynamic_cast
- FORWARD_NULL none
- FORWARD_NULL null_from_as
- FORWARD_NULL throws_on_null
- GUARDED_BY_VIOLATION none
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HEADER_INJECTION none
- IDENTICAL_BRANCHES case
- IDENTICAL_BRANCHES chain
- IDENTICAL_BRANCHES if
- IDENTICAL_BRANCHES ternary
- INFINITE_LOOP no_escape
- INFINITE_LOOP none
- INSECURE_COOKIE dotnet
- INSECURE_RANDOM insecure_random_used
- INSECURE_RANDOM insecure_random_value
- LDAP_INJECTION none
- LDAP_NOT_CONSTANT none
- LOCK_EVASION none
- LOCK_INVERSION none
- LOG_INJECTION none
- MISSING_AUTHZ none
- MISSING_RESTORE likely
- MISSING_RESTORE none
- MISSING_RESTORE possible
- MISSING_THROW none
- NESTING_INDENT_MISMATCH bad_indentation
- NESTING_INDENT_MISMATCH none
- NON_STATIC_GUARDING_STATIC none
- NOSQL_QUERY_INJECTION none
- NULL_RETURNS none
- NULL_RETURNS unimpl
- OPEN_REDIRECT none
- OS_CMD_INJECTION command_argument
- OS_CMD_INJECTION executable_file
- OS_CMD_INJECTION none
- OVERFLOW_BEFORE_WIDEN none
- PATH_MANIPULATION none
- PROPERTY_MIXUP none
- REGEX_INJECTION none
- RESOURCE_LEAK channel
- RESOURCE_LEAK database
- RESOURCE_LEAK exceptional_path
- RESOURCE_LEAK none
- RESOURCE_LEAK socket
- RESOURCE_LEAK stream
- REVERSE_INULL none
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
- STRAY_SEMICOLON none
- SWAPPED_ARGUMENTS none
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- UNEXPECTED_CONTROL_FLOW continue_in_do_while_false
- UNKNOWN_LANGUAGE_INJECTION none
- UNLOGGED_SECURITY_EXCEPTION unlogged_security_exception
- UNREACHABLE none
- UNRESTRICTED_DISPATCH none
- UNSAFE_DESERIALIZATION none
- UNSAFE_NAMED_QUERY none
- UNUSED_VALUE adjacent
- UNUSED_VALUE none
- VOLATILE_ATOMICITY compare
- VOLATILE_ATOMICITY none
- VOLATILE_ATOMICITY semantic
- VOLATILE_ATOMICITY threshold
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
- XML_EXTERNAL_ENTITY entity_expansion
- XML_EXTERNAL_ENTITY external_entities
- XML_EXTERNAL_ENTITY unrestricted_dtds
- XML_INJECTION none
- XPATH_INJECTION none
- XSS none
- XSS stored_xss
|
- ALLOC_FREE_MISMATCH none
- ARRAY_VS_SINGLETON none
- ASSIGN_NOT_RETURNING_STAR_THIS indirect
- ASSIGN_NOT_RETURNING_STAR_THIS none
- ASSIGN_NOT_RETURNING_STAR_THIS usable_for_chained_assignment
- ATOMICITY none
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK nested_memory_access
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK sensitive_data_comparison
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_execution_data_leak
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_uninitialized_use
- AUTOSAR C++14 A15-3-3 none
- BAD_ALLOC_ARITHMETIC none
- BAD_ALLOC_STRLEN none
- BAD_COMPARE comparator_misuse
- BAD_COMPARE misuse_of_not
- BAD_COMPARE none
- BAD_COMPARE string_lit_comparison
- BAD_FREE address
- BAD_FREE alloca
- BAD_FREE array
- BAD_FREE first_field_address
- BAD_FREE function_pointer
- BAD_FREE none
- BAD_OVERRIDE none
- BAD_SIZEOF none
- BAD_SIZEOF sizeof_ptr_expr
- BUFFER_SIZE fixed_size_dest
- BUFFER_SIZE likely_overflow
- BUFFER_SIZE no_null_terminator
- BUFFER_SIZE no_null_terminator_warn
- BUFFER_SIZE none
- BUFFER_SIZE overflow
- BUFFER_SIZE overlapping_buffer
- CHAR_IO none
- CHECKED_RETURN library_function
- CHECKED_RETURN none
- CHECKED_RETURN returns_error_info
- CHECKED_RETURN short_read
- CHECKED_RETURN unchecked_arg
- CHECKED_RETURN user_required
- CHROOT none
- COM.ADDROF_LEAK none
- COM.BAD_FREE none
- COM.BSTR.ALLOC double_free
- COM.BSTR.ALLOC free_uninit
- COM.BSTR.ALLOC leak
- COM.BSTR.ALLOC none
- COM.BSTR.ALLOC use_after_free
- COM.BSTR.ALLOC use_uninit
- COM.BSTR.CONV none
- CONSTANT_EXPRESSION_RESULT bit_and_with_zero
- CONSTANT_EXPRESSION_RESULT extra_high_bits
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT missing_parentheses
- CONSTANT_EXPRESSION_RESULT none
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT pointless_string_compare
- CONSTANT_EXPRESSION_RESULT result_independent_of_operands
- CONSTANT_EXPRESSION_RESULT same_on_both_sides
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- COPY_PASTE_ERROR none
- CTOR_DTOR_LEAK none
- DC.PREDICTABLE_KEY_PASSWORD none
- DC.STREAM_BUFFER none
- DC.STRING_BUFFER none
- DC.WEAK_CRYPTO none
- DEADCODE dead_case_in_switch
- DEADCODE dead_default_in_switch
- DEADCODE effectively_constant
- DEADCODE none
- DEADCODE redundant_test
- DELETE_ARRAY non_array_delete
- DELETE_ARRAY none
- DELETE_ARRAY object
- DELETE_ARRAY scalar
- DELETE_VOID none
- DIVIDE_BY_ZERO float_divisor
- DIVIDE_BY_ZERO none
- ENUM_AS_BOOLEAN none
- EVALUATION_ORDER none
- FORMAT_STRING_INJECTION none
- FORMAT_STRING_INJECTION paranoid
- FORWARD_NULL deref_constant_null
- FORWARD_NULL dynamic_cast
- FORWARD_NULL none
- FORWARD_NULL throws_on_null
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HEADER_INJECTION none
- HFA none
- IDENTICAL_BRANCHES case
- IDENTICAL_BRANCHES chain
- IDENTICAL_BRANCHES if
- IDENTICAL_BRANCHES ternary
- INCOMPATIBLE_CAST endianness
- INCOMPATIBLE_CAST float_vs_integral
- INCOMPATIBLE_CAST none
- INCOMPATIBLE_CAST overrun
- INFINITE_LOOP no_escape
- INFINITE_LOOP none
- INTEGER_OVERFLOW array_index_read
- INTEGER_OVERFLOW array_index_write
- INTEGER_OVERFLOW const_overflow
- INTEGER_OVERFLOW critical_argument
- INTEGER_OVERFLOW none
- INTEGER_OVERFLOW pointer_deref_read
- INTEGER_OVERFLOW pointer_deref_write
- INTEGER_OVERFLOW return_value_error
- INVALIDATE_ITERATOR none
- LOCK double_lock
- LOCK lock_assert
- LOCK missing_unlock
- LOCK none
- MISMATCHED_ITERATOR mismatched_comparison
- MISMATCHED_ITERATOR none
- MISMATCHED_ITERATOR splice_iterator_mismatch
- MISRA C++-2008 Rule 15-3-2 none
- MISRA_CAST bitwise_op_bad_cast
- MISRA_CAST bitwise_op_no_cast
- MISRA_CAST float_complex_conversion
- MISRA_CAST float_narrowing_conversion
- MISRA_CAST float_non_constant_arg_conversion
- MISRA_CAST float_non_constant_conversion
- MISRA_CAST float_non_constant_rtn_conversion
- MISRA_CAST float_to_integer_cast
- MISRA_CAST float_to_integer_conversion
- MISRA_CAST float_widening_cast
- MISRA_CAST integer_complex_conversion
- MISRA_CAST integer_narrowing_conversion
- MISRA_CAST integer_non_constant_arg_conversion
- MISRA_CAST integer_non_constant_conversion
- MISRA_CAST integer_non_constant_rtn_conversion
- MISRA_CAST integer_signedness_changing_cast
- MISRA_CAST integer_signedness_changing_conversion
- MISRA_CAST integer_to_float_cast
- MISRA_CAST integer_to_float_conversion
- MISRA_CAST integer_widening_cast
- MISRA_CAST none
- MISSING_ASSIGN none
- MISSING_ASSIGN uncalled
- MISSING_BREAK none
- MISSING_COPY none
- MISSING_COPY uncalled
- MISSING_LOCK none
- MISSING_RESTORE likely
- MISSING_RESTORE none
- MISSING_RESTORE possible
- MISSING_RETURN multiple_returns
- MISSING_RETURN none
- MIXED_ENUMS inferred
- MIXED_ENUMS none
- NEGATIVE_RETURNS array_index_read
- NEGATIVE_RETURNS array_index_write
- NEGATIVE_RETURNS critical_argument
- NEGATIVE_RETURNS loop_bound
- NEGATIVE_RETURNS none
- NESTING_INDENT_MISMATCH bad_indentation
- NESTING_INDENT_MISMATCH none
- NO_EFFECT array_null
- NO_EFFECT bad_memset_fill_value
- NO_EFFECT bad_memset_truncated_fill
- NO_EFFECT bad_memset_zero_size
- NO_EFFECT extra_comma
- NO_EFFECT incomplete_delete
- NO_EFFECT no_effect_deref
- NO_EFFECT no_effect_test
- NO_EFFECT self_assign
- NO_EFFECT static_through_instance
- NO_EFFECT unsigned_compare
- NO_EFFECT unsigned_compare_macros
- NO_EFFECT unsigned_enums
- NO_EFFECT useless_continue
- NULL_RETURNS none
- NULL_RETURNS unimpl
- OPEN_ARGS none
- ORDER_REVERSAL none
- OS_CMD_INJECTION none
- OVERFLOW_BEFORE_WIDEN none
- OVERRUN illegal_address
- OVERRUN none
- OVERRUN read
- OVERRUN strlen
- OVERRUN write
- PASS_BY_VALUE none
- PATH_MANIPULATION none
- PRINTF_ARGS extra_printf_arg
- PRINTF_ARGS invalid_printf_format_string
- PRINTF_ARGS invalid_type_printf_arg
- PRINTF_ARGS missing_printf_arg
- PW.* none
- PW.ASSIGN_WHERE_COMPARE_MEANT none
- PW.BAD_CAST none
- PW.BAD_PRINTF_FORMAT_STRING none
- PW.BRANCH_PAST_INITIALIZATION none
- PW.CONVERSION_TO_POINTER_LOSES_BITS none
- PW.DIVIDE_BY_ZERO none
- PW.INTEGER_OVERFLOW none
- PW.INTEGER_TOO_LARGE none
- PW.NON_CONST_PRINTF_FORMAT_STRING none
- PW.RETURN_PTR_TO_LOCAL_TEMP none
- PW.SHIFT_COUNT_TOO_LARGE none
- PW.TOO_FEW_PRINTF_ARGS none
- PW.TOO_MANY_PRINTF_ARGS none
- PW.UNSIGNED_COMPARE_WITH_NEGATIVE none
- READLINK none
- RESOURCE_LEAK exceptional_path
- RESOURCE_LEAK fds_handles
- RESOURCE_LEAK none
- RETURN_LOCAL escape_local_addr_to_fields_or_globals
- RETURN_LOCAL none
- REVERSE_INULL none
- REVERSE_NEGATIVE array_index_read
- REVERSE_NEGATIVE array_index_write
- REVERSE_NEGATIVE critical_argument
- REVERSE_NEGATIVE none
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SECURE_CODING none
- SECURE_TEMP none
- SELF_ASSIGN none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SIGN_EXTENSION none
- SIZECHECK ampersand_in_size
- SIZECHECK improper_new
- SIZECHECK incorrect_multiplication
- SIZECHECK likely_overflow
- SIZECHECK no_null_terminator
- SIZECHECK none
- SIZEOF_MISMATCH extra_sizeof
- SIZEOF_MISMATCH missing_parentheses
- SIZEOF_MISMATCH none
- SIZEOF_MISMATCH sizeof_punning
- SIZEOF_MISMATCH wrong_size_value
- SIZEOF_MISMATCH wrong_sizeof
- SLEEP none
- SQLI none
- STACK_USE none
- STRAY_SEMICOLON none
- STRING_NULL none
- STRING_OVERFLOW fixed_size_dest
- STRING_OVERFLOW likely_overflow
- STRING_OVERFLOW none
- STRING_SIZE none
- SWAPPED_ARGUMENTS none
- TAINTED_SCALAR allocation
- TAINTED_SCALAR array_index_read
- TAINTED_SCALAR array_index_write
- TAINTED_SCALAR critical_argument
- TAINTED_SCALAR divisor
- TAINTED_SCALAR loop_bound
- TAINTED_SCALAR none
- TAINTED_SCALAR pointer_deref_read
- TAINTED_SCALAR pointer_deref_write
- TAINTED_STRING none
- TOCTOU none
- UNCAUGHT_EXCEPT none
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- UNEXPECTED_CONTROL_FLOW continue_in_do_while_false
- UNINIT array_index_read
- UNINIT array_index_write
- UNINIT none
- UNINIT pointer_deref_read
- UNINIT pointer_deref_write
- UNINIT_CTOR none
- UNINIT_CTOR pointer
- UNREACHABLE none
- UNUSED_VALUE adjacent
- UNUSED_VALUE none
- URL_MANIPULATION none
- USER_POINTER none
- USE_AFTER_FREE deref_read_after_free
- USE_AFTER_FREE deref_write_after_free
- USE_AFTER_FREE double_close
- USE_AFTER_FREE double_free
- USE_AFTER_FREE none
- USE_AFTER_FREE use_after_close
- VARARGS none
- VIRTUAL_DTOR empty_dtor
- VIRTUAL_DTOR none
- WEAK_GUARD dns
- WEAK_GUARD dns_sensitive_op
- WEAK_GUARD http_referer
- WEAK_GUARD http_referer_sensitive_op
- WEAK_GUARD ip_address
- WEAK_GUARD ip_address_sensitive_op
- WEAK_GUARD none
- WEAK_GUARD os_login
- WEAK_GUARD os_login_sensitive_op
- WEAK_GUARD principal_name
- WEAK_GUARD principal_name_sensitive_op
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
- WRAPPER_ESCAPE COM_deref_read_after_free
- WRAPPER_ESCAPE COM_deref_write_after_free
- WRAPPER_ESCAPE COM_use_after_free
- WRAPPER_ESCAPE deref_read_after_free
- WRAPPER_ESCAPE deref_write_after_free
- WRAPPER_ESCAPE none
- XPATH_INJECTION none
- Y2K38_SAFETY declaration_with_small_time_t
- Y2K38_SAFETY truncation_of_time_t
|
- ALLOC_FREE_MISMATCH none
- ARRAY_VS_SINGLETON none
- ASSIGN_NOT_RETURNING_STAR_THIS indirect
- ASSIGN_NOT_RETURNING_STAR_THIS none
- ASSIGN_NOT_RETURNING_STAR_THIS usable_for_chained_assignment
- ATOMICITY none
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK nested_memory_access
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK sensitive_data_comparison
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_execution_data_leak
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_uninitialized_use
- AUTOSAR C++14 A15-3-3 none
- BAD_ALLOC_ARITHMETIC none
- BAD_ALLOC_STRLEN none
- BAD_COMPARE comparator_misuse
- BAD_COMPARE misuse_of_not
- BAD_COMPARE none
- BAD_COMPARE string_lit_comparison
- BAD_FREE address
- BAD_FREE alloca
- BAD_FREE array
- BAD_FREE first_field_address
- BAD_FREE function_pointer
- BAD_FREE none
- BAD_OVERRIDE none
- BAD_SIZEOF none
- BAD_SIZEOF sizeof_ptr_expr
- BUFFER_SIZE fixed_size_dest
- BUFFER_SIZE likely_overflow
- BUFFER_SIZE no_null_terminator
- BUFFER_SIZE no_null_terminator_warn
- BUFFER_SIZE none
- BUFFER_SIZE overflow
- BUFFER_SIZE overlapping_buffer
- CHAR_IO none
- CHECKED_RETURN library_function
- CHECKED_RETURN none
- CHECKED_RETURN returns_error_info
- CHECKED_RETURN short_read
- CHECKED_RETURN unchecked_arg
- CHECKED_RETURN user_required
- CHROOT none
- CONSTANT_EXPRESSION_RESULT bit_and_with_zero
- CONSTANT_EXPRESSION_RESULT extra_high_bits
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT missing_parentheses
- CONSTANT_EXPRESSION_RESULT none
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT pointless_string_compare
- CONSTANT_EXPRESSION_RESULT result_independent_of_operands
- CONSTANT_EXPRESSION_RESULT same_on_both_sides
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- COPY_PASTE_ERROR none
- CTOR_DTOR_LEAK none
- DC.PREDICTABLE_KEY_PASSWORD none
- DC.STREAM_BUFFER none
- DC.STRING_BUFFER none
- DC.WEAK_CRYPTO none
- DEADCODE dead_case_in_switch
- DEADCODE dead_default_in_switch
- DEADCODE effectively_constant
- DEADCODE none
- DEADCODE redundant_test
- DELETE_ARRAY non_array_delete
- DELETE_ARRAY none
- DELETE_ARRAY object
- DELETE_ARRAY scalar
- DELETE_VOID none
- DIVIDE_BY_ZERO float_divisor
- DIVIDE_BY_ZERO none
- ENUM_AS_BOOLEAN none
- EVALUATION_ORDER none
- FORMAT_STRING_INJECTION none
- FORMAT_STRING_INJECTION paranoid
- FORWARD_NULL deref_constant_null
- FORWARD_NULL dynamic_cast
- FORWARD_NULL none
- FORWARD_NULL throws_on_null
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HEADER_INJECTION none
- IDENTICAL_BRANCHES case
- IDENTICAL_BRANCHES chain
- IDENTICAL_BRANCHES if
- IDENTICAL_BRANCHES ternary
- INCOMPATIBLE_CAST endianness
- INCOMPATIBLE_CAST float_vs_integral
- INCOMPATIBLE_CAST none
- INCOMPATIBLE_CAST overrun
- INFINITE_LOOP no_escape
- INFINITE_LOOP none
- INTEGER_OVERFLOW array_index_read
- INTEGER_OVERFLOW array_index_write
- INTEGER_OVERFLOW const_overflow
- INTEGER_OVERFLOW critical_argument
- INTEGER_OVERFLOW none
- INTEGER_OVERFLOW pointer_deref_read
- INTEGER_OVERFLOW pointer_deref_write
- INTEGER_OVERFLOW return_value_error
- INVALIDATE_ITERATOR none
- LOCK double_lock
- LOCK lock_assert
- LOCK missing_unlock
- LOCK none
- MISMATCHED_ITERATOR mismatched_comparison
- MISMATCHED_ITERATOR none
- MISMATCHED_ITERATOR splice_iterator_mismatch
- MISRA C++-2008 Rule 15-3-2 none
- MISRA_CAST bitwise_op_bad_cast
- MISRA_CAST bitwise_op_no_cast
- MISRA_CAST float_complex_conversion
- MISRA_CAST float_narrowing_conversion
- MISRA_CAST float_non_constant_arg_conversion
- MISRA_CAST float_non_constant_conversion
- MISRA_CAST float_non_constant_rtn_conversion
- MISRA_CAST float_to_integer_cast
- MISRA_CAST float_to_integer_conversion
- MISRA_CAST float_widening_cast
- MISRA_CAST integer_complex_conversion
- MISRA_CAST integer_narrowing_conversion
- MISRA_CAST integer_non_constant_arg_conversion
- MISRA_CAST integer_non_constant_conversion
- MISRA_CAST integer_non_constant_rtn_conversion
- MISRA_CAST integer_signedness_changing_cast
- MISRA_CAST integer_signedness_changing_conversion
- MISRA_CAST integer_to_float_cast
- MISRA_CAST integer_to_float_conversion
- MISRA_CAST integer_widening_cast
- MISRA_CAST none
- MISSING_ASSIGN none
- MISSING_ASSIGN uncalled
- MISSING_BREAK none
- MISSING_COPY none
- MISSING_COPY uncalled
- MISSING_LOCK none
- MISSING_RESTORE likely
- MISSING_RESTORE none
- MISSING_RESTORE possible
- MISSING_RETURN multiple_returns
- MISSING_RETURN none
- MIXED_ENUMS inferred
- MIXED_ENUMS none
- NEGATIVE_RETURNS array_index_read
- NEGATIVE_RETURNS array_index_write
- NEGATIVE_RETURNS critical_argument
- NEGATIVE_RETURNS loop_bound
- NEGATIVE_RETURNS none
- NESTING_INDENT_MISMATCH bad_indentation
- NESTING_INDENT_MISMATCH none
- NO_EFFECT array_null
- NO_EFFECT bad_memset_fill_value
- NO_EFFECT bad_memset_truncated_fill
- NO_EFFECT bad_memset_zero_size
- NO_EFFECT extra_comma
- NO_EFFECT incomplete_delete
- NO_EFFECT no_effect_deref
- NO_EFFECT no_effect_test
- NO_EFFECT self_assign
- NO_EFFECT static_through_instance
- NO_EFFECT unsigned_compare
- NO_EFFECT unsigned_compare_macros
- NO_EFFECT unsigned_enums
- NO_EFFECT useless_continue
- NULL_RETURNS none
- NULL_RETURNS unimpl
- OPEN_ARGS none
- ORDER_REVERSAL none
- OS_CMD_INJECTION none
- OVERFLOW_BEFORE_WIDEN none
- OVERRUN illegal_address
- OVERRUN none
- OVERRUN read
- OVERRUN strlen
- OVERRUN write
- PASS_BY_VALUE none
- PATH_MANIPULATION none
- PRINTF_ARGS extra_printf_arg
- PRINTF_ARGS invalid_printf_format_string
- PRINTF_ARGS invalid_type_printf_arg
- PRINTF_ARGS missing_printf_arg
- PW.* none
- PW.ASSIGN_WHERE_COMPARE_MEANT none
- PW.BAD_CAST none
- PW.BAD_PRINTF_FORMAT_STRING none
- PW.BRANCH_PAST_INITIALIZATION none
- PW.CONVERSION_TO_POINTER_LOSES_BITS none
- PW.DIVIDE_BY_ZERO none
- PW.INTEGER_OVERFLOW none
- PW.INTEGER_TOO_LARGE none
- PW.NON_CONST_PRINTF_FORMAT_STRING none
- PW.RETURN_PTR_TO_LOCAL_TEMP none
- PW.SHIFT_COUNT_TOO_LARGE none
- PW.TOO_FEW_PRINTF_ARGS none
- PW.TOO_MANY_PRINTF_ARGS none
- PW.UNSIGNED_COMPARE_WITH_NEGATIVE none
- READLINK none
- RESOURCE_LEAK exceptional_path
- RESOURCE_LEAK fds_handles
- RESOURCE_LEAK none
- RETURN_LOCAL escape_local_addr_to_fields_or_globals
- RETURN_LOCAL none
- REVERSE_INULL none
- REVERSE_NEGATIVE array_index_read
- REVERSE_NEGATIVE array_index_write
- REVERSE_NEGATIVE critical_argument
- REVERSE_NEGATIVE none
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SECURE_CODING none
- SECURE_TEMP none
- SELF_ASSIGN none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SIGN_EXTENSION none
- SIZECHECK ampersand_in_size
- SIZECHECK improper_new
- SIZECHECK incorrect_multiplication
- SIZECHECK likely_overflow
- SIZECHECK no_null_terminator
- SIZECHECK none
- SIZEOF_MISMATCH extra_sizeof
- SIZEOF_MISMATCH missing_parentheses
- SIZEOF_MISMATCH none
- SIZEOF_MISMATCH sizeof_punning
- SIZEOF_MISMATCH wrong_size_value
- SIZEOF_MISMATCH wrong_sizeof
- SLEEP none
- SQLI none
- STACK_USE none
- STRAY_SEMICOLON none
- STRING_NULL none
- STRING_OVERFLOW fixed_size_dest
- STRING_OVERFLOW likely_overflow
- STRING_OVERFLOW none
- STRING_SIZE none
- SWAPPED_ARGUMENTS none
- TAINTED_SCALAR allocation
- TAINTED_SCALAR array_index_read
- TAINTED_SCALAR array_index_write
- TAINTED_SCALAR critical_argument
- TAINTED_SCALAR divisor
- TAINTED_SCALAR loop_bound
- TAINTED_SCALAR none
- TAINTED_SCALAR pointer_deref_read
- TAINTED_SCALAR pointer_deref_write
- TAINTED_STRING none
- TOCTOU none
- UNCAUGHT_EXCEPT none
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- UNEXPECTED_CONTROL_FLOW continue_in_do_while_false
- UNINIT array_index_read
- UNINIT array_index_write
- UNINIT none
- UNINIT pointer_deref_read
- UNINIT pointer_deref_write
- UNINIT_CTOR none
- UNINIT_CTOR pointer
- UNREACHABLE none
- UNUSED_VALUE adjacent
- UNUSED_VALUE none
- URL_MANIPULATION none
- USER_POINTER none
- USE_AFTER_FREE deref_read_after_free
- USE_AFTER_FREE deref_write_after_free
- USE_AFTER_FREE double_close
- USE_AFTER_FREE double_free
- USE_AFTER_FREE none
- USE_AFTER_FREE use_after_close
- VARARGS none
- VIRTUAL_DTOR empty_dtor
- VIRTUAL_DTOR none
- WEAK_GUARD dns
- WEAK_GUARD dns_sensitive_op
- WEAK_GUARD http_referer
- WEAK_GUARD http_referer_sensitive_op
- WEAK_GUARD ip_address
- WEAK_GUARD ip_address_sensitive_op
- WEAK_GUARD none
- WEAK_GUARD os_login
- WEAK_GUARD os_login_sensitive_op
- WEAK_GUARD principal_name
- WEAK_GUARD principal_name_sensitive_op
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
- WRAPPER_ESCAPE COM_deref_read_after_free
- WRAPPER_ESCAPE COM_deref_write_after_free
- WRAPPER_ESCAPE COM_use_after_free
- WRAPPER_ESCAPE deref_read_after_free
- WRAPPER_ESCAPE deref_write_after_free
- WRAPPER_ESCAPE none
- XPATH_INJECTION none
|
- ATOMICITY none
- CHECKED_RETURN none
- CHECKED_RETURN unchecked_arg
- CONSTANT_EXPRESSION_RESULT bit_and_with_zero
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT missing_parentheses
- CONSTANT_EXPRESSION_RESULT none
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT result_independent_of_operands
- CONSTANT_EXPRESSION_RESULT same_on_both_sides
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- COPY_PASTE_ERROR none
- DEADCODE dead_case_in_switch
- DEADCODE dead_default_in_switch
- DEADCODE effectively_constant
- DEADCODE none
- DEADCODE redundant_test
- DISTRUSTED_DATA_DESERIALIZATION none
- DIVIDE_BY_ZERO float_divisor
- DIVIDE_BY_ZERO none
- FORWARD_NULL deref_constant_null
- FORWARD_NULL none
- GUARDED_BY_VIOLATION none
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HEADER_INJECTION none
- IDENTICAL_BRANCHES case
- IDENTICAL_BRANCHES chain
- IDENTICAL_BRANCHES if
- IDENTICAL_BRANCHES ternary
- INFINITE_LOOP no_escape
- INFINITE_LOOP none
- INSUFFICIENT_LOGGING logging_obligation
- LOCK double_lock
- LOCK lock_assert
- LOCK missing_unlock
- LOCK none
- LOCK_INVERSION none
- NOSQL_QUERY_INJECTION none
- NULL_RETURNS none
- NULL_RETURNS unimpl
- OPEN_REDIRECT none
- OS_CMD_INJECTION command_as_one_string
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- REVERSE_INULL none
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SLEEP none
- SQLI none
- SQLI nosink
- SQLI sink
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
- TEMPLATE_INJECTION none
- UNUSED_VALUE adjacent
- UNUSED_VALUE none
- URL_MANIPULATION none
- XML_EXTERNAL_ENTITY entity_expansion
- XML_EXTERNAL_ENTITY external_entities
- XSS none
|
- ANDROID_CAPABILITY_LEAK none
- ANDROID_DEBUG_MODE none
- ANDROID_WEBVIEW_FILEACCESS android_webview_file_access
- ATOMICITY none
- ATTRIBUTE_NAME_CONFLICT jsp_tag
- BAD_CERT_VERIFICATION bad_hostname_verifier
- BAD_CERT_VERIFICATION bad_revocation_check
- BAD_CERT_VERIFICATION bad_ssl_session
- BAD_CERT_VERIFICATION bad_trust_manager
- BAD_LOCK_OBJECT boxed_lock
- BAD_LOCK_OBJECT interned_string_lock
- BAD_LOCK_OBJECT none
- BAD_LOCK_OBJECT single_thread_lock
- BAD_LOCK_OBJECT unsafe_assign_to_locked_field
- CALL_SUPER clone
- CALL_SUPER finalize
- CALL_SUPER none
- CHECKED_RETURN library_function
- CHECKED_RETURN none
- CHECKED_RETURN short_read
- CHECKED_RETURN user_required
- CONFIG.ANDROID_BACKUPS_ALLOWED android
- CONFIG.DWR_DEBUG_MODE none
- CONFIG.DYNAMIC_DATA_HTML_COMMENT none
- CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
- CONFIG.HTTP_VERB_TAMPERING none
- CONFIG.JAVAEE_MISSING_HTTPONLY none
- CONFIG.JAVAEE_MISSING_SERVLET_MAPPING javaee
- CONFIG.MISSING_GLOBAL_EXCEPTION_HANDLER none
- CONFIG.MISSING_JSF2_SECURITY_CONSTRAINT none
- CONFIG.MYBATIS_MAPPER_SQLI none
- CONFIG.SPRING_BOOT_SENSITIVE_LOGGING spring_boot_logging
- CONFIG.SPRING_BOOT_SSL_DISABLED spring_boot_certificate_validation_skipped
- CONFIG.SPRING_BOOT_SSL_DISABLED spring_boot_ssl_disabled
- CONFIG.SPRING_SECURITY_CSRF_PROTECTION_DISABLED spring_security
- CONFIG.SPRING_SECURITY_DEBUG_MODE spring_debug_mode_enabled
- CONFIG.SPRING_SECURITY_DEPRECATED_XSS_HEADER deprecated_xss_header
- CONFIG.SPRING_SECURITY_DISABLE_AUTH_TAGS none
- CONFIG.SPRING_SECURITY_EXPOSED_SESSIONID session_id_in_url
- CONFIG.SPRING_SECURITY_HARDCODED_CREDENTIALS none
- CONFIG.SPRING_SECURITY_LOGIN_OVER_HTTP spring_security_login_over_http
- CONFIG.SPRING_SECURITY_REMEMBER_ME_HARDCODED_KEY none
- CONFIG.SPRING_SECURITY_SESSION_FIXATION none
- CONFIG.SPRING_SECURITY_SESSION_FIXATION spring_security_source_code
- CONFIG.SPRING_SECURITY_UNSAFE_AUTHENTICATION_FILTER authentication_filter
- CONFIG.SPRING_SECURITY_WEAK_PASSWORD_HASH weak_encoding_for_password
- CONFIG.STRUTS2_CONFIG_BROWSER_PLUGIN none
- CONFIG.STRUTS2_DYNAMIC_METHOD_INVOCATION none
- CONFIG.STRUTS2_ENABLED_DEV_MODE none
- CONFIG.UNSAFE_SESSION_TIMEOUT none
- CONSTANT_EXPRESSION_RESULT bit_and_with_zero
- CONSTANT_EXPRESSION_RESULT extra_high_bits
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT missing_parentheses
- CONSTANT_EXPRESSION_RESULT none
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT result_independent_of_operands
- CONSTANT_EXPRESSION_RESULT same_on_both_sides
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- COPY_PASTE_ERROR none
- CORS_MISCONFIGURATION cors_with_credentials_http_origin
- CORS_MISCONFIGURATION cors_with_credentials_null_origin
- CORS_MISCONFIGURATION_AUDIT cors_expose_sensitive_header
- CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
- CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
- CSRF database_update
- CSRF filesystem_modification
- CSRF none
- DC.DANGEROUS none
- DC.DEADLOCK none
- DEADCODE dead_case_in_switch
- DEADCODE dead_default_in_switch
- DEADCODE effectively_constant
- DEADCODE none
- DEADCODE redundant_test
- DISABLED_ENCRYPTION text_encryptor
- DIVIDE_BY_ZERO float_divisor
- DIVIDE_BY_ZERO none
- EL_INJECTION none
- EXPOSED_PREFERENCES none
- FB.AM_CREATES_EMPTY_JAR_FILE_ENTRY none
- FB.AM_CREATES_EMPTY_ZIP_FILE_ENTRY none
- FB.BC_IMPOSSIBLE_CAST none
- FB.BC_IMPOSSIBLE_DOWNCAST none
- FB.BC_IMPOSSIBLE_DOWNCAST_OF_TOARRAY none
- FB.BC_IMPOSSIBLE_INSTANCEOF none
- FB.BC_NULL_INSTANCEOF none
- FB.BC_VACUOUS_INSTANCEOF none
- FB.BX_BOXING_IMMEDIATELY_UNBOXED_TO_PERFORM_COERCION none
- FB.CN_IDIOM none
- FB.CN_IDIOM_NO_SUPER_CALL none
- FB.CN_IMPLEMENTS_CLONE_BUT_NOT_CLONEABLE none
- FB.DC_DOUBLECHECK none
- FB.DC_PARTIALLY_CONSTRUCTED none
- FB.DE_MIGHT_DROP none
- FB.DE_MIGHT_IGNORE none
- FB.DLS_DEAD_LOCAL_INCREMENT_IN_RETURN none
- FB.DLS_DEAD_LOCAL_STORE none
- FB.DLS_DEAD_LOCAL_STORE_IN_RETURN none
- FB.DLS_DEAD_LOCAL_STORE_OF_NULL none
- FB.DLS_DEAD_LOCAL_STORE_SHADOWS_FIELD none
- FB.DLS_DEAD_STORE_OF_CLASS_LITERAL none
- FB.DLS_OVERWRITTEN_INCREMENT none
- FB.DMI_ANNOTATION_IS_NOT_VISIBLE_TO_REFLECTION none
- FB.DMI_ARGUMENTS_WRONG_ORDER none
- FB.DMI_BAD_MONTH none
- FB.DMI_BIGDECIMAL_CONSTRUCTED_FROM_DOUBLE none
- FB.DMI_BLOCKING_METHODS_ON_URL none
- FB.DMI_CALLING_NEXT_FROM_HASNEXT none
- FB.DMI_COLLECTIONS_SHOULD_NOT_CONTAIN_THEMSELVES none
- FB.DMI_COLLECTION_OF_URLS none
- FB.DMI_CONSTANT_DB_PASSWORD none
- FB.DMI_DOH none
- FB.DMI_EMPTY_DB_PASSWORD none
- FB.DMI_ENTRY_SETS_MAY_REUSE_ENTRY_OBJECTS none
- FB.DMI_FUTILE_ATTEMPT_TO_CHANGE_MAXPOOL_SIZE_OF_SCHEDULED_THREAD none
- FB.DMI_HARDCODED_ABSOLUTE_FILENAME none
- FB.DMI_INVOKING_HASHCODE_ON_ARRAY none
- FB.DMI_INVOKING_TOSTRING_ON_ANONYMOUS_ARRAY none
- FB.DMI_INVOKING_TOSTRING_ON_ARRAY none
- FB.DMI_LONG_BITS_TO_DOUBLE_INVOKED_ON_INT none
- FB.DMI_NONSERIALIZABLE_OBJECT_WRITTEN none
- FB.DMI_RANDOM_USED_ONLY_ONCE none
- FB.DMI_SCHEDULED_THREAD_POOL_EXECUTOR_WITH_ZERO_CORE_THREADS none
- FB.DMI_THREAD_PASSED_WHERE_RUNNABLE_EXPECTED none
- FB.DMI_UNSUPPORTED_METHOD none
- FB.DMI_USELESS_SUBSTRING none
- FB.DMI_USING_REMOVEALL_TO_CLEAR_COLLECTION none
- FB.DMI_VACUOUS_CALL_TO_EASYMOCK_METHOD none
- FB.DMI_VACUOUS_SELF_COLLECTION_CALL none
- FB.DM_EXIT none
- FB.EI_EXPOSE_REP none
- FB.EI_EXPOSE_REP2 none
- FB.EQ_ABSTRACT_SELF none
- FB.EQ_ALWAYS_FALSE none
- FB.EQ_ALWAYS_TRUE none
- FB.EQ_CHECK_FOR_OPERAND_NOT_COMPATIBLE_WITH_THIS none
- FB.EQ_COMPARETO_USE_OBJECT_EQUALS none
- FB.EQ_COMPARING_CLASS_NAMES none
- FB.EQ_DOESNT_OVERRIDE_EQUALS none
- FB.EQ_DONT_DEFINE_EQUALS_FOR_ENUM none
- FB.EQ_GETCLASS_AND_CLASS_CONSTANT none
- FB.EQ_OTHER_NO_OBJECT none
- FB.EQ_OTHER_USE_OBJECT none
- FB.EQ_OVERRIDING_EQUALS_NOT_SYMMETRIC none
- FB.EQ_SELF_NO_OBJECT none
- FB.EQ_SELF_USE_OBJECT none
- FB.EQ_UNUSUAL none
- FB.ESYNC_EMPTY_SYNC none
- FB.ES_COMPARING_PARAMETER_STRING_WITH_EQ none
- FB.ES_COMPARING_STRINGS_WITH_EQ none
- FB.FI_EMPTY none
- FB.FI_EXPLICIT_INVOCATION none
- FB.FI_FINALIZER_NULLS_FIELDS none
- FB.FI_FINALIZER_ONLY_NULLS_FIELDS none
- FB.FI_MISSING_SUPER_CALL none
- FB.FI_NULLIFY_SUPER none
- FB.FI_PUBLIC_SHOULD_BE_PROTECTED none
- FB.FI_USELESS none
- FB.HRS_REQUEST_PARAMETER_TO_COOKIE none
- FB.HRS_REQUEST_PARAMETER_TO_HTTP_HEADER none
- FB.ICAST_BAD_SHIFT_AMOUNT none
- FB.ICAST_IDIV_CAST_TO_DOUBLE none
- FB.ICAST_INTEGER_MULTIPLY_CAST_TO_LONG none
- FB.ICAST_INT_2_LONG_AS_INSTANT none
- FB.ICAST_INT_CAST_TO_DOUBLE_PASSED_TO_CEIL none
- FB.ICAST_INT_CAST_TO_FLOAT_PASSED_TO_ROUND none
- FB.ICAST_QUESTIONABLE_UNSIGNED_RIGHT_SHIFT none
- FB.IL_INFINITE_RECURSIVE_LOOP none
- FB.IP_PARAMETER_IS_DEAD_BUT_OVERWRITTEN none
- FB.IS2_INCONSISTENT_SYNC none
- FB.IS_FIELD_NOT_GUARDED none
- FB.IS_INCONSISTENT_SYNC none
- FB.J2EE_STORE_OF_NON_SERIALIZABLE_OBJECT_INTO_SESSION none
- FB.LI_LAZY_INIT_STATIC none
- FB.LI_LAZY_INIT_UPDATE_STATIC none
- FB.MS_CANNOT_BE_FINAL none
- FB.NP_ALWAYS_NULL none
- FB.NP_ALWAYS_NULL_EXCEPTION none
- FB.NP_ARGUMENT_MIGHT_BE_NULL none
- FB.NP_BOOLEAN_RETURN_NULL none
- FB.NP_CLONE_COULD_RETURN_NULL none
- FB.NP_CLOSING_NULL none
- FB.NP_DEREFERENCE_OF_READLINE_VALUE none
- FB.NP_DOES_NOT_HANDLE_NULL none
- FB.NP_EQUALS_SHOULD_HANDLE_NULL_ARGUMENT none
- FB.NP_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR none
- FB.NP_GUARANTEED_DEREF none
- FB.NP_GUARANTEED_DEREF_ON_EXCEPTION_PATH none
- FB.NP_IMMEDIATE_DEREFERENCE_OF_READLINE none
- FB.NP_LOAD_OF_KNOWN_NULL_VALUE none
- FB.NP_METHOD_PARAMETER_RELAXING_ANNOTATION none
- FB.NP_METHOD_PARAMETER_TIGHTENS_ANNOTATION none
- FB.NP_METHOD_RETURN_RELAXING_ANNOTATION none
- FB.NP_NONNULL_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR none
- FB.NP_NONNULL_PARAM_VIOLATION none
- FB.NP_NONNULL_RETURN_VIOLATION none
- FB.NP_NULL_INSTANCEOF none
- FB.NP_NULL_ON_SOME_PATH none
- FB.NP_NULL_ON_SOME_PATH_EXCEPTION none
- FB.NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE none
- FB.NP_NULL_ON_SOME_PATH_MIGHT_BE_INFEASIBLE none
- FB.NP_NULL_PARAM_DEREF none
- FB.NP_NULL_PARAM_DEREF_ALL_TARGETS_DANGEROUS none
- FB.NP_NULL_PARAM_DEREF_NONVIRTUAL none
- FB.NP_OPTIONAL_RETURN_NULL none
- FB.NP_PARAMETER_MUST_BE_NONNULL_BUT_MARKED_AS_NULLABLE none
- FB.NP_STORE_INTO_NONNULL_FIELD none
- FB.NP_SYNC_AND_NULL_CHECK_FIELD none
- FB.NP_TOSTRING_COULD_RETURN_NULL none
- FB.NP_UNWRITTEN_FIELD none
- FB.NP_UNWRITTEN_PUBLIC_OR_PROTECTED_FIELD none
- FB.PT_ABSOLUTE_PATH_TRAVERSAL none
- FB.PT_RELATIVE_PATH_TRAVERSAL none
- FB.QBA_QUESTIONABLE_BOOLEAN_ASSIGNMENT none
- FB.RCN_REDUNDANT_COMPARISON_OF_NULL_AND_NONNULL_VALUE none
- FB.RCN_REDUNDANT_COMPARISON_TWO_NULL_VALUES none
- FB.RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE none
- FB.RCN_REDUNDANT_NULLCHECK_OF_NULL_VALUE none
- FB.RCN_REDUNDANT_NULLCHECK_WOULD_HAVE_BEEN_A_NPE none
- FB.REC_CATCH_EXCEPTION none
- FB.RE_BAD_SYNTAX_FOR_REGULAR_EXPRESSION none
- FB.RE_CANT_USE_FILE_SEPARATOR_AS_REGULAR_EXPRESSION none
- FB.RE_POSSIBLE_UNINTENDED_PATTERN none
- FB.RU_INVOKE_RUN none
- FB.RV_01_TO_INT none
- FB.RV_ABSOLUTE_VALUE_OF_HASHCODE none
- FB.RV_ABSOLUTE_VALUE_OF_RANDOM_INT none
- FB.RV_CHECK_COMPARETO_FOR_SPECIFIC_RETURN_VALUE none
- FB.RV_CHECK_FOR_POSITIVE_INDEXOF none
- FB.RV_DONT_JUST_NULL_CHECK_READLINE none
- FB.RV_EXCEPTION_NOT_THROWN none
- FB.RV_NEGATING_RESULT_OF_COMPARETO none
- FB.RV_REM_OF_HASHCODE none
- FB.RV_REM_OF_RANDOM_INT none
- FB.RV_RETURN_VALUE_IGNORED none
- FB.RV_RETURN_VALUE_IGNORED2 none
- FB.RV_RETURN_VALUE_IGNORED_BAD_PRACTICE none
- FB.RV_RETURN_VALUE_IGNORED_INFERRED none
- FB.RV_RETURN_VALUE_IGNORED_NO_SIDE_EFFECT none
- FB.RV_RETURN_VALUE_OF_PUTIFABSENT_IGNORED none
- FB.SF_DEAD_STORE_DUE_TO_SWITCH_FALLTHROUGH none
- FB.SF_DEAD_STORE_DUE_TO_SWITCH_FALLTHROUGH_TO_THROW none
- FB.SF_SWITCH_FALLTHROUGH none
- FB.SQL_NONCONSTANT_STRING_PASSED_TO_EXECUTE none
- FB.SQL_PREPARED_STATEMENT_GENERATED_FROM_NONCONSTANT_STRING none
- FB.STCAL_INVOKE_ON_STATIC_CALENDAR_INSTANCE none
- FB.STCAL_INVOKE_ON_STATIC_DATE_FORMAT_INSTANCE none
- FB.STCAL_STATIC_CALENDAR_INSTANCE none
- FB.STCAL_STATIC_SIMPLE_DATE_FORMAT_INSTANCE none
- FB.XSS_REQUEST_PARAMETER_TO_JSP_WRITER none
- FB.XSS_REQUEST_PARAMETER_TO_SEND_ERROR none
- FB.XSS_REQUEST_PARAMETER_TO_SERVLET_WRITER none
- FORWARD_NULL deref_constant_null
- FORWARD_NULL deref_constant_zero
- FORWARD_NULL needs_null_check
- FORWARD_NULL none
- GUARDED_BY_VIOLATION none
- GUARDED_BY_VIOLATION unlocked_read
- GUARDED_BY_VIOLATION unlocked_write
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HEADER_INJECTION none
- HIBERNATE_BAD_HASHCODE bad_equals
- IDENTICAL_BRANCHES case
- IDENTICAL_BRANCHES chain
- IDENTICAL_BRANCHES if
- IDENTICAL_BRANCHES ternary
- IMPLICIT_INTENT none
- INFINITE_LOOP no_escape
- INFINITE_LOOP none
- INSECURE_COMMUNICATION insecure_communication
- INSECURE_COMMUNICATION none
- INSECURE_COMMUNICATION unencrypted_connection
- INSECURE_COOKIE java
- INSECURE_HTTP_FIREWALL spring_security
- INSECURE_RANDOM insecure_random_used
- INSECURE_RANDOM insecure_random_value
- INSECURE_REMEMBER_ME_COOKIE remember_me_cookie
- INVALIDATE_ITERATOR map_put
- INVALIDATE_ITERATOR none
- JAVA_CODE_INJECTION none
- JCR_INJECTION none
- JSP_DYNAMIC_INCLUDE none
- JSP_SQL_INJECTION none
- LDAP_INJECTION none
- LDAP_NOT_CONSTANT none
- LOCK_EVASION none
- LOCK_INVERSION none
- LOG_INJECTION none
- MISSING_AUTHZ none
- MISSING_BREAK none
- MISSING_HEADER_VALIDATION missing_header_validation
- MISSING_PERMISSION_FOR_BROADCAST none
- MISSING_PERMISSION_ON_EXPORTED_COMPONENT none
- MISSING_RESTORE likely
- MISSING_RESTORE none
- MISSING_RESTORE possible
- MISSING_THROW none
- MOBILE_ID_MISUSE none
- NESTING_INDENT_MISMATCH bad_indentation
- NESTING_INDENT_MISMATCH none
- NON_STATIC_GUARDING_STATIC none
- NOSQL_QUERY_INJECTION none
- NULL_RETURNS none
- NULL_RETURNS unimpl
- OGNL_INJECTION none
- OPEN_REDIRECT none
- ORM_LOAD_NULL_CHECK none
- OS_CMD_INJECTION command_as_array_of_args
- OS_CMD_INJECTION command_as_one_string
- OS_CMD_INJECTION none
- OVERFLOW_BEFORE_WIDEN none
- PATH_MANIPULATION none
- PREDICTABLE_RANDOM_SEED random_seed
- PREDICTABLE_RANDOM_SEED secure_random_seed_const
- PREDICTABLE_RANDOM_SEED secure_random_seed_sys_time
- PROPERTY_MIXUP none
- REGEX_CONFUSION none
- REGEX_INJECTION none
- RESOURCE_LEAK exceptional_path
- RESOURCE_LEAK none
- RESOURCE_LEAK socket
- RESOURCE_LEAK stream
- REVERSE_INULL none
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_clipboard
- SENSITIVE_DATA_LEAK cleartext_storage_in_content_provider
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_intent
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SERVLET_ATOMICITY attribute_init_race
- SERVLET_ATOMICITY none
- SERVLET_ATOMICITY violation_on_session_object
- SESSION_FIXATION none
- SINGLETON_RACE none
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
- STRAY_SEMICOLON none
- SWAPPED_ARGUMENTS none
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
- TRUST_BOUNDARY_VIOLATION none
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- UNEXPECTED_CONTROL_FLOW continue_in_do_while_false
- UNKNOWN_LANGUAGE_INJECTION none
- UNLIMITED_CONCURRENT_SESSIONS unlimited_concurrent_sessions
- UNLOGGED_SECURITY_EXCEPTION unlogged_security_exception
- UNREACHABLE none
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_access
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_read
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_write
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_access
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_read
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_write
- UNRESTRICTED_DISPATCH none
- UNSAFE_DESERIALIZATION none
- UNSAFE_JNI none
- UNSAFE_NAMED_QUERY none
- UNSAFE_REFLECTION none
- UNUSED_VALUE adjacent
- UNUSED_VALUE none
- URL_MANIPULATION bad_content_uri
- URL_MANIPULATION bad_intent_uri
- URL_MANIPULATION bad_web_uri
- USE_AFTER_FREE none
- VERBOSE_ERROR_REPORTING exception_information
- VERBOSE_ERROR_REPORTING stack_trace
- VOLATILE_ATOMICITY compare
- VOLATILE_ATOMICITY none
- VOLATILE_ATOMICITY semantic
- VOLATILE_ATOMICITY threshold
- WEAK_GUARD dns
- WEAK_GUARD dns_sensitive_op
- WEAK_GUARD http_referer
- WEAK_GUARD http_referer_sensitive_op
- WEAK_GUARD ip_address
- WEAK_GUARD ip_address_sensitive_op
- WEAK_GUARD none
- WEAK_GUARD os_login
- WEAK_GUARD os_login_sensitive_op
- WEAK_GUARD principal_name
- WEAK_GUARD principal_name_sensitive_op
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
- XML_EXTERNAL_ENTITY entity_expansion
- XML_EXTERNAL_ENTITY external_entities
- XML_EXTERNAL_ENTITY unrestricted_dtds
- XML_INJECTION none
- XPATH_INJECTION none
- XSS none
- XSS stored_xss
|
- ANGULAR_BYPASS_SECURITY none
- ANGULAR_ELEMENT_REFERENCE none
- ANGULAR_EXPRESSION_INJECTION none
- ANGULAR_SCE_DISABLED angular_sce_disabled
- AWS_SSL_DISABLED aws_ssl_disabled
- AWS_VALIDATION_DISABLED aws_credentials_validation
- AWS_VALIDATION_DISABLED aws_parameters_validation
- BAD_CERT_VERIFICATION bad_cert_verification
- BAD_CERT_VERIFICATION certificate_validation_disabled
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_fields
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_filesize
- CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
- CONFIG.CORDOVA_EXCESSIVE_LOGGING cordova
- CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_intent_whitelist
- CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_navigation_whitelist
- CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_network_request_whitelist
- CONFIG.CSURF_IGNORE_METHODS csurf_ignore_methods
- CONFIG.ENABLED_DEBUG_MODE debug_mode_enabled
- CONFIG.HANA_XS_PREVENT_XSRF_DISABLED none
- CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
- CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
- CONFIG.JSONWEBTOKEN_NON_EXPIRING_TOKEN jwt_non_expiring_token
- CONFIG.MISSING_GLOBAL_EXCEPTION_HANDLER winston_exception_handling
- CONFIG.MYSQL_SSL_VERIFY_DISABLED mysql_ssl_verify_disabled
- CONFIG.REQUEST_STRICTSSL_DISABLED request_strictssl_disabled
- CONFIG.SEQUELIZE_ENABLED_LOGGING sequelize_logging_enabled
- CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
- CONFIG.SOCKETIO_MAXHTTPBUFFERSIZE_SET_TOO_LARGE socketio_max_buffer_size
- CONFIG.SOCKETIO_ORIGINS_ACCEPT_ALL socketio_all_origins
- CONFIG.UNSAFE_SESSION_TIMEOUT client_sessions_unsafe_session_timeout
- CONFIG.UNSAFE_SESSION_TIMEOUT connect_mongo_session_timeout_too_long
- CONFIG.UNSAFE_SESSION_TIMEOUT connect_redis_session_timeout_too_long
- CONFIG.UNSAFE_SESSION_TIMEOUT google_cloud_connect_datastore_unsafe_session_timeout
- CONFIG.VUE_ROUTER_PARAMS_EXPOSED_TO_PROPS vuerouter_exposed_params
- CONSTANT_EXPRESSION_RESULT bit_and_with_zero
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT missing_parentheses
- CONSTANT_EXPRESSION_RESULT none
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT result_independent_of_operands
- CONSTANT_EXPRESSION_RESULT same_on_both_sides
- CONSTANT_EXPRESSION_RESULT typeof_misuse
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- COOKIE_INJECTION none
- COPY_PASTE_ERROR none
- CORS_MISCONFIGURATION cors_configured_globally
- CORS_MISCONFIGURATION cors_origin_string
- CORS_MISCONFIGURATION cors_with_credentials_all_origin
- CORS_MISCONFIGURATION cors_with_credentials_http_origin
- CORS_MISCONFIGURATION cors_with_credentials_null_origin
- CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
- CORS_MISCONFIGURATION_AUDIT cors_expose_sensitive_header
- CORS_MISCONFIGURATION_AUDIT cors_headers_allowed
- CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
- CORS_MISCONFIGURATION_AUDIT cors_origin_string
- CORS_MISCONFIGURATION_AUDIT cors_preflight_age_too_long
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_all_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_http_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_null_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
- CSRF database_update
- CSRF filesystem_modification
- CSRF none
- CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_cookie_name
- CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_no_validation
- CSRF_MISCONFIGURATION_HAPI_CRUMB insecure_cookie
- CSRF_MISCONFIGURATION_HAPI_CRUMB insufficient_token_entropy
- CSS_INJECTION none
- DEADCODE none
- DEADCODE redundant_test
- DNS_PREFETCHING helmet_dns_prefetching
- DOM_XSS none
- EXPLICIT_THIS_EXPECTED none
- EXPRESS_SESSION_UNSAFE_MEMORYSTORE express_session_unsafe_memorystore
- EXPRESS_WINSTON_SENSITIVE_LOGGING error_logger
- EXPRESS_WINSTON_SENSITIVE_LOGGING meta_data
- EXPRESS_WINSTON_SENSITIVE_LOGGING request_logger
- EXPRESS_X_POWERED_BY_ENABLED x_powered_by_http_header
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_fields
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_filesize
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_use_temp_files
- FORWARD_NULL bad_null_value_use
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HEADER_INJECTION none
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_max_age
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_report_uri
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_set_if
- IDENTICAL_BRANCHES case
- IDENTICAL_BRANCHES chain
- IDENTICAL_BRANCHES if
- IDENTICAL_BRANCHES ternary
- IDENTIFIER_TYPO none
- INSECURE_ACL insecure_acl
- INSECURE_COMMUNICATION insecure_connection
- INSECURE_COOKIE client_sessions_express_session
- INSECURE_COOKIE hapi_server_session
- INSECURE_RANDOM insecure_random_used
- INSECURE_RANDOM insecure_random_value
- INSECURE_REFERRER_POLICY insecure_referrer_policy
- INSECURE_SALT hardcoded
- INSUFFICIENT_LOGGING logging_obligation
- INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_aws
- INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_google
- JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_exipration
- JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_not_before
- JSONWEBTOKEN_UNTRUSTED_DECODE jwt_untrusted_decode
- LOCALSTORAGE_MANIPULATION none
- LOCALSTORAGE_WRITE none
- MISSING_AUTHZ none
- MISSING_BREAK none
- MISSING_IFRAME_SANDBOX none
- MULTER_MISCONFIGURATION multer_applied_globally
- MULTER_MISCONFIGURATION multer_custom_file_filter
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_count
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
- MULTER_MISCONFIGURATION multer_misconfiguration_of_limits
- MULTER_MISCONFIGURATION multer_misconfiguration_of_storage
- NESTING_INDENT_MISMATCH bad_indentation
- NESTING_INDENT_MISMATCH none
- NOSQL_QUERY_INJECTION none
- NO_EFFECT none
- NO_EFFECT self_assign
- NULL_RETURNS none
- OPEN_REDIRECT none
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- REACT_DANGEROUS_INNERHTML react_set_unsafe_html
- REGEX_INJECTION none
- REVERSE_INULL none
- REVERSE_TABNABBING react_target_blank
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO insecure_cipher
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SA.RISKY_CRYPTO ssl_protocol
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SESSIONSTORAGE_MANIPULATION none
- SQLI none
- SQLI nosink
- SQLI sink
- STRAY_SEMICOLON none
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
- TEMPLATE_INJECTION none
- TEMPORARY_CREDENTIALS_DURATION temporary_credentials_duration
- UNCHECKED_ORIGIN none
- UNEXPECTED_CONTROL_FLOW continue_in_do_while_false
- UNLESS_CASE_SENSITIVE_ROUTE_MATCHING express_unless_case_sensitive_route_matching
- UNREACHABLE none
- UNRESTRICTED_MESSAGE_TARGET none
- UNSAFE_BUFFER_METHOD unsafe_buffer_method
- UNSAFE_DESERIALIZATION none
- URL_MANIPULATION none
- VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
- WEAK_URL_SANITIZATION hostname_regular_expression
- WEAK_URL_SANITIZATION regular_expression_anchor
- WEAK_URL_SANITIZATION url_substring
- XML_EXTERNAL_ENTITY entity_expansion
- XML_EXTERNAL_ENTITY external_entities
- XSS none
|
- ANDROID_CAPABILITY_LEAK none
- ANDROID_DEBUG_MODE none
- BAD_CERT_VERIFICATION bad_hostname_verifier
- BAD_CERT_VERIFICATION bad_revocation_check
- BAD_CERT_VERIFICATION bad_ssl_session
- BAD_CERT_VERIFICATION bad_trust_manager
- CONFIG.ANDROID_BACKUPS_ALLOWED android
- EXPOSED_PREFERENCES none
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HEADER_INJECTION none
- IMPLICIT_INTENT none
- INSECURE_COMMUNICATION none
- INSECURE_RANDOM insecure_random_used
- INSECURE_RANDOM insecure_random_value
- MISSING_PERMISSION_FOR_BROADCAST none
- MOBILE_ID_MISUSE none
- OS_CMD_INJECTION command_as_array_of_args
- OS_CMD_INJECTION command_as_one_string
- PATH_MANIPULATION none
- PREDICTABLE_RANDOM_SEED random_seed
- PREDICTABLE_RANDOM_SEED secure_random_seed_const
- PREDICTABLE_RANDOM_SEED secure_random_seed_sys_time
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_clipboard
- SENSITIVE_DATA_LEAK cleartext_storage_in_content_provider
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_intent
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_access
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_read
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_write
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_access
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_read
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_write
- UNSAFE_DESERIALIZATION none
- URL_MANIPULATION bad_content_uri
- URL_MANIPULATION bad_intent_uri
- URL_MANIPULATION bad_web_uri
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
- XML_EXTERNAL_ENTITY entity_expansion
- XML_EXTERNAL_ENTITY external_entities
- XML_EXTERNAL_ENTITY unrestricted_dtds
|
- ALLOC_FREE_MISMATCH none
- ARRAY_VS_SINGLETON none
- ASSIGN_NOT_RETURNING_STAR_THIS indirect
- ASSIGN_NOT_RETURNING_STAR_THIS none
- ASSIGN_NOT_RETURNING_STAR_THIS usable_for_chained_assignment
- ATOMICITY none
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK nested_memory_access
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK sensitive_data_comparison
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_execution_data_leak
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_uninitialized_use
- BAD_ALLOC_ARITHMETIC none
- BAD_ALLOC_STRLEN none
- BAD_COMPARE comparator_misuse
- BAD_COMPARE misuse_of_not
- BAD_COMPARE none
- BAD_COMPARE string_lit_comparison
- BAD_FREE address
- BAD_FREE alloca
- BAD_FREE array
- BAD_FREE first_field_address
- BAD_FREE function_pointer
- BAD_FREE none
- BAD_OVERRIDE none
- BAD_SIZEOF none
- BAD_SIZEOF sizeof_ptr_expr
- BUFFER_SIZE fixed_size_dest
- BUFFER_SIZE likely_overflow
- BUFFER_SIZE no_null_terminator
- BUFFER_SIZE no_null_terminator_warn
- BUFFER_SIZE none
- BUFFER_SIZE overflow
- BUFFER_SIZE overlapping_buffer
- CHAR_IO none
- CHECKED_RETURN library_function
- CHECKED_RETURN none
- CHECKED_RETURN short_read
- CHECKED_RETURN unchecked_arg
- CHECKED_RETURN user_required
- CHROOT none
- CONSTANT_EXPRESSION_RESULT bit_and_with_zero
- CONSTANT_EXPRESSION_RESULT extra_high_bits
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT missing_parentheses
- CONSTANT_EXPRESSION_RESULT none
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT pointless_string_compare
- CONSTANT_EXPRESSION_RESULT result_independent_of_operands
- CONSTANT_EXPRESSION_RESULT same_on_both_sides
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- COPY_PASTE_ERROR none
- CTOR_DTOR_LEAK none
- DC.PREDICTABLE_KEY_PASSWORD none
- DC.STREAM_BUFFER none
- DC.STRING_BUFFER none
- DC.WEAK_CRYPTO none
- DEADCODE dead_case_in_switch
- DEADCODE dead_default_in_switch
- DEADCODE effectively_constant
- DEADCODE none
- DEADCODE redundant_test
- DELETE_ARRAY non_array_delete
- DELETE_ARRAY none
- DELETE_ARRAY object
- DELETE_ARRAY scalar
- DELETE_VOID none
- DIVIDE_BY_ZERO float_divisor
- DIVIDE_BY_ZERO none
- ENUM_AS_BOOLEAN none
- EVALUATION_ORDER none
- FORMAT_STRING_INJECTION none
- FORMAT_STRING_INJECTION paranoid
- FORWARD_NULL deref_constant_null
- FORWARD_NULL dynamic_cast
- FORWARD_NULL none
- FORWARD_NULL throws_on_null
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HEADER_INJECTION none
- IDENTICAL_BRANCHES case
- IDENTICAL_BRANCHES chain
- IDENTICAL_BRANCHES if
- IDENTICAL_BRANCHES ternary
- INCOMPATIBLE_CAST endianness
- INCOMPATIBLE_CAST float_vs_integral
- INCOMPATIBLE_CAST none
- INCOMPATIBLE_CAST overrun
- INFINITE_LOOP no_escape
- INFINITE_LOOP none
- INTEGER_OVERFLOW array_index_read
- INTEGER_OVERFLOW array_index_write
- INTEGER_OVERFLOW const_overflow
- INTEGER_OVERFLOW critical_argument
- INTEGER_OVERFLOW none
- INTEGER_OVERFLOW pointer_deref_read
- INTEGER_OVERFLOW pointer_deref_write
- INTEGER_OVERFLOW return_value_error
- INVALIDATE_ITERATOR none
- LOCK double_lock
- LOCK lock_assert
- LOCK missing_unlock
- LOCK none
- MISMATCHED_ITERATOR mismatched_comparison
- MISMATCHED_ITERATOR none
- MISMATCHED_ITERATOR splice_iterator_mismatch
- MISRA_CAST bitwise_op_bad_cast
- MISRA_CAST bitwise_op_no_cast
- MISRA_CAST float_complex_conversion
- MISRA_CAST float_narrowing_conversion
- MISRA_CAST float_non_constant_arg_conversion
- MISRA_CAST float_non_constant_conversion
- MISRA_CAST float_non_constant_rtn_conversion
- MISRA_CAST float_to_integer_cast
- MISRA_CAST float_to_integer_conversion
- MISRA_CAST float_widening_cast
- MISRA_CAST integer_complex_conversion
- MISRA_CAST integer_narrowing_conversion
- MISRA_CAST integer_non_constant_arg_conversion
- MISRA_CAST integer_non_constant_conversion
- MISRA_CAST integer_non_constant_rtn_conversion
- MISRA_CAST integer_signedness_changing_cast
- MISRA_CAST integer_signedness_changing_conversion
- MISRA_CAST integer_to_float_cast
- MISRA_CAST integer_to_float_conversion
- MISRA_CAST integer_widening_cast
- MISRA_CAST none
- MISSING_ASSIGN none
- MISSING_ASSIGN uncalled
- MISSING_BREAK none
- MISSING_COPY none
- MISSING_COPY uncalled
- MISSING_LOCK none
- MISSING_RESTORE likely
- MISSING_RESTORE none
- MISSING_RESTORE possible
- MISSING_RETURN multiple_returns
- MISSING_RETURN none
- MIXED_ENUMS inferred
- MIXED_ENUMS none
- NEGATIVE_RETURNS array_index_read
- NEGATIVE_RETURNS array_index_write
- NEGATIVE_RETURNS critical_argument
- NEGATIVE_RETURNS loop_bound
- NEGATIVE_RETURNS none
- NESTING_INDENT_MISMATCH bad_indentation
- NESTING_INDENT_MISMATCH none
- NO_EFFECT array_null
- NO_EFFECT bad_memset_fill_value
- NO_EFFECT bad_memset_truncated_fill
- NO_EFFECT bad_memset_zero_size
- NO_EFFECT extra_comma
- NO_EFFECT incomplete_delete
- NO_EFFECT no_effect_deref
- NO_EFFECT no_effect_test
- NO_EFFECT self_assign
- NO_EFFECT static_through_instance
- NO_EFFECT unsigned_compare
- NO_EFFECT unsigned_compare_macros
- NO_EFFECT unsigned_enums
- NO_EFFECT useless_continue
- NULL_RETURNS none
- NULL_RETURNS unimpl
- OPEN_ARGS none
- ORDER_REVERSAL none
- OS_CMD_INJECTION none
- OVERFLOW_BEFORE_WIDEN none
- OVERRUN illegal_address
- OVERRUN none
- OVERRUN read
- OVERRUN strlen
- OVERRUN write
- PASS_BY_VALUE none
- PATH_MANIPULATION none
- PRINTF_ARGS extra_printf_arg
- PRINTF_ARGS invalid_printf_format_string
- PRINTF_ARGS invalid_type_printf_arg
- PRINTF_ARGS missing_printf_arg
- READLINK none
- RESOURCE_LEAK exceptional_path
- RESOURCE_LEAK fds_handles
- RESOURCE_LEAK none
- RETURN_LOCAL escape_local_addr_to_fields_or_globals
- RETURN_LOCAL none
- REVERSE_INULL none
- REVERSE_NEGATIVE array_index_read
- REVERSE_NEGATIVE array_index_write
- REVERSE_NEGATIVE critical_argument
- REVERSE_NEGATIVE none
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SECURE_CODING none
- SELF_ASSIGN none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SIGN_EXTENSION none
- SIZECHECK ampersand_in_size
- SIZECHECK improper_new
- SIZECHECK incorrect_multiplication
- SIZECHECK likely_overflow
- SIZECHECK no_null_terminator
- SIZECHECK none
- SIZEOF_MISMATCH extra_sizeof
- SIZEOF_MISMATCH missing_parentheses
- SIZEOF_MISMATCH none
- SIZEOF_MISMATCH sizeof_punning
- SIZEOF_MISMATCH wrong_size_value
- SIZEOF_MISMATCH wrong_sizeof
- SLEEP none
- SQLI none
- STACK_USE none
- STRAY_SEMICOLON none
- STRING_NULL none
- STRING_OVERFLOW fixed_size_dest
- STRING_OVERFLOW likely_overflow
- STRING_OVERFLOW none
- STRING_SIZE none
- SWAPPED_ARGUMENTS none
- TAINTED_SCALAR allocation
- TAINTED_SCALAR array_index_read
- TAINTED_SCALAR array_index_write
- TAINTED_SCALAR critical_argument
- TAINTED_SCALAR divisor
- TAINTED_SCALAR loop_bound
- TAINTED_SCALAR none
- TAINTED_SCALAR pointer_deref_read
- TAINTED_SCALAR pointer_deref_write
- TAINTED_STRING none
- TOCTOU none
- UNCAUGHT_EXCEPT none
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- UNEXPECTED_CONTROL_FLOW continue_in_do_while_false
- UNINIT array_index_read
- UNINIT array_index_write
- UNINIT none
- UNINIT pointer_deref_read
- UNINIT pointer_deref_write
- UNINIT_CTOR none
- UNINIT_CTOR pointer
- UNREACHABLE none
- UNUSED_VALUE adjacent
- UNUSED_VALUE none
- URL_MANIPULATION none
- USER_POINTER none
- USE_AFTER_FREE deref_read_after_free
- USE_AFTER_FREE deref_write_after_free
- USE_AFTER_FREE double_close
- USE_AFTER_FREE double_free
- USE_AFTER_FREE none
- USE_AFTER_FREE use_after_close
- VARARGS none
- VIRTUAL_DTOR empty_dtor
- VIRTUAL_DTOR none
- WEAK_GUARD dns
- WEAK_GUARD dns_sensitive_op
- WEAK_GUARD http_referer
- WEAK_GUARD http_referer_sensitive_op
- WEAK_GUARD ip_address
- WEAK_GUARD ip_address_sensitive_op
- WEAK_GUARD none
- WEAK_GUARD os_login
- WEAK_GUARD os_login_sensitive_op
- WEAK_GUARD principal_name
- WEAK_GUARD principal_name_sensitive_op
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
- WRAPPER_ESCAPE COM_deref_read_after_free
- WRAPPER_ESCAPE COM_deref_write_after_free
- WRAPPER_ESCAPE COM_use_after_free
- WRAPPER_ESCAPE deref_read_after_free
- WRAPPER_ESCAPE deref_write_after_free
- WRAPPER_ESCAPE none
- XPATH_INJECTION none
|
- CONFIG.SYMFONY_CSRF_PROTECTION_DISABLED none
- CONSTANT_EXPRESSION_RESULT bit_and_with_zero
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT missing_parentheses
- CONSTANT_EXPRESSION_RESULT none
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT result_independent_of_operands
- CONSTANT_EXPRESSION_RESULT same_on_both_sides
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- COPY_PASTE_ERROR none
- DEADCODE none
- DEADCODE redundant_test
- FORWARD_NULL bad_null_value_use
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HEADER_INJECTION none
- IDENTICAL_BRANCHES case
- IDENTICAL_BRANCHES chain
- IDENTICAL_BRANCHES if
- IDENTICAL_BRANCHES ternary
- IDENTIFIER_TYPO none
- MISSING_AUTHZ none
- MISSING_BREAK none
- NESTING_INDENT_MISMATCH bad_indentation
- NESTING_INDENT_MISMATCH none
- NOSQL_QUERY_INJECTION none
- NO_EFFECT none
- NO_EFFECT self_assign
- OPEN_REDIRECT none
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- STRAY_SEMICOLON none
- SYMFONY_EL_INJECTION none
- UNEXPECTED_CONTROL_FLOW continue_in_do_while_false
- UNREACHABLE none
- UNSAFE_DESERIALIZATION none
- UNSAFE_REFLECTION none
- XML_EXTERNAL_ENTITY external_entities
- XSS none
|
- CONSTANT_EXPRESSION_RESULT bit_and_with_zero
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT missing_parentheses
- CONSTANT_EXPRESSION_RESULT none
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT result_independent_of_operands
- CONSTANT_EXPRESSION_RESULT same_on_both_sides
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- COPY_PASTE_ERROR none
- CSRF database_update
- CSRF none
- DEADCODE none
- DEADCODE redundant_test
- FORWARD_NULL bad_null_value_use
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- IDENTICAL_BRANCHES chain
- IDENTICAL_BRANCHES if
- IDENTICAL_BRANCHES ternary
- IDENTIFIER_TYPO none
- MISSING_AUTHZ none
- NOSQL_QUERY_INJECTION none
- OPEN_REDIRECT none
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- REVERSE_INULL none
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- UNREACHABLE none
- UNSAFE_DESERIALIZATION none
- XML_EXTERNAL_ENTITY external_entities
- XSS none
|
- BAD_CERT_VERIFICATION ssl_verification_bypass_hi
- BLACKLIST_FOR_AUTHN auth_blacklist_med
- BLACKLIST_FOR_AUTHN csrf_blacklist_med
- CONSTANT_EXPRESSION_RESULT bit_and_with_zero
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT missing_parentheses
- CONSTANT_EXPRESSION_RESULT none
- CONSTANT_EXPRESSION_RESULT number_as_truth_value
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT result_independent_of_operands
- CONSTANT_EXPRESSION_RESULT same_on_both_sides
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- COOKIE_SERIALIZER_CONFIG unsafe_cookie_serialization_med
- COPY_PASTE_ERROR none
- CSRF csrf_not_protected_by_raising_exception_med
- CSRF csrf_protection_disabled_hi
- CSRF csrf_protection_missing_hi
- CSRF cve_2011_0447_hi
- DEADCODE none
- DEADCODE redundant_test
- DIVIDE_BY_ZERO divide_by_zero_low
- DIVIDE_BY_ZERO divide_by_zero_med
- DYNAMIC_OBJECT_ATTRIBUTES attr_protected_used_med
- DYNAMIC_OBJECT_ATTRIBUTES cve_2013_0276_hi
- DYNAMIC_OBJECT_ATTRIBUTES dangerous_attr_accessible_hi
- DYNAMIC_OBJECT_ATTRIBUTES dangerous_attr_accessible_low
- DYNAMIC_OBJECT_ATTRIBUTES dangerous_attr_accessible_med
- DYNAMIC_OBJECT_ATTRIBUTES dangerous_permit_key_hi
- DYNAMIC_OBJECT_ATTRIBUTES dangerous_permit_key_med
- DYNAMIC_OBJECT_ATTRIBUTES mass_assign_call_hi
- DYNAMIC_OBJECT_ATTRIBUTES mass_assign_call_low
- DYNAMIC_OBJECT_ATTRIBUTES mass_assign_call_med
- DYNAMIC_OBJECT_ATTRIBUTES mass_assign_permit_all_hi
- DYNAMIC_OBJECT_ATTRIBUTES mass_assign_permit_all_med
- DYNAMIC_OBJECT_ATTRIBUTES mass_assign_without_protection_hi
- DYNAMIC_OBJECT_ATTRIBUTES mass_assign_without_protection_med
- DYNAMIC_OBJECT_ATTRIBUTES no_attr_accessible_hi
- FORWARD_NULL bad_null_value_use
- HARDCODED_CREDENTIALS secret_in_source_med
- IDENTICAL_BRANCHES chain
- IDENTICAL_BRANCHES if
- IDENTICAL_BRANCHES ternary
- IDENTIFIER_TYPO none
- INSECURE_COOKIE cookie_missing_secure_flag_low
- INSECURE_COOKIE missing_httponly_low
- INSECURE_DIRECT_OBJECT_REFERENCE unscoped_find_low
- NO_EFFECT none
- NO_EFFECT self_assign
- OPEN_REDIRECT open_redirect_hi
- OPEN_REDIRECT open_redirect_low
- OS_CMD_INJECTION command_injection_hi
- OS_CMD_INJECTION command_injection_med
- PARSE_ERROR none
- PATH_MANIPULATION dynamic_render_path_hi
- PATH_MANIPULATION dynamic_render_path_low
- PATH_MANIPULATION dynamic_render_path_med
- PATH_MANIPULATION dynamic_render_path_rce_hi
- PATH_MANIPULATION file_access_hi
- PATH_MANIPULATION file_access_low
- PATH_MANIPULATION file_access_med
- RAILS_DEFAULT_ROUTES all_default_routes_hi
- RAILS_DEFAULT_ROUTES controller_default_routes_med
- RAILS_DEFAULT_ROUTES cve_2014_0130_hi
- RAILS_DEFAULT_ROUTES cve_2014_0130_med
- RAILS_DEVISE_CONFIG devise_encryptor_hi
- RAILS_DEVISE_CONFIG devise_lock_strategy_low
- RAILS_DEVISE_CONFIG devise_password_length_max_low
- RAILS_DEVISE_CONFIG devise_password_length_max_med
- RAILS_DEVISE_CONFIG devise_password_length_min_low
- RAILS_DEVISE_CONFIG devise_password_length_min_med
- RAILS_DEVISE_CONFIG devise_reset_timeout_hi
- RAILS_MISSING_FILTER_ACTION missing_action_filter_low
- REGEX_INJECTION regex_dos_hi
- REGEX_INJECTION regex_dos_low
- REGEX_INJECTION regex_dos_med
- REGEX_MISSING_ANCHOR validation_regex_hi
- RESOURCE_LEAK unsafe_symbol_creation_low
- REVERSE_INULL none
- REVERSE_TABNABBING reverse_tabnabbing_low
- RUBY_VULNERABLE_LIBRARY cve_2010_3933_hi
- RUBY_VULNERABLE_LIBRARY cve_2011_2929_hi
- RUBY_VULNERABLE_LIBRARY cve_2011_2930_med
- RUBY_VULNERABLE_LIBRARY cve_2011_2931_hi
- RUBY_VULNERABLE_LIBRARY cve_2011_2932_hi
- RUBY_VULNERABLE_LIBRARY cve_2011_3186_med
- RUBY_VULNERABLE_LIBRARY cve_2012_2660_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_2661_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_2695_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_3424_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_3424_low
- RUBY_VULNERABLE_LIBRARY cve_2012_3463_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_3465_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_5664_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_0155_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_0156_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_0269_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_0269_low
- RUBY_VULNERABLE_LIBRARY cve_2013_0269_med
- RUBY_VULNERABLE_LIBRARY cve_2013_0277_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_0277_med
- RUBY_VULNERABLE_LIBRARY cve_2013_0333_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_1854_med
- RUBY_VULNERABLE_LIBRARY cve_2013_1855_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_1857_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_4491_med
- RUBY_VULNERABLE_LIBRARY cve_2013_6414_med
- RUBY_VULNERABLE_LIBRARY cve_2013_6416_call_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_6416_med
- RUBY_VULNERABLE_LIBRARY cve_2013_6417_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_0080_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_0081_call_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_0081_med
- RUBY_VULNERABLE_LIBRARY cve_2014_0082_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_3482_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_3483_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_low
- RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_med
- RUBY_VULNERABLE_LIBRARY cve_2014_3514_med
- RUBY_VULNERABLE_LIBRARY cve_2014_7829_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_3226_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_3226_med
- RUBY_VULNERABLE_LIBRARY cve_2015_3227_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7576_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_7577_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7578_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_7578_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7579_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_7579_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7580_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_7580_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7581_med
- RUBY_VULNERABLE_LIBRARY cve_2016_0751_med
- RUBY_VULNERABLE_LIBRARY cve_2016_6317_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_3741_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_3741_med
- RUBY_VULNERABLE_LIBRARY cve_2018_3760_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_3760_low
- RUBY_VULNERABLE_LIBRARY cve_2018_8048_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_8048_med
- RUBY_VULNERABLE_LIBRARY safe_buffer_vuln_med
- RUBY_VULNERABLE_LIBRARY select_options_vuln_low
- RUBY_VULNERABLE_LIBRARY select_options_vuln_med
- RUBY_VULNERABLE_LIBRARY translate_vuln_hi
- RUBY_VULNERABLE_LIBRARY translate_vuln_med
- SCRIPT_CODE_INJECTION code_eval_hi
- SCRIPT_CODE_INJECTION code_eval_low
- SENSITIVE_DATA_LEAK detailed_exceptions_hi
- SENSITIVE_DATA_LEAK detailed_exceptions_med
- SENSITIVE_DATA_LEAK local_request_config_hi
- SESSION_MANIPULATION session_key_manipulation_hi
- SESSION_MANIPULATION session_key_manipulation_med
- SQLI sql_injection_calculate_hi
- SQLI sql_injection_calculate_low
- SQLI sql_injection_calculate_med
- SQLI sql_injection_connection_hi
- SQLI sql_injection_connection_low
- SQLI sql_injection_connection_med
- SQLI sql_injection_delete_hi
- SQLI sql_injection_delete_low
- SQLI sql_injection_delete_med
- SQLI sql_injection_dynamic_finder_med
- SQLI sql_injection_exists_hi
- SQLI sql_injection_find_by_hi
- SQLI sql_injection_find_hi
- SQLI sql_injection_find_low
- SQLI sql_injection_find_med
- SQLI sql_injection_from_hi
- SQLI sql_injection_from_low
- SQLI sql_injection_from_med
- SQLI sql_injection_group_low
- SQLI sql_injection_group_med
- SQLI sql_injection_having_low
- SQLI sql_injection_having_med
- SQLI sql_injection_hi
- SQLI sql_injection_interp_hi
- SQLI sql_injection_interp_low
- SQLI sql_injection_interp_med
- SQLI sql_injection_joins_hi
- SQLI sql_injection_joins_low
- SQLI sql_injection_joins_med
- SQLI sql_injection_limit_offset_hi
- SQLI sql_injection_limit_offset_low
- SQLI sql_injection_low
- SQLI sql_injection_med
- SQLI sql_injection_not_low
- SQLI sql_injection_order_hi
- SQLI sql_injection_order_low
- SQLI sql_injection_order_med
- SQLI sql_injection_pluck_hi
- SQLI sql_injection_pluck_low
- SQLI sql_injection_pluck_med
- SQLI sql_injection_reorder_hi
- SQLI sql_injection_reorder_low
- SQLI sql_injection_reorder_med
- SQLI sql_injection_select_hi
- SQLI sql_injection_select_med
- SQLI sql_injection_where_hi
- SQLI sql_injection_where_low
- SQLI sql_injection_where_med
- STRICT_TRANSPORT_SECURITY force_ssl_disabled_med
- UNESCAPED_HTML unescaped_output_low
- UNEXPECTED_CONTROL_FLOW continue_in_do_while_false
- UNREACHABLE none
- UNSAFE_BASIC_AUTH basic_auth_password_hi
- UNSAFE_BASIC_AUTH basic_auth_timing_attack_low
- UNSAFE_BASIC_AUTH basic_auth_usage_low
- UNSAFE_DESERIALIZATION unsafe_deserialize_hi
- UNSAFE_DESERIALIZATION unsafe_deserialize_med
- UNSAFE_REFLECTION dangerous_send_hi
- UNSAFE_REFLECTION unsafe_constantize_hi
- UNSAFE_REFLECTION unsafe_constantize_med
- UNSAFE_SESSION_SETTING http_cookies_hi
- UNSAFE_SESSION_SETTING secure_cookies_hi
- UNSAFE_SESSION_SETTING session_secret_hi
- WEAK_PASSWORD_HASH weak_hash_digest_hi
- WEAK_PASSWORD_HASH weak_hash_digest_med
- WEAK_PASSWORD_HASH weak_hash_hmac_med
- XSS cross_site_scripting_hi
- XSS cross_site_scripting_inline_hi
- XSS cross_site_scripting_inline_med
- XSS cross_site_scripting_low
- XSS cross_site_scripting_med
- XSS cve_2011_0446_hi
- XSS cve_2012_3464_med
- XSS cve_2016_6316_hi
- XSS cve_2016_6316_med
- XSS unquoted_attribute_hi
- XSS unquoted_attribute_low
- XSS unquoted_attribute_med
- XSS xss_content_tag_hi
- XSS xss_content_tag_med
- XSS xss_link_to_hi
- XSS xss_link_to_href_hi
- XSS xss_link_to_href_low
- XSS xss_link_to_med
- XSS xss_to_json_hi
- XSS xss_to_json_med
|
- CONSTANT_EXPRESSION_RESULT bit_and_with_zero
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT missing_parentheses
- CONSTANT_EXPRESSION_RESULT none
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT result_independent_of_operands
- CONSTANT_EXPRESSION_RESULT same_on_both_sides
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- COPY_PASTE_ERROR none
- DEADCODE dead_case_in_switch
- DEADCODE dead_default_in_switch
- DEADCODE effectively_constant
- DEADCODE none
- DEADCODE redundant_test
- FORWARD_NULL deref_constant_null
- FORWARD_NULL none
- IDENTICAL_BRANCHES case
- IDENTICAL_BRANCHES chain
- IDENTICAL_BRANCHES if
- IDENTICAL_BRANCHES ternary
- NESTING_INDENT_MISMATCH bad_indentation
- NESTING_INDENT_MISMATCH none
- NO_EFFECT none
- NO_EFFECT self_assign
- OVERFLOW_BEFORE_WIDEN none
- REVERSE_INULL none
- UNREACHABLE none
|
- BAD_CERT_VERIFICATION bad_trust_manager
- BAD_CERT_VERIFICATION none
- CONFIG.ATS_INSECURE none
- CONSTANT_EXPRESSION_RESULT bit_and_with_zero
- CONSTANT_EXPRESSION_RESULT none
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT result_independent_of_operands
- CONSTANT_EXPRESSION_RESULT same_on_both_sides
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- COPY_PASTE_ERROR none
- CUSTOM_KEYBOARD_DATA_LEAK none
- DEADCODE dead_case_in_switch
- DEADCODE dead_default_in_switch
- DEADCODE effectively_constant
- DEADCODE none
- DEADCODE redundant_test
- FORWARD_NULL deref_constant_null
- FORWARD_NULL none
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- IDENTICAL_BRANCHES case
- IDENTICAL_BRANCHES chain
- IDENTICAL_BRANCHES if
- IDENTICAL_BRANCHES ternary
- INSECURE_COMMUNICATION none
- INSECURE_MULTIPEER_CONNECTION none
- PATH_MANIPULATION none
- PROPERTY_MIXUP none
- PW.* none
- REGEX_INJECTION none
- REVERSE_INULL none
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- UNEXPECTED_CONTROL_FLOW continue_in_do_while_false
- UNEXPECTED_CONTROL_FLOW ignored_exception_to_optional
- UNEXPECTED_CONTROL_FLOW useless_defer
- WEAK_BIOMETRIC_AUTH none
- XML_EXTERNAL_ENTITY external_entities
- XPATH_INJECTION none
|
- ANGULAR_BYPASS_SECURITY none
- ANGULAR_ELEMENT_REFERENCE none
- ANGULAR_EXPRESSION_INJECTION none
- ANGULAR_SCE_DISABLED angular_sce_disabled
- AWS_SSL_DISABLED aws_ssl_disabled
- AWS_VALIDATION_DISABLED aws_credentials_validation
- AWS_VALIDATION_DISABLED aws_parameters_validation
- BAD_CERT_VERIFICATION bad_cert_verification
- BAD_CERT_VERIFICATION certificate_validation_disabled
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_fields
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_filesize
- CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
- CONFIG.CORDOVA_EXCESSIVE_LOGGING cordova
- CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_intent_whitelist
- CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_navigation_whitelist
- CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_network_request_whitelist
- CONFIG.CSURF_IGNORE_METHODS csurf_ignore_methods
- CONFIG.ENABLED_DEBUG_MODE debug_mode_enabled
- CONFIG.HANA_XS_PREVENT_XSRF_DISABLED none
- CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
- CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
- CONFIG.JSONWEBTOKEN_NON_EXPIRING_TOKEN jwt_non_expiring_token
- CONFIG.MISSING_GLOBAL_EXCEPTION_HANDLER winston_exception_handling
- CONFIG.MYSQL_SSL_VERIFY_DISABLED mysql_ssl_verify_disabled
- CONFIG.REQUEST_STRICTSSL_DISABLED request_strictssl_disabled
- CONFIG.SEQUELIZE_ENABLED_LOGGING sequelize_logging_enabled
- CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
- CONFIG.SOCKETIO_MAXHTTPBUFFERSIZE_SET_TOO_LARGE socketio_max_buffer_size
- CONFIG.SOCKETIO_ORIGINS_ACCEPT_ALL socketio_all_origins
- CONFIG.UNSAFE_SESSION_TIMEOUT client_sessions_unsafe_session_timeout
- CONFIG.UNSAFE_SESSION_TIMEOUT connect_mongo_session_timeout_too_long
- CONFIG.UNSAFE_SESSION_TIMEOUT connect_redis_session_timeout_too_long
- CONFIG.UNSAFE_SESSION_TIMEOUT google_cloud_connect_datastore_unsafe_session_timeout
- CONFIG.VUE_ROUTER_PARAMS_EXPOSED_TO_PROPS vuerouter_exposed_params
- CONSTANT_EXPRESSION_RESULT bit_and_with_zero
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT missing_parentheses
- CONSTANT_EXPRESSION_RESULT none
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT result_independent_of_operands
- CONSTANT_EXPRESSION_RESULT same_on_both_sides
- CONSTANT_EXPRESSION_RESULT typeof_misuse
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- COOKIE_INJECTION none
- COPY_PASTE_ERROR none
- CORS_MISCONFIGURATION cors_configured_globally
- CORS_MISCONFIGURATION cors_origin_string
- CORS_MISCONFIGURATION cors_with_credentials_all_origin
- CORS_MISCONFIGURATION cors_with_credentials_http_origin
- CORS_MISCONFIGURATION cors_with_credentials_null_origin
- CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
- CORS_MISCONFIGURATION_AUDIT cors_expose_sensitive_header
- CORS_MISCONFIGURATION_AUDIT cors_headers_allowed
- CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
- CORS_MISCONFIGURATION_AUDIT cors_origin_string
- CORS_MISCONFIGURATION_AUDIT cors_preflight_age_too_long
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_all_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_http_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_null_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
- CSRF database_update
- CSRF filesystem_modification
- CSRF none
- CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_cookie_name
- CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_no_validation
- CSRF_MISCONFIGURATION_HAPI_CRUMB insecure_cookie
- CSRF_MISCONFIGURATION_HAPI_CRUMB insufficient_token_entropy
- CSS_INJECTION none
- DEADCODE none
- DEADCODE redundant_test
- DNS_PREFETCHING helmet_dns_prefetching
- DOM_XSS none
- EXPLICIT_THIS_EXPECTED none
- EXPRESS_SESSION_UNSAFE_MEMORYSTORE express_session_unsafe_memorystore
- EXPRESS_WINSTON_SENSITIVE_LOGGING error_logger
- EXPRESS_WINSTON_SENSITIVE_LOGGING meta_data
- EXPRESS_WINSTON_SENSITIVE_LOGGING request_logger
- EXPRESS_X_POWERED_BY_ENABLED x_powered_by_http_header
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_fields
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_filesize
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_use_temp_files
- FORWARD_NULL bad_null_value_use
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HEADER_INJECTION none
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_max_age
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_report_uri
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_set_if
- IDENTICAL_BRANCHES case
- IDENTICAL_BRANCHES chain
- IDENTICAL_BRANCHES if
- IDENTICAL_BRANCHES ternary
- IDENTIFIER_TYPO none
- INSECURE_ACL insecure_acl
- INSECURE_COMMUNICATION insecure_connection
- INSECURE_COOKIE client_sessions_express_session
- INSECURE_COOKIE hapi_server_session
- INSECURE_RANDOM insecure_random_used
- INSECURE_RANDOM insecure_random_value
- INSECURE_REFERRER_POLICY insecure_referrer_policy
- INSECURE_SALT hardcoded
- INSUFFICIENT_LOGGING logging_obligation
- INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_aws
- INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_google
- JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_exipration
- JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_not_before
- JSONWEBTOKEN_UNTRUSTED_DECODE jwt_untrusted_decode
- LOCALSTORAGE_MANIPULATION none
- LOCALSTORAGE_WRITE none
- MISSING_AUTHZ none
- MISSING_BREAK none
- MISSING_IFRAME_SANDBOX none
- MULTER_MISCONFIGURATION multer_applied_globally
- MULTER_MISCONFIGURATION multer_custom_file_filter
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_count
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
- MULTER_MISCONFIGURATION multer_misconfiguration_of_limits
- MULTER_MISCONFIGURATION multer_misconfiguration_of_storage
- NESTING_INDENT_MISMATCH bad_indentation
- NESTING_INDENT_MISMATCH none
- NOSQL_QUERY_INJECTION none
- NO_EFFECT none
- NO_EFFECT self_assign
- NULL_RETURNS none
- OPEN_REDIRECT none
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- REACT_DANGEROUS_INNERHTML react_set_unsafe_html
- REGEX_INJECTION none
- REVERSE_INULL none
- REVERSE_TABNABBING react_target_blank
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO insecure_cipher
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SA.RISKY_CRYPTO ssl_protocol
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SESSIONSTORAGE_MANIPULATION none
- SQLI none
- SQLI nosink
- SQLI sink
- STRAY_SEMICOLON none
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
- TEMPLATE_INJECTION none
- TEMPORARY_CREDENTIALS_DURATION temporary_credentials_duration
- UNCHECKED_ORIGIN none
- UNEXPECTED_CONTROL_FLOW continue_in_do_while_false
- UNLESS_CASE_SENSITIVE_ROUTE_MATCHING express_unless_case_sensitive_route_matching
- UNREACHABLE none
- UNRESTRICTED_MESSAGE_TARGET none
- UNSAFE_BUFFER_METHOD unsafe_buffer_method
- UNSAFE_DESERIALIZATION none
- URL_MANIPULATION none
- VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
- WEAK_URL_SANITIZATION hostname_regular_expression
- WEAK_URL_SANITIZATION regular_expression_anchor
- WEAK_URL_SANITIZATION url_substring
- XML_EXTERNAL_ENTITY entity_expansion
- XML_EXTERNAL_ENTITY external_entities
- XSS none
|
- ASPNET_MVC_VERSION_HEADER none
- CALL_SUPER none
- CONFIG.DYNAMIC_DATA_HTML_COMMENT none
- CONFIG.MISSING_CUSTOM_ERROR_PAGE none
- COPY_PASTE_ERROR none
- CSRF database_update
- CSRF filesystem_modification
- CSRF none
- DEADCODE dead_case_in_switch
- DEADCODE dead_default_in_switch
- DEADCODE effectively_constant
- DEADCODE none
- DEADCODE redundant_test
- DIVIDE_BY_ZERO float_divisor
- DIVIDE_BY_ZERO none
- FORWARD_NULL deref_constant_null
- FORWARD_NULL deref_constant_zero
- FORWARD_NULL dynamic_cast
- FORWARD_NULL none
- FORWARD_NULL null_from_as
- FORWARD_NULL throws_on_null
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HEADER_INJECTION none
- IDENTICAL_BRANCHES case
- IDENTICAL_BRANCHES chain
- IDENTICAL_BRANCHES if
- IDENTICAL_BRANCHES ternary
- INFINITE_LOOP no_escape
- INFINITE_LOOP none
- INSECURE_RANDOM insecure_random_used
- INSECURE_RANDOM insecure_random_value
- LDAP_INJECTION none
- LDAP_NOT_CONSTANT none
- LOCK_EVASION none
- LOG_INJECTION none
- MISSING_AUTHZ none
- NULL_RETURNS none
- OPEN_REDIRECT none
- OS_CMD_INJECTION command_argument
- OS_CMD_INJECTION executable_file
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- PROPERTY_MIXUP none
- REGEX_INJECTION none
- RESOURCE_LEAK channel
- RESOURCE_LEAK database
- RESOURCE_LEAK exceptional_path
- RESOURCE_LEAK none
- RESOURCE_LEAK socket
- RESOURCE_LEAK stream
- REVERSE_INULL none
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
- SWAPPED_ARGUMENTS none
- UNEXPECTED_CONTROL_FLOW continue_in_do_while_false
- UNLOGGED_SECURITY_EXCEPTION unlogged_security_exception
- UNREACHABLE none
- UNRESTRICTED_DISPATCH none
- UNSAFE_DESERIALIZATION none
- UNSAFE_NAMED_QUERY none
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
- XML_EXTERNAL_ENTITY entity_expansion
- XML_EXTERNAL_ENTITY external_entities
- XML_EXTERNAL_ENTITY unrestricted_dtds
- XML_INJECTION none
- XPATH_INJECTION none
- XSS none
- XSS stored_xss
|
| 889 SFP Primary Cluster: Exception Management |
- CONFIG.MISSING_CUSTOM_ERROR_PAGE none
- MISSING_THROW none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
|
- AUTOSAR C++14 A15-3-3 none
- BAD_COMPARE comparator_misuse
- CHECKED_RETURN library_function
- CHECKED_RETURN none
- CHECKED_RETURN returns_error_info
- CHECKED_RETURN short_read
- CHECKED_RETURN unchecked_arg
- CHECKED_RETURN user_required
- MISRA C++-2008 Rule 15-3-2 none
- MISSING_BREAK none
- NEGATIVE_RETURNS none
- NO_EFFECT bad_memset_fill_value
- NO_EFFECT bad_memset_zero_size
- NO_EFFECT self_assign
- PW.BRANCH_PAST_INITIALIZATION none
- REVERSE_NEGATIVE none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- TAINTED_SCALAR allocation
- TAINTED_SCALAR array_index_read
- TAINTED_SCALAR array_index_write
- TAINTED_SCALAR critical_argument
- TAINTED_SCALAR divisor
- TAINTED_SCALAR loop_bound
- TAINTED_SCALAR none
- TAINTED_SCALAR pointer_deref_read
- TAINTED_SCALAR pointer_deref_write
- UNCAUGHT_EXCEPT none
- UNINIT array_index_read
- UNINIT array_index_write
- UNINIT none
- UNINIT pointer_deref_read
- UNINIT pointer_deref_write
- UNINIT_CTOR none
- UNINIT_CTOR pointer
|
- AUTOSAR C++14 A15-3-3 none
- BAD_COMPARE comparator_misuse
- CHECKED_RETURN library_function
- CHECKED_RETURN none
- CHECKED_RETURN returns_error_info
- CHECKED_RETURN short_read
- CHECKED_RETURN unchecked_arg
- CHECKED_RETURN user_required
- MISRA C++-2008 Rule 15-3-2 none
- MISSING_BREAK none
- NEGATIVE_RETURNS none
- NO_EFFECT bad_memset_fill_value
- NO_EFFECT bad_memset_zero_size
- NO_EFFECT self_assign
- PW.BRANCH_PAST_INITIALIZATION none
- REVERSE_NEGATIVE none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- TAINTED_SCALAR allocation
- TAINTED_SCALAR array_index_read
- TAINTED_SCALAR array_index_write
- TAINTED_SCALAR critical_argument
- TAINTED_SCALAR divisor
- TAINTED_SCALAR loop_bound
- TAINTED_SCALAR none
- TAINTED_SCALAR pointer_deref_read
- TAINTED_SCALAR pointer_deref_write
- UNCAUGHT_EXCEPT none
- UNINIT array_index_read
- UNINIT array_index_write
- UNINIT none
- UNINIT pointer_deref_read
- UNINIT pointer_deref_write
- UNINIT_CTOR none
- UNINIT_CTOR pointer
|
- CHECKED_RETURN none
- CHECKED_RETURN unchecked_arg
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
|
- CHECKED_RETURN library_function
- CHECKED_RETURN none
- CHECKED_RETURN short_read
- CHECKED_RETURN user_required
- CONFIG.MISSING_GLOBAL_EXCEPTION_HANDLER none
- FB.DE_MIGHT_DROP none
- FB.DE_MIGHT_IGNORE none
- FB.REC_CATCH_EXCEPTION none
- FB.RV_RETURN_VALUE_IGNORED_BAD_PRACTICE none
- FB.SF_DEAD_STORE_DUE_TO_SWITCH_FALLTHROUGH none
- FB.SF_DEAD_STORE_DUE_TO_SWITCH_FALLTHROUGH_TO_THROW none
- FB.SF_SWITCH_FALLTHROUGH none
- MISSING_BREAK none
- MISSING_THROW none
- ORM_LOAD_NULL_CHECK none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- VERBOSE_ERROR_REPORTING exception_information
- VERBOSE_ERROR_REPORTING stack_trace
|
- CONFIG.MISSING_GLOBAL_EXCEPTION_HANDLER winston_exception_handling
- EXPRESS_SESSION_UNSAFE_MEMORYSTORE express_session_unsafe_memorystore
- MISSING_BREAK none
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_count
- MULTER_MISCONFIGURATION multer_misconfiguration_of_limits
- NO_EFFECT self_assign
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
|
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
|
- BAD_COMPARE comparator_misuse
- CHECKED_RETURN library_function
- CHECKED_RETURN none
- CHECKED_RETURN short_read
- CHECKED_RETURN unchecked_arg
- CHECKED_RETURN user_required
- MISSING_BREAK none
- NEGATIVE_RETURNS none
- NO_EFFECT bad_memset_fill_value
- NO_EFFECT bad_memset_zero_size
- NO_EFFECT self_assign
- REVERSE_NEGATIVE none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- TAINTED_SCALAR allocation
- TAINTED_SCALAR array_index_read
- TAINTED_SCALAR array_index_write
- TAINTED_SCALAR critical_argument
- TAINTED_SCALAR divisor
- TAINTED_SCALAR loop_bound
- TAINTED_SCALAR none
- TAINTED_SCALAR pointer_deref_read
- TAINTED_SCALAR pointer_deref_write
- UNCAUGHT_EXCEPT none
- UNINIT array_index_read
- UNINIT array_index_write
- UNINIT none
- UNINIT pointer_deref_read
- UNINIT pointer_deref_write
- UNINIT_CTOR none
- UNINIT_CTOR pointer
|
- MISSING_BREAK none
- NO_EFFECT self_assign
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
|
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
|
- NO_EFFECT self_assign
- SENSITIVE_DATA_LEAK detailed_exceptions_hi
- SENSITIVE_DATA_LEAK detailed_exceptions_med
|
|
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- UNEXPECTED_CONTROL_FLOW ignored_exception_to_optional
|
- CONFIG.MISSING_GLOBAL_EXCEPTION_HANDLER winston_exception_handling
- EXPRESS_SESSION_UNSAFE_MEMORYSTORE express_session_unsafe_memorystore
- MISSING_BREAK none
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_count
- MULTER_MISCONFIGURATION multer_misconfiguration_of_limits
- NO_EFFECT self_assign
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
|
- CONFIG.MISSING_CUSTOM_ERROR_PAGE none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
|
| 890 SFP Primary Cluster: Memory Access |
- FORWARD_NULL deref_constant_null
- FORWARD_NULL deref_constant_zero
- FORWARD_NULL dynamic_cast
- FORWARD_NULL none
- FORWARD_NULL null_from_as
- FORWARD_NULL throws_on_null
- NULL_RETURNS none
- NULL_RETURNS unimpl
- REVERSE_INULL none
|
- ARRAY_VS_SINGLETON none
- BAD_ALLOC_ARITHMETIC none
- BAD_ALLOC_STRLEN none
- BAD_SIZEOF none
- BAD_SIZEOF sizeof_ptr_expr
- BUFFER_SIZE fixed_size_dest
- BUFFER_SIZE likely_overflow
- BUFFER_SIZE no_null_terminator
- BUFFER_SIZE no_null_terminator_warn
- BUFFER_SIZE none
- BUFFER_SIZE overflow
- BUFFER_SIZE overlapping_buffer
- COM.BAD_FREE none
- COM.BSTR.ALLOC double_free
- COM.BSTR.ALLOC free_uninit
- COM.BSTR.ALLOC none
- COM.BSTR.ALLOC use_after_free
- COM.BSTR.ALLOC use_uninit
- COM.BSTR.CONV none
- FORWARD_NULL deref_constant_null
- FORWARD_NULL dynamic_cast
- FORWARD_NULL none
- FORWARD_NULL throws_on_null
- INCOMPATIBLE_CAST overrun
- INTEGER_OVERFLOW array_index_read
- INTEGER_OVERFLOW array_index_write
- INTEGER_OVERFLOW pointer_deref_read
- INTEGER_OVERFLOW pointer_deref_write
- INVALIDATE_ITERATOR none
- MISMATCHED_ITERATOR none
- MISMATCHED_ITERATOR splice_iterator_mismatch
- MISSING_ASSIGN none
- MISSING_ASSIGN uncalled
- MISSING_COPY none
- MISSING_COPY uncalled
- NEGATIVE_RETURNS array_index_read
- NEGATIVE_RETURNS array_index_write
- NULL_RETURNS none
- NULL_RETURNS unimpl
- OVERRUN illegal_address
- OVERRUN none
- OVERRUN read
- OVERRUN strlen
- OVERRUN write
- READLINK none
- REVERSE_INULL none
- REVERSE_NEGATIVE array_index_read
- REVERSE_NEGATIVE array_index_write
- REVERSE_NEGATIVE critical_argument
- SIZECHECK ampersand_in_size
- SIZECHECK improper_new
- SIZECHECK incorrect_multiplication
- SIZECHECK likely_overflow
- SIZECHECK no_null_terminator
- SIZECHECK none
- SIZEOF_MISMATCH sizeof_punning
- STRING_NULL none
- STRING_OVERFLOW fixed_size_dest
- STRING_OVERFLOW likely_overflow
- STRING_OVERFLOW none
- STRING_SIZE none
- TAINTED_SCALAR allocation
- TAINTED_SCALAR array_index_read
- TAINTED_SCALAR array_index_write
- TAINTED_SCALAR critical_argument
- TAINTED_SCALAR divisor
- TAINTED_SCALAR loop_bound
- TAINTED_SCALAR none
- TAINTED_SCALAR pointer_deref_read
- TAINTED_SCALAR pointer_deref_write
- USE_AFTER_FREE deref_read_after_free
- USE_AFTER_FREE deref_write_after_free
- USE_AFTER_FREE double_free
- USE_AFTER_FREE none
- WRAPPER_ESCAPE COM_deref_read_after_free
- WRAPPER_ESCAPE COM_deref_write_after_free
- WRAPPER_ESCAPE COM_use_after_free
- WRAPPER_ESCAPE deref_read_after_free
- WRAPPER_ESCAPE deref_write_after_free
- WRAPPER_ESCAPE none
|
- ARRAY_VS_SINGLETON none
- BAD_ALLOC_ARITHMETIC none
- BAD_ALLOC_STRLEN none
- BAD_SIZEOF none
- BAD_SIZEOF sizeof_ptr_expr
- BUFFER_SIZE fixed_size_dest
- BUFFER_SIZE likely_overflow
- BUFFER_SIZE no_null_terminator
- BUFFER_SIZE no_null_terminator_warn
- BUFFER_SIZE none
- BUFFER_SIZE overflow
- BUFFER_SIZE overlapping_buffer
- FORWARD_NULL deref_constant_null
- FORWARD_NULL dynamic_cast
- FORWARD_NULL none
- FORWARD_NULL throws_on_null
- INCOMPATIBLE_CAST overrun
- INTEGER_OVERFLOW array_index_read
- INTEGER_OVERFLOW array_index_write
- INTEGER_OVERFLOW pointer_deref_read
- INTEGER_OVERFLOW pointer_deref_write
- INVALIDATE_ITERATOR none
- MISMATCHED_ITERATOR none
- MISMATCHED_ITERATOR splice_iterator_mismatch
- MISSING_ASSIGN none
- MISSING_ASSIGN uncalled
- MISSING_COPY none
- MISSING_COPY uncalled
- NEGATIVE_RETURNS array_index_read
- NEGATIVE_RETURNS array_index_write
- NULL_RETURNS none
- NULL_RETURNS unimpl
- OVERRUN illegal_address
- OVERRUN none
- OVERRUN read
- OVERRUN strlen
- OVERRUN write
- READLINK none
- REVERSE_INULL none
- REVERSE_NEGATIVE array_index_read
- REVERSE_NEGATIVE array_index_write
- REVERSE_NEGATIVE critical_argument
- SIZECHECK ampersand_in_size
- SIZECHECK improper_new
- SIZECHECK incorrect_multiplication
- SIZECHECK likely_overflow
- SIZECHECK no_null_terminator
- SIZECHECK none
- SIZEOF_MISMATCH sizeof_punning
- STRING_NULL none
- STRING_OVERFLOW fixed_size_dest
- STRING_OVERFLOW likely_overflow
- STRING_OVERFLOW none
- STRING_SIZE none
- TAINTED_SCALAR allocation
- TAINTED_SCALAR array_index_read
- TAINTED_SCALAR array_index_write
- TAINTED_SCALAR critical_argument
- TAINTED_SCALAR divisor
- TAINTED_SCALAR loop_bound
- TAINTED_SCALAR none
- TAINTED_SCALAR pointer_deref_read
- TAINTED_SCALAR pointer_deref_write
- USE_AFTER_FREE deref_read_after_free
- USE_AFTER_FREE deref_write_after_free
- USE_AFTER_FREE double_free
- USE_AFTER_FREE none
- WRAPPER_ESCAPE COM_deref_read_after_free
- WRAPPER_ESCAPE COM_deref_write_after_free
- WRAPPER_ESCAPE COM_use_after_free
- WRAPPER_ESCAPE deref_read_after_free
- WRAPPER_ESCAPE deref_write_after_free
- WRAPPER_ESCAPE none
|
- FORWARD_NULL deref_constant_null
- FORWARD_NULL none
- NULL_RETURNS none
- NULL_RETURNS unimpl
- REVERSE_INULL none
|
- FB.BC_NULL_INSTANCEOF none
- FB.NP_ALWAYS_NULL none
- FB.NP_ALWAYS_NULL_EXCEPTION none
- FB.NP_ARGUMENT_MIGHT_BE_NULL none
- FB.NP_BOOLEAN_RETURN_NULL none
- FB.NP_CLONE_COULD_RETURN_NULL none
- FB.NP_CLOSING_NULL none
- FB.NP_DEREFERENCE_OF_READLINE_VALUE none
- FB.NP_DOES_NOT_HANDLE_NULL none
- FB.NP_EQUALS_SHOULD_HANDLE_NULL_ARGUMENT none
- FB.NP_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR none
- FB.NP_GUARANTEED_DEREF none
- FB.NP_GUARANTEED_DEREF_ON_EXCEPTION_PATH none
- FB.NP_IMMEDIATE_DEREFERENCE_OF_READLINE none
- FB.NP_LOAD_OF_KNOWN_NULL_VALUE none
- FB.NP_METHOD_PARAMETER_RELAXING_ANNOTATION none
- FB.NP_METHOD_PARAMETER_TIGHTENS_ANNOTATION none
- FB.NP_METHOD_RETURN_RELAXING_ANNOTATION none
- FB.NP_NONNULL_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR none
- FB.NP_NONNULL_PARAM_VIOLATION none
- FB.NP_NONNULL_RETURN_VIOLATION none
- FB.NP_NULL_INSTANCEOF none
- FB.NP_NULL_ON_SOME_PATH none
- FB.NP_NULL_ON_SOME_PATH_EXCEPTION none
- FB.NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE none
- FB.NP_NULL_ON_SOME_PATH_MIGHT_BE_INFEASIBLE none
- FB.NP_NULL_PARAM_DEREF none
- FB.NP_NULL_PARAM_DEREF_ALL_TARGETS_DANGEROUS none
- FB.NP_NULL_PARAM_DEREF_NONVIRTUAL none
- FB.NP_OPTIONAL_RETURN_NULL none
- FB.NP_PARAMETER_MUST_BE_NONNULL_BUT_MARKED_AS_NULLABLE none
- FB.NP_STORE_INTO_NONNULL_FIELD none
- FB.NP_TOSTRING_COULD_RETURN_NULL none
- FB.NP_UNWRITTEN_FIELD none
- FB.NP_UNWRITTEN_PUBLIC_OR_PROTECTED_FIELD none
- FB.RCN_REDUNDANT_COMPARISON_OF_NULL_AND_NONNULL_VALUE none
- FB.RCN_REDUNDANT_COMPARISON_TWO_NULL_VALUES none
- FB.RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE none
- FB.RCN_REDUNDANT_NULLCHECK_OF_NULL_VALUE none
- FB.RCN_REDUNDANT_NULLCHECK_WOULD_HAVE_BEEN_A_NPE none
- FORWARD_NULL deref_constant_null
- FORWARD_NULL deref_constant_zero
- FORWARD_NULL needs_null_check
- FORWARD_NULL none
- INVALIDATE_ITERATOR map_put
- INVALIDATE_ITERATOR none
- NULL_RETURNS none
- NULL_RETURNS unimpl
- REVERSE_INULL none
|
- FORWARD_NULL bad_null_value_use
- NULL_RETURNS none
- REVERSE_INULL none
|
|
- ARRAY_VS_SINGLETON none
- BAD_ALLOC_ARITHMETIC none
- BAD_ALLOC_STRLEN none
- BAD_SIZEOF none
- BAD_SIZEOF sizeof_ptr_expr
- BUFFER_SIZE fixed_size_dest
- BUFFER_SIZE likely_overflow
- BUFFER_SIZE no_null_terminator
- BUFFER_SIZE no_null_terminator_warn
- BUFFER_SIZE none
- BUFFER_SIZE overflow
- BUFFER_SIZE overlapping_buffer
- FORWARD_NULL deref_constant_null
- FORWARD_NULL dynamic_cast
- FORWARD_NULL none
- FORWARD_NULL throws_on_null
- INCOMPATIBLE_CAST overrun
- INTEGER_OVERFLOW array_index_read
- INTEGER_OVERFLOW array_index_write
- INTEGER_OVERFLOW pointer_deref_read
- INTEGER_OVERFLOW pointer_deref_write
- INVALIDATE_ITERATOR none
- MISMATCHED_ITERATOR none
- MISMATCHED_ITERATOR splice_iterator_mismatch
- MISSING_ASSIGN none
- MISSING_ASSIGN uncalled
- MISSING_COPY none
- MISSING_COPY uncalled
- NEGATIVE_RETURNS array_index_read
- NEGATIVE_RETURNS array_index_write
- NULL_RETURNS none
- NULL_RETURNS unimpl
- OVERRUN illegal_address
- OVERRUN none
- OVERRUN read
- OVERRUN strlen
- OVERRUN write
- READLINK none
- REVERSE_INULL none
- REVERSE_NEGATIVE array_index_read
- REVERSE_NEGATIVE array_index_write
- REVERSE_NEGATIVE critical_argument
- SIZECHECK ampersand_in_size
- SIZECHECK improper_new
- SIZECHECK incorrect_multiplication
- SIZECHECK likely_overflow
- SIZECHECK no_null_terminator
- SIZECHECK none
- SIZEOF_MISMATCH sizeof_punning
- STRING_NULL none
- STRING_OVERFLOW fixed_size_dest
- STRING_OVERFLOW likely_overflow
- STRING_OVERFLOW none
- STRING_SIZE none
- TAINTED_SCALAR allocation
- TAINTED_SCALAR array_index_read
- TAINTED_SCALAR array_index_write
- TAINTED_SCALAR critical_argument
- TAINTED_SCALAR divisor
- TAINTED_SCALAR loop_bound
- TAINTED_SCALAR none
- TAINTED_SCALAR pointer_deref_read
- TAINTED_SCALAR pointer_deref_write
- USE_AFTER_FREE deref_read_after_free
- USE_AFTER_FREE deref_write_after_free
- USE_AFTER_FREE double_free
- USE_AFTER_FREE none
- WRAPPER_ESCAPE COM_deref_read_after_free
- WRAPPER_ESCAPE COM_deref_write_after_free
- WRAPPER_ESCAPE COM_use_after_free
- WRAPPER_ESCAPE deref_read_after_free
- WRAPPER_ESCAPE deref_write_after_free
- WRAPPER_ESCAPE none
|
- FORWARD_NULL bad_null_value_use
|
- FORWARD_NULL bad_null_value_use
- REVERSE_INULL none
|
- FORWARD_NULL bad_null_value_use
- REVERSE_INULL none
|
- FORWARD_NULL deref_constant_null
- FORWARD_NULL none
- REVERSE_INULL none
|
- FORWARD_NULL deref_constant_null
- FORWARD_NULL none
- REVERSE_INULL none
|
- FORWARD_NULL bad_null_value_use
- NULL_RETURNS none
- REVERSE_INULL none
|
- FORWARD_NULL deref_constant_null
- FORWARD_NULL deref_constant_zero
- FORWARD_NULL dynamic_cast
- FORWARD_NULL none
- FORWARD_NULL null_from_as
- FORWARD_NULL throws_on_null
- NULL_RETURNS none
- REVERSE_INULL none
|
| 891 SFP Primary Cluster: Memory Management |
|
- ALLOC_FREE_MISMATCH none
- BAD_FREE address
- BAD_FREE alloca
- BAD_FREE array
- BAD_FREE first_field_address
- BAD_FREE function_pointer
- BAD_FREE none
- COM.BAD_FREE none
- COM.BSTR.ALLOC double_free
- USE_AFTER_FREE double_free
|
- ALLOC_FREE_MISMATCH none
- BAD_FREE address
- BAD_FREE alloca
- BAD_FREE array
- BAD_FREE first_field_address
- BAD_FREE function_pointer
- BAD_FREE none
- USE_AFTER_FREE double_free
|
|
|
|
|
- ALLOC_FREE_MISMATCH none
- BAD_FREE address
- BAD_FREE alloca
- BAD_FREE array
- BAD_FREE first_field_address
- BAD_FREE function_pointer
- BAD_FREE none
- USE_AFTER_FREE double_free
|
|
|
|
|
|
|
|
| 892 SFP Primary Cluster: Resource Management |
- ASPNET_MVC_VERSION_HEADER none
- BAD_LOCK_OBJECT boxed_lock
- BAD_LOCK_OBJECT interned_string_lock
- BAD_LOCK_OBJECT none
- BAD_LOCK_OBJECT single_thread_lock
- BAD_LOCK_OBJECT unsafe_assign_to_locked_field
- CONFIG.ASPNET_VERSION_HEADER none
- CONFIG.CONNECTION_STRING_PASSWORD none
- CONFIG.COOKIES_MISSING_HTTPONLY none
- CONFIG.DEAD_AUTHORIZATION_RULE dead_allow_rule
- CONFIG.DEAD_AUTHORIZATION_RULE dead_deny_rule
- CONFIG.DYNAMIC_DATA_HTML_COMMENT none
- CONFIG.ENABLED_DEBUG_MODE none
- CONFIG.ENABLED_TRACE_MODE none
- GUARDED_BY_VIOLATION none
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HEADER_INJECTION none
- INSECURE_COOKIE dotnet
- LOCK_EVASION none
- LOCK_INVERSION none
- MISSING_AUTHZ none
- NON_STATIC_GUARDING_STATIC none
- NOSQL_QUERY_INJECTION none
- OPEN_REDIRECT none
- PATH_MANIPULATION none
- REGEX_INJECTION none
- RESOURCE_LEAK channel
- RESOURCE_LEAK database
- RESOURCE_LEAK exceptional_path
- RESOURCE_LEAK none
- RESOURCE_LEAK socket
- RESOURCE_LEAK stream
- RISKY_CRYPTO ssl_protocol
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- UNKNOWN_LANGUAGE_INJECTION none
- UNLOGGED_SECURITY_EXCEPTION unlogged_security_exception
- UNRESTRICTED_DISPATCH none
- UNSAFE_DESERIALIZATION none
- UNSAFE_NAMED_QUERY none
- XML_EXTERNAL_ENTITY entity_expansion
- XML_EXTERNAL_ENTITY external_entities
- XML_EXTERNAL_ENTITY unrestricted_dtds
- XPATH_INJECTION none
|
- ALLOC_FREE_MISMATCH none
- ATOMICITY none
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK nested_memory_access
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK sensitive_data_comparison
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_execution_data_leak
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_uninitialized_use
- AUTOSAR C++14 A15-3-3 none
- BAD_FREE address
- BAD_FREE alloca
- BAD_FREE array
- BAD_FREE first_field_address
- BAD_FREE function_pointer
- BAD_FREE none
- CHAR_IO none
- CHROOT none
- COM.ADDROF_LEAK none
- COM.BAD_FREE none
- COM.BSTR.ALLOC double_free
- COM.BSTR.ALLOC free_uninit
- COM.BSTR.ALLOC leak
- COM.BSTR.ALLOC none
- COM.BSTR.ALLOC use_after_free
- COM.BSTR.ALLOC use_uninit
- CTOR_DTOR_LEAK none
- DELETE_ARRAY non_array_delete
- DELETE_ARRAY none
- DELETE_ARRAY object
- DELETE_ARRAY scalar
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- INCOMPATIBLE_CAST float_vs_integral
- INCOMPATIBLE_CAST none
- LOCK double_lock
- LOCK missing_unlock
- LOCK none
- MISRA C++-2008 Rule 15-3-2 none
- MISRA_CAST bitwise_op_bad_cast
- MISRA_CAST bitwise_op_no_cast
- MISRA_CAST float_complex_conversion
- MISRA_CAST float_narrowing_conversion
- MISRA_CAST float_non_constant_arg_conversion
- MISRA_CAST float_non_constant_conversion
- MISRA_CAST float_non_constant_rtn_conversion
- MISRA_CAST float_to_integer_cast
- MISRA_CAST float_to_integer_conversion
- MISRA_CAST float_widening_cast
- MISRA_CAST integer_complex_conversion
- MISRA_CAST integer_narrowing_conversion
- MISRA_CAST integer_non_constant_arg_conversion
- MISRA_CAST integer_non_constant_conversion
- MISRA_CAST integer_non_constant_rtn_conversion
- MISRA_CAST integer_signedness_changing_cast
- MISRA_CAST integer_signedness_changing_conversion
- MISRA_CAST integer_to_float_cast
- MISRA_CAST integer_to_float_conversion
- MISRA_CAST integer_widening_cast
- MISRA_CAST none
- MISSING_ASSIGN none
- MISSING_ASSIGN uncalled
- MISSING_COPY none
- MISSING_COPY uncalled
- MISSING_LOCK none
- NO_EFFECT bad_memset_fill_value
- NO_EFFECT bad_memset_truncated_fill
- NO_EFFECT bad_memset_zero_size
- NO_EFFECT incomplete_delete
- NO_EFFECT self_assign
- ORDER_REVERSAL none
- PATH_MANIPULATION none
- PW.BAD_CAST none
- PW.BRANCH_PAST_INITIALIZATION none
- PW.CONVERSION_TO_POINTER_LOSES_BITS none
- PW.RETURN_PTR_TO_LOCAL_TEMP none
- RESOURCE_LEAK exceptional_path
- RESOURCE_LEAK fds_handles
- RESOURCE_LEAK none
- RETURN_LOCAL escape_local_addr_to_fields_or_globals
- RETURN_LOCAL none
- RISKY_CRYPTO ssl_protocol
- SECURE_TEMP none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SIGN_EXTENSION none
- SLEEP none
- SQLI none
- STACK_USE none
- TAINTED_SCALAR allocation
- UNCAUGHT_EXCEPT none
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- UNINIT array_index_read
- UNINIT array_index_write
- UNINIT none
- UNINIT pointer_deref_read
- UNINIT pointer_deref_write
- UNINIT_CTOR none
- UNINIT_CTOR pointer
- URL_MANIPULATION none
- USE_AFTER_FREE deref_read_after_free
- USE_AFTER_FREE deref_write_after_free
- USE_AFTER_FREE double_close
- USE_AFTER_FREE double_free
- USE_AFTER_FREE none
- USE_AFTER_FREE use_after_close
- VIRTUAL_DTOR empty_dtor
- VIRTUAL_DTOR none
- WEAK_GUARD dns
- WEAK_GUARD dns_sensitive_op
- WEAK_GUARD http_referer
- WEAK_GUARD http_referer_sensitive_op
- WEAK_GUARD ip_address
- WEAK_GUARD ip_address_sensitive_op
- WEAK_GUARD none
- WEAK_GUARD os_login
- WEAK_GUARD os_login_sensitive_op
- WEAK_GUARD principal_name
- WEAK_GUARD principal_name_sensitive_op
- WRAPPER_ESCAPE COM_deref_read_after_free
- WRAPPER_ESCAPE COM_deref_write_after_free
- WRAPPER_ESCAPE COM_use_after_free
- WRAPPER_ESCAPE deref_read_after_free
- WRAPPER_ESCAPE deref_write_after_free
- WRAPPER_ESCAPE none
- XPATH_INJECTION none
- Y2K38_SAFETY declaration_with_small_time_t
- Y2K38_SAFETY truncation_of_time_t
|
- ALLOC_FREE_MISMATCH none
- ATOMICITY none
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK nested_memory_access
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK sensitive_data_comparison
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_execution_data_leak
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_uninitialized_use
- AUTOSAR C++14 A15-3-3 none
- BAD_FREE address
- BAD_FREE alloca
- BAD_FREE array
- BAD_FREE first_field_address
- BAD_FREE function_pointer
- BAD_FREE none
- CHAR_IO none
- CHROOT none
- CTOR_DTOR_LEAK none
- DELETE_ARRAY non_array_delete
- DELETE_ARRAY none
- DELETE_ARRAY object
- DELETE_ARRAY scalar
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- INCOMPATIBLE_CAST float_vs_integral
- INCOMPATIBLE_CAST none
- LOCK double_lock
- LOCK missing_unlock
- LOCK none
- MISRA C++-2008 Rule 15-3-2 none
- MISRA_CAST bitwise_op_bad_cast
- MISRA_CAST bitwise_op_no_cast
- MISRA_CAST float_complex_conversion
- MISRA_CAST float_narrowing_conversion
- MISRA_CAST float_non_constant_arg_conversion
- MISRA_CAST float_non_constant_conversion
- MISRA_CAST float_non_constant_rtn_conversion
- MISRA_CAST float_to_integer_cast
- MISRA_CAST float_to_integer_conversion
- MISRA_CAST float_widening_cast
- MISRA_CAST integer_complex_conversion
- MISRA_CAST integer_narrowing_conversion
- MISRA_CAST integer_non_constant_arg_conversion
- MISRA_CAST integer_non_constant_conversion
- MISRA_CAST integer_non_constant_rtn_conversion
- MISRA_CAST integer_signedness_changing_cast
- MISRA_CAST integer_signedness_changing_conversion
- MISRA_CAST integer_to_float_cast
- MISRA_CAST integer_to_float_conversion
- MISRA_CAST integer_widening_cast
- MISRA_CAST none
- MISSING_ASSIGN none
- MISSING_ASSIGN uncalled
- MISSING_COPY none
- MISSING_COPY uncalled
- MISSING_LOCK none
- NO_EFFECT bad_memset_fill_value
- NO_EFFECT bad_memset_truncated_fill
- NO_EFFECT bad_memset_zero_size
- NO_EFFECT incomplete_delete
- NO_EFFECT self_assign
- ORDER_REVERSAL none
- PATH_MANIPULATION none
- PW.BAD_CAST none
- PW.BRANCH_PAST_INITIALIZATION none
- PW.CONVERSION_TO_POINTER_LOSES_BITS none
- PW.RETURN_PTR_TO_LOCAL_TEMP none
- RESOURCE_LEAK exceptional_path
- RESOURCE_LEAK fds_handles
- RESOURCE_LEAK none
- RETURN_LOCAL escape_local_addr_to_fields_or_globals
- RETURN_LOCAL none
- RISKY_CRYPTO ssl_protocol
- SECURE_TEMP none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SIGN_EXTENSION none
- SLEEP none
- SQLI none
- STACK_USE none
- TAINTED_SCALAR allocation
- UNCAUGHT_EXCEPT none
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- UNINIT array_index_read
- UNINIT array_index_write
- UNINIT none
- UNINIT pointer_deref_read
- UNINIT pointer_deref_write
- UNINIT_CTOR none
- UNINIT_CTOR pointer
- URL_MANIPULATION none
- USE_AFTER_FREE deref_read_after_free
- USE_AFTER_FREE deref_write_after_free
- USE_AFTER_FREE double_close
- USE_AFTER_FREE double_free
- USE_AFTER_FREE none
- USE_AFTER_FREE use_after_close
- VIRTUAL_DTOR empty_dtor
- VIRTUAL_DTOR none
- WEAK_GUARD dns
- WEAK_GUARD dns_sensitive_op
- WEAK_GUARD http_referer
- WEAK_GUARD http_referer_sensitive_op
- WEAK_GUARD ip_address
- WEAK_GUARD ip_address_sensitive_op
- WEAK_GUARD none
- WEAK_GUARD os_login
- WEAK_GUARD os_login_sensitive_op
- WEAK_GUARD principal_name
- WEAK_GUARD principal_name_sensitive_op
- WRAPPER_ESCAPE COM_deref_read_after_free
- WRAPPER_ESCAPE COM_deref_write_after_free
- WRAPPER_ESCAPE COM_use_after_free
- WRAPPER_ESCAPE deref_read_after_free
- WRAPPER_ESCAPE deref_write_after_free
- WRAPPER_ESCAPE none
- XPATH_INJECTION none
|
- ATOMICITY none
- DISTRUSTED_DATA_DESERIALIZATION none
- GUARDED_BY_VIOLATION none
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- INSUFFICIENT_LOGGING logging_obligation
- LOCK double_lock
- LOCK missing_unlock
- LOCK none
- LOCK_INVERSION none
- NOSQL_QUERY_INJECTION none
- OPEN_REDIRECT none
- PATH_MANIPULATION none
- RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SLEEP none
- SQLI none
- SQLI nosink
- SQLI sink
- TEMPLATE_INJECTION none
- URL_MANIPULATION none
- XML_EXTERNAL_ENTITY entity_expansion
- XML_EXTERNAL_ENTITY external_entities
|
- ANDROID_CAPABILITY_LEAK none
- ANDROID_DEBUG_MODE none
- ANDROID_WEBVIEW_FILEACCESS android_webview_file_access
- ATOMICITY none
- BAD_CERT_VERIFICATION bad_hostname_verifier
- BAD_CERT_VERIFICATION bad_revocation_check
- BAD_CERT_VERIFICATION bad_ssl_session
- BAD_CERT_VERIFICATION bad_trust_manager
- BAD_LOCK_OBJECT boxed_lock
- BAD_LOCK_OBJECT interned_string_lock
- BAD_LOCK_OBJECT none
- BAD_LOCK_OBJECT single_thread_lock
- BAD_LOCK_OBJECT unsafe_assign_to_locked_field
- CALL_SUPER clone
- CALL_SUPER finalize
- CONFIG.ANDROID_BACKUPS_ALLOWED android
- CONFIG.DWR_DEBUG_MODE none
- CONFIG.DYNAMIC_DATA_HTML_COMMENT none
- CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
- CONFIG.JAVAEE_MISSING_HTTPONLY none
- CONFIG.JAVAEE_MISSING_SERVLET_MAPPING javaee
- CONFIG.MISSING_JSF2_SECURITY_CONSTRAINT none
- CONFIG.MYBATIS_MAPPER_SQLI none
- CONFIG.SPRING_BOOT_SENSITIVE_LOGGING spring_boot_logging
- CONFIG.SPRING_BOOT_SSL_DISABLED spring_boot_certificate_validation_skipped
- CONFIG.SPRING_BOOT_SSL_DISABLED spring_boot_ssl_disabled
- CONFIG.SPRING_SECURITY_DEBUG_MODE spring_debug_mode_enabled
- CONFIG.SPRING_SECURITY_DISABLE_AUTH_TAGS none
- CONFIG.SPRING_SECURITY_EXPOSED_SESSIONID session_id_in_url
- CONFIG.SPRING_SECURITY_HARDCODED_CREDENTIALS none
- CONFIG.SPRING_SECURITY_LOGIN_OVER_HTTP spring_security_login_over_http
- CONFIG.SPRING_SECURITY_REMEMBER_ME_HARDCODED_KEY none
- CONFIG.SPRING_SECURITY_SESSION_FIXATION none
- CONFIG.SPRING_SECURITY_SESSION_FIXATION spring_security_source_code
- CONFIG.SPRING_SECURITY_UNSAFE_AUTHENTICATION_FILTER authentication_filter
- CONFIG.SPRING_SECURITY_WEAK_PASSWORD_HASH weak_encoding_for_password
- CONFIG.STRUTS2_CONFIG_BROWSER_PLUGIN none
- CONFIG.STRUTS2_DYNAMIC_METHOD_INVOCATION none
- CONFIG.STRUTS2_ENABLED_DEV_MODE none
- CONFIG.UNSAFE_SESSION_TIMEOUT none
- CORS_MISCONFIGURATION cors_with_credentials_http_origin
- CORS_MISCONFIGURATION cors_with_credentials_null_origin
- CORS_MISCONFIGURATION_AUDIT cors_expose_sensitive_header
- CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
- CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
- DC.DEADLOCK none
- DISABLED_ENCRYPTION text_encryptor
- EXPOSED_PREFERENCES none
- FB.BX_BOXING_IMMEDIATELY_UNBOXED_TO_PERFORM_COERCION none
- FB.CN_IDIOM none
- FB.CN_IDIOM_NO_SUPER_CALL none
- FB.CN_IMPLEMENTS_CLONE_BUT_NOT_CLONEABLE none
- FB.DC_DOUBLECHECK none
- FB.DC_PARTIALLY_CONSTRUCTED none
- FB.DMI_CONSTANT_DB_PASSWORD none
- FB.DMI_EMPTY_DB_PASSWORD none
- FB.EI_EXPOSE_REP none
- FB.EI_EXPOSE_REP2 none
- FB.FI_PUBLIC_SHOULD_BE_PROTECTED none
- FB.ICAST_BAD_SHIFT_AMOUNT none
- FB.ICAST_IDIV_CAST_TO_DOUBLE none
- FB.ICAST_INTEGER_MULTIPLY_CAST_TO_LONG none
- FB.ICAST_INT_2_LONG_AS_INSTANT none
- FB.ICAST_INT_CAST_TO_DOUBLE_PASSED_TO_CEIL none
- FB.ICAST_INT_CAST_TO_FLOAT_PASSED_TO_ROUND none
- FB.ICAST_QUESTIONABLE_UNSIGNED_RIGHT_SHIFT none
- FB.IL_INFINITE_RECURSIVE_LOOP none
- FB.LI_LAZY_INIT_STATIC none
- FB.LI_LAZY_INIT_UPDATE_STATIC none
- FB.MS_CANNOT_BE_FINAL none
- FB.PT_ABSOLUTE_PATH_TRAVERSAL none
- FB.PT_RELATIVE_PATH_TRAVERSAL none
- FB.REC_CATCH_EXCEPTION none
- FB.RU_INVOKE_RUN none
- GUARDED_BY_VIOLATION none
- GUARDED_BY_VIOLATION unlocked_read
- GUARDED_BY_VIOLATION unlocked_write
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HEADER_INJECTION none
- IMPLICIT_INTENT none
- INSECURE_COMMUNICATION insecure_communication
- INSECURE_COMMUNICATION none
- INSECURE_COMMUNICATION unencrypted_connection
- INSECURE_REMEMBER_ME_COOKIE remember_me_cookie
- JAVA_CODE_INJECTION none
- JCR_INJECTION none
- JSP_DYNAMIC_INCLUDE none
- JSP_SQL_INJECTION none
- LOCK_EVASION none
- LOCK_INVERSION none
- MISSING_AUTHZ none
- MISSING_PERMISSION_FOR_BROADCAST none
- MISSING_PERMISSION_ON_EXPORTED_COMPONENT none
- NON_STATIC_GUARDING_STATIC none
- NOSQL_QUERY_INJECTION none
- OGNL_INJECTION none
- OPEN_REDIRECT none
- PATH_MANIPULATION none
- REGEX_INJECTION none
- RESOURCE_LEAK exceptional_path
- RESOURCE_LEAK none
- RESOURCE_LEAK socket
- RESOURCE_LEAK stream
- RISKY_CRYPTO ssl_protocol
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_clipboard
- SENSITIVE_DATA_LEAK cleartext_storage_in_content_provider
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_intent
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SERVLET_ATOMICITY attribute_init_race
- SERVLET_ATOMICITY none
- SERVLET_ATOMICITY violation_on_session_object
- SESSION_FIXATION none
- SINGLETON_RACE none
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
- TRUST_BOUNDARY_VIOLATION none
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- UNKNOWN_LANGUAGE_INJECTION none
- UNLIMITED_CONCURRENT_SESSIONS unlimited_concurrent_sessions
- UNLOGGED_SECURITY_EXCEPTION unlogged_security_exception
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_access
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_read
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_write
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_access
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_read
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_write
- UNRESTRICTED_DISPATCH none
- UNSAFE_DESERIALIZATION none
- UNSAFE_JNI none
- UNSAFE_NAMED_QUERY none
- UNSAFE_REFLECTION none
- URL_MANIPULATION bad_content_uri
- URL_MANIPULATION bad_intent_uri
- URL_MANIPULATION bad_web_uri
- USE_AFTER_FREE none
- VERBOSE_ERROR_REPORTING exception_information
- VERBOSE_ERROR_REPORTING stack_trace
- WEAK_GUARD dns
- WEAK_GUARD dns_sensitive_op
- WEAK_GUARD http_referer
- WEAK_GUARD http_referer_sensitive_op
- WEAK_GUARD ip_address
- WEAK_GUARD ip_address_sensitive_op
- WEAK_GUARD none
- WEAK_GUARD os_login
- WEAK_GUARD os_login_sensitive_op
- WEAK_GUARD principal_name
- WEAK_GUARD principal_name_sensitive_op
- XML_EXTERNAL_ENTITY entity_expansion
- XML_EXTERNAL_ENTITY external_entities
- XML_EXTERNAL_ENTITY unrestricted_dtds
- XPATH_INJECTION none
|
- ANGULAR_EXPRESSION_INJECTION none
- AWS_SSL_DISABLED aws_ssl_disabled
- AWS_VALIDATION_DISABLED aws_credentials_validation
- AWS_VALIDATION_DISABLED aws_parameters_validation
- BAD_CERT_VERIFICATION bad_cert_verification
- BAD_CERT_VERIFICATION certificate_validation_disabled
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_fields
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_filesize
- CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
- CONFIG.CORDOVA_EXCESSIVE_LOGGING cordova
- CONFIG.ENABLED_DEBUG_MODE debug_mode_enabled
- CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
- CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
- CONFIG.JSONWEBTOKEN_NON_EXPIRING_TOKEN jwt_non_expiring_token
- CONFIG.MYSQL_SSL_VERIFY_DISABLED mysql_ssl_verify_disabled
- CONFIG.REQUEST_STRICTSSL_DISABLED request_strictssl_disabled
- CONFIG.SEQUELIZE_ENABLED_LOGGING sequelize_logging_enabled
- CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
- CONFIG.SOCKETIO_MAXHTTPBUFFERSIZE_SET_TOO_LARGE socketio_max_buffer_size
- CONFIG.SOCKETIO_ORIGINS_ACCEPT_ALL socketio_all_origins
- CONFIG.UNSAFE_SESSION_TIMEOUT client_sessions_unsafe_session_timeout
- CONFIG.UNSAFE_SESSION_TIMEOUT connect_mongo_session_timeout_too_long
- CONFIG.UNSAFE_SESSION_TIMEOUT connect_redis_session_timeout_too_long
- CONFIG.UNSAFE_SESSION_TIMEOUT google_cloud_connect_datastore_unsafe_session_timeout
- CONFIG.VUE_ROUTER_PARAMS_EXPOSED_TO_PROPS vuerouter_exposed_params
- CORS_MISCONFIGURATION cors_configured_globally
- CORS_MISCONFIGURATION cors_origin_string
- CORS_MISCONFIGURATION cors_with_credentials_all_origin
- CORS_MISCONFIGURATION cors_with_credentials_http_origin
- CORS_MISCONFIGURATION cors_with_credentials_null_origin
- CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
- CORS_MISCONFIGURATION_AUDIT cors_expose_sensitive_header
- CORS_MISCONFIGURATION_AUDIT cors_headers_allowed
- CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
- CORS_MISCONFIGURATION_AUDIT cors_origin_string
- CORS_MISCONFIGURATION_AUDIT cors_preflight_age_too_long
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_all_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_http_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_null_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
- DNS_PREFETCHING helmet_dns_prefetching
- EXPRESS_SESSION_UNSAFE_MEMORYSTORE express_session_unsafe_memorystore
- EXPRESS_WINSTON_SENSITIVE_LOGGING error_logger
- EXPRESS_WINSTON_SENSITIVE_LOGGING meta_data
- EXPRESS_WINSTON_SENSITIVE_LOGGING request_logger
- EXPRESS_X_POWERED_BY_ENABLED x_powered_by_http_header
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_fields
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_filesize
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_use_temp_files
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_max_age
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_report_uri
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_set_if
- INSECURE_ACL insecure_acl
- INSECURE_COMMUNICATION insecure_connection
- INSECURE_COOKIE client_sessions_express_session
- INSECURE_COOKIE hapi_server_session
- INSECURE_REFERRER_POLICY insecure_referrer_policy
- INSUFFICIENT_LOGGING logging_obligation
- INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_aws
- INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_google
- JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_exipration
- JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_not_before
- LOCALSTORAGE_WRITE none
- MISSING_AUTHZ none
- MISSING_IFRAME_SANDBOX none
- MULTER_MISCONFIGURATION multer_applied_globally
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_count
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
- MULTER_MISCONFIGURATION multer_misconfiguration_of_limits
- MULTER_MISCONFIGURATION multer_misconfiguration_of_storage
- NOSQL_QUERY_INJECTION none
- NO_EFFECT self_assign
- OPEN_REDIRECT none
- PATH_MANIPULATION none
- REGEX_INJECTION none
- REVERSE_TABNABBING react_target_blank
- RISKY_CRYPTO ssl_protocol
- SA.RISKY_CRYPTO ssl_protocol
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- TEMPLATE_INJECTION none
- TEMPORARY_CREDENTIALS_DURATION temporary_credentials_duration
- UNCHECKED_ORIGIN none
- UNLESS_CASE_SENSITIVE_ROUTE_MATCHING express_unless_case_sensitive_route_matching
- UNRESTRICTED_MESSAGE_TARGET none
- UNSAFE_BUFFER_METHOD unsafe_buffer_method
- UNSAFE_DESERIALIZATION none
- URL_MANIPULATION none
- WEAK_URL_SANITIZATION hostname_regular_expression
- WEAK_URL_SANITIZATION regular_expression_anchor
- WEAK_URL_SANITIZATION url_substring
- XML_EXTERNAL_ENTITY entity_expansion
- XML_EXTERNAL_ENTITY external_entities
|
- ANDROID_CAPABILITY_LEAK none
- ANDROID_DEBUG_MODE none
- BAD_CERT_VERIFICATION bad_hostname_verifier
- BAD_CERT_VERIFICATION bad_revocation_check
- BAD_CERT_VERIFICATION bad_ssl_session
- BAD_CERT_VERIFICATION bad_trust_manager
- CONFIG.ANDROID_BACKUPS_ALLOWED android
- EXPOSED_PREFERENCES none
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HEADER_INJECTION none
- IMPLICIT_INTENT none
- INSECURE_COMMUNICATION none
- MISSING_PERMISSION_FOR_BROADCAST none
- PATH_MANIPULATION none
- RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_clipboard
- SENSITIVE_DATA_LEAK cleartext_storage_in_content_provider
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_intent
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_access
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_read
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_write
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_access
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_read
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_write
- UNSAFE_DESERIALIZATION none
- URL_MANIPULATION bad_content_uri
- URL_MANIPULATION bad_intent_uri
- URL_MANIPULATION bad_web_uri
- XML_EXTERNAL_ENTITY entity_expansion
- XML_EXTERNAL_ENTITY external_entities
- XML_EXTERNAL_ENTITY unrestricted_dtds
|
- ALLOC_FREE_MISMATCH none
- ATOMICITY none
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK nested_memory_access
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK sensitive_data_comparison
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_execution_data_leak
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_uninitialized_use
- BAD_FREE address
- BAD_FREE alloca
- BAD_FREE array
- BAD_FREE first_field_address
- BAD_FREE function_pointer
- BAD_FREE none
- CHAR_IO none
- CHROOT none
- CTOR_DTOR_LEAK none
- DELETE_ARRAY non_array_delete
- DELETE_ARRAY none
- DELETE_ARRAY object
- DELETE_ARRAY scalar
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- INCOMPATIBLE_CAST float_vs_integral
- INCOMPATIBLE_CAST none
- LOCK double_lock
- LOCK missing_unlock
- LOCK none
- MISRA_CAST bitwise_op_bad_cast
- MISRA_CAST bitwise_op_no_cast
- MISRA_CAST float_complex_conversion
- MISRA_CAST float_narrowing_conversion
- MISRA_CAST float_non_constant_arg_conversion
- MISRA_CAST float_non_constant_conversion
- MISRA_CAST float_non_constant_rtn_conversion
- MISRA_CAST float_to_integer_cast
- MISRA_CAST float_to_integer_conversion
- MISRA_CAST float_widening_cast
- MISRA_CAST integer_complex_conversion
- MISRA_CAST integer_narrowing_conversion
- MISRA_CAST integer_non_constant_arg_conversion
- MISRA_CAST integer_non_constant_conversion
- MISRA_CAST integer_non_constant_rtn_conversion
- MISRA_CAST integer_signedness_changing_cast
- MISRA_CAST integer_signedness_changing_conversion
- MISRA_CAST integer_to_float_cast
- MISRA_CAST integer_to_float_conversion
- MISRA_CAST integer_widening_cast
- MISRA_CAST none
- MISSING_ASSIGN none
- MISSING_ASSIGN uncalled
- MISSING_COPY none
- MISSING_COPY uncalled
- MISSING_LOCK none
- NO_EFFECT bad_memset_fill_value
- NO_EFFECT bad_memset_truncated_fill
- NO_EFFECT bad_memset_zero_size
- NO_EFFECT incomplete_delete
- NO_EFFECT self_assign
- ORDER_REVERSAL none
- PATH_MANIPULATION none
- RESOURCE_LEAK exceptional_path
- RESOURCE_LEAK fds_handles
- RESOURCE_LEAK none
- RETURN_LOCAL escape_local_addr_to_fields_or_globals
- RETURN_LOCAL none
- RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SIGN_EXTENSION none
- SLEEP none
- SQLI none
- STACK_USE none
- TAINTED_SCALAR allocation
- UNCAUGHT_EXCEPT none
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- UNINIT array_index_read
- UNINIT array_index_write
- UNINIT none
- UNINIT pointer_deref_read
- UNINIT pointer_deref_write
- UNINIT_CTOR none
- UNINIT_CTOR pointer
- URL_MANIPULATION none
- USE_AFTER_FREE deref_read_after_free
- USE_AFTER_FREE deref_write_after_free
- USE_AFTER_FREE double_close
- USE_AFTER_FREE double_free
- USE_AFTER_FREE none
- USE_AFTER_FREE use_after_close
- VIRTUAL_DTOR empty_dtor
- VIRTUAL_DTOR none
- WEAK_GUARD dns
- WEAK_GUARD dns_sensitive_op
- WEAK_GUARD http_referer
- WEAK_GUARD http_referer_sensitive_op
- WEAK_GUARD ip_address
- WEAK_GUARD ip_address_sensitive_op
- WEAK_GUARD none
- WEAK_GUARD os_login
- WEAK_GUARD os_login_sensitive_op
- WEAK_GUARD principal_name
- WEAK_GUARD principal_name_sensitive_op
- WRAPPER_ESCAPE COM_deref_read_after_free
- WRAPPER_ESCAPE COM_deref_write_after_free
- WRAPPER_ESCAPE COM_use_after_free
- WRAPPER_ESCAPE deref_read_after_free
- WRAPPER_ESCAPE deref_write_after_free
- WRAPPER_ESCAPE none
- XPATH_INJECTION none
|
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HEADER_INJECTION none
- MISSING_AUTHZ none
- NOSQL_QUERY_INJECTION none
- NO_EFFECT self_assign
- OPEN_REDIRECT none
- PATH_MANIPULATION none
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- UNSAFE_DESERIALIZATION none
- UNSAFE_REFLECTION none
- XML_EXTERNAL_ENTITY external_entities
|
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- MISSING_AUTHZ none
- NOSQL_QUERY_INJECTION none
- OPEN_REDIRECT none
- PATH_MANIPULATION none
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- UNSAFE_DESERIALIZATION none
- XML_EXTERNAL_ENTITY external_entities
|
- BAD_CERT_VERIFICATION ssl_verification_bypass_hi
- COOKIE_SERIALIZER_CONFIG unsafe_cookie_serialization_med
- DYNAMIC_OBJECT_ATTRIBUTES attr_protected_used_med
- DYNAMIC_OBJECT_ATTRIBUTES cve_2013_0276_hi
- DYNAMIC_OBJECT_ATTRIBUTES dangerous_attr_accessible_hi
- DYNAMIC_OBJECT_ATTRIBUTES dangerous_attr_accessible_low
- DYNAMIC_OBJECT_ATTRIBUTES dangerous_attr_accessible_med
- DYNAMIC_OBJECT_ATTRIBUTES dangerous_permit_key_hi
- DYNAMIC_OBJECT_ATTRIBUTES dangerous_permit_key_med
- DYNAMIC_OBJECT_ATTRIBUTES mass_assign_call_hi
- DYNAMIC_OBJECT_ATTRIBUTES mass_assign_call_low
- DYNAMIC_OBJECT_ATTRIBUTES mass_assign_call_med
- DYNAMIC_OBJECT_ATTRIBUTES mass_assign_permit_all_hi
- DYNAMIC_OBJECT_ATTRIBUTES mass_assign_permit_all_med
- DYNAMIC_OBJECT_ATTRIBUTES mass_assign_without_protection_hi
- DYNAMIC_OBJECT_ATTRIBUTES mass_assign_without_protection_med
- DYNAMIC_OBJECT_ATTRIBUTES no_attr_accessible_hi
- HARDCODED_CREDENTIALS secret_in_source_med
- INSECURE_COOKIE missing_httponly_low
- INSECURE_DIRECT_OBJECT_REFERENCE unscoped_find_low
- NO_EFFECT self_assign
- OPEN_REDIRECT open_redirect_hi
- OPEN_REDIRECT open_redirect_low
- PATH_MANIPULATION dynamic_render_path_hi
- PATH_MANIPULATION dynamic_render_path_low
- PATH_MANIPULATION dynamic_render_path_med
- PATH_MANIPULATION dynamic_render_path_rce_hi
- PATH_MANIPULATION file_access_hi
- PATH_MANIPULATION file_access_low
- PATH_MANIPULATION file_access_med
- RAILS_DEFAULT_ROUTES all_default_routes_hi
- RAILS_DEFAULT_ROUTES controller_default_routes_med
- RAILS_DEFAULT_ROUTES cve_2014_0130_hi
- RAILS_DEFAULT_ROUTES cve_2014_0130_med
- RAILS_DEVISE_CONFIG devise_lock_strategy_low
- RAILS_DEVISE_CONFIG devise_password_length_max_low
- RAILS_DEVISE_CONFIG devise_password_length_max_med
- RAILS_DEVISE_CONFIG devise_password_length_min_low
- RAILS_DEVISE_CONFIG devise_password_length_min_med
- RAILS_DEVISE_CONFIG devise_reset_timeout_hi
- RAILS_MISSING_FILTER_ACTION missing_action_filter_low
- REGEX_INJECTION regex_dos_hi
- REGEX_INJECTION regex_dos_low
- REGEX_INJECTION regex_dos_med
- RESOURCE_LEAK unsafe_symbol_creation_low
- REVERSE_TABNABBING reverse_tabnabbing_low
- RUBY_VULNERABLE_LIBRARY cve_2011_2929_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_3424_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_3424_low
- RUBY_VULNERABLE_LIBRARY cve_2013_0156_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_0269_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_0269_low
- RUBY_VULNERABLE_LIBRARY cve_2013_0269_med
- RUBY_VULNERABLE_LIBRARY cve_2013_0277_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_0277_med
- RUBY_VULNERABLE_LIBRARY cve_2013_0333_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_1854_med
- RUBY_VULNERABLE_LIBRARY cve_2013_6414_med
- RUBY_VULNERABLE_LIBRARY cve_2014_0082_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_7829_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_3227_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7576_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_7581_med
- RUBY_VULNERABLE_LIBRARY cve_2016_0751_med
- RUBY_VULNERABLE_LIBRARY cve_2018_3760_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_3760_low
- SCRIPT_CODE_INJECTION code_eval_hi
- SCRIPT_CODE_INJECTION code_eval_low
- SENSITIVE_DATA_LEAK detailed_exceptions_hi
- SENSITIVE_DATA_LEAK detailed_exceptions_med
- SENSITIVE_DATA_LEAK local_request_config_hi
- SESSION_MANIPULATION session_key_manipulation_hi
- SESSION_MANIPULATION session_key_manipulation_med
- SQLI sql_injection_dynamic_finder_med
- STRICT_TRANSPORT_SECURITY force_ssl_disabled_med
- UNSAFE_BASIC_AUTH basic_auth_password_hi
- UNSAFE_BASIC_AUTH basic_auth_timing_attack_low
- UNSAFE_BASIC_AUTH basic_auth_usage_low
- UNSAFE_DESERIALIZATION unsafe_deserialize_hi
- UNSAFE_DESERIALIZATION unsafe_deserialize_med
- UNSAFE_REFLECTION dangerous_send_hi
- UNSAFE_REFLECTION unsafe_constantize_hi
- UNSAFE_REFLECTION unsafe_constantize_med
- UNSAFE_SESSION_SETTING http_cookies_hi
- UNSAFE_SESSION_SETTING session_secret_hi
|
|
- BAD_CERT_VERIFICATION bad_trust_manager
- BAD_CERT_VERIFICATION none
- CONFIG.ATS_INSECURE none
- CUSTOM_KEYBOARD_DATA_LEAK none
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- INSECURE_COMMUNICATION none
- INSECURE_MULTIPEER_CONNECTION none
- PATH_MANIPULATION none
- REGEX_INJECTION none
- RISKY_CRYPTO ssl_protocol
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- WEAK_BIOMETRIC_AUTH none
- XML_EXTERNAL_ENTITY external_entities
- XPATH_INJECTION none
|
- ANGULAR_EXPRESSION_INJECTION none
- AWS_SSL_DISABLED aws_ssl_disabled
- AWS_VALIDATION_DISABLED aws_credentials_validation
- AWS_VALIDATION_DISABLED aws_parameters_validation
- BAD_CERT_VERIFICATION bad_cert_verification
- BAD_CERT_VERIFICATION certificate_validation_disabled
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_fields
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_filesize
- CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
- CONFIG.CORDOVA_EXCESSIVE_LOGGING cordova
- CONFIG.ENABLED_DEBUG_MODE debug_mode_enabled
- CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
- CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
- CONFIG.JSONWEBTOKEN_NON_EXPIRING_TOKEN jwt_non_expiring_token
- CONFIG.MYSQL_SSL_VERIFY_DISABLED mysql_ssl_verify_disabled
- CONFIG.REQUEST_STRICTSSL_DISABLED request_strictssl_disabled
- CONFIG.SEQUELIZE_ENABLED_LOGGING sequelize_logging_enabled
- CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
- CONFIG.SOCKETIO_MAXHTTPBUFFERSIZE_SET_TOO_LARGE socketio_max_buffer_size
- CONFIG.SOCKETIO_ORIGINS_ACCEPT_ALL socketio_all_origins
- CONFIG.UNSAFE_SESSION_TIMEOUT client_sessions_unsafe_session_timeout
- CONFIG.UNSAFE_SESSION_TIMEOUT connect_mongo_session_timeout_too_long
- CONFIG.UNSAFE_SESSION_TIMEOUT connect_redis_session_timeout_too_long
- CONFIG.UNSAFE_SESSION_TIMEOUT google_cloud_connect_datastore_unsafe_session_timeout
- CONFIG.VUE_ROUTER_PARAMS_EXPOSED_TO_PROPS vuerouter_exposed_params
- CORS_MISCONFIGURATION cors_configured_globally
- CORS_MISCONFIGURATION cors_origin_string
- CORS_MISCONFIGURATION cors_with_credentials_all_origin
- CORS_MISCONFIGURATION cors_with_credentials_http_origin
- CORS_MISCONFIGURATION cors_with_credentials_null_origin
- CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
- CORS_MISCONFIGURATION_AUDIT cors_expose_sensitive_header
- CORS_MISCONFIGURATION_AUDIT cors_headers_allowed
- CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
- CORS_MISCONFIGURATION_AUDIT cors_origin_string
- CORS_MISCONFIGURATION_AUDIT cors_preflight_age_too_long
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_all_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_http_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_null_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
- DNS_PREFETCHING helmet_dns_prefetching
- EXPRESS_SESSION_UNSAFE_MEMORYSTORE express_session_unsafe_memorystore
- EXPRESS_WINSTON_SENSITIVE_LOGGING error_logger
- EXPRESS_WINSTON_SENSITIVE_LOGGING meta_data
- EXPRESS_WINSTON_SENSITIVE_LOGGING request_logger
- EXPRESS_X_POWERED_BY_ENABLED x_powered_by_http_header
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_fields
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_filesize
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_use_temp_files
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_max_age
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_report_uri
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_set_if
- INSECURE_ACL insecure_acl
- INSECURE_COMMUNICATION insecure_connection
- INSECURE_COOKIE client_sessions_express_session
- INSECURE_COOKIE hapi_server_session
- INSECURE_REFERRER_POLICY insecure_referrer_policy
- INSUFFICIENT_LOGGING logging_obligation
- INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_aws
- INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_google
- JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_exipration
- JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_not_before
- LOCALSTORAGE_WRITE none
- MISSING_AUTHZ none
- MISSING_IFRAME_SANDBOX none
- MULTER_MISCONFIGURATION multer_applied_globally
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_count
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
- MULTER_MISCONFIGURATION multer_misconfiguration_of_limits
- MULTER_MISCONFIGURATION multer_misconfiguration_of_storage
- NOSQL_QUERY_INJECTION none
- NO_EFFECT self_assign
- OPEN_REDIRECT none
- PATH_MANIPULATION none
- REGEX_INJECTION none
- REVERSE_TABNABBING react_target_blank
- RISKY_CRYPTO ssl_protocol
- SA.RISKY_CRYPTO ssl_protocol
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- TEMPLATE_INJECTION none
- TEMPORARY_CREDENTIALS_DURATION temporary_credentials_duration
- UNCHECKED_ORIGIN none
- UNLESS_CASE_SENSITIVE_ROUTE_MATCHING express_unless_case_sensitive_route_matching
- UNRESTRICTED_MESSAGE_TARGET none
- UNSAFE_BUFFER_METHOD unsafe_buffer_method
- UNSAFE_DESERIALIZATION none
- URL_MANIPULATION none
- WEAK_URL_SANITIZATION hostname_regular_expression
- WEAK_URL_SANITIZATION regular_expression_anchor
- WEAK_URL_SANITIZATION url_substring
- XML_EXTERNAL_ENTITY entity_expansion
- XML_EXTERNAL_ENTITY external_entities
|
- ASPNET_MVC_VERSION_HEADER none
- CONFIG.DYNAMIC_DATA_HTML_COMMENT none
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HEADER_INJECTION none
- LOCK_EVASION none
- MISSING_AUTHZ none
- OPEN_REDIRECT none
- PATH_MANIPULATION none
- REGEX_INJECTION none
- RESOURCE_LEAK channel
- RESOURCE_LEAK database
- RESOURCE_LEAK exceptional_path
- RESOURCE_LEAK none
- RESOURCE_LEAK socket
- RESOURCE_LEAK stream
- RISKY_CRYPTO ssl_protocol
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
- UNLOGGED_SECURITY_EXCEPTION unlogged_security_exception
- UNRESTRICTED_DISPATCH none
- UNSAFE_DESERIALIZATION none
- UNSAFE_NAMED_QUERY none
- XML_EXTERNAL_ENTITY entity_expansion
- XML_EXTERNAL_ENTITY external_entities
- XML_EXTERNAL_ENTITY unrestricted_dtds
- XPATH_INJECTION none
|
| 893 SFP Primary Cluster: Path Resolution |
- HEADER_INJECTION none
- OPEN_REDIRECT none
- PATH_MANIPULATION none
- UNRESTRICTED_DISPATCH none
- UNSAFE_NAMED_QUERY none
- XML_EXTERNAL_ENTITY external_entities
- XML_EXTERNAL_ENTITY unrestricted_dtds
|
- CHROOT none
- PATH_MANIPULATION none
- URL_MANIPULATION none
|
- CHROOT none
- PATH_MANIPULATION none
- URL_MANIPULATION none
|
- OPEN_REDIRECT none
- PATH_MANIPULATION none
- URL_MANIPULATION none
- XML_EXTERNAL_ENTITY external_entities
|
- FB.PT_ABSOLUTE_PATH_TRAVERSAL none
- FB.PT_RELATIVE_PATH_TRAVERSAL none
- HEADER_INJECTION none
- JSP_DYNAMIC_INCLUDE none
- OPEN_REDIRECT none
- PATH_MANIPULATION none
- UNRESTRICTED_DISPATCH none
- UNSAFE_JNI none
- UNSAFE_NAMED_QUERY none
- UNSAFE_REFLECTION none
- URL_MANIPULATION bad_content_uri
- URL_MANIPULATION bad_intent_uri
- URL_MANIPULATION bad_web_uri
- XML_EXTERNAL_ENTITY external_entities
- XML_EXTERNAL_ENTITY unrestricted_dtds
|
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
- OPEN_REDIRECT none
- PATH_MANIPULATION none
- REVERSE_TABNABBING react_target_blank
- URL_MANIPULATION none
- XML_EXTERNAL_ENTITY external_entities
|
- HEADER_INJECTION none
- PATH_MANIPULATION none
- URL_MANIPULATION bad_content_uri
- URL_MANIPULATION bad_intent_uri
- URL_MANIPULATION bad_web_uri
- XML_EXTERNAL_ENTITY external_entities
- XML_EXTERNAL_ENTITY unrestricted_dtds
|
- CHROOT none
- PATH_MANIPULATION none
- URL_MANIPULATION none
|
- HEADER_INJECTION none
- OPEN_REDIRECT none
- PATH_MANIPULATION none
- UNSAFE_REFLECTION none
- XML_EXTERNAL_ENTITY external_entities
|
- OPEN_REDIRECT none
- PATH_MANIPULATION none
- XML_EXTERNAL_ENTITY external_entities
|
- OPEN_REDIRECT open_redirect_hi
- OPEN_REDIRECT open_redirect_low
- PATH_MANIPULATION dynamic_render_path_hi
- PATH_MANIPULATION dynamic_render_path_low
- PATH_MANIPULATION dynamic_render_path_med
- PATH_MANIPULATION dynamic_render_path_rce_hi
- PATH_MANIPULATION file_access_hi
- PATH_MANIPULATION file_access_low
- PATH_MANIPULATION file_access_med
- REVERSE_TABNABBING reverse_tabnabbing_low
- RUBY_VULNERABLE_LIBRARY cve_2011_2929_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_7829_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_3760_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_3760_low
- UNSAFE_REFLECTION dangerous_send_hi
- UNSAFE_REFLECTION unsafe_constantize_hi
- UNSAFE_REFLECTION unsafe_constantize_med
|
|
- PATH_MANIPULATION none
- XML_EXTERNAL_ENTITY external_entities
|
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
- OPEN_REDIRECT none
- PATH_MANIPULATION none
- REVERSE_TABNABBING react_target_blank
- URL_MANIPULATION none
- XML_EXTERNAL_ENTITY external_entities
|
- HEADER_INJECTION none
- OPEN_REDIRECT none
- PATH_MANIPULATION none
- UNRESTRICTED_DISPATCH none
- UNSAFE_NAMED_QUERY none
- XML_EXTERNAL_ENTITY external_entities
- XML_EXTERNAL_ENTITY unrestricted_dtds
|
| 894 SFP Primary Cluster: Synchronization |
- BAD_LOCK_OBJECT boxed_lock
- BAD_LOCK_OBJECT interned_string_lock
- BAD_LOCK_OBJECT none
- BAD_LOCK_OBJECT single_thread_lock
- BAD_LOCK_OBJECT unsafe_assign_to_locked_field
- GUARDED_BY_VIOLATION none
- LOCK_EVASION none
- LOCK_INVERSION none
- NON_STATIC_GUARDING_STATIC none
- VOLATILE_ATOMICITY compare
- VOLATILE_ATOMICITY none
- VOLATILE_ATOMICITY semantic
- VOLATILE_ATOMICITY threshold
|
- ATOMICITY none
- LOCK double_lock
- LOCK missing_unlock
- LOCK none
- MISSING_LOCK none
- ORDER_REVERSAL none
- SLEEP none
- TOCTOU none
|
- ATOMICITY none
- LOCK double_lock
- LOCK missing_unlock
- LOCK none
- MISSING_LOCK none
- ORDER_REVERSAL none
- SLEEP none
- TOCTOU none
|
- ATOMICITY none
- GUARDED_BY_VIOLATION none
- LOCK double_lock
- LOCK missing_unlock
- LOCK none
- LOCK_INVERSION none
- SLEEP none
|
- ATOMICITY none
- BAD_LOCK_OBJECT boxed_lock
- BAD_LOCK_OBJECT interned_string_lock
- BAD_LOCK_OBJECT none
- BAD_LOCK_OBJECT single_thread_lock
- BAD_LOCK_OBJECT unsafe_assign_to_locked_field
- CONFIG.MISSING_JSF2_SECURITY_CONSTRAINT none
- DC.DEADLOCK none
- FB.DC_DOUBLECHECK none
- FB.DC_PARTIALLY_CONSTRUCTED none
- FB.ESYNC_EMPTY_SYNC none
- FB.IS2_INCONSISTENT_SYNC none
- FB.IS_FIELD_NOT_GUARDED none
- FB.IS_INCONSISTENT_SYNC none
- FB.LI_LAZY_INIT_STATIC none
- FB.LI_LAZY_INIT_UPDATE_STATIC none
- FB.NP_SYNC_AND_NULL_CHECK_FIELD none
- FB.RU_INVOKE_RUN none
- FB.STCAL_INVOKE_ON_STATIC_CALENDAR_INSTANCE none
- FB.STCAL_INVOKE_ON_STATIC_DATE_FORMAT_INSTANCE none
- FB.STCAL_STATIC_CALENDAR_INSTANCE none
- FB.STCAL_STATIC_SIMPLE_DATE_FORMAT_INSTANCE none
- GUARDED_BY_VIOLATION none
- GUARDED_BY_VIOLATION unlocked_read
- GUARDED_BY_VIOLATION unlocked_write
- LOCK_EVASION none
- LOCK_INVERSION none
- NON_STATIC_GUARDING_STATIC none
- SERVLET_ATOMICITY attribute_init_race
- SERVLET_ATOMICITY none
- SERVLET_ATOMICITY violation_on_session_object
- SINGLETON_RACE none
- VOLATILE_ATOMICITY compare
- VOLATILE_ATOMICITY none
- VOLATILE_ATOMICITY semantic
- VOLATILE_ATOMICITY threshold
|
|
|
- ATOMICITY none
- LOCK double_lock
- LOCK missing_unlock
- LOCK none
- MISSING_LOCK none
- ORDER_REVERSAL none
- SLEEP none
- TOCTOU none
|
|
|
|
|
|
|
|
| 895 SFP Primary Cluster: Information Leak |
- ASPNET_MVC_VERSION_HEADER none
- CONFIG.ASPNET_VERSION_HEADER none
- CONFIG.CONNECTION_STRING_PASSWORD none
- CONFIG.COOKIES_MISSING_HTTPONLY none
- CONFIG.DYNAMIC_DATA_HTML_COMMENT none
- CONFIG.ENABLED_DEBUG_MODE none
- CONFIG.ENABLED_TRACE_MODE none
- CONFIG.MISSING_CUSTOM_ERROR_PAGE none
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- INSECURE_COOKIE dotnet
- LOG_INJECTION none
- PATH_MANIPULATION none
- RESOURCE_LEAK socket
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- UNRESTRICTED_DISPATCH none
- XML_EXTERNAL_ENTITY unrestricted_dtds
|
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK nested_memory_access
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK sensitive_data_comparison
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_execution_data_leak
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_uninitialized_use
- AUTOSAR C++14 A15-3-3 none
- CHROOT none
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- MISRA C++-2008 Rule 15-3-2 none
- PATH_MANIPULATION none
- SECURE_TEMP none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNCAUGHT_EXCEPT none
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
|
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK nested_memory_access
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK sensitive_data_comparison
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_execution_data_leak
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_uninitialized_use
- AUTOSAR C++14 A15-3-3 none
- CHROOT none
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- MISRA C++-2008 Rule 15-3-2 none
- PATH_MANIPULATION none
- SECURE_TEMP none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNCAUGHT_EXCEPT none
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
|
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- PATH_MANIPULATION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
|
- ANDROID_DEBUG_MODE none
- CALL_SUPER clone
- CONFIG.ANDROID_BACKUPS_ALLOWED android
- CONFIG.DWR_DEBUG_MODE none
- CONFIG.DYNAMIC_DATA_HTML_COMMENT none
- CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
- CONFIG.JAVAEE_MISSING_HTTPONLY none
- CONFIG.MISSING_GLOBAL_EXCEPTION_HANDLER none
- CONFIG.SPRING_BOOT_SENSITIVE_LOGGING spring_boot_logging
- CONFIG.SPRING_BOOT_SSL_DISABLED spring_boot_ssl_disabled
- CONFIG.SPRING_SECURITY_DEBUG_MODE spring_debug_mode_enabled
- CONFIG.SPRING_SECURITY_EXPOSED_SESSIONID session_id_in_url
- CONFIG.SPRING_SECURITY_LOGIN_OVER_HTTP spring_security_login_over_http
- CONFIG.SPRING_SECURITY_UNSAFE_AUTHENTICATION_FILTER authentication_filter
- CONFIG.STRUTS2_CONFIG_BROWSER_PLUGIN none
- CORS_MISCONFIGURATION_AUDIT cors_expose_sensitive_header
- CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
- DISABLED_ENCRYPTION text_encryptor
- EXPOSED_PREFERENCES none
- FB.CN_IDIOM none
- FB.CN_IDIOM_NO_SUPER_CALL none
- FB.CN_IMPLEMENTS_CLONE_BUT_NOT_CLONEABLE none
- FB.EI_EXPOSE_REP none
- FB.EI_EXPOSE_REP2 none
- FB.FI_PUBLIC_SHOULD_BE_PROTECTED none
- FB.MS_CANNOT_BE_FINAL none
- FB.PT_ABSOLUTE_PATH_TRAVERSAL none
- FB.PT_RELATIVE_PATH_TRAVERSAL none
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- IMPLICIT_INTENT none
- INSECURE_COMMUNICATION insecure_communication
- INSECURE_COMMUNICATION none
- INSECURE_COMMUNICATION unencrypted_connection
- INSECURE_COOKIE java
- INSECURE_REMEMBER_ME_COOKIE remember_me_cookie
- JAVA_CODE_INJECTION none
- JSP_DYNAMIC_INCLUDE none
- LOG_INJECTION none
- MISSING_PERMISSION_FOR_BROADCAST none
- PATH_MANIPULATION none
- RESOURCE_LEAK socket
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_clipboard
- SENSITIVE_DATA_LEAK cleartext_storage_in_content_provider
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_intent
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- TRUST_BOUNDARY_VIOLATION none
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_access
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_read
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_write
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_access
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_read
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_write
- UNRESTRICTED_DISPATCH none
- UNSAFE_JNI none
- VERBOSE_ERROR_REPORTING exception_information
- VERBOSE_ERROR_REPORTING stack_trace
- XML_EXTERNAL_ENTITY unrestricted_dtds
|
- AWS_SSL_DISABLED aws_ssl_disabled
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
- CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
- CONFIG.ENABLED_DEBUG_MODE debug_mode_enabled
- CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
- CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
- CONFIG.MISSING_GLOBAL_EXCEPTION_HANDLER winston_exception_handling
- CONFIG.MYSQL_SSL_VERIFY_DISABLED mysql_ssl_verify_disabled
- CONFIG.SEQUELIZE_ENABLED_LOGGING sequelize_logging_enabled
- CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
- CONFIG.VUE_ROUTER_PARAMS_EXPOSED_TO_PROPS vuerouter_exposed_params
- CORS_MISCONFIGURATION cors_configured_globally
- CORS_MISCONFIGURATION cors_origin_string
- CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
- CORS_MISCONFIGURATION_AUDIT cors_expose_sensitive_header
- CORS_MISCONFIGURATION_AUDIT cors_origin_string
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
- DNS_PREFETCHING helmet_dns_prefetching
- EXPRESS_WINSTON_SENSITIVE_LOGGING error_logger
- EXPRESS_WINSTON_SENSITIVE_LOGGING meta_data
- EXPRESS_WINSTON_SENSITIVE_LOGGING request_logger
- EXPRESS_X_POWERED_BY_ENABLED x_powered_by_http_header
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_report_uri
- INSECURE_ACL insecure_acl
- INSECURE_COMMUNICATION insecure_connection
- INSECURE_COOKIE client_sessions_express_session
- INSECURE_COOKIE hapi_server_session
- INSECURE_REFERRER_POLICY insecure_referrer_policy
- MISSING_IFRAME_SANDBOX none
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
- PATH_MANIPULATION none
- REVERSE_TABNABBING react_target_blank
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNRESTRICTED_MESSAGE_TARGET none
- UNSAFE_BUFFER_METHOD unsafe_buffer_method
|
- ANDROID_DEBUG_MODE none
- CONFIG.ANDROID_BACKUPS_ALLOWED android
- EXPOSED_PREFERENCES none
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- IMPLICIT_INTENT none
- INSECURE_COMMUNICATION none
- MISSING_PERMISSION_FOR_BROADCAST none
- PATH_MANIPULATION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_clipboard
- SENSITIVE_DATA_LEAK cleartext_storage_in_content_provider
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_intent
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_access
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_read
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_write
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_access
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_read
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_write
- XML_EXTERNAL_ENTITY unrestricted_dtds
|
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK nested_memory_access
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK sensitive_data_comparison
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_execution_data_leak
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_uninitialized_use
- CHROOT none
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- PATH_MANIPULATION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNCAUGHT_EXCEPT none
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
|
- PATH_MANIPULATION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
|
- PATH_MANIPULATION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
|
- HARDCODED_CREDENTIALS secret_in_source_med
- INSECURE_COOKIE cookie_missing_secure_flag_low
- INSECURE_COOKIE missing_httponly_low
- PATH_MANIPULATION dynamic_render_path_hi
- PATH_MANIPULATION dynamic_render_path_low
- PATH_MANIPULATION dynamic_render_path_med
- PATH_MANIPULATION dynamic_render_path_rce_hi
- PATH_MANIPULATION file_access_hi
- PATH_MANIPULATION file_access_low
- PATH_MANIPULATION file_access_med
- RUBY_VULNERABLE_LIBRARY cve_2011_2929_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_7829_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_3760_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_3760_low
- SENSITIVE_DATA_LEAK detailed_exceptions_hi
- SENSITIVE_DATA_LEAK detailed_exceptions_med
- SENSITIVE_DATA_LEAK local_request_config_hi
- SESSION_MANIPULATION session_key_manipulation_hi
- SESSION_MANIPULATION session_key_manipulation_med
- STRICT_TRANSPORT_SECURITY force_ssl_disabled_med
- UNSAFE_SESSION_SETTING http_cookies_hi
- UNSAFE_SESSION_SETTING secure_cookies_hi
|
|
- CONFIG.ATS_INSECURE none
- CUSTOM_KEYBOARD_DATA_LEAK none
- INSECURE_COMMUNICATION none
- INSECURE_MULTIPEER_CONNECTION none
- PATH_MANIPULATION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
|
- AWS_SSL_DISABLED aws_ssl_disabled
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
- CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
- CONFIG.ENABLED_DEBUG_MODE debug_mode_enabled
- CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
- CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
- CONFIG.MISSING_GLOBAL_EXCEPTION_HANDLER winston_exception_handling
- CONFIG.MYSQL_SSL_VERIFY_DISABLED mysql_ssl_verify_disabled
- CONFIG.SEQUELIZE_ENABLED_LOGGING sequelize_logging_enabled
- CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
- CONFIG.VUE_ROUTER_PARAMS_EXPOSED_TO_PROPS vuerouter_exposed_params
- CORS_MISCONFIGURATION cors_configured_globally
- CORS_MISCONFIGURATION cors_origin_string
- CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
- CORS_MISCONFIGURATION_AUDIT cors_expose_sensitive_header
- CORS_MISCONFIGURATION_AUDIT cors_origin_string
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
- DNS_PREFETCHING helmet_dns_prefetching
- EXPRESS_WINSTON_SENSITIVE_LOGGING error_logger
- EXPRESS_WINSTON_SENSITIVE_LOGGING meta_data
- EXPRESS_WINSTON_SENSITIVE_LOGGING request_logger
- EXPRESS_X_POWERED_BY_ENABLED x_powered_by_http_header
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_report_uri
- INSECURE_ACL insecure_acl
- INSECURE_COMMUNICATION insecure_connection
- INSECURE_COOKIE client_sessions_express_session
- INSECURE_COOKIE hapi_server_session
- INSECURE_REFERRER_POLICY insecure_referrer_policy
- MISSING_IFRAME_SANDBOX none
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
- PATH_MANIPULATION none
- REVERSE_TABNABBING react_target_blank
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNRESTRICTED_MESSAGE_TARGET none
- UNSAFE_BUFFER_METHOD unsafe_buffer_method
|
- ASPNET_MVC_VERSION_HEADER none
- CONFIG.DYNAMIC_DATA_HTML_COMMENT none
- CONFIG.MISSING_CUSTOM_ERROR_PAGE none
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- LOG_INJECTION none
- PATH_MANIPULATION none
- RESOURCE_LEAK socket
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNRESTRICTED_DISPATCH none
- XML_EXTERNAL_ENTITY unrestricted_dtds
|
| 896 SFP Primary Cluster: Tainted Input |
- HEADER_INJECTION none
- LDAP_INJECTION none
- LDAP_NOT_CONSTANT none
- LOG_INJECTION none
- NOSQL_QUERY_INJECTION none
- OPEN_REDIRECT none
- OS_CMD_INJECTION command_argument
- OS_CMD_INJECTION executable_file
- OS_CMD_INJECTION none
- OVERFLOW_BEFORE_WIDEN none
- PATH_MANIPULATION none
- REGEX_INJECTION none
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
- UNKNOWN_LANGUAGE_INJECTION none
- UNRESTRICTED_DISPATCH none
- UNSAFE_DESERIALIZATION none
- UNSAFE_NAMED_QUERY none
- XML_EXTERNAL_ENTITY external_entities
- XML_EXTERNAL_ENTITY unrestricted_dtds
- XML_INJECTION none
- XPATH_INJECTION none
- XSS none
- XSS stored_xss
|
- ARRAY_VS_SINGLETON none
- BAD_ALLOC_ARITHMETIC none
- BUFFER_SIZE fixed_size_dest
- BUFFER_SIZE likely_overflow
- BUFFER_SIZE no_null_terminator
- BUFFER_SIZE no_null_terminator_warn
- BUFFER_SIZE none
- BUFFER_SIZE overflow
- BUFFER_SIZE overlapping_buffer
- COM.BAD_FREE none
- COM.BSTR.ALLOC double_free
- COM.BSTR.ALLOC free_uninit
- COM.BSTR.ALLOC none
- COM.BSTR.ALLOC use_after_free
- COM.BSTR.ALLOC use_uninit
- COM.BSTR.CONV none
- FORMAT_STRING_INJECTION none
- FORMAT_STRING_INJECTION paranoid
- HEADER_INJECTION none
- INCOMPATIBLE_CAST overrun
- INTEGER_OVERFLOW array_index_read
- INTEGER_OVERFLOW array_index_write
- INTEGER_OVERFLOW const_overflow
- INTEGER_OVERFLOW critical_argument
- INTEGER_OVERFLOW none
- INTEGER_OVERFLOW pointer_deref_read
- INTEGER_OVERFLOW pointer_deref_write
- INTEGER_OVERFLOW return_value_error
- INVALIDATE_ITERATOR none
- MISMATCHED_ITERATOR none
- MISMATCHED_ITERATOR splice_iterator_mismatch
- MISSING_ASSIGN none
- MISSING_ASSIGN uncalled
- MISSING_COPY none
- MISSING_COPY uncalled
- NEGATIVE_RETURNS array_index_read
- NEGATIVE_RETURNS array_index_write
- NEGATIVE_RETURNS critical_argument
- NEGATIVE_RETURNS loop_bound
- OS_CMD_INJECTION none
- OVERFLOW_BEFORE_WIDEN none
- OVERRUN illegal_address
- OVERRUN none
- OVERRUN read
- OVERRUN strlen
- OVERRUN write
- PATH_MANIPULATION none
- PW.INTEGER_OVERFLOW none
- PW.INTEGER_TOO_LARGE none
- PW.NON_CONST_PRINTF_FORMAT_STRING none
- PW.SHIFT_COUNT_TOO_LARGE none
- READLINK none
- REVERSE_NEGATIVE array_index_read
- REVERSE_NEGATIVE array_index_write
- REVERSE_NEGATIVE critical_argument
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SIZECHECK likely_overflow
- SIZECHECK no_null_terminator
- SQLI none
- STRING_NULL none
- STRING_OVERFLOW fixed_size_dest
- STRING_OVERFLOW likely_overflow
- STRING_OVERFLOW none
- STRING_SIZE none
- TAINTED_SCALAR allocation
- TAINTED_SCALAR array_index_read
- TAINTED_SCALAR array_index_write
- TAINTED_SCALAR critical_argument
- TAINTED_SCALAR divisor
- TAINTED_SCALAR loop_bound
- TAINTED_SCALAR none
- TAINTED_SCALAR pointer_deref_read
- TAINTED_SCALAR pointer_deref_write
- TAINTED_STRING none
- URL_MANIPULATION none
- USER_POINTER none
- USE_AFTER_FREE deref_read_after_free
- USE_AFTER_FREE deref_write_after_free
- USE_AFTER_FREE double_free
- USE_AFTER_FREE none
- WEAK_GUARD ip_address
- WEAK_GUARD ip_address_sensitive_op
- WRAPPER_ESCAPE COM_deref_read_after_free
- WRAPPER_ESCAPE COM_deref_write_after_free
- WRAPPER_ESCAPE COM_use_after_free
- WRAPPER_ESCAPE deref_read_after_free
- WRAPPER_ESCAPE deref_write_after_free
- WRAPPER_ESCAPE none
- XPATH_INJECTION none
|
- ARRAY_VS_SINGLETON none
- BAD_ALLOC_ARITHMETIC none
- BUFFER_SIZE fixed_size_dest
- BUFFER_SIZE likely_overflow
- BUFFER_SIZE no_null_terminator
- BUFFER_SIZE no_null_terminator_warn
- BUFFER_SIZE none
- BUFFER_SIZE overflow
- BUFFER_SIZE overlapping_buffer
- FORMAT_STRING_INJECTION none
- FORMAT_STRING_INJECTION paranoid
- HEADER_INJECTION none
- INCOMPATIBLE_CAST overrun
- INTEGER_OVERFLOW array_index_read
- INTEGER_OVERFLOW array_index_write
- INTEGER_OVERFLOW const_overflow
- INTEGER_OVERFLOW critical_argument
- INTEGER_OVERFLOW none
- INTEGER_OVERFLOW pointer_deref_read
- INTEGER_OVERFLOW pointer_deref_write
- INTEGER_OVERFLOW return_value_error
- INVALIDATE_ITERATOR none
- MISMATCHED_ITERATOR none
- MISMATCHED_ITERATOR splice_iterator_mismatch
- MISSING_ASSIGN none
- MISSING_ASSIGN uncalled
- MISSING_COPY none
- MISSING_COPY uncalled
- NEGATIVE_RETURNS array_index_read
- NEGATIVE_RETURNS array_index_write
- NEGATIVE_RETURNS critical_argument
- NEGATIVE_RETURNS loop_bound
- OS_CMD_INJECTION none
- OVERFLOW_BEFORE_WIDEN none
- OVERRUN illegal_address
- OVERRUN none
- OVERRUN read
- OVERRUN strlen
- OVERRUN write
- PATH_MANIPULATION none
- PW.INTEGER_OVERFLOW none
- PW.INTEGER_TOO_LARGE none
- PW.NON_CONST_PRINTF_FORMAT_STRING none
- PW.SHIFT_COUNT_TOO_LARGE none
- READLINK none
- REVERSE_NEGATIVE array_index_read
- REVERSE_NEGATIVE array_index_write
- REVERSE_NEGATIVE critical_argument
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SIZECHECK likely_overflow
- SIZECHECK no_null_terminator
- SQLI none
- STRING_NULL none
- STRING_OVERFLOW fixed_size_dest
- STRING_OVERFLOW likely_overflow
- STRING_OVERFLOW none
- STRING_SIZE none
- TAINTED_SCALAR allocation
- TAINTED_SCALAR array_index_read
- TAINTED_SCALAR array_index_write
- TAINTED_SCALAR critical_argument
- TAINTED_SCALAR divisor
- TAINTED_SCALAR loop_bound
- TAINTED_SCALAR none
- TAINTED_SCALAR pointer_deref_read
- TAINTED_SCALAR pointer_deref_write
- TAINTED_STRING none
- URL_MANIPULATION none
- USER_POINTER none
- USE_AFTER_FREE deref_read_after_free
- USE_AFTER_FREE deref_write_after_free
- USE_AFTER_FREE double_free
- USE_AFTER_FREE none
- WEAK_GUARD ip_address
- WEAK_GUARD ip_address_sensitive_op
- WRAPPER_ESCAPE COM_deref_read_after_free
- WRAPPER_ESCAPE COM_deref_write_after_free
- WRAPPER_ESCAPE COM_use_after_free
- WRAPPER_ESCAPE deref_read_after_free
- WRAPPER_ESCAPE deref_write_after_free
- WRAPPER_ESCAPE none
- XPATH_INJECTION none
|
- DISTRUSTED_DATA_DESERIALIZATION none
- HEADER_INJECTION none
- NOSQL_QUERY_INJECTION none
- OPEN_REDIRECT none
- OS_CMD_INJECTION command_as_one_string
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SQLI none
- SQLI nosink
- SQLI sink
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
- TEMPLATE_INJECTION none
- URL_MANIPULATION none
- XML_EXTERNAL_ENTITY external_entities
- XSS none
|
- CONFIG.MYBATIS_MAPPER_SQLI none
- CONFIG.SPRING_SECURITY_DEPRECATED_XSS_HEADER deprecated_xss_header
- CONFIG.STRUTS2_CONFIG_BROWSER_PLUGIN none
- CONFIG.STRUTS2_DYNAMIC_METHOD_INVOCATION none
- CONFIG.STRUTS2_ENABLED_DEV_MODE none
- CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
- EL_INJECTION none
- FB.HRS_REQUEST_PARAMETER_TO_COOKIE none
- FB.HRS_REQUEST_PARAMETER_TO_HTTP_HEADER none
- FB.PT_ABSOLUTE_PATH_TRAVERSAL none
- FB.PT_RELATIVE_PATH_TRAVERSAL none
- FB.RE_BAD_SYNTAX_FOR_REGULAR_EXPRESSION none
- FB.RE_CANT_USE_FILE_SEPARATOR_AS_REGULAR_EXPRESSION none
- FB.RE_POSSIBLE_UNINTENDED_PATTERN none
- FB.SQL_NONCONSTANT_STRING_PASSED_TO_EXECUTE none
- FB.SQL_PREPARED_STATEMENT_GENERATED_FROM_NONCONSTANT_STRING none
- FB.XSS_REQUEST_PARAMETER_TO_JSP_WRITER none
- FB.XSS_REQUEST_PARAMETER_TO_SEND_ERROR none
- FB.XSS_REQUEST_PARAMETER_TO_SERVLET_WRITER none
- HEADER_INJECTION none
- INSECURE_HTTP_FIREWALL spring_security
- INSECURE_REMEMBER_ME_COOKIE remember_me_cookie
- INVALIDATE_ITERATOR map_put
- INVALIDATE_ITERATOR none
- JAVA_CODE_INJECTION none
- JCR_INJECTION none
- JSP_DYNAMIC_INCLUDE none
- JSP_SQL_INJECTION none
- LDAP_INJECTION none
- LDAP_NOT_CONSTANT none
- LOG_INJECTION none
- MISSING_HEADER_VALIDATION missing_header_validation
- NOSQL_QUERY_INJECTION none
- OGNL_INJECTION none
- OPEN_REDIRECT none
- OS_CMD_INJECTION command_as_array_of_args
- OS_CMD_INJECTION command_as_one_string
- OS_CMD_INJECTION none
- OVERFLOW_BEFORE_WIDEN none
- PATH_MANIPULATION none
- REGEX_CONFUSION none
- REGEX_INJECTION none
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
- UNKNOWN_LANGUAGE_INJECTION none
- UNRESTRICTED_DISPATCH none
- UNSAFE_DESERIALIZATION none
- UNSAFE_JNI none
- UNSAFE_NAMED_QUERY none
- UNSAFE_REFLECTION none
- URL_MANIPULATION bad_content_uri
- URL_MANIPULATION bad_intent_uri
- URL_MANIPULATION bad_web_uri
- WEAK_GUARD ip_address
- WEAK_GUARD ip_address_sensitive_op
- XML_EXTERNAL_ENTITY external_entities
- XML_EXTERNAL_ENTITY unrestricted_dtds
- XML_INJECTION none
- XPATH_INJECTION none
- XSS none
- XSS stored_xss
|
- ANGULAR_BYPASS_SECURITY none
- ANGULAR_ELEMENT_REFERENCE none
- ANGULAR_EXPRESSION_INJECTION none
- ANGULAR_SCE_DISABLED angular_sce_disabled
- AWS_VALIDATION_DISABLED aws_parameters_validation
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
- CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_intent_whitelist
- CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_navigation_whitelist
- CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_network_request_whitelist
- COOKIE_INJECTION none
- CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
- CSS_INJECTION none
- DOM_XSS none
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
- HEADER_INJECTION none
- INSECURE_COOKIE client_sessions_express_session
- INSECURE_COOKIE hapi_server_session
- LOCALSTORAGE_MANIPULATION none
- MULTER_MISCONFIGURATION multer_custom_file_filter
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
- NOSQL_QUERY_INJECTION none
- OPEN_REDIRECT none
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- REACT_DANGEROUS_INNERHTML react_set_unsafe_html
- REGEX_INJECTION none
- REVERSE_TABNABBING react_target_blank
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SESSIONSTORAGE_MANIPULATION none
- SQLI none
- SQLI nosink
- SQLI sink
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
- TEMPLATE_INJECTION none
- UNSAFE_DESERIALIZATION none
- URL_MANIPULATION none
- VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
- WEAK_URL_SANITIZATION hostname_regular_expression
- WEAK_URL_SANITIZATION regular_expression_anchor
- WEAK_URL_SANITIZATION url_substring
- XML_EXTERNAL_ENTITY external_entities
- XSS none
|
- HEADER_INJECTION none
- OS_CMD_INJECTION command_as_array_of_args
- OS_CMD_INJECTION command_as_one_string
- PATH_MANIPULATION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SQLI none
- SQLI nosink
- SQLI sink
- UNSAFE_DESERIALIZATION none
- URL_MANIPULATION bad_content_uri
- URL_MANIPULATION bad_intent_uri
- URL_MANIPULATION bad_web_uri
- XML_EXTERNAL_ENTITY external_entities
- XML_EXTERNAL_ENTITY unrestricted_dtds
|
- ARRAY_VS_SINGLETON none
- BAD_ALLOC_ARITHMETIC none
- BUFFER_SIZE fixed_size_dest
- BUFFER_SIZE likely_overflow
- BUFFER_SIZE no_null_terminator
- BUFFER_SIZE no_null_terminator_warn
- BUFFER_SIZE none
- BUFFER_SIZE overflow
- BUFFER_SIZE overlapping_buffer
- FORMAT_STRING_INJECTION none
- FORMAT_STRING_INJECTION paranoid
- HEADER_INJECTION none
- INCOMPATIBLE_CAST overrun
- INTEGER_OVERFLOW array_index_read
- INTEGER_OVERFLOW array_index_write
- INTEGER_OVERFLOW const_overflow
- INTEGER_OVERFLOW critical_argument
- INTEGER_OVERFLOW none
- INTEGER_OVERFLOW pointer_deref_read
- INTEGER_OVERFLOW pointer_deref_write
- INTEGER_OVERFLOW return_value_error
- INVALIDATE_ITERATOR none
- MISMATCHED_ITERATOR none
- MISMATCHED_ITERATOR splice_iterator_mismatch
- MISSING_ASSIGN none
- MISSING_ASSIGN uncalled
- MISSING_COPY none
- MISSING_COPY uncalled
- NEGATIVE_RETURNS array_index_read
- NEGATIVE_RETURNS array_index_write
- NEGATIVE_RETURNS critical_argument
- NEGATIVE_RETURNS loop_bound
- OS_CMD_INJECTION none
- OVERFLOW_BEFORE_WIDEN none
- OVERRUN illegal_address
- OVERRUN none
- OVERRUN read
- OVERRUN strlen
- OVERRUN write
- PATH_MANIPULATION none
- READLINK none
- REVERSE_NEGATIVE array_index_read
- REVERSE_NEGATIVE array_index_write
- REVERSE_NEGATIVE critical_argument
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SIZECHECK likely_overflow
- SIZECHECK no_null_terminator
- SQLI none
- STRING_NULL none
- STRING_OVERFLOW fixed_size_dest
- STRING_OVERFLOW likely_overflow
- STRING_OVERFLOW none
- STRING_SIZE none
- TAINTED_SCALAR allocation
- TAINTED_SCALAR array_index_read
- TAINTED_SCALAR array_index_write
- TAINTED_SCALAR critical_argument
- TAINTED_SCALAR divisor
- TAINTED_SCALAR loop_bound
- TAINTED_SCALAR none
- TAINTED_SCALAR pointer_deref_read
- TAINTED_SCALAR pointer_deref_write
- TAINTED_STRING none
- URL_MANIPULATION none
- USER_POINTER none
- USE_AFTER_FREE deref_read_after_free
- USE_AFTER_FREE deref_write_after_free
- USE_AFTER_FREE double_free
- USE_AFTER_FREE none
- WEAK_GUARD ip_address
- WEAK_GUARD ip_address_sensitive_op
- WRAPPER_ESCAPE COM_deref_read_after_free
- WRAPPER_ESCAPE COM_deref_write_after_free
- WRAPPER_ESCAPE COM_use_after_free
- WRAPPER_ESCAPE deref_read_after_free
- WRAPPER_ESCAPE deref_write_after_free
- WRAPPER_ESCAPE none
- XPATH_INJECTION none
|
- HEADER_INJECTION none
- NOSQL_QUERY_INJECTION none
- OPEN_REDIRECT none
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SQLI none
- SQLI nosink
- SQLI sink
- SYMFONY_EL_INJECTION none
- UNSAFE_DESERIALIZATION none
- UNSAFE_REFLECTION none
- XML_EXTERNAL_ENTITY external_entities
- XSS none
|
- NOSQL_QUERY_INJECTION none
- OPEN_REDIRECT none
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SQLI none
- SQLI nosink
- SQLI sink
- UNSAFE_DESERIALIZATION none
- XML_EXTERNAL_ENTITY external_entities
- XSS none
|
- BLACKLIST_FOR_AUTHN auth_blacklist_med
- BLACKLIST_FOR_AUTHN csrf_blacklist_med
- COOKIE_SERIALIZER_CONFIG unsafe_cookie_serialization_med
- DYNAMIC_OBJECT_ATTRIBUTES cve_2013_0276_hi
- DYNAMIC_OBJECT_ATTRIBUTES dangerous_attr_accessible_hi
- DYNAMIC_OBJECT_ATTRIBUTES dangerous_attr_accessible_low
- DYNAMIC_OBJECT_ATTRIBUTES dangerous_attr_accessible_med
- DYNAMIC_OBJECT_ATTRIBUTES dangerous_permit_key_hi
- DYNAMIC_OBJECT_ATTRIBUTES dangerous_permit_key_med
- OPEN_REDIRECT open_redirect_hi
- OPEN_REDIRECT open_redirect_low
- OS_CMD_INJECTION command_injection_hi
- OS_CMD_INJECTION command_injection_med
- PATH_MANIPULATION dynamic_render_path_hi
- PATH_MANIPULATION dynamic_render_path_low
- PATH_MANIPULATION dynamic_render_path_med
- PATH_MANIPULATION dynamic_render_path_rce_hi
- PATH_MANIPULATION file_access_hi
- PATH_MANIPULATION file_access_low
- PATH_MANIPULATION file_access_med
- REGEX_INJECTION regex_dos_hi
- REGEX_INJECTION regex_dos_low
- REGEX_INJECTION regex_dos_med
- REGEX_MISSING_ANCHOR validation_regex_hi
- REVERSE_TABNABBING reverse_tabnabbing_low
- RUBY_VULNERABLE_LIBRARY cve_2010_3933_hi
- RUBY_VULNERABLE_LIBRARY cve_2011_2929_hi
- RUBY_VULNERABLE_LIBRARY cve_2011_2930_med
- RUBY_VULNERABLE_LIBRARY cve_2011_2931_hi
- RUBY_VULNERABLE_LIBRARY cve_2011_2932_hi
- RUBY_VULNERABLE_LIBRARY cve_2011_3186_med
- RUBY_VULNERABLE_LIBRARY cve_2012_2660_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_2661_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_2695_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_3463_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_3465_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_5664_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_0155_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_0156_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_0269_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_0269_low
- RUBY_VULNERABLE_LIBRARY cve_2013_0269_med
- RUBY_VULNERABLE_LIBRARY cve_2013_0277_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_0277_med
- RUBY_VULNERABLE_LIBRARY cve_2013_0333_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_1855_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_1857_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_4491_med
- RUBY_VULNERABLE_LIBRARY cve_2013_6416_call_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_6416_med
- RUBY_VULNERABLE_LIBRARY cve_2013_6417_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_0080_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_0081_call_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_0081_med
- RUBY_VULNERABLE_LIBRARY cve_2014_3482_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_3483_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_low
- RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_med
- RUBY_VULNERABLE_LIBRARY cve_2014_3514_med
- RUBY_VULNERABLE_LIBRARY cve_2014_7829_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_3226_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_3226_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7577_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7578_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_7578_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7579_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_7579_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7580_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_7580_med
- RUBY_VULNERABLE_LIBRARY cve_2016_6317_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_3741_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_3741_med
- RUBY_VULNERABLE_LIBRARY cve_2018_3760_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_3760_low
- RUBY_VULNERABLE_LIBRARY cve_2018_8048_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_8048_med
- RUBY_VULNERABLE_LIBRARY safe_buffer_vuln_med
- RUBY_VULNERABLE_LIBRARY select_options_vuln_low
- RUBY_VULNERABLE_LIBRARY select_options_vuln_med
- RUBY_VULNERABLE_LIBRARY translate_vuln_hi
- RUBY_VULNERABLE_LIBRARY translate_vuln_med
- SCRIPT_CODE_INJECTION code_eval_hi
- SCRIPT_CODE_INJECTION code_eval_low
- SQLI sql_injection_calculate_hi
- SQLI sql_injection_calculate_low
- SQLI sql_injection_calculate_med
- SQLI sql_injection_connection_hi
- SQLI sql_injection_connection_low
- SQLI sql_injection_connection_med
- SQLI sql_injection_delete_hi
- SQLI sql_injection_delete_low
- SQLI sql_injection_delete_med
- SQLI sql_injection_dynamic_finder_med
- SQLI sql_injection_exists_hi
- SQLI sql_injection_find_by_hi
- SQLI sql_injection_find_hi
- SQLI sql_injection_find_low
- SQLI sql_injection_find_med
- SQLI sql_injection_from_hi
- SQLI sql_injection_from_low
- SQLI sql_injection_from_med
- SQLI sql_injection_group_low
- SQLI sql_injection_group_med
- SQLI sql_injection_having_low
- SQLI sql_injection_having_med
- SQLI sql_injection_hi
- SQLI sql_injection_interp_hi
- SQLI sql_injection_interp_low
- SQLI sql_injection_interp_med
- SQLI sql_injection_joins_hi
- SQLI sql_injection_joins_low
- SQLI sql_injection_joins_med
- SQLI sql_injection_limit_offset_hi
- SQLI sql_injection_limit_offset_low
- SQLI sql_injection_low
- SQLI sql_injection_med
- SQLI sql_injection_not_low
- SQLI sql_injection_order_hi
- SQLI sql_injection_order_low
- SQLI sql_injection_order_med
- SQLI sql_injection_pluck_hi
- SQLI sql_injection_pluck_low
- SQLI sql_injection_pluck_med
- SQLI sql_injection_reorder_hi
- SQLI sql_injection_reorder_low
- SQLI sql_injection_reorder_med
- SQLI sql_injection_select_hi
- SQLI sql_injection_select_med
- SQLI sql_injection_where_hi
- SQLI sql_injection_where_low
- SQLI sql_injection_where_med
- UNESCAPED_HTML unescaped_output_low
- UNSAFE_DESERIALIZATION unsafe_deserialize_hi
- UNSAFE_DESERIALIZATION unsafe_deserialize_med
- UNSAFE_REFLECTION dangerous_send_hi
- UNSAFE_REFLECTION unsafe_constantize_hi
- UNSAFE_REFLECTION unsafe_constantize_med
- XSS cross_site_scripting_hi
- XSS cross_site_scripting_inline_hi
- XSS cross_site_scripting_inline_med
- XSS cross_site_scripting_low
- XSS cross_site_scripting_med
- XSS cve_2011_0446_hi
- XSS cve_2012_3464_med
- XSS cve_2016_6316_hi
- XSS cve_2016_6316_med
- XSS unquoted_attribute_hi
- XSS unquoted_attribute_low
- XSS unquoted_attribute_med
- XSS xss_content_tag_hi
- XSS xss_content_tag_med
- XSS xss_link_to_hi
- XSS xss_link_to_href_hi
- XSS xss_link_to_href_low
- XSS xss_link_to_med
- XSS xss_to_json_hi
- XSS xss_to_json_med
|
- OVERFLOW_BEFORE_WIDEN none
|
- PATH_MANIPULATION none
- REGEX_INJECTION none
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SQLI none
- SQLI nosink
- SQLI sink
- XML_EXTERNAL_ENTITY external_entities
- XPATH_INJECTION none
|
- ANGULAR_BYPASS_SECURITY none
- ANGULAR_ELEMENT_REFERENCE none
- ANGULAR_EXPRESSION_INJECTION none
- ANGULAR_SCE_DISABLED angular_sce_disabled
- AWS_VALIDATION_DISABLED aws_parameters_validation
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
- CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_intent_whitelist
- CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_navigation_whitelist
- CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_network_request_whitelist
- COOKIE_INJECTION none
- CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
- CSS_INJECTION none
- DOM_XSS none
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
- HEADER_INJECTION none
- INSECURE_COOKIE client_sessions_express_session
- INSECURE_COOKIE hapi_server_session
- LOCALSTORAGE_MANIPULATION none
- MULTER_MISCONFIGURATION multer_custom_file_filter
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
- NOSQL_QUERY_INJECTION none
- OPEN_REDIRECT none
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- REACT_DANGEROUS_INNERHTML react_set_unsafe_html
- REGEX_INJECTION none
- REVERSE_TABNABBING react_target_blank
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SESSIONSTORAGE_MANIPULATION none
- SQLI none
- SQLI nosink
- SQLI sink
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
- TEMPLATE_INJECTION none
- UNSAFE_DESERIALIZATION none
- URL_MANIPULATION none
- VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
- WEAK_URL_SANITIZATION hostname_regular_expression
- WEAK_URL_SANITIZATION regular_expression_anchor
- WEAK_URL_SANITIZATION url_substring
- XML_EXTERNAL_ENTITY external_entities
- XSS none
|
- HEADER_INJECTION none
- LDAP_INJECTION none
- LDAP_NOT_CONSTANT none
- LOG_INJECTION none
- OPEN_REDIRECT none
- OS_CMD_INJECTION command_argument
- OS_CMD_INJECTION executable_file
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- REGEX_INJECTION none
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
- UNRESTRICTED_DISPATCH none
- UNSAFE_DESERIALIZATION none
- UNSAFE_NAMED_QUERY none
- XML_EXTERNAL_ENTITY external_entities
- XML_EXTERNAL_ENTITY unrestricted_dtds
- XML_INJECTION none
- XPATH_INJECTION none
- XSS none
- XSS stored_xss
|
| 897 SFP Primary Cluster: Entry Points |
|
|
|
|
- CALL_SUPER clone
- CALL_SUPER finalize
- CONFIG.SPRING_SECURITY_DEBUG_MODE spring_debug_mode_enabled
- FB.CN_IDIOM none
- FB.CN_IDIOM_NO_SUPER_CALL none
- FB.CN_IMPLEMENTS_CLONE_BUT_NOT_CLONEABLE none
- FB.FI_PUBLIC_SHOULD_BE_PROTECTED none
- FB.MS_CANNOT_BE_FINAL none
|
- CONFIG.ENABLED_DEBUG_MODE debug_mode_enabled
|
|
|
|
|
|
|
|
- CONFIG.ENABLED_DEBUG_MODE debug_mode_enabled
|
|
| 898 SFP Primary Cluster: Authentication |
- CONFIG.CONNECTION_STRING_PASSWORD none
- CSRF database_update
- CSRF filesystem_modification
- CSRF none
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- MISSING_AUTHZ none
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
|
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- WEAK_GUARD dns
- WEAK_GUARD dns_sensitive_op
- WEAK_GUARD http_referer
- WEAK_GUARD http_referer_sensitive_op
- WEAK_GUARD ip_address
- WEAK_GUARD ip_address_sensitive_op
- WEAK_GUARD none
- WEAK_GUARD os_login
- WEAK_GUARD os_login_sensitive_op
- WEAK_GUARD principal_name
- WEAK_GUARD principal_name_sensitive_op
|
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- WEAK_GUARD dns
- WEAK_GUARD dns_sensitive_op
- WEAK_GUARD http_referer
- WEAK_GUARD http_referer_sensitive_op
- WEAK_GUARD ip_address
- WEAK_GUARD ip_address_sensitive_op
- WEAK_GUARD none
- WEAK_GUARD os_login
- WEAK_GUARD os_login_sensitive_op
- WEAK_GUARD principal_name
- WEAK_GUARD principal_name_sensitive_op
|
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_transmission
|
- BAD_CERT_VERIFICATION bad_hostname_verifier
- BAD_CERT_VERIFICATION bad_revocation_check
- BAD_CERT_VERIFICATION bad_ssl_session
- BAD_CERT_VERIFICATION bad_trust_manager
- CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
- CONFIG.MISSING_JSF2_SECURITY_CONSTRAINT none
- CONFIG.SPRING_BOOT_SSL_DISABLED spring_boot_certificate_validation_skipped
- CONFIG.SPRING_SECURITY_CSRF_PROTECTION_DISABLED spring_security
- CONFIG.SPRING_SECURITY_HARDCODED_CREDENTIALS none
- CONFIG.SPRING_SECURITY_REMEMBER_ME_HARDCODED_KEY none
- CONFIG.SPRING_SECURITY_SESSION_FIXATION none
- CONFIG.SPRING_SECURITY_SESSION_FIXATION spring_security_source_code
- CONFIG.SPRING_SECURITY_WEAK_PASSWORD_HASH weak_encoding_for_password
- CONFIG.UNSAFE_SESSION_TIMEOUT none
- CORS_MISCONFIGURATION cors_with_credentials_null_origin
- CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
- CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
- CSRF database_update
- CSRF filesystem_modification
- CSRF none
- FB.DMI_CONSTANT_DB_PASSWORD none
- FB.DMI_EMPTY_DB_PASSWORD none
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- INSECURE_COMMUNICATION none
- MISSING_AUTHZ none
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_transmission
- SESSION_FIXATION none
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- WEAK_GUARD dns
- WEAK_GUARD dns_sensitive_op
- WEAK_GUARD http_referer
- WEAK_GUARD http_referer_sensitive_op
- WEAK_GUARD ip_address
- WEAK_GUARD ip_address_sensitive_op
- WEAK_GUARD none
- WEAK_GUARD os_login
- WEAK_GUARD os_login_sensitive_op
- WEAK_GUARD principal_name
- WEAK_GUARD principal_name_sensitive_op
|
- AWS_SSL_DISABLED aws_ssl_disabled
- AWS_VALIDATION_DISABLED aws_credentials_validation
- AWS_VALIDATION_DISABLED aws_parameters_validation
- BAD_CERT_VERIFICATION bad_cert_verification
- BAD_CERT_VERIFICATION certificate_validation_disabled
- CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
- CONFIG.CSURF_IGNORE_METHODS csurf_ignore_methods
- CONFIG.HANA_XS_PREVENT_XSRF_DISABLED none
- CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
- CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
- CONFIG.JSONWEBTOKEN_NON_EXPIRING_TOKEN jwt_non_expiring_token
- CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
- CONFIG.UNSAFE_SESSION_TIMEOUT client_sessions_unsafe_session_timeout
- CONFIG.UNSAFE_SESSION_TIMEOUT connect_mongo_session_timeout_too_long
- CONFIG.UNSAFE_SESSION_TIMEOUT connect_redis_session_timeout_too_long
- CONFIG.UNSAFE_SESSION_TIMEOUT google_cloud_connect_datastore_unsafe_session_timeout
- CORS_MISCONFIGURATION cors_with_credentials_all_origin
- CORS_MISCONFIGURATION cors_with_credentials_null_origin
- CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
- CORS_MISCONFIGURATION_AUDIT cors_headers_allowed
- CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
- CORS_MISCONFIGURATION_AUDIT cors_preflight_age_too_long
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_all_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_null_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
- CSRF database_update
- CSRF filesystem_modification
- CSRF none
- CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_cookie_name
- CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_no_validation
- CSRF_MISCONFIGURATION_HAPI_CRUMB insecure_cookie
- CSRF_MISCONFIGURATION_HAPI_CRUMB insufficient_token_entropy
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_max_age
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_set_if
- INSECURE_COMMUNICATION insecure_connection
- INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_aws
- INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_google
- JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_exipration
- JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_not_before
- JSONWEBTOKEN_UNTRUSTED_DECODE jwt_untrusted_decode
- MISSING_AUTHZ none
- MULTER_MISCONFIGURATION multer_applied_globally
- MULTER_MISCONFIGURATION multer_custom_file_filter
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_transmission
- TEMPORARY_CREDENTIALS_DURATION temporary_credentials_duration
- UNCHECKED_ORIGIN none
- UNLESS_CASE_SENSITIVE_ROUTE_MATCHING express_unless_case_sensitive_route_matching
- WEAK_URL_SANITIZATION hostname_regular_expression
- WEAK_URL_SANITIZATION regular_expression_anchor
- WEAK_URL_SANITIZATION url_substring
|
- BAD_CERT_VERIFICATION bad_hostname_verifier
- BAD_CERT_VERIFICATION bad_revocation_check
- BAD_CERT_VERIFICATION bad_ssl_session
- BAD_CERT_VERIFICATION bad_trust_manager
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- INSECURE_COMMUNICATION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
|
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- WEAK_GUARD dns
- WEAK_GUARD dns_sensitive_op
- WEAK_GUARD http_referer
- WEAK_GUARD http_referer_sensitive_op
- WEAK_GUARD ip_address
- WEAK_GUARD ip_address_sensitive_op
- WEAK_GUARD none
- WEAK_GUARD os_login
- WEAK_GUARD os_login_sensitive_op
- WEAK_GUARD principal_name
- WEAK_GUARD principal_name_sensitive_op
|
- CONFIG.SYMFONY_CSRF_PROTECTION_DISABLED none
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- MISSING_AUTHZ none
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_transmission
|
- CSRF database_update
- CSRF none
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- MISSING_AUTHZ none
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_transmission
|
- BAD_CERT_VERIFICATION ssl_verification_bypass_hi
- CSRF csrf_not_protected_by_raising_exception_med
- CSRF csrf_protection_disabled_hi
- CSRF csrf_protection_missing_hi
- CSRF cve_2011_0447_hi
- HARDCODED_CREDENTIALS secret_in_source_med
- RAILS_DEVISE_CONFIG devise_lock_strategy_low
- RAILS_DEVISE_CONFIG devise_password_length_max_low
- RAILS_DEVISE_CONFIG devise_password_length_max_med
- RAILS_DEVISE_CONFIG devise_password_length_min_low
- RAILS_DEVISE_CONFIG devise_password_length_min_med
- RAILS_DEVISE_CONFIG devise_reset_timeout_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_7576_hi
- STRICT_TRANSPORT_SECURITY force_ssl_disabled_med
- UNSAFE_BASIC_AUTH basic_auth_password_hi
- UNSAFE_BASIC_AUTH basic_auth_timing_attack_low
- UNSAFE_BASIC_AUTH basic_auth_usage_low
- UNSAFE_SESSION_SETTING session_secret_hi
|
|
- BAD_CERT_VERIFICATION bad_trust_manager
- CONFIG.ATS_INSECURE none
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- INSECURE_COMMUNICATION none
- INSECURE_MULTIPEER_CONNECTION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- WEAK_BIOMETRIC_AUTH none
|
- AWS_SSL_DISABLED aws_ssl_disabled
- AWS_VALIDATION_DISABLED aws_credentials_validation
- AWS_VALIDATION_DISABLED aws_parameters_validation
- BAD_CERT_VERIFICATION bad_cert_verification
- BAD_CERT_VERIFICATION certificate_validation_disabled
- CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
- CONFIG.CSURF_IGNORE_METHODS csurf_ignore_methods
- CONFIG.HANA_XS_PREVENT_XSRF_DISABLED none
- CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
- CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
- CONFIG.JSONWEBTOKEN_NON_EXPIRING_TOKEN jwt_non_expiring_token
- CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
- CONFIG.UNSAFE_SESSION_TIMEOUT client_sessions_unsafe_session_timeout
- CONFIG.UNSAFE_SESSION_TIMEOUT connect_mongo_session_timeout_too_long
- CONFIG.UNSAFE_SESSION_TIMEOUT connect_redis_session_timeout_too_long
- CONFIG.UNSAFE_SESSION_TIMEOUT google_cloud_connect_datastore_unsafe_session_timeout
- CORS_MISCONFIGURATION cors_with_credentials_all_origin
- CORS_MISCONFIGURATION cors_with_credentials_null_origin
- CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
- CORS_MISCONFIGURATION_AUDIT cors_headers_allowed
- CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
- CORS_MISCONFIGURATION_AUDIT cors_preflight_age_too_long
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_all_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_null_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
- CSRF database_update
- CSRF filesystem_modification
- CSRF none
- CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_cookie_name
- CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_no_validation
- CSRF_MISCONFIGURATION_HAPI_CRUMB insecure_cookie
- CSRF_MISCONFIGURATION_HAPI_CRUMB insufficient_token_entropy
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_max_age
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_set_if
- INSECURE_COMMUNICATION insecure_connection
- INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_aws
- INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_google
- JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_exipration
- JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_not_before
- JSONWEBTOKEN_UNTRUSTED_DECODE jwt_untrusted_decode
- MISSING_AUTHZ none
- MULTER_MISCONFIGURATION multer_applied_globally
- MULTER_MISCONFIGURATION multer_custom_file_filter
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_transmission
- TEMPORARY_CREDENTIALS_DURATION temporary_credentials_duration
- UNCHECKED_ORIGIN none
- UNLESS_CASE_SENSITIVE_ROUTE_MATCHING express_unless_case_sensitive_route_matching
- WEAK_URL_SANITIZATION hostname_regular_expression
- WEAK_URL_SANITIZATION regular_expression_anchor
- WEAK_URL_SANITIZATION url_substring
|
- CSRF database_update
- CSRF filesystem_modification
- CSRF none
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- MISSING_AUTHZ none
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_transmission
|
| 899 SFP Primary Cluster: Access Control |
- CONFIG.CONNECTION_STRING_PASSWORD none
- CONFIG.DEAD_AUTHORIZATION_RULE dead_allow_rule
- CONFIG.DEAD_AUTHORIZATION_RULE dead_deny_rule
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- INSECURE_COOKIE dotnet
- MISSING_AUTHZ none
- RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
|
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- WEAK_GUARD dns
- WEAK_GUARD dns_sensitive_op
- WEAK_GUARD http_referer
- WEAK_GUARD http_referer_sensitive_op
- WEAK_GUARD ip_address
- WEAK_GUARD ip_address_sensitive_op
- WEAK_GUARD none
- WEAK_GUARD os_login
- WEAK_GUARD os_login_sensitive_op
- WEAK_GUARD principal_name
- WEAK_GUARD principal_name_sensitive_op
|
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- WEAK_GUARD dns
- WEAK_GUARD dns_sensitive_op
- WEAK_GUARD http_referer
- WEAK_GUARD http_referer_sensitive_op
- WEAK_GUARD ip_address
- WEAK_GUARD ip_address_sensitive_op
- WEAK_GUARD none
- WEAK_GUARD os_login
- WEAK_GUARD os_login_sensitive_op
- WEAK_GUARD principal_name
- WEAK_GUARD principal_name_sensitive_op
|
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
|
- ANDROID_CAPABILITY_LEAK none
- ANDROID_WEBVIEW_FILEACCESS android_webview_file_access
- BAD_CERT_VERIFICATION bad_hostname_verifier
- BAD_CERT_VERIFICATION bad_revocation_check
- BAD_CERT_VERIFICATION bad_ssl_session
- BAD_CERT_VERIFICATION bad_trust_manager
- CONFIG.DWR_DEBUG_MODE none
- CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
- CONFIG.HTTP_VERB_TAMPERING none
- CONFIG.JAVAEE_MISSING_SERVLET_MAPPING javaee
- CONFIG.MISSING_JSF2_SECURITY_CONSTRAINT none
- CONFIG.MYBATIS_MAPPER_SQLI none
- CONFIG.SPRING_BOOT_SSL_DISABLED spring_boot_certificate_validation_skipped
- CONFIG.SPRING_SECURITY_DISABLE_AUTH_TAGS none
- CONFIG.SPRING_SECURITY_HARDCODED_CREDENTIALS none
- CONFIG.SPRING_SECURITY_REMEMBER_ME_HARDCODED_KEY none
- CONFIG.SPRING_SECURITY_SESSION_FIXATION none
- CONFIG.SPRING_SECURITY_SESSION_FIXATION spring_security_source_code
- CONFIG.SPRING_SECURITY_WEAK_PASSWORD_HASH weak_encoding_for_password
- CONFIG.STRUTS2_CONFIG_BROWSER_PLUGIN none
- CONFIG.STRUTS2_DYNAMIC_METHOD_INVOCATION none
- CONFIG.STRUTS2_ENABLED_DEV_MODE none
- CONFIG.UNSAFE_SESSION_TIMEOUT none
- CORS_MISCONFIGURATION cors_with_credentials_http_origin
- CORS_MISCONFIGURATION cors_with_credentials_null_origin
- CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
- CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
- FB.DMI_CONSTANT_DB_PASSWORD none
- FB.DMI_EMPTY_DB_PASSWORD none
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- IMPLICIT_INTENT none
- INSECURE_COMMUNICATION none
- INSECURE_HTTP_FIREWALL spring_security
- INSECURE_REMEMBER_ME_COOKIE remember_me_cookie
- JSP_SQL_INJECTION none
- MISSING_AUTHZ none
- MISSING_PERMISSION_FOR_BROADCAST none
- MISSING_PERMISSION_ON_EXPORTED_COMPONENT none
- RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_intent
- SENSITIVE_DATA_LEAK cleartext_transmission
- SESSION_FIXATION none
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- WEAK_GUARD dns
- WEAK_GUARD dns_sensitive_op
- WEAK_GUARD http_referer
- WEAK_GUARD http_referer_sensitive_op
- WEAK_GUARD ip_address
- WEAK_GUARD ip_address_sensitive_op
- WEAK_GUARD none
- WEAK_GUARD os_login
- WEAK_GUARD os_login_sensitive_op
- WEAK_GUARD principal_name
- WEAK_GUARD principal_name_sensitive_op
|
- AWS_SSL_DISABLED aws_ssl_disabled
- AWS_VALIDATION_DISABLED aws_credentials_validation
- AWS_VALIDATION_DISABLED aws_parameters_validation
- BAD_CERT_VERIFICATION bad_cert_verification
- BAD_CERT_VERIFICATION certificate_validation_disabled
- CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
- CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
- CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
- CONFIG.REQUEST_STRICTSSL_DISABLED request_strictssl_disabled
- CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
- CONFIG.UNSAFE_SESSION_TIMEOUT client_sessions_unsafe_session_timeout
- CONFIG.UNSAFE_SESSION_TIMEOUT connect_mongo_session_timeout_too_long
- CONFIG.UNSAFE_SESSION_TIMEOUT connect_redis_session_timeout_too_long
- CONFIG.UNSAFE_SESSION_TIMEOUT google_cloud_connect_datastore_unsafe_session_timeout
- CORS_MISCONFIGURATION cors_with_credentials_all_origin
- CORS_MISCONFIGURATION cors_with_credentials_http_origin
- CORS_MISCONFIGURATION cors_with_credentials_null_origin
- CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
- CORS_MISCONFIGURATION_AUDIT cors_headers_allowed
- CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
- CORS_MISCONFIGURATION_AUDIT cors_preflight_age_too_long
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_all_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_http_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_null_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_max_age
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_set_if
- INSECURE_ACL insecure_acl
- INSECURE_COMMUNICATION insecure_connection
- INSECURE_COOKIE client_sessions_express_session
- INSECURE_COOKIE hapi_server_session
- INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_aws
- INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_google
- MISSING_AUTHZ none
- MULTER_MISCONFIGURATION multer_applied_globally
- RISKY_CRYPTO ssl_protocol
- SA.RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- TEMPORARY_CREDENTIALS_DURATION temporary_credentials_duration
- UNCHECKED_ORIGIN none
- UNLESS_CASE_SENSITIVE_ROUTE_MATCHING express_unless_case_sensitive_route_matching
- WEAK_URL_SANITIZATION hostname_regular_expression
- WEAK_URL_SANITIZATION regular_expression_anchor
- WEAK_URL_SANITIZATION url_substring
|
- ANDROID_CAPABILITY_LEAK none
- BAD_CERT_VERIFICATION bad_hostname_verifier
- BAD_CERT_VERIFICATION bad_revocation_check
- BAD_CERT_VERIFICATION bad_ssl_session
- BAD_CERT_VERIFICATION bad_trust_manager
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- IMPLICIT_INTENT none
- INSECURE_COMMUNICATION none
- MISSING_PERMISSION_FOR_BROADCAST none
- RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_intent
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
|
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- WEAK_GUARD dns
- WEAK_GUARD dns_sensitive_op
- WEAK_GUARD http_referer
- WEAK_GUARD http_referer_sensitive_op
- WEAK_GUARD ip_address
- WEAK_GUARD ip_address_sensitive_op
- WEAK_GUARD none
- WEAK_GUARD os_login
- WEAK_GUARD os_login_sensitive_op
- WEAK_GUARD principal_name
- WEAK_GUARD principal_name_sensitive_op
|
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- MISSING_AUTHZ none
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
|
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- MISSING_AUTHZ none
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
|
- BAD_CERT_VERIFICATION ssl_verification_bypass_hi
- HARDCODED_CREDENTIALS secret_in_source_med
- INSECURE_COOKIE missing_httponly_low
- INSECURE_DIRECT_OBJECT_REFERENCE unscoped_find_low
- RAILS_DEFAULT_ROUTES all_default_routes_hi
- RAILS_DEFAULT_ROUTES controller_default_routes_med
- RAILS_DEVISE_CONFIG devise_lock_strategy_low
- RAILS_DEVISE_CONFIG devise_password_length_max_low
- RAILS_DEVISE_CONFIG devise_password_length_max_med
- RAILS_DEVISE_CONFIG devise_password_length_min_low
- RAILS_DEVISE_CONFIG devise_password_length_min_med
- RAILS_DEVISE_CONFIG devise_reset_timeout_hi
- RAILS_MISSING_FILTER_ACTION missing_action_filter_low
- RUBY_VULNERABLE_LIBRARY cve_2015_7576_hi
- STRICT_TRANSPORT_SECURITY force_ssl_disabled_med
- UNSAFE_BASIC_AUTH basic_auth_password_hi
- UNSAFE_BASIC_AUTH basic_auth_timing_attack_low
- UNSAFE_BASIC_AUTH basic_auth_usage_low
- UNSAFE_SESSION_SETTING http_cookies_hi
- UNSAFE_SESSION_SETTING session_secret_hi
|
|
- BAD_CERT_VERIFICATION bad_trust_manager
- BAD_CERT_VERIFICATION none
- CONFIG.ATS_INSECURE none
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- INSECURE_COMMUNICATION none
- INSECURE_MULTIPEER_CONNECTION none
- RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- WEAK_BIOMETRIC_AUTH none
|
- AWS_SSL_DISABLED aws_ssl_disabled
- AWS_VALIDATION_DISABLED aws_credentials_validation
- AWS_VALIDATION_DISABLED aws_parameters_validation
- BAD_CERT_VERIFICATION bad_cert_verification
- BAD_CERT_VERIFICATION certificate_validation_disabled
- CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
- CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
- CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
- CONFIG.REQUEST_STRICTSSL_DISABLED request_strictssl_disabled
- CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
- CONFIG.UNSAFE_SESSION_TIMEOUT client_sessions_unsafe_session_timeout
- CONFIG.UNSAFE_SESSION_TIMEOUT connect_mongo_session_timeout_too_long
- CONFIG.UNSAFE_SESSION_TIMEOUT connect_redis_session_timeout_too_long
- CONFIG.UNSAFE_SESSION_TIMEOUT google_cloud_connect_datastore_unsafe_session_timeout
- CORS_MISCONFIGURATION cors_with_credentials_all_origin
- CORS_MISCONFIGURATION cors_with_credentials_http_origin
- CORS_MISCONFIGURATION cors_with_credentials_null_origin
- CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
- CORS_MISCONFIGURATION_AUDIT cors_headers_allowed
- CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
- CORS_MISCONFIGURATION_AUDIT cors_preflight_age_too_long
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_all_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_http_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_null_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_max_age
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_set_if
- INSECURE_ACL insecure_acl
- INSECURE_COMMUNICATION insecure_connection
- INSECURE_COOKIE client_sessions_express_session
- INSECURE_COOKIE hapi_server_session
- INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_aws
- INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_google
- MISSING_AUTHZ none
- MULTER_MISCONFIGURATION multer_applied_globally
- RISKY_CRYPTO ssl_protocol
- SA.RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- TEMPORARY_CREDENTIALS_DURATION temporary_credentials_duration
- UNCHECKED_ORIGIN none
- UNLESS_CASE_SENSITIVE_ROUTE_MATCHING express_unless_case_sensitive_route_matching
- WEAK_URL_SANITIZATION hostname_regular_expression
- WEAK_URL_SANITIZATION regular_expression_anchor
- WEAK_URL_SANITIZATION url_substring
|
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- MISSING_AUTHZ none
- RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
|
| 900 Weaknesses in the 2011 CWE/SANS Top 25 Most Dangerous Software Errors |
- CONFIG.CONNECTION_STRING_PASSWORD none
- CONFIG.DEAD_AUTHORIZATION_RULE dead_allow_rule
- CONFIG.DEAD_AUTHORIZATION_RULE dead_deny_rule
- CSRF database_update
- CSRF filesystem_modification
- CSRF none
- FORWARD_NULL deref_constant_null
- FORWARD_NULL deref_constant_zero
- FORWARD_NULL dynamic_cast
- FORWARD_NULL none
- FORWARD_NULL null_from_as
- FORWARD_NULL throws_on_null
- GUARDED_BY_VIOLATION none
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- INSECURE_COOKIE dotnet
- INSECURE_RANDOM insecure_random_used
- INSECURE_RANDOM insecure_random_value
- MISSING_AUTHZ none
- NON_STATIC_GUARDING_STATIC none
- NULL_RETURNS none
- NULL_RETURNS unimpl
- OPEN_REDIRECT none
- OS_CMD_INJECTION command_argument
- OS_CMD_INJECTION executable_file
- OS_CMD_INJECTION none
- OVERFLOW_BEFORE_WIDEN none
- PATH_MANIPULATION none
- REVERSE_INULL none
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- VOLATILE_ATOMICITY compare
- VOLATILE_ATOMICITY none
- VOLATILE_ATOMICITY semantic
- VOLATILE_ATOMICITY threshold
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
- XML_EXTERNAL_ENTITY unrestricted_dtds
- XSS none
- XSS stored_xss
|
- AUTOSAR C++14 A15-3-3 none
- BAD_ALLOC_STRLEN none
- BAD_COMPARE comparator_misuse
- BUFFER_SIZE fixed_size_dest
- BUFFER_SIZE likely_overflow
- BUFFER_SIZE none
- BUFFER_SIZE overflow
- BUFFER_SIZE overlapping_buffer
- CHAR_IO none
- CHECKED_RETURN library_function
- CHECKED_RETURN none
- CHECKED_RETURN returns_error_info
- CHECKED_RETURN short_read
- CHECKED_RETURN unchecked_arg
- CHECKED_RETURN user_required
- COM.ADDROF_LEAK none
- COM.BAD_FREE none
- COM.BSTR.ALLOC double_free
- COM.BSTR.ALLOC free_uninit
- COM.BSTR.ALLOC leak
- COM.BSTR.ALLOC none
- COM.BSTR.ALLOC use_after_free
- COM.BSTR.ALLOC use_uninit
- CTOR_DTOR_LEAK none
- DC.PREDICTABLE_KEY_PASSWORD none
- DC.STREAM_BUFFER none
- DC.STRING_BUFFER none
- DC.WEAK_CRYPTO none
- FORMAT_STRING_INJECTION none
- FORMAT_STRING_INJECTION paranoid
- FORWARD_NULL deref_constant_null
- FORWARD_NULL dynamic_cast
- FORWARD_NULL none
- FORWARD_NULL throws_on_null
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- INTEGER_OVERFLOW array_index_read
- INTEGER_OVERFLOW array_index_write
- INTEGER_OVERFLOW const_overflow
- INTEGER_OVERFLOW critical_argument
- INTEGER_OVERFLOW none
- INTEGER_OVERFLOW pointer_deref_read
- INTEGER_OVERFLOW pointer_deref_write
- INTEGER_OVERFLOW return_value_error
- MISRA C++-2008 Rule 15-3-2 none
- MISRA_CAST bitwise_op_bad_cast
- MISRA_CAST bitwise_op_no_cast
- MISRA_CAST float_complex_conversion
- MISRA_CAST float_narrowing_conversion
- MISRA_CAST float_non_constant_arg_conversion
- MISRA_CAST float_non_constant_conversion
- MISRA_CAST float_non_constant_rtn_conversion
- MISRA_CAST float_to_integer_cast
- MISRA_CAST float_to_integer_conversion
- MISRA_CAST float_widening_cast
- MISRA_CAST integer_complex_conversion
- MISRA_CAST integer_narrowing_conversion
- MISRA_CAST integer_non_constant_arg_conversion
- MISRA_CAST integer_non_constant_conversion
- MISRA_CAST integer_non_constant_rtn_conversion
- MISRA_CAST integer_signedness_changing_cast
- MISRA_CAST integer_signedness_changing_conversion
- MISRA_CAST integer_to_float_cast
- MISRA_CAST integer_to_float_conversion
- MISRA_CAST integer_widening_cast
- MISRA_CAST none
- MISSING_ASSIGN none
- MISSING_ASSIGN uncalled
- MISSING_COPY none
- MISSING_COPY uncalled
- MISSING_LOCK none
- NEGATIVE_RETURNS array_index_read
- NEGATIVE_RETURNS array_index_write
- NEGATIVE_RETURNS none
- NO_EFFECT bad_memset_truncated_fill
- NO_EFFECT bad_memset_zero_size
- NO_EFFECT incomplete_delete
- NULL_RETURNS none
- NULL_RETURNS unimpl
- OS_CMD_INJECTION none
- OVERFLOW_BEFORE_WIDEN none
- PATH_MANIPULATION none
- PW.INTEGER_OVERFLOW none
- PW.INTEGER_TOO_LARGE none
- PW.NON_CONST_PRINTF_FORMAT_STRING none
- PW.SHIFT_COUNT_TOO_LARGE none
- RESOURCE_LEAK fds_handles
- REVERSE_INULL none
- REVERSE_NEGATIVE array_index_read
- REVERSE_NEGATIVE array_index_write
- REVERSE_NEGATIVE none
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SECURE_CODING none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SIGN_EXTENSION none
- SIZECHECK ampersand_in_size
- SIZECHECK improper_new
- SIZECHECK incorrect_multiplication
- SIZECHECK likely_overflow
- SIZECHECK none
- SQLI none
- STRING_OVERFLOW fixed_size_dest
- STRING_OVERFLOW likely_overflow
- STRING_OVERFLOW none
- STRING_SIZE none
- TAINTED_SCALAR allocation
- TAINTED_SCALAR array_index_read
- TAINTED_SCALAR array_index_write
- TAINTED_SCALAR pointer_deref_read
- TAINTED_SCALAR pointer_deref_write
- TOCTOU none
- UNCAUGHT_EXCEPT none
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- USE_AFTER_FREE deref_read_after_free
- USE_AFTER_FREE deref_write_after_free
- USE_AFTER_FREE double_free
- USE_AFTER_FREE none
- VIRTUAL_DTOR empty_dtor
- VIRTUAL_DTOR none
- WEAK_GUARD dns
- WEAK_GUARD dns_sensitive_op
- WEAK_GUARD http_referer
- WEAK_GUARD http_referer_sensitive_op
- WEAK_GUARD ip_address
- WEAK_GUARD ip_address_sensitive_op
- WEAK_GUARD none
- WEAK_GUARD os_login
- WEAK_GUARD os_login_sensitive_op
- WEAK_GUARD principal_name
- WEAK_GUARD principal_name_sensitive_op
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
- WRAPPER_ESCAPE COM_deref_read_after_free
- WRAPPER_ESCAPE COM_deref_write_after_free
- WRAPPER_ESCAPE COM_use_after_free
- WRAPPER_ESCAPE deref_read_after_free
- WRAPPER_ESCAPE deref_write_after_free
- WRAPPER_ESCAPE none
- Y2K38_SAFETY declaration_with_small_time_t
- Y2K38_SAFETY truncation_of_time_t
|
- AUTOSAR C++14 A15-3-3 none
- BAD_ALLOC_STRLEN none
- BAD_COMPARE comparator_misuse
- BUFFER_SIZE fixed_size_dest
- BUFFER_SIZE likely_overflow
- BUFFER_SIZE none
- BUFFER_SIZE overflow
- BUFFER_SIZE overlapping_buffer
- CHAR_IO none
- CHECKED_RETURN library_function
- CHECKED_RETURN none
- CHECKED_RETURN returns_error_info
- CHECKED_RETURN short_read
- CHECKED_RETURN unchecked_arg
- CHECKED_RETURN user_required
- CTOR_DTOR_LEAK none
- DC.PREDICTABLE_KEY_PASSWORD none
- DC.STREAM_BUFFER none
- DC.STRING_BUFFER none
- DC.WEAK_CRYPTO none
- FORMAT_STRING_INJECTION none
- FORMAT_STRING_INJECTION paranoid
- FORWARD_NULL deref_constant_null
- FORWARD_NULL dynamic_cast
- FORWARD_NULL none
- FORWARD_NULL throws_on_null
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- INTEGER_OVERFLOW array_index_read
- INTEGER_OVERFLOW array_index_write
- INTEGER_OVERFLOW const_overflow
- INTEGER_OVERFLOW critical_argument
- INTEGER_OVERFLOW none
- INTEGER_OVERFLOW pointer_deref_read
- INTEGER_OVERFLOW pointer_deref_write
- INTEGER_OVERFLOW return_value_error
- MISRA C++-2008 Rule 15-3-2 none
- MISRA_CAST bitwise_op_bad_cast
- MISRA_CAST bitwise_op_no_cast
- MISRA_CAST float_complex_conversion
- MISRA_CAST float_narrowing_conversion
- MISRA_CAST float_non_constant_arg_conversion
- MISRA_CAST float_non_constant_conversion
- MISRA_CAST float_non_constant_rtn_conversion
- MISRA_CAST float_to_integer_cast
- MISRA_CAST float_to_integer_conversion
- MISRA_CAST float_widening_cast
- MISRA_CAST integer_complex_conversion
- MISRA_CAST integer_narrowing_conversion
- MISRA_CAST integer_non_constant_arg_conversion
- MISRA_CAST integer_non_constant_conversion
- MISRA_CAST integer_non_constant_rtn_conversion
- MISRA_CAST integer_signedness_changing_cast
- MISRA_CAST integer_signedness_changing_conversion
- MISRA_CAST integer_to_float_cast
- MISRA_CAST integer_to_float_conversion
- MISRA_CAST integer_widening_cast
- MISRA_CAST none
- MISSING_ASSIGN none
- MISSING_ASSIGN uncalled
- MISSING_COPY none
- MISSING_COPY uncalled
- MISSING_LOCK none
- NEGATIVE_RETURNS array_index_read
- NEGATIVE_RETURNS array_index_write
- NEGATIVE_RETURNS none
- NO_EFFECT bad_memset_truncated_fill
- NO_EFFECT bad_memset_zero_size
- NO_EFFECT incomplete_delete
- NULL_RETURNS none
- NULL_RETURNS unimpl
- OS_CMD_INJECTION none
- OVERFLOW_BEFORE_WIDEN none
- PATH_MANIPULATION none
- PW.INTEGER_OVERFLOW none
- PW.INTEGER_TOO_LARGE none
- PW.NON_CONST_PRINTF_FORMAT_STRING none
- PW.SHIFT_COUNT_TOO_LARGE none
- RESOURCE_LEAK fds_handles
- REVERSE_INULL none
- REVERSE_NEGATIVE array_index_read
- REVERSE_NEGATIVE array_index_write
- REVERSE_NEGATIVE none
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SECURE_CODING none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SIGN_EXTENSION none
- SIZECHECK ampersand_in_size
- SIZECHECK improper_new
- SIZECHECK incorrect_multiplication
- SIZECHECK likely_overflow
- SIZECHECK none
- SQLI none
- STRING_OVERFLOW fixed_size_dest
- STRING_OVERFLOW likely_overflow
- STRING_OVERFLOW none
- STRING_SIZE none
- TAINTED_SCALAR allocation
- TAINTED_SCALAR array_index_read
- TAINTED_SCALAR array_index_write
- TAINTED_SCALAR pointer_deref_read
- TAINTED_SCALAR pointer_deref_write
- TOCTOU none
- UNCAUGHT_EXCEPT none
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- USE_AFTER_FREE deref_read_after_free
- USE_AFTER_FREE deref_write_after_free
- USE_AFTER_FREE double_free
- USE_AFTER_FREE none
- VIRTUAL_DTOR empty_dtor
- VIRTUAL_DTOR none
- WEAK_GUARD dns
- WEAK_GUARD dns_sensitive_op
- WEAK_GUARD http_referer
- WEAK_GUARD http_referer_sensitive_op
- WEAK_GUARD ip_address
- WEAK_GUARD ip_address_sensitive_op
- WEAK_GUARD none
- WEAK_GUARD os_login
- WEAK_GUARD os_login_sensitive_op
- WEAK_GUARD principal_name
- WEAK_GUARD principal_name_sensitive_op
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
- WRAPPER_ESCAPE COM_deref_read_after_free
- WRAPPER_ESCAPE COM_deref_write_after_free
- WRAPPER_ESCAPE COM_use_after_free
- WRAPPER_ESCAPE deref_read_after_free
- WRAPPER_ESCAPE deref_write_after_free
- WRAPPER_ESCAPE none
|
- CHECKED_RETURN none
- CHECKED_RETURN unchecked_arg
- FORWARD_NULL deref_constant_null
- FORWARD_NULL none
- GUARDED_BY_VIOLATION none
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- NULL_RETURNS none
- NULL_RETURNS unimpl
- OPEN_REDIRECT none
- OS_CMD_INJECTION command_as_one_string
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- REVERSE_INULL none
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
- XSS none
|
- CHECKED_RETURN library_function
- CHECKED_RETURN none
- CHECKED_RETURN short_read
- CHECKED_RETURN user_required
- CONFIG.DWR_DEBUG_MODE none
- CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
- CONFIG.JAVAEE_MISSING_SERVLET_MAPPING javaee
- CONFIG.MISSING_JSF2_SECURITY_CONSTRAINT none
- CONFIG.MYBATIS_MAPPER_SQLI none
- CONFIG.SPRING_BOOT_SSL_DISABLED spring_boot_certificate_validation_skipped
- CONFIG.SPRING_BOOT_SSL_DISABLED spring_boot_ssl_disabled
- CONFIG.SPRING_SECURITY_CSRF_PROTECTION_DISABLED spring_security
- CONFIG.SPRING_SECURITY_DEPRECATED_XSS_HEADER deprecated_xss_header
- CONFIG.SPRING_SECURITY_DISABLE_AUTH_TAGS none
- CONFIG.SPRING_SECURITY_HARDCODED_CREDENTIALS none
- CONFIG.SPRING_SECURITY_LOGIN_OVER_HTTP spring_security_login_over_http
- CONFIG.SPRING_SECURITY_REMEMBER_ME_HARDCODED_KEY none
- CONFIG.SPRING_SECURITY_WEAK_PASSWORD_HASH weak_encoding_for_password
- CONFIG.STRUTS2_CONFIG_BROWSER_PLUGIN none
- CONFIG.STRUTS2_DYNAMIC_METHOD_INVOCATION none
- CONFIG.STRUTS2_ENABLED_DEV_MODE none
- CORS_MISCONFIGURATION cors_with_credentials_null_origin
- CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
- CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
- CSRF database_update
- CSRF filesystem_modification
- CSRF none
- DC.DANGEROUS none
- DISABLED_ENCRYPTION text_encryptor
- FB.BC_NULL_INSTANCEOF none
- FB.BX_BOXING_IMMEDIATELY_UNBOXED_TO_PERFORM_COERCION none
- FB.DMI_CONSTANT_DB_PASSWORD none
- FB.DMI_EMPTY_DB_PASSWORD none
- FB.ICAST_BAD_SHIFT_AMOUNT none
- FB.ICAST_IDIV_CAST_TO_DOUBLE none
- FB.ICAST_INTEGER_MULTIPLY_CAST_TO_LONG none
- FB.ICAST_INT_2_LONG_AS_INSTANT none
- FB.ICAST_INT_CAST_TO_DOUBLE_PASSED_TO_CEIL none
- FB.ICAST_INT_CAST_TO_FLOAT_PASSED_TO_ROUND none
- FB.ICAST_QUESTIONABLE_UNSIGNED_RIGHT_SHIFT none
- FB.IS2_INCONSISTENT_SYNC none
- FB.IS_FIELD_NOT_GUARDED none
- FB.IS_INCONSISTENT_SYNC none
- FB.NP_ALWAYS_NULL none
- FB.NP_ALWAYS_NULL_EXCEPTION none
- FB.NP_ARGUMENT_MIGHT_BE_NULL none
- FB.NP_BOOLEAN_RETURN_NULL none
- FB.NP_CLONE_COULD_RETURN_NULL none
- FB.NP_CLOSING_NULL none
- FB.NP_DEREFERENCE_OF_READLINE_VALUE none
- FB.NP_DOES_NOT_HANDLE_NULL none
- FB.NP_EQUALS_SHOULD_HANDLE_NULL_ARGUMENT none
- FB.NP_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR none
- FB.NP_GUARANTEED_DEREF none
- FB.NP_GUARANTEED_DEREF_ON_EXCEPTION_PATH none
- FB.NP_IMMEDIATE_DEREFERENCE_OF_READLINE none
- FB.NP_LOAD_OF_KNOWN_NULL_VALUE none
- FB.NP_METHOD_PARAMETER_RELAXING_ANNOTATION none
- FB.NP_METHOD_PARAMETER_TIGHTENS_ANNOTATION none
- FB.NP_METHOD_RETURN_RELAXING_ANNOTATION none
- FB.NP_NONNULL_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR none
- FB.NP_NONNULL_PARAM_VIOLATION none
- FB.NP_NONNULL_RETURN_VIOLATION none
- FB.NP_NULL_INSTANCEOF none
- FB.NP_NULL_ON_SOME_PATH none
- FB.NP_NULL_ON_SOME_PATH_EXCEPTION none
- FB.NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE none
- FB.NP_NULL_ON_SOME_PATH_MIGHT_BE_INFEASIBLE none
- FB.NP_NULL_PARAM_DEREF none
- FB.NP_NULL_PARAM_DEREF_ALL_TARGETS_DANGEROUS none
- FB.NP_NULL_PARAM_DEREF_NONVIRTUAL none
- FB.NP_OPTIONAL_RETURN_NULL none
- FB.NP_PARAMETER_MUST_BE_NONNULL_BUT_MARKED_AS_NULLABLE none
- FB.NP_STORE_INTO_NONNULL_FIELD none
- FB.NP_TOSTRING_COULD_RETURN_NULL none
- FB.NP_UNWRITTEN_FIELD none
- FB.NP_UNWRITTEN_PUBLIC_OR_PROTECTED_FIELD none
- FB.PT_ABSOLUTE_PATH_TRAVERSAL none
- FB.PT_RELATIVE_PATH_TRAVERSAL none
- FB.RCN_REDUNDANT_COMPARISON_OF_NULL_AND_NONNULL_VALUE none
- FB.RCN_REDUNDANT_COMPARISON_TWO_NULL_VALUES none
- FB.RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE none
- FB.RCN_REDUNDANT_NULLCHECK_OF_NULL_VALUE none
- FB.RCN_REDUNDANT_NULLCHECK_WOULD_HAVE_BEEN_A_NPE none
- FB.RV_RETURN_VALUE_IGNORED_BAD_PRACTICE none
- FB.SQL_NONCONSTANT_STRING_PASSED_TO_EXECUTE none
- FB.SQL_PREPARED_STATEMENT_GENERATED_FROM_NONCONSTANT_STRING none
- FB.STCAL_INVOKE_ON_STATIC_CALENDAR_INSTANCE none
- FB.STCAL_INVOKE_ON_STATIC_DATE_FORMAT_INSTANCE none
- FB.STCAL_STATIC_CALENDAR_INSTANCE none
- FB.STCAL_STATIC_SIMPLE_DATE_FORMAT_INSTANCE none
- FB.XSS_REQUEST_PARAMETER_TO_JSP_WRITER none
- FB.XSS_REQUEST_PARAMETER_TO_SEND_ERROR none
- FB.XSS_REQUEST_PARAMETER_TO_SERVLET_WRITER none
- FORWARD_NULL deref_constant_null
- FORWARD_NULL deref_constant_zero
- FORWARD_NULL needs_null_check
- FORWARD_NULL none
- GUARDED_BY_VIOLATION none
- GUARDED_BY_VIOLATION unlocked_read
- GUARDED_BY_VIOLATION unlocked_write
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- INSECURE_COMMUNICATION insecure_communication
- INSECURE_COMMUNICATION none
- INSECURE_COMMUNICATION unencrypted_connection
- INSECURE_COOKIE java
- INSECURE_RANDOM insecure_random_used
- INSECURE_RANDOM insecure_random_value
- INSECURE_REMEMBER_ME_COOKIE remember_me_cookie
- JAVA_CODE_INJECTION none
- JSP_DYNAMIC_INCLUDE none
- JSP_SQL_INJECTION none
- MISSING_AUTHZ none
- MOBILE_ID_MISUSE none
- NON_STATIC_GUARDING_STATIC none
- NULL_RETURNS none
- NULL_RETURNS unimpl
- OPEN_REDIRECT none
- ORM_LOAD_NULL_CHECK none
- OS_CMD_INJECTION command_as_array_of_args
- OS_CMD_INJECTION command_as_one_string
- OS_CMD_INJECTION none
- OVERFLOW_BEFORE_WIDEN none
- PATH_MANIPULATION none
- PREDICTABLE_RANDOM_SEED random_seed
- PREDICTABLE_RANDOM_SEED secure_random_seed_const
- PREDICTABLE_RANDOM_SEED secure_random_seed_sys_time
- REVERSE_INULL none
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- VERBOSE_ERROR_REPORTING exception_information
- VERBOSE_ERROR_REPORTING stack_trace
- VOLATILE_ATOMICITY compare
- VOLATILE_ATOMICITY none
- VOLATILE_ATOMICITY semantic
- VOLATILE_ATOMICITY threshold
- WEAK_GUARD dns
- WEAK_GUARD dns_sensitive_op
- WEAK_GUARD http_referer
- WEAK_GUARD http_referer_sensitive_op
- WEAK_GUARD ip_address
- WEAK_GUARD ip_address_sensitive_op
- WEAK_GUARD none
- WEAK_GUARD os_login
- WEAK_GUARD os_login_sensitive_op
- WEAK_GUARD principal_name
- WEAK_GUARD principal_name_sensitive_op
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
- XML_EXTERNAL_ENTITY unrestricted_dtds
- XSS none
- XSS stored_xss
|
- ANGULAR_BYPASS_SECURITY none
- ANGULAR_ELEMENT_REFERENCE none
- ANGULAR_SCE_DISABLED angular_sce_disabled
- AWS_SSL_DISABLED aws_ssl_disabled
- AWS_VALIDATION_DISABLED aws_credentials_validation
- AWS_VALIDATION_DISABLED aws_parameters_validation
- BAD_CERT_VERIFICATION bad_cert_verification
- BAD_CERT_VERIFICATION certificate_validation_disabled
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
- CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
- CONFIG.CSURF_IGNORE_METHODS csurf_ignore_methods
- CONFIG.HANA_XS_PREVENT_XSRF_DISABLED none
- CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
- CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
- CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
- CORS_MISCONFIGURATION cors_with_credentials_all_origin
- CORS_MISCONFIGURATION cors_with_credentials_null_origin
- CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
- CORS_MISCONFIGURATION_AUDIT cors_headers_allowed
- CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_all_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_null_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
- CSRF database_update
- CSRF filesystem_modification
- CSRF none
- CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_cookie_name
- CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_no_validation
- CSRF_MISCONFIGURATION_HAPI_CRUMB insecure_cookie
- CSRF_MISCONFIGURATION_HAPI_CRUMB insufficient_token_entropy
- DOM_XSS none
- EXPRESS_SESSION_UNSAFE_MEMORYSTORE express_session_unsafe_memorystore
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
- FORWARD_NULL bad_null_value_use
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_set_if
- INSECURE_ACL insecure_acl
- INSECURE_COMMUNICATION insecure_connection
- INSECURE_COOKIE client_sessions_express_session
- INSECURE_COOKIE hapi_server_session
- INSECURE_RANDOM insecure_random_used
- INSECURE_RANDOM insecure_random_value
- INSECURE_SALT hardcoded
- MISSING_AUTHZ none
- MISSING_IFRAME_SANDBOX none
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_count
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
- MULTER_MISCONFIGURATION multer_misconfiguration_of_limits
- NULL_RETURNS none
- OPEN_REDIRECT none
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- REACT_DANGEROUS_INNERHTML react_set_unsafe_html
- REVERSE_INULL none
- REVERSE_TABNABBING react_target_blank
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO insecure_cipher
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SA.RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
- VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
- WEAK_URL_SANITIZATION hostname_regular_expression
- WEAK_URL_SANITIZATION regular_expression_anchor
- WEAK_URL_SANITIZATION url_substring
- XSS none
|
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- INSECURE_COMMUNICATION none
- INSECURE_RANDOM insecure_random_used
- INSECURE_RANDOM insecure_random_value
- MOBILE_ID_MISUSE none
- OS_CMD_INJECTION command_as_array_of_args
- OS_CMD_INJECTION command_as_one_string
- PATH_MANIPULATION none
- PREDICTABLE_RANDOM_SEED random_seed
- PREDICTABLE_RANDOM_SEED secure_random_seed_const
- PREDICTABLE_RANDOM_SEED secure_random_seed_sys_time
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
- XML_EXTERNAL_ENTITY unrestricted_dtds
|
- BAD_ALLOC_STRLEN none
- BAD_COMPARE comparator_misuse
- BUFFER_SIZE fixed_size_dest
- BUFFER_SIZE likely_overflow
- BUFFER_SIZE none
- BUFFER_SIZE overflow
- BUFFER_SIZE overlapping_buffer
- CHAR_IO none
- CHECKED_RETURN library_function
- CHECKED_RETURN none
- CHECKED_RETURN short_read
- CHECKED_RETURN unchecked_arg
- CHECKED_RETURN user_required
- CTOR_DTOR_LEAK none
- DC.PREDICTABLE_KEY_PASSWORD none
- DC.STREAM_BUFFER none
- DC.STRING_BUFFER none
- DC.WEAK_CRYPTO none
- FORMAT_STRING_INJECTION none
- FORMAT_STRING_INJECTION paranoid
- FORWARD_NULL deref_constant_null
- FORWARD_NULL dynamic_cast
- FORWARD_NULL none
- FORWARD_NULL throws_on_null
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- INTEGER_OVERFLOW array_index_read
- INTEGER_OVERFLOW array_index_write
- INTEGER_OVERFLOW const_overflow
- INTEGER_OVERFLOW critical_argument
- INTEGER_OVERFLOW none
- INTEGER_OVERFLOW pointer_deref_read
- INTEGER_OVERFLOW pointer_deref_write
- INTEGER_OVERFLOW return_value_error
- MISRA_CAST bitwise_op_bad_cast
- MISRA_CAST bitwise_op_no_cast
- MISRA_CAST float_complex_conversion
- MISRA_CAST float_narrowing_conversion
- MISRA_CAST float_non_constant_arg_conversion
- MISRA_CAST float_non_constant_conversion
- MISRA_CAST float_non_constant_rtn_conversion
- MISRA_CAST float_to_integer_cast
- MISRA_CAST float_to_integer_conversion
- MISRA_CAST float_widening_cast
- MISRA_CAST integer_complex_conversion
- MISRA_CAST integer_narrowing_conversion
- MISRA_CAST integer_non_constant_arg_conversion
- MISRA_CAST integer_non_constant_conversion
- MISRA_CAST integer_non_constant_rtn_conversion
- MISRA_CAST integer_signedness_changing_cast
- MISRA_CAST integer_signedness_changing_conversion
- MISRA_CAST integer_to_float_cast
- MISRA_CAST integer_to_float_conversion
- MISRA_CAST integer_widening_cast
- MISRA_CAST none
- MISSING_ASSIGN none
- MISSING_ASSIGN uncalled
- MISSING_COPY none
- MISSING_COPY uncalled
- MISSING_LOCK none
- NEGATIVE_RETURNS array_index_read
- NEGATIVE_RETURNS array_index_write
- NEGATIVE_RETURNS none
- NO_EFFECT bad_memset_truncated_fill
- NO_EFFECT bad_memset_zero_size
- NO_EFFECT incomplete_delete
- NULL_RETURNS none
- NULL_RETURNS unimpl
- OS_CMD_INJECTION none
- OVERFLOW_BEFORE_WIDEN none
- PATH_MANIPULATION none
- RESOURCE_LEAK fds_handles
- REVERSE_INULL none
- REVERSE_NEGATIVE array_index_read
- REVERSE_NEGATIVE array_index_write
- REVERSE_NEGATIVE none
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SECURE_CODING none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SIGN_EXTENSION none
- SIZECHECK ampersand_in_size
- SIZECHECK improper_new
- SIZECHECK incorrect_multiplication
- SIZECHECK likely_overflow
- SIZECHECK none
- SQLI none
- STRING_OVERFLOW fixed_size_dest
- STRING_OVERFLOW likely_overflow
- STRING_OVERFLOW none
- STRING_SIZE none
- TAINTED_SCALAR allocation
- TAINTED_SCALAR array_index_read
- TAINTED_SCALAR array_index_write
- TAINTED_SCALAR pointer_deref_read
- TAINTED_SCALAR pointer_deref_write
- TOCTOU none
- UNCAUGHT_EXCEPT none
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- USE_AFTER_FREE deref_read_after_free
- USE_AFTER_FREE deref_write_after_free
- USE_AFTER_FREE double_free
- USE_AFTER_FREE none
- VIRTUAL_DTOR empty_dtor
- VIRTUAL_DTOR none
- WEAK_GUARD dns
- WEAK_GUARD dns_sensitive_op
- WEAK_GUARD http_referer
- WEAK_GUARD http_referer_sensitive_op
- WEAK_GUARD ip_address
- WEAK_GUARD ip_address_sensitive_op
- WEAK_GUARD none
- WEAK_GUARD os_login
- WEAK_GUARD os_login_sensitive_op
- WEAK_GUARD principal_name
- WEAK_GUARD principal_name_sensitive_op
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
- WRAPPER_ESCAPE COM_deref_read_after_free
- WRAPPER_ESCAPE COM_deref_write_after_free
- WRAPPER_ESCAPE COM_use_after_free
- WRAPPER_ESCAPE deref_read_after_free
- WRAPPER_ESCAPE deref_write_after_free
- WRAPPER_ESCAPE none
|
- CONFIG.SYMFONY_CSRF_PROTECTION_DISABLED none
- FORWARD_NULL bad_null_value_use
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- MISSING_AUTHZ none
- OPEN_REDIRECT none
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- XSS none
|
- CSRF database_update
- CSRF none
- FORWARD_NULL bad_null_value_use
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- MISSING_AUTHZ none
- OPEN_REDIRECT none
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- REVERSE_INULL none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- XSS none
|
- CSRF csrf_not_protected_by_raising_exception_med
- CSRF csrf_protection_disabled_hi
- CSRF csrf_protection_missing_hi
- CSRF cve_2011_0447_hi
- DYNAMIC_OBJECT_ATTRIBUTES cve_2013_0276_hi
- FORWARD_NULL bad_null_value_use
- HARDCODED_CREDENTIALS secret_in_source_med
- INSECURE_COOKIE cookie_missing_secure_flag_low
- INSECURE_COOKIE missing_httponly_low
- INSECURE_DIRECT_OBJECT_REFERENCE unscoped_find_low
- OPEN_REDIRECT open_redirect_hi
- OPEN_REDIRECT open_redirect_low
- OS_CMD_INJECTION command_injection_hi
- OS_CMD_INJECTION command_injection_med
- PATH_MANIPULATION dynamic_render_path_hi
- PATH_MANIPULATION dynamic_render_path_low
- PATH_MANIPULATION dynamic_render_path_med
- PATH_MANIPULATION dynamic_render_path_rce_hi
- PATH_MANIPULATION file_access_hi
- PATH_MANIPULATION file_access_low
- PATH_MANIPULATION file_access_med
- RAILS_DEFAULT_ROUTES all_default_routes_hi
- RAILS_DEFAULT_ROUTES controller_default_routes_med
- RAILS_DEVISE_CONFIG devise_encryptor_hi
- RAILS_DEVISE_CONFIG devise_lock_strategy_low
- RAILS_MISSING_FILTER_ACTION missing_action_filter_low
- REVERSE_INULL none
- REVERSE_TABNABBING reverse_tabnabbing_low
- RUBY_VULNERABLE_LIBRARY cve_2010_3933_hi
- RUBY_VULNERABLE_LIBRARY cve_2011_2929_hi
- RUBY_VULNERABLE_LIBRARY cve_2011_2930_med
- RUBY_VULNERABLE_LIBRARY cve_2011_2931_hi
- RUBY_VULNERABLE_LIBRARY cve_2011_2932_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_2660_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_2661_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_2695_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_3463_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_3465_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_5664_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_0155_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_1855_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_1857_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_4491_med
- RUBY_VULNERABLE_LIBRARY cve_2013_6416_call_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_6416_med
- RUBY_VULNERABLE_LIBRARY cve_2013_6417_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_0080_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_0081_call_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_0081_med
- RUBY_VULNERABLE_LIBRARY cve_2014_3482_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_3483_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_low
- RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_med
- RUBY_VULNERABLE_LIBRARY cve_2014_3514_med
- RUBY_VULNERABLE_LIBRARY cve_2015_3226_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_3226_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7577_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7578_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_7578_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7579_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_7579_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7580_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_7580_med
- RUBY_VULNERABLE_LIBRARY cve_2016_6317_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_3741_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_3741_med
- RUBY_VULNERABLE_LIBRARY cve_2018_3760_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_3760_low
- RUBY_VULNERABLE_LIBRARY cve_2018_8048_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_8048_med
- RUBY_VULNERABLE_LIBRARY safe_buffer_vuln_med
- RUBY_VULNERABLE_LIBRARY select_options_vuln_low
- RUBY_VULNERABLE_LIBRARY select_options_vuln_med
- RUBY_VULNERABLE_LIBRARY translate_vuln_hi
- RUBY_VULNERABLE_LIBRARY translate_vuln_med
- SENSITIVE_DATA_LEAK detailed_exceptions_hi
- SENSITIVE_DATA_LEAK detailed_exceptions_med
- SQLI sql_injection_calculate_hi
- SQLI sql_injection_calculate_low
- SQLI sql_injection_calculate_med
- SQLI sql_injection_connection_hi
- SQLI sql_injection_connection_low
- SQLI sql_injection_connection_med
- SQLI sql_injection_delete_hi
- SQLI sql_injection_delete_low
- SQLI sql_injection_delete_med
- SQLI sql_injection_dynamic_finder_med
- SQLI sql_injection_exists_hi
- SQLI sql_injection_find_by_hi
- SQLI sql_injection_find_hi
- SQLI sql_injection_find_low
- SQLI sql_injection_find_med
- SQLI sql_injection_from_hi
- SQLI sql_injection_from_low
- SQLI sql_injection_from_med
- SQLI sql_injection_group_low
- SQLI sql_injection_group_med
- SQLI sql_injection_having_low
- SQLI sql_injection_having_med
- SQLI sql_injection_hi
- SQLI sql_injection_interp_hi
- SQLI sql_injection_interp_low
- SQLI sql_injection_interp_med
- SQLI sql_injection_joins_hi
- SQLI sql_injection_joins_low
- SQLI sql_injection_joins_med
- SQLI sql_injection_limit_offset_hi
- SQLI sql_injection_limit_offset_low
- SQLI sql_injection_low
- SQLI sql_injection_med
- SQLI sql_injection_not_low
- SQLI sql_injection_order_hi
- SQLI sql_injection_order_low
- SQLI sql_injection_order_med
- SQLI sql_injection_pluck_hi
- SQLI sql_injection_pluck_low
- SQLI sql_injection_pluck_med
- SQLI sql_injection_reorder_hi
- SQLI sql_injection_reorder_low
- SQLI sql_injection_reorder_med
- SQLI sql_injection_select_hi
- SQLI sql_injection_select_med
- SQLI sql_injection_where_hi
- SQLI sql_injection_where_low
- SQLI sql_injection_where_med
- STRICT_TRANSPORT_SECURITY force_ssl_disabled_med
- UNESCAPED_HTML unescaped_output_low
- UNSAFE_BASIC_AUTH basic_auth_password_hi
- UNSAFE_SESSION_SETTING http_cookies_hi
- UNSAFE_SESSION_SETTING secure_cookies_hi
- UNSAFE_SESSION_SETTING session_secret_hi
- WEAK_PASSWORD_HASH weak_hash_digest_hi
- WEAK_PASSWORD_HASH weak_hash_digest_med
- WEAK_PASSWORD_HASH weak_hash_hmac_med
- XSS cross_site_scripting_hi
- XSS cross_site_scripting_inline_hi
- XSS cross_site_scripting_inline_med
- XSS cross_site_scripting_low
- XSS cross_site_scripting_med
- XSS cve_2011_0446_hi
- XSS cve_2012_3464_med
- XSS cve_2016_6316_hi
- XSS cve_2016_6316_med
- XSS unquoted_attribute_hi
- XSS unquoted_attribute_low
- XSS unquoted_attribute_med
- XSS xss_content_tag_hi
- XSS xss_content_tag_med
- XSS xss_link_to_hi
- XSS xss_link_to_href_hi
- XSS xss_link_to_href_low
- XSS xss_link_to_med
- XSS xss_to_json_hi
- XSS xss_to_json_med
|
- FORWARD_NULL deref_constant_null
- FORWARD_NULL none
- OVERFLOW_BEFORE_WIDEN none
- REVERSE_INULL none
|
- CONFIG.ATS_INSECURE none
- CUSTOM_KEYBOARD_DATA_LEAK none
- FORWARD_NULL deref_constant_null
- FORWARD_NULL none
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- INSECURE_COMMUNICATION none
- INSECURE_MULTIPEER_CONNECTION none
- PATH_MANIPULATION none
- REVERSE_INULL none
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
|
- ANGULAR_BYPASS_SECURITY none
- ANGULAR_ELEMENT_REFERENCE none
- ANGULAR_SCE_DISABLED angular_sce_disabled
- AWS_SSL_DISABLED aws_ssl_disabled
- AWS_VALIDATION_DISABLED aws_credentials_validation
- AWS_VALIDATION_DISABLED aws_parameters_validation
- BAD_CERT_VERIFICATION bad_cert_verification
- BAD_CERT_VERIFICATION certificate_validation_disabled
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
- CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
- CONFIG.CSURF_IGNORE_METHODS csurf_ignore_methods
- CONFIG.HANA_XS_PREVENT_XSRF_DISABLED none
- CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
- CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
- CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
- CORS_MISCONFIGURATION cors_with_credentials_all_origin
- CORS_MISCONFIGURATION cors_with_credentials_null_origin
- CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
- CORS_MISCONFIGURATION_AUDIT cors_headers_allowed
- CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_all_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_null_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
- CSRF database_update
- CSRF filesystem_modification
- CSRF none
- CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_cookie_name
- CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_no_validation
- CSRF_MISCONFIGURATION_HAPI_CRUMB insecure_cookie
- CSRF_MISCONFIGURATION_HAPI_CRUMB insufficient_token_entropy
- DOM_XSS none
- EXPRESS_SESSION_UNSAFE_MEMORYSTORE express_session_unsafe_memorystore
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
- FORWARD_NULL bad_null_value_use
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_set_if
- INSECURE_ACL insecure_acl
- INSECURE_COMMUNICATION insecure_connection
- INSECURE_COOKIE client_sessions_express_session
- INSECURE_COOKIE hapi_server_session
- INSECURE_RANDOM insecure_random_used
- INSECURE_RANDOM insecure_random_value
- INSECURE_SALT hardcoded
- MISSING_AUTHZ none
- MISSING_IFRAME_SANDBOX none
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_count
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
- MULTER_MISCONFIGURATION multer_misconfiguration_of_limits
- NULL_RETURNS none
- OPEN_REDIRECT none
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- REACT_DANGEROUS_INNERHTML react_set_unsafe_html
- REVERSE_INULL none
- REVERSE_TABNABBING react_target_blank
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO insecure_cipher
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SA.RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
- VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
- WEAK_URL_SANITIZATION hostname_regular_expression
- WEAK_URL_SANITIZATION regular_expression_anchor
- WEAK_URL_SANITIZATION url_substring
- XSS none
|
- CSRF database_update
- CSRF filesystem_modification
- CSRF none
- FORWARD_NULL deref_constant_null
- FORWARD_NULL deref_constant_zero
- FORWARD_NULL dynamic_cast
- FORWARD_NULL none
- FORWARD_NULL null_from_as
- FORWARD_NULL throws_on_null
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- INSECURE_RANDOM insecure_random_used
- INSECURE_RANDOM insecure_random_value
- MISSING_AUTHZ none
- NULL_RETURNS none
- OPEN_REDIRECT none
- OS_CMD_INJECTION command_argument
- OS_CMD_INJECTION executable_file
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- REVERSE_INULL none
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
- XML_EXTERNAL_ENTITY unrestricted_dtds
- XSS none
- XSS stored_xss
|
| 901 SFP Primary Cluster: Privilege |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 902 SFP Primary Cluster: Channel |
- RISKY_CRYPTO ssl_protocol
- XSS none
- XSS stored_xss
|
- INCOMPATIBLE_CAST endianness
- RISKY_CRYPTO ssl_protocol
- URL_MANIPULATION none
- WEAK_GUARD dns
- WEAK_GUARD dns_sensitive_op
- WEAK_GUARD http_referer
- WEAK_GUARD http_referer_sensitive_op
- WEAK_GUARD ip_address
- WEAK_GUARD ip_address_sensitive_op
- WEAK_GUARD none
- WEAK_GUARD os_login
- WEAK_GUARD os_login_sensitive_op
- WEAK_GUARD principal_name
- WEAK_GUARD principal_name_sensitive_op
|
- INCOMPATIBLE_CAST endianness
- RISKY_CRYPTO ssl_protocol
- URL_MANIPULATION none
- WEAK_GUARD dns
- WEAK_GUARD dns_sensitive_op
- WEAK_GUARD http_referer
- WEAK_GUARD http_referer_sensitive_op
- WEAK_GUARD ip_address
- WEAK_GUARD ip_address_sensitive_op
- WEAK_GUARD none
- WEAK_GUARD os_login
- WEAK_GUARD os_login_sensitive_op
- WEAK_GUARD principal_name
- WEAK_GUARD principal_name_sensitive_op
|
- RISKY_CRYPTO ssl_protocol
- URL_MANIPULATION none
- XSS none
|
- BAD_CERT_VERIFICATION bad_hostname_verifier
- BAD_CERT_VERIFICATION bad_revocation_check
- BAD_CERT_VERIFICATION bad_ssl_session
- BAD_CERT_VERIFICATION bad_trust_manager
- CONFIG.HTTP_VERB_TAMPERING none
- CONFIG.SPRING_SECURITY_DEPRECATED_XSS_HEADER deprecated_xss_header
- CORS_MISCONFIGURATION cors_with_credentials_http_origin
- INSECURE_HTTP_FIREWALL spring_security
- RISKY_CRYPTO ssl_protocol
- URL_MANIPULATION bad_content_uri
- URL_MANIPULATION bad_intent_uri
- URL_MANIPULATION bad_web_uri
- WEAK_GUARD dns
- WEAK_GUARD dns_sensitive_op
- WEAK_GUARD http_referer
- WEAK_GUARD http_referer_sensitive_op
- WEAK_GUARD ip_address
- WEAK_GUARD ip_address_sensitive_op
- WEAK_GUARD none
- WEAK_GUARD os_login
- WEAK_GUARD os_login_sensitive_op
- WEAK_GUARD principal_name
- WEAK_GUARD principal_name_sensitive_op
- XSS none
- XSS stored_xss
|
- ANGULAR_SCE_DISABLED angular_sce_disabled
- CONFIG.REQUEST_STRICTSSL_DISABLED request_strictssl_disabled
- CORS_MISCONFIGURATION cors_with_credentials_http_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_http_origin
- DOM_XSS none
- REACT_DANGEROUS_INNERHTML react_set_unsafe_html
- RISKY_CRYPTO ssl_protocol
- SA.RISKY_CRYPTO ssl_protocol
- URL_MANIPULATION none
- VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
- WEAK_URL_SANITIZATION hostname_regular_expression
- WEAK_URL_SANITIZATION regular_expression_anchor
- WEAK_URL_SANITIZATION url_substring
- XSS none
|
- BAD_CERT_VERIFICATION bad_hostname_verifier
- BAD_CERT_VERIFICATION bad_revocation_check
- BAD_CERT_VERIFICATION bad_ssl_session
- BAD_CERT_VERIFICATION bad_trust_manager
- RISKY_CRYPTO ssl_protocol
- URL_MANIPULATION bad_content_uri
- URL_MANIPULATION bad_intent_uri
- URL_MANIPULATION bad_web_uri
|
- INCOMPATIBLE_CAST endianness
- RISKY_CRYPTO ssl_protocol
- URL_MANIPULATION none
- WEAK_GUARD dns
- WEAK_GUARD dns_sensitive_op
- WEAK_GUARD http_referer
- WEAK_GUARD http_referer_sensitive_op
- WEAK_GUARD ip_address
- WEAK_GUARD ip_address_sensitive_op
- WEAK_GUARD none
- WEAK_GUARD os_login
- WEAK_GUARD os_login_sensitive_op
- WEAK_GUARD principal_name
- WEAK_GUARD principal_name_sensitive_op
|
|
|
- BAD_CERT_VERIFICATION ssl_verification_bypass_hi
- XSS cross_site_scripting_hi
- XSS cross_site_scripting_inline_hi
- XSS cross_site_scripting_inline_med
- XSS cross_site_scripting_low
- XSS cross_site_scripting_med
- XSS cve_2011_0446_hi
- XSS cve_2012_3464_med
- XSS cve_2016_6316_hi
- XSS cve_2016_6316_med
- XSS unquoted_attribute_hi
- XSS unquoted_attribute_low
- XSS unquoted_attribute_med
- XSS xss_content_tag_hi
- XSS xss_content_tag_med
- XSS xss_link_to_hi
- XSS xss_link_to_href_hi
- XSS xss_link_to_href_low
- XSS xss_link_to_med
- XSS xss_to_json_hi
- XSS xss_to_json_med
|
|
- BAD_CERT_VERIFICATION bad_trust_manager
- BAD_CERT_VERIFICATION none
- RISKY_CRYPTO ssl_protocol
|
- ANGULAR_SCE_DISABLED angular_sce_disabled
- CONFIG.REQUEST_STRICTSSL_DISABLED request_strictssl_disabled
- CORS_MISCONFIGURATION cors_with_credentials_http_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_http_origin
- DOM_XSS none
- REACT_DANGEROUS_INNERHTML react_set_unsafe_html
- RISKY_CRYPTO ssl_protocol
- SA.RISKY_CRYPTO ssl_protocol
- URL_MANIPULATION none
- VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
- WEAK_URL_SANITIZATION hostname_regular_expression
- WEAK_URL_SANITIZATION regular_expression_anchor
- WEAK_URL_SANITIZATION url_substring
- XSS none
|
- RISKY_CRYPTO ssl_protocol
- XSS none
- XSS stored_xss
|
| 903 SFP Primary Cluster: Cryptography |
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
|
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
|
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
|
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
|
- CONFIG.SPRING_SECURITY_WEAK_PASSWORD_HASH weak_encoding_for_password
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
|
- INSECURE_SALT hardcoded
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO insecure_cipher
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SA.RISKY_CRYPTO ssl_protocol
|
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
|
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
|
|
|
- RAILS_DEVISE_CONFIG devise_encryptor_hi
- WEAK_PASSWORD_HASH weak_hash_digest_hi
- WEAK_PASSWORD_HASH weak_hash_digest_med
- WEAK_PASSWORD_HASH weak_hash_hmac_med
|
|
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
|
- INSECURE_SALT hardcoded
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO insecure_cipher
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SA.RISKY_CRYPTO ssl_protocol
|
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
|
| 904 SFP Primary Cluster: Malware |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 905 SFP Primary Cluster: Predictability |
- CONFIG.CONNECTION_STRING_PASSWORD none
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- INSECURE_RANDOM insecure_random_used
- INSECURE_RANDOM insecure_random_value
|
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
|
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
|
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
|
- CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
- CONFIG.SPRING_SECURITY_HARDCODED_CREDENTIALS none
- CONFIG.SPRING_SECURITY_REMEMBER_ME_HARDCODED_KEY none
- FB.DMI_CONSTANT_DB_PASSWORD none
- FB.DMI_EMPTY_DB_PASSWORD none
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- INSECURE_RANDOM insecure_random_used
- INSECURE_RANDOM insecure_random_value
- MOBILE_ID_MISUSE none
- PREDICTABLE_RANDOM_SEED random_seed
- PREDICTABLE_RANDOM_SEED secure_random_seed_const
- PREDICTABLE_RANDOM_SEED secure_random_seed_sys_time
|
- CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
- CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- INSECURE_RANDOM insecure_random_used
- INSECURE_RANDOM insecure_random_value
|
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- INSECURE_RANDOM insecure_random_used
- INSECURE_RANDOM insecure_random_value
- MOBILE_ID_MISUSE none
- PREDICTABLE_RANDOM_SEED random_seed
- PREDICTABLE_RANDOM_SEED secure_random_seed_const
- PREDICTABLE_RANDOM_SEED secure_random_seed_sys_time
|
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
|
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
|
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
|
- HARDCODED_CREDENTIALS secret_in_source_med
- UNSAFE_BASIC_AUTH basic_auth_password_hi
- UNSAFE_SESSION_SETTING session_secret_hi
|
|
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
|
- CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
- CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- INSECURE_RANDOM insecure_random_used
- INSECURE_RANDOM insecure_random_value
|
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- INSECURE_RANDOM insecure_random_used
- INSECURE_RANDOM insecure_random_value
|
| 906 SFP Primary Cluster: UI |
- UNLOGGED_SECURITY_EXCEPTION unlogged_security_exception
|
|
|
- INSUFFICIENT_LOGGING logging_obligation
|
- FB.REC_CATCH_EXCEPTION none
- UNLOGGED_SECURITY_EXCEPTION unlogged_security_exception
|
- INSUFFICIENT_LOGGING logging_obligation
|
|
|
|
|
|
|
|
- INSUFFICIENT_LOGGING logging_obligation
|
- UNLOGGED_SECURITY_EXCEPTION unlogged_security_exception
|
| 907 SFP Primary Cluster: Other |
- BAD_EQ referential
- BAD_EQ_TYPES none
- BAD_LOCK_OBJECT boxed_lock
- BAD_LOCK_OBJECT interned_string_lock
- BAD_LOCK_OBJECT none
- BAD_LOCK_OBJECT single_thread_lock
- BAD_LOCK_OBJECT unsafe_assign_to_locked_field
- CALL_SUPER none
- CONFIG.CONNECTION_STRING_PASSWORD none
- CONFIG.DEAD_AUTHORIZATION_RULE dead_allow_rule
- CONFIG.DEAD_AUTHORIZATION_RULE dead_deny_rule
- CONSTANT_EXPRESSION_RESULT bit_and_with_zero
- CONSTANT_EXPRESSION_RESULT extra_high_bits
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT missing_parentheses
- CONSTANT_EXPRESSION_RESULT none
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT result_independent_of_operands
- CONSTANT_EXPRESSION_RESULT same_on_both_sides
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- COPY_PASTE_ERROR none
- CSRF database_update
- CSRF filesystem_modification
- CSRF none
- DEADCODE dead_case_in_switch
- DEADCODE dead_default_in_switch
- DEADCODE effectively_constant
- DEADCODE none
- DEADCODE redundant_test
- DIVIDE_BY_ZERO float_divisor
- DIVIDE_BY_ZERO none
- FORWARD_NULL deref_constant_null
- FORWARD_NULL deref_constant_zero
- FORWARD_NULL dynamic_cast
- FORWARD_NULL none
- FORWARD_NULL null_from_as
- FORWARD_NULL throws_on_null
- GUARDED_BY_VIOLATION none
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HEADER_INJECTION none
- IDENTICAL_BRANCHES case
- IDENTICAL_BRANCHES chain
- IDENTICAL_BRANCHES if
- IDENTICAL_BRANCHES ternary
- INFINITE_LOOP no_escape
- INFINITE_LOOP none
- INSECURE_COOKIE dotnet
- LDAP_INJECTION none
- LDAP_NOT_CONSTANT none
- LOCK_EVASION none
- LOCK_INVERSION none
- LOG_INJECTION none
- MISSING_AUTHZ none
- MISSING_RESTORE likely
- MISSING_RESTORE none
- MISSING_RESTORE possible
- NESTING_INDENT_MISMATCH bad_indentation
- NESTING_INDENT_MISMATCH none
- NON_STATIC_GUARDING_STATIC none
- NOSQL_QUERY_INJECTION none
- NULL_RETURNS none
- NULL_RETURNS unimpl
- OPEN_REDIRECT none
- OS_CMD_INJECTION command_argument
- OS_CMD_INJECTION executable_file
- OS_CMD_INJECTION none
- OVERFLOW_BEFORE_WIDEN none
- PATH_MANIPULATION none
- PROPERTY_MIXUP none
- REGEX_INJECTION none
- RESOURCE_LEAK channel
- RESOURCE_LEAK database
- RESOURCE_LEAK exceptional_path
- RESOURCE_LEAK none
- RESOURCE_LEAK socket
- RESOURCE_LEAK stream
- REVERSE_INULL none
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
- STRAY_SEMICOLON none
- SWAPPED_ARGUMENTS none
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- UNEXPECTED_CONTROL_FLOW continue_in_do_while_false
- UNKNOWN_LANGUAGE_INJECTION none
- UNLOGGED_SECURITY_EXCEPTION unlogged_security_exception
- UNREACHABLE none
- UNRESTRICTED_DISPATCH none
- UNSAFE_DESERIALIZATION none
- UNSAFE_NAMED_QUERY none
- UNUSED_VALUE adjacent
- UNUSED_VALUE none
- VOLATILE_ATOMICITY compare
- VOLATILE_ATOMICITY none
- VOLATILE_ATOMICITY semantic
- VOLATILE_ATOMICITY threshold
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
- XML_EXTERNAL_ENTITY entity_expansion
- XML_EXTERNAL_ENTITY unrestricted_dtds
- XML_INJECTION none
- XPATH_INJECTION none
- XSS none
- XSS stored_xss
|
- ALLOC_FREE_MISMATCH none
- ARRAY_VS_SINGLETON none
- ASSIGN_NOT_RETURNING_STAR_THIS indirect
- ASSIGN_NOT_RETURNING_STAR_THIS none
- ASSIGN_NOT_RETURNING_STAR_THIS usable_for_chained_assignment
- ATOMICITY none
- BAD_ALLOC_ARITHMETIC none
- BAD_ALLOC_STRLEN none
- BAD_COMPARE comparator_misuse
- BAD_COMPARE misuse_of_not
- BAD_COMPARE none
- BAD_COMPARE string_lit_comparison
- BAD_FREE address
- BAD_FREE alloca
- BAD_FREE array
- BAD_FREE first_field_address
- BAD_FREE function_pointer
- BAD_FREE none
- BAD_OVERRIDE none
- BAD_SIZEOF none
- BAD_SIZEOF sizeof_ptr_expr
- BUFFER_SIZE fixed_size_dest
- BUFFER_SIZE likely_overflow
- BUFFER_SIZE no_null_terminator
- BUFFER_SIZE no_null_terminator_warn
- BUFFER_SIZE none
- BUFFER_SIZE overflow
- BUFFER_SIZE overlapping_buffer
- CHECKED_RETURN library_function
- CHECKED_RETURN none
- CHECKED_RETURN returns_error_info
- CHECKED_RETURN short_read
- CHECKED_RETURN unchecked_arg
- CHECKED_RETURN user_required
- CHROOT none
- COM.ADDROF_LEAK none
- COM.BAD_FREE none
- COM.BSTR.ALLOC double_free
- COM.BSTR.ALLOC free_uninit
- COM.BSTR.ALLOC leak
- COM.BSTR.ALLOC none
- COM.BSTR.ALLOC use_after_free
- COM.BSTR.ALLOC use_uninit
- COM.BSTR.CONV none
- CONSTANT_EXPRESSION_RESULT bit_and_with_zero
- CONSTANT_EXPRESSION_RESULT extra_high_bits
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT missing_parentheses
- CONSTANT_EXPRESSION_RESULT none
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT pointless_string_compare
- CONSTANT_EXPRESSION_RESULT result_independent_of_operands
- CONSTANT_EXPRESSION_RESULT same_on_both_sides
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- COPY_PASTE_ERROR none
- CTOR_DTOR_LEAK none
- DC.PREDICTABLE_KEY_PASSWORD none
- DC.STREAM_BUFFER none
- DC.STRING_BUFFER none
- DC.WEAK_CRYPTO none
- DEADCODE dead_case_in_switch
- DEADCODE dead_default_in_switch
- DEADCODE effectively_constant
- DEADCODE none
- DEADCODE redundant_test
- DELETE_ARRAY non_array_delete
- DELETE_ARRAY none
- DELETE_ARRAY object
- DELETE_ARRAY scalar
- DELETE_VOID none
- DIVIDE_BY_ZERO float_divisor
- DIVIDE_BY_ZERO none
- ENUM_AS_BOOLEAN none
- EVALUATION_ORDER none
- FORMAT_STRING_INJECTION none
- FORMAT_STRING_INJECTION paranoid
- FORWARD_NULL deref_constant_null
- FORWARD_NULL dynamic_cast
- FORWARD_NULL none
- FORWARD_NULL throws_on_null
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HEADER_INJECTION none
- HFA none
- IDENTICAL_BRANCHES case
- IDENTICAL_BRANCHES chain
- IDENTICAL_BRANCHES if
- IDENTICAL_BRANCHES ternary
- INCOMPATIBLE_CAST endianness
- INCOMPATIBLE_CAST overrun
- INFINITE_LOOP no_escape
- INFINITE_LOOP none
- INTEGER_OVERFLOW array_index_read
- INTEGER_OVERFLOW array_index_write
- INTEGER_OVERFLOW const_overflow
- INTEGER_OVERFLOW critical_argument
- INTEGER_OVERFLOW none
- INTEGER_OVERFLOW pointer_deref_read
- INTEGER_OVERFLOW pointer_deref_write
- INTEGER_OVERFLOW return_value_error
- INVALIDATE_ITERATOR none
- LOCK double_lock
- LOCK lock_assert
- LOCK missing_unlock
- LOCK none
- MISMATCHED_ITERATOR mismatched_comparison
- MISMATCHED_ITERATOR none
- MISMATCHED_ITERATOR splice_iterator_mismatch
- MISSING_ASSIGN none
- MISSING_ASSIGN uncalled
- MISSING_BREAK none
- MISSING_COPY none
- MISSING_COPY uncalled
- MISSING_LOCK none
- MISSING_RESTORE likely
- MISSING_RESTORE none
- MISSING_RESTORE possible
- MISSING_RETURN multiple_returns
- MISSING_RETURN none
- MIXED_ENUMS inferred
- MIXED_ENUMS none
- NEGATIVE_RETURNS array_index_read
- NEGATIVE_RETURNS array_index_write
- NEGATIVE_RETURNS critical_argument
- NEGATIVE_RETURNS loop_bound
- NESTING_INDENT_MISMATCH bad_indentation
- NESTING_INDENT_MISMATCH none
- NO_EFFECT array_null
- NO_EFFECT bad_memset_zero_size
- NO_EFFECT extra_comma
- NO_EFFECT incomplete_delete
- NO_EFFECT no_effect_deref
- NO_EFFECT no_effect_test
- NO_EFFECT self_assign
- NO_EFFECT static_through_instance
- NO_EFFECT unsigned_compare
- NO_EFFECT unsigned_compare_macros
- NO_EFFECT unsigned_enums
- NO_EFFECT useless_continue
- NULL_RETURNS none
- NULL_RETURNS unimpl
- OPEN_ARGS none
- ORDER_REVERSAL none
- OS_CMD_INJECTION none
- OVERFLOW_BEFORE_WIDEN none
- OVERRUN illegal_address
- OVERRUN none
- OVERRUN read
- OVERRUN strlen
- OVERRUN write
- PASS_BY_VALUE none
- PATH_MANIPULATION none
- PRINTF_ARGS extra_printf_arg
- PRINTF_ARGS invalid_printf_format_string
- PRINTF_ARGS invalid_type_printf_arg
- PRINTF_ARGS missing_printf_arg
- PW.* none
- PW.ASSIGN_WHERE_COMPARE_MEANT none
- PW.BAD_PRINTF_FORMAT_STRING none
- PW.BRANCH_PAST_INITIALIZATION none
- PW.DIVIDE_BY_ZERO none
- PW.INTEGER_OVERFLOW none
- PW.INTEGER_TOO_LARGE none
- PW.NON_CONST_PRINTF_FORMAT_STRING none
- PW.RETURN_PTR_TO_LOCAL_TEMP none
- PW.SHIFT_COUNT_TOO_LARGE none
- PW.TOO_FEW_PRINTF_ARGS none
- PW.TOO_MANY_PRINTF_ARGS none
- PW.UNSIGNED_COMPARE_WITH_NEGATIVE none
- READLINK none
- RESOURCE_LEAK exceptional_path
- RESOURCE_LEAK fds_handles
- RESOURCE_LEAK none
- RETURN_LOCAL escape_local_addr_to_fields_or_globals
- RETURN_LOCAL none
- REVERSE_INULL none
- REVERSE_NEGATIVE array_index_read
- REVERSE_NEGATIVE array_index_write
- REVERSE_NEGATIVE critical_argument
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SECURE_CODING none
- SELF_ASSIGN none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SIZECHECK ampersand_in_size
- SIZECHECK improper_new
- SIZECHECK incorrect_multiplication
- SIZECHECK likely_overflow
- SIZECHECK no_null_terminator
- SIZECHECK none
- SIZEOF_MISMATCH extra_sizeof
- SIZEOF_MISMATCH missing_parentheses
- SIZEOF_MISMATCH none
- SIZEOF_MISMATCH sizeof_punning
- SIZEOF_MISMATCH wrong_size_value
- SIZEOF_MISMATCH wrong_sizeof
- SLEEP none
- SQLI none
- STACK_USE none
- STRAY_SEMICOLON none
- STRING_NULL none
- STRING_OVERFLOW fixed_size_dest
- STRING_OVERFLOW likely_overflow
- STRING_OVERFLOW none
- STRING_SIZE none
- SWAPPED_ARGUMENTS none
- TAINTED_SCALAR allocation
- TAINTED_SCALAR array_index_read
- TAINTED_SCALAR array_index_write
- TAINTED_SCALAR critical_argument
- TAINTED_SCALAR divisor
- TAINTED_SCALAR loop_bound
- TAINTED_SCALAR none
- TAINTED_SCALAR pointer_deref_read
- TAINTED_SCALAR pointer_deref_write
- TAINTED_STRING none
- TOCTOU none
- UNCAUGHT_EXCEPT none
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- UNEXPECTED_CONTROL_FLOW continue_in_do_while_false
- UNINIT array_index_read
- UNINIT array_index_write
- UNINIT none
- UNINIT pointer_deref_read
- UNINIT pointer_deref_write
- UNINIT_CTOR none
- UNINIT_CTOR pointer
- UNREACHABLE none
- UNUSED_VALUE adjacent
- UNUSED_VALUE none
- URL_MANIPULATION none
- USER_POINTER none
- USE_AFTER_FREE deref_read_after_free
- USE_AFTER_FREE deref_write_after_free
- USE_AFTER_FREE double_free
- USE_AFTER_FREE none
- VARARGS none
- VIRTUAL_DTOR empty_dtor
- VIRTUAL_DTOR none
- WEAK_GUARD dns
- WEAK_GUARD dns_sensitive_op
- WEAK_GUARD http_referer
- WEAK_GUARD http_referer_sensitive_op
- WEAK_GUARD ip_address
- WEAK_GUARD ip_address_sensitive_op
- WEAK_GUARD none
- WEAK_GUARD os_login
- WEAK_GUARD os_login_sensitive_op
- WEAK_GUARD principal_name
- WEAK_GUARD principal_name_sensitive_op
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
- WRAPPER_ESCAPE COM_deref_read_after_free
- WRAPPER_ESCAPE COM_deref_write_after_free
- WRAPPER_ESCAPE COM_use_after_free
- WRAPPER_ESCAPE deref_read_after_free
- WRAPPER_ESCAPE deref_write_after_free
- WRAPPER_ESCAPE none
- XPATH_INJECTION none
|
- ALLOC_FREE_MISMATCH none
- ARRAY_VS_SINGLETON none
- ASSIGN_NOT_RETURNING_STAR_THIS indirect
- ASSIGN_NOT_RETURNING_STAR_THIS none
- ASSIGN_NOT_RETURNING_STAR_THIS usable_for_chained_assignment
- ATOMICITY none
- BAD_ALLOC_ARITHMETIC none
- BAD_ALLOC_STRLEN none
- BAD_COMPARE comparator_misuse
- BAD_COMPARE misuse_of_not
- BAD_COMPARE none
- BAD_COMPARE string_lit_comparison
- BAD_FREE address
- BAD_FREE alloca
- BAD_FREE array
- BAD_FREE first_field_address
- BAD_FREE function_pointer
- BAD_FREE none
- BAD_OVERRIDE none
- BAD_SIZEOF none
- BAD_SIZEOF sizeof_ptr_expr
- BUFFER_SIZE fixed_size_dest
- BUFFER_SIZE likely_overflow
- BUFFER_SIZE no_null_terminator
- BUFFER_SIZE no_null_terminator_warn
- BUFFER_SIZE none
- BUFFER_SIZE overflow
- BUFFER_SIZE overlapping_buffer
- CHECKED_RETURN library_function
- CHECKED_RETURN none
- CHECKED_RETURN returns_error_info
- CHECKED_RETURN short_read
- CHECKED_RETURN unchecked_arg
- CHECKED_RETURN user_required
- CHROOT none
- CONSTANT_EXPRESSION_RESULT bit_and_with_zero
- CONSTANT_EXPRESSION_RESULT extra_high_bits
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT missing_parentheses
- CONSTANT_EXPRESSION_RESULT none
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT pointless_string_compare
- CONSTANT_EXPRESSION_RESULT result_independent_of_operands
- CONSTANT_EXPRESSION_RESULT same_on_both_sides
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- COPY_PASTE_ERROR none
- CTOR_DTOR_LEAK none
- DC.PREDICTABLE_KEY_PASSWORD none
- DC.STREAM_BUFFER none
- DC.STRING_BUFFER none
- DC.WEAK_CRYPTO none
- DEADCODE dead_case_in_switch
- DEADCODE dead_default_in_switch
- DEADCODE effectively_constant
- DEADCODE none
- DEADCODE redundant_test
- DELETE_ARRAY non_array_delete
- DELETE_ARRAY none
- DELETE_ARRAY object
- DELETE_ARRAY scalar
- DELETE_VOID none
- DIVIDE_BY_ZERO float_divisor
- DIVIDE_BY_ZERO none
- ENUM_AS_BOOLEAN none
- EVALUATION_ORDER none
- FORMAT_STRING_INJECTION none
- FORMAT_STRING_INJECTION paranoid
- FORWARD_NULL deref_constant_null
- FORWARD_NULL dynamic_cast
- FORWARD_NULL none
- FORWARD_NULL throws_on_null
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HEADER_INJECTION none
- IDENTICAL_BRANCHES case
- IDENTICAL_BRANCHES chain
- IDENTICAL_BRANCHES if
- IDENTICAL_BRANCHES ternary
- INCOMPATIBLE_CAST endianness
- INCOMPATIBLE_CAST overrun
- INFINITE_LOOP no_escape
- INFINITE_LOOP none
- INTEGER_OVERFLOW array_index_read
- INTEGER_OVERFLOW array_index_write
- INTEGER_OVERFLOW const_overflow
- INTEGER_OVERFLOW critical_argument
- INTEGER_OVERFLOW none
- INTEGER_OVERFLOW pointer_deref_read
- INTEGER_OVERFLOW pointer_deref_write
- INTEGER_OVERFLOW return_value_error
- INVALIDATE_ITERATOR none
- LOCK double_lock
- LOCK lock_assert
- LOCK missing_unlock
- LOCK none
- MISMATCHED_ITERATOR mismatched_comparison
- MISMATCHED_ITERATOR none
- MISMATCHED_ITERATOR splice_iterator_mismatch
- MISSING_ASSIGN none
- MISSING_ASSIGN uncalled
- MISSING_BREAK none
- MISSING_COPY none
- MISSING_COPY uncalled
- MISSING_LOCK none
- MISSING_RESTORE likely
- MISSING_RESTORE none
- MISSING_RESTORE possible
- MISSING_RETURN multiple_returns
- MISSING_RETURN none
- MIXED_ENUMS inferred
- MIXED_ENUMS none
- NEGATIVE_RETURNS array_index_read
- NEGATIVE_RETURNS array_index_write
- NEGATIVE_RETURNS critical_argument
- NEGATIVE_RETURNS loop_bound
- NESTING_INDENT_MISMATCH bad_indentation
- NESTING_INDENT_MISMATCH none
- NO_EFFECT array_null
- NO_EFFECT bad_memset_zero_size
- NO_EFFECT extra_comma
- NO_EFFECT incomplete_delete
- NO_EFFECT no_effect_deref
- NO_EFFECT no_effect_test
- NO_EFFECT self_assign
- NO_EFFECT static_through_instance
- NO_EFFECT unsigned_compare
- NO_EFFECT unsigned_compare_macros
- NO_EFFECT unsigned_enums
- NO_EFFECT useless_continue
- NULL_RETURNS none
- NULL_RETURNS unimpl
- OPEN_ARGS none
- ORDER_REVERSAL none
- OS_CMD_INJECTION none
- OVERFLOW_BEFORE_WIDEN none
- OVERRUN illegal_address
- OVERRUN none
- OVERRUN read
- OVERRUN strlen
- OVERRUN write
- PASS_BY_VALUE none
- PATH_MANIPULATION none
- PRINTF_ARGS extra_printf_arg
- PRINTF_ARGS invalid_printf_format_string
- PRINTF_ARGS invalid_type_printf_arg
- PRINTF_ARGS missing_printf_arg
- PW.* none
- PW.ASSIGN_WHERE_COMPARE_MEANT none
- PW.BAD_PRINTF_FORMAT_STRING none
- PW.BRANCH_PAST_INITIALIZATION none
- PW.DIVIDE_BY_ZERO none
- PW.INTEGER_OVERFLOW none
- PW.INTEGER_TOO_LARGE none
- PW.NON_CONST_PRINTF_FORMAT_STRING none
- PW.RETURN_PTR_TO_LOCAL_TEMP none
- PW.SHIFT_COUNT_TOO_LARGE none
- PW.TOO_FEW_PRINTF_ARGS none
- PW.TOO_MANY_PRINTF_ARGS none
- PW.UNSIGNED_COMPARE_WITH_NEGATIVE none
- READLINK none
- RESOURCE_LEAK exceptional_path
- RESOURCE_LEAK fds_handles
- RESOURCE_LEAK none
- RETURN_LOCAL escape_local_addr_to_fields_or_globals
- RETURN_LOCAL none
- REVERSE_INULL none
- REVERSE_NEGATIVE array_index_read
- REVERSE_NEGATIVE array_index_write
- REVERSE_NEGATIVE critical_argument
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SECURE_CODING none
- SELF_ASSIGN none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SIZECHECK ampersand_in_size
- SIZECHECK improper_new
- SIZECHECK incorrect_multiplication
- SIZECHECK likely_overflow
- SIZECHECK no_null_terminator
- SIZECHECK none
- SIZEOF_MISMATCH extra_sizeof
- SIZEOF_MISMATCH missing_parentheses
- SIZEOF_MISMATCH none
- SIZEOF_MISMATCH sizeof_punning
- SIZEOF_MISMATCH wrong_size_value
- SIZEOF_MISMATCH wrong_sizeof
- SLEEP none
- SQLI none
- STACK_USE none
- STRAY_SEMICOLON none
- STRING_NULL none
- STRING_OVERFLOW fixed_size_dest
- STRING_OVERFLOW likely_overflow
- STRING_OVERFLOW none
- STRING_SIZE none
- SWAPPED_ARGUMENTS none
- TAINTED_SCALAR allocation
- TAINTED_SCALAR array_index_read
- TAINTED_SCALAR array_index_write
- TAINTED_SCALAR critical_argument
- TAINTED_SCALAR divisor
- TAINTED_SCALAR loop_bound
- TAINTED_SCALAR none
- TAINTED_SCALAR pointer_deref_read
- TAINTED_SCALAR pointer_deref_write
- TAINTED_STRING none
- TOCTOU none
- UNCAUGHT_EXCEPT none
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- UNEXPECTED_CONTROL_FLOW continue_in_do_while_false
- UNINIT array_index_read
- UNINIT array_index_write
- UNINIT none
- UNINIT pointer_deref_read
- UNINIT pointer_deref_write
- UNINIT_CTOR none
- UNINIT_CTOR pointer
- UNREACHABLE none
- UNUSED_VALUE adjacent
- UNUSED_VALUE none
- URL_MANIPULATION none
- USER_POINTER none
- USE_AFTER_FREE deref_read_after_free
- USE_AFTER_FREE deref_write_after_free
- USE_AFTER_FREE double_free
- USE_AFTER_FREE none
- VARARGS none
- VIRTUAL_DTOR empty_dtor
- VIRTUAL_DTOR none
- WEAK_GUARD dns
- WEAK_GUARD dns_sensitive_op
- WEAK_GUARD http_referer
- WEAK_GUARD http_referer_sensitive_op
- WEAK_GUARD ip_address
- WEAK_GUARD ip_address_sensitive_op
- WEAK_GUARD none
- WEAK_GUARD os_login
- WEAK_GUARD os_login_sensitive_op
- WEAK_GUARD principal_name
- WEAK_GUARD principal_name_sensitive_op
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
- WRAPPER_ESCAPE COM_deref_read_after_free
- WRAPPER_ESCAPE COM_deref_write_after_free
- WRAPPER_ESCAPE COM_use_after_free
- WRAPPER_ESCAPE deref_read_after_free
- WRAPPER_ESCAPE deref_write_after_free
- WRAPPER_ESCAPE none
- XPATH_INJECTION none
|
- ATOMICITY none
- CHECKED_RETURN none
- CHECKED_RETURN unchecked_arg
- CONSTANT_EXPRESSION_RESULT bit_and_with_zero
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT missing_parentheses
- CONSTANT_EXPRESSION_RESULT none
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT result_independent_of_operands
- CONSTANT_EXPRESSION_RESULT same_on_both_sides
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- COPY_PASTE_ERROR none
- DEADCODE dead_case_in_switch
- DEADCODE dead_default_in_switch
- DEADCODE effectively_constant
- DEADCODE none
- DEADCODE redundant_test
- DISTRUSTED_DATA_DESERIALIZATION none
- DIVIDE_BY_ZERO float_divisor
- DIVIDE_BY_ZERO none
- FORWARD_NULL deref_constant_null
- FORWARD_NULL none
- GUARDED_BY_VIOLATION none
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HEADER_INJECTION none
- IDENTICAL_BRANCHES case
- IDENTICAL_BRANCHES chain
- IDENTICAL_BRANCHES if
- IDENTICAL_BRANCHES ternary
- INFINITE_LOOP no_escape
- INFINITE_LOOP none
- INSUFFICIENT_LOGGING logging_obligation
- LOCK double_lock
- LOCK lock_assert
- LOCK missing_unlock
- LOCK none
- LOCK_INVERSION none
- NOSQL_QUERY_INJECTION none
- NULL_RETURNS none
- NULL_RETURNS unimpl
- OPEN_REDIRECT none
- OS_CMD_INJECTION command_as_one_string
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- REVERSE_INULL none
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SLEEP none
- SQLI none
- SQLI nosink
- SQLI sink
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
- TEMPLATE_INJECTION none
- UNUSED_VALUE adjacent
- UNUSED_VALUE none
- URL_MANIPULATION none
- XML_EXTERNAL_ENTITY entity_expansion
- XSS none
|
- ANDROID_CAPABILITY_LEAK none
- ANDROID_WEBVIEW_FILEACCESS android_webview_file_access
- ATOMICITY none
- ATTRIBUTE_NAME_CONFLICT jsp_tag
- BAD_CERT_VERIFICATION bad_hostname_verifier
- BAD_CERT_VERIFICATION bad_revocation_check
- BAD_CERT_VERIFICATION bad_ssl_session
- BAD_CERT_VERIFICATION bad_trust_manager
- BAD_LOCK_OBJECT boxed_lock
- BAD_LOCK_OBJECT interned_string_lock
- BAD_LOCK_OBJECT none
- BAD_LOCK_OBJECT single_thread_lock
- BAD_LOCK_OBJECT unsafe_assign_to_locked_field
- CALL_SUPER clone
- CALL_SUPER finalize
- CALL_SUPER none
- CHECKED_RETURN library_function
- CHECKED_RETURN none
- CHECKED_RETURN short_read
- CHECKED_RETURN user_required
- CONFIG.DWR_DEBUG_MODE none
- CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
- CONFIG.HTTP_VERB_TAMPERING none
- CONFIG.JAVAEE_MISSING_SERVLET_MAPPING javaee
- CONFIG.MISSING_JSF2_SECURITY_CONSTRAINT none
- CONFIG.MYBATIS_MAPPER_SQLI none
- CONFIG.SPRING_BOOT_SSL_DISABLED spring_boot_certificate_validation_skipped
- CONFIG.SPRING_BOOT_SSL_DISABLED spring_boot_ssl_disabled
- CONFIG.SPRING_SECURITY_CSRF_PROTECTION_DISABLED spring_security
- CONFIG.SPRING_SECURITY_DEPRECATED_XSS_HEADER deprecated_xss_header
- CONFIG.SPRING_SECURITY_DISABLE_AUTH_TAGS none
- CONFIG.SPRING_SECURITY_EXPOSED_SESSIONID session_id_in_url
- CONFIG.SPRING_SECURITY_HARDCODED_CREDENTIALS none
- CONFIG.SPRING_SECURITY_LOGIN_OVER_HTTP spring_security_login_over_http
- CONFIG.SPRING_SECURITY_REMEMBER_ME_HARDCODED_KEY none
- CONFIG.SPRING_SECURITY_SESSION_FIXATION none
- CONFIG.SPRING_SECURITY_SESSION_FIXATION spring_security_source_code
- CONFIG.SPRING_SECURITY_UNSAFE_AUTHENTICATION_FILTER authentication_filter
- CONFIG.SPRING_SECURITY_WEAK_PASSWORD_HASH weak_encoding_for_password
- CONFIG.STRUTS2_CONFIG_BROWSER_PLUGIN none
- CONFIG.STRUTS2_DYNAMIC_METHOD_INVOCATION none
- CONFIG.STRUTS2_ENABLED_DEV_MODE none
- CONFIG.UNSAFE_SESSION_TIMEOUT none
- CONSTANT_EXPRESSION_RESULT bit_and_with_zero
- CONSTANT_EXPRESSION_RESULT extra_high_bits
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT missing_parentheses
- CONSTANT_EXPRESSION_RESULT none
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT result_independent_of_operands
- CONSTANT_EXPRESSION_RESULT same_on_both_sides
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- COPY_PASTE_ERROR none
- CORS_MISCONFIGURATION cors_with_credentials_http_origin
- CORS_MISCONFIGURATION cors_with_credentials_null_origin
- CORS_MISCONFIGURATION_AUDIT cors_expose_sensitive_header
- CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
- CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
- CSRF database_update
- CSRF filesystem_modification
- CSRF none
- DC.DANGEROUS none
- DC.DEADLOCK none
- DEADCODE dead_case_in_switch
- DEADCODE dead_default_in_switch
- DEADCODE effectively_constant
- DEADCODE none
- DEADCODE redundant_test
- DISABLED_ENCRYPTION text_encryptor
- DIVIDE_BY_ZERO float_divisor
- DIVIDE_BY_ZERO none
- EL_INJECTION none
- FB.AM_CREATES_EMPTY_JAR_FILE_ENTRY none
- FB.AM_CREATES_EMPTY_ZIP_FILE_ENTRY none
- FB.BC_IMPOSSIBLE_CAST none
- FB.BC_IMPOSSIBLE_DOWNCAST none
- FB.BC_IMPOSSIBLE_DOWNCAST_OF_TOARRAY none
- FB.BC_IMPOSSIBLE_INSTANCEOF none
- FB.BC_NULL_INSTANCEOF none
- FB.BC_VACUOUS_INSTANCEOF none
- FB.BX_BOXING_IMMEDIATELY_UNBOXED_TO_PERFORM_COERCION none
- FB.CN_IDIOM none
- FB.CN_IDIOM_NO_SUPER_CALL none
- FB.CN_IMPLEMENTS_CLONE_BUT_NOT_CLONEABLE none
- FB.DC_DOUBLECHECK none
- FB.DC_PARTIALLY_CONSTRUCTED none
- FB.DLS_DEAD_LOCAL_INCREMENT_IN_RETURN none
- FB.DLS_DEAD_LOCAL_STORE none
- FB.DLS_DEAD_LOCAL_STORE_IN_RETURN none
- FB.DLS_DEAD_LOCAL_STORE_OF_NULL none
- FB.DLS_DEAD_LOCAL_STORE_SHADOWS_FIELD none
- FB.DLS_DEAD_STORE_OF_CLASS_LITERAL none
- FB.DLS_OVERWRITTEN_INCREMENT none
- FB.DMI_ANNOTATION_IS_NOT_VISIBLE_TO_REFLECTION none
- FB.DMI_ARGUMENTS_WRONG_ORDER none
- FB.DMI_BAD_MONTH none
- FB.DMI_BIGDECIMAL_CONSTRUCTED_FROM_DOUBLE none
- FB.DMI_BLOCKING_METHODS_ON_URL none
- FB.DMI_CALLING_NEXT_FROM_HASNEXT none
- FB.DMI_COLLECTIONS_SHOULD_NOT_CONTAIN_THEMSELVES none
- FB.DMI_COLLECTION_OF_URLS none
- FB.DMI_CONSTANT_DB_PASSWORD none
- FB.DMI_DOH none
- FB.DMI_EMPTY_DB_PASSWORD none
- FB.DMI_ENTRY_SETS_MAY_REUSE_ENTRY_OBJECTS none
- FB.DMI_FUTILE_ATTEMPT_TO_CHANGE_MAXPOOL_SIZE_OF_SCHEDULED_THREAD none
- FB.DMI_HARDCODED_ABSOLUTE_FILENAME none
- FB.DMI_INVOKING_HASHCODE_ON_ARRAY none
- FB.DMI_INVOKING_TOSTRING_ON_ANONYMOUS_ARRAY none
- FB.DMI_INVOKING_TOSTRING_ON_ARRAY none
- FB.DMI_LONG_BITS_TO_DOUBLE_INVOKED_ON_INT none
- FB.DMI_NONSERIALIZABLE_OBJECT_WRITTEN none
- FB.DMI_RANDOM_USED_ONLY_ONCE none
- FB.DMI_SCHEDULED_THREAD_POOL_EXECUTOR_WITH_ZERO_CORE_THREADS none
- FB.DMI_THREAD_PASSED_WHERE_RUNNABLE_EXPECTED none
- FB.DMI_UNSUPPORTED_METHOD none
- FB.DMI_USELESS_SUBSTRING none
- FB.DMI_USING_REMOVEALL_TO_CLEAR_COLLECTION none
- FB.DMI_VACUOUS_CALL_TO_EASYMOCK_METHOD none
- FB.DMI_VACUOUS_SELF_COLLECTION_CALL none
- FB.DM_EXIT none
- FB.EQ_ABSTRACT_SELF none
- FB.EQ_ALWAYS_FALSE none
- FB.EQ_ALWAYS_TRUE none
- FB.EQ_CHECK_FOR_OPERAND_NOT_COMPATIBLE_WITH_THIS none
- FB.EQ_COMPARETO_USE_OBJECT_EQUALS none
- FB.EQ_COMPARING_CLASS_NAMES none
- FB.EQ_DOESNT_OVERRIDE_EQUALS none
- FB.EQ_DONT_DEFINE_EQUALS_FOR_ENUM none
- FB.EQ_GETCLASS_AND_CLASS_CONSTANT none
- FB.EQ_OTHER_NO_OBJECT none
- FB.EQ_OTHER_USE_OBJECT none
- FB.EQ_OVERRIDING_EQUALS_NOT_SYMMETRIC none
- FB.EQ_SELF_NO_OBJECT none
- FB.EQ_SELF_USE_OBJECT none
- FB.EQ_UNUSUAL none
- FB.ESYNC_EMPTY_SYNC none
- FB.ES_COMPARING_PARAMETER_STRING_WITH_EQ none
- FB.ES_COMPARING_STRINGS_WITH_EQ none
- FB.FI_EMPTY none
- FB.FI_EXPLICIT_INVOCATION none
- FB.FI_FINALIZER_NULLS_FIELDS none
- FB.FI_FINALIZER_ONLY_NULLS_FIELDS none
- FB.FI_MISSING_SUPER_CALL none
- FB.FI_NULLIFY_SUPER none
- FB.FI_USELESS none
- FB.HRS_REQUEST_PARAMETER_TO_COOKIE none
- FB.HRS_REQUEST_PARAMETER_TO_HTTP_HEADER none
- FB.ICAST_BAD_SHIFT_AMOUNT none
- FB.ICAST_IDIV_CAST_TO_DOUBLE none
- FB.ICAST_INTEGER_MULTIPLY_CAST_TO_LONG none
- FB.ICAST_INT_2_LONG_AS_INSTANT none
- FB.ICAST_INT_CAST_TO_DOUBLE_PASSED_TO_CEIL none
- FB.ICAST_INT_CAST_TO_FLOAT_PASSED_TO_ROUND none
- FB.ICAST_QUESTIONABLE_UNSIGNED_RIGHT_SHIFT none
- FB.IL_INFINITE_RECURSIVE_LOOP none
- FB.IP_PARAMETER_IS_DEAD_BUT_OVERWRITTEN none
- FB.IS2_INCONSISTENT_SYNC none
- FB.IS_FIELD_NOT_GUARDED none
- FB.IS_INCONSISTENT_SYNC none
- FB.J2EE_STORE_OF_NON_SERIALIZABLE_OBJECT_INTO_SESSION none
- FB.LI_LAZY_INIT_STATIC none
- FB.LI_LAZY_INIT_UPDATE_STATIC none
- FB.MS_CANNOT_BE_FINAL none
- FB.NP_ALWAYS_NULL none
- FB.NP_ALWAYS_NULL_EXCEPTION none
- FB.NP_ARGUMENT_MIGHT_BE_NULL none
- FB.NP_BOOLEAN_RETURN_NULL none
- FB.NP_CLONE_COULD_RETURN_NULL none
- FB.NP_CLOSING_NULL none
- FB.NP_DEREFERENCE_OF_READLINE_VALUE none
- FB.NP_DOES_NOT_HANDLE_NULL none
- FB.NP_EQUALS_SHOULD_HANDLE_NULL_ARGUMENT none
- FB.NP_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR none
- FB.NP_GUARANTEED_DEREF none
- FB.NP_GUARANTEED_DEREF_ON_EXCEPTION_PATH none
- FB.NP_IMMEDIATE_DEREFERENCE_OF_READLINE none
- FB.NP_LOAD_OF_KNOWN_NULL_VALUE none
- FB.NP_METHOD_PARAMETER_RELAXING_ANNOTATION none
- FB.NP_METHOD_PARAMETER_TIGHTENS_ANNOTATION none
- FB.NP_METHOD_RETURN_RELAXING_ANNOTATION none
- FB.NP_NONNULL_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR none
- FB.NP_NONNULL_PARAM_VIOLATION none
- FB.NP_NONNULL_RETURN_VIOLATION none
- FB.NP_NULL_INSTANCEOF none
- FB.NP_NULL_ON_SOME_PATH none
- FB.NP_NULL_ON_SOME_PATH_EXCEPTION none
- FB.NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE none
- FB.NP_NULL_ON_SOME_PATH_MIGHT_BE_INFEASIBLE none
- FB.NP_NULL_PARAM_DEREF none
- FB.NP_NULL_PARAM_DEREF_ALL_TARGETS_DANGEROUS none
- FB.NP_NULL_PARAM_DEREF_NONVIRTUAL none
- FB.NP_OPTIONAL_RETURN_NULL none
- FB.NP_PARAMETER_MUST_BE_NONNULL_BUT_MARKED_AS_NULLABLE none
- FB.NP_STORE_INTO_NONNULL_FIELD none
- FB.NP_SYNC_AND_NULL_CHECK_FIELD none
- FB.NP_TOSTRING_COULD_RETURN_NULL none
- FB.NP_UNWRITTEN_FIELD none
- FB.NP_UNWRITTEN_PUBLIC_OR_PROTECTED_FIELD none
- FB.PT_ABSOLUTE_PATH_TRAVERSAL none
- FB.PT_RELATIVE_PATH_TRAVERSAL none
- FB.QBA_QUESTIONABLE_BOOLEAN_ASSIGNMENT none
- FB.RCN_REDUNDANT_COMPARISON_OF_NULL_AND_NONNULL_VALUE none
- FB.RCN_REDUNDANT_COMPARISON_TWO_NULL_VALUES none
- FB.RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE none
- FB.RCN_REDUNDANT_NULLCHECK_OF_NULL_VALUE none
- FB.RCN_REDUNDANT_NULLCHECK_WOULD_HAVE_BEEN_A_NPE none
- FB.REC_CATCH_EXCEPTION none
- FB.RE_BAD_SYNTAX_FOR_REGULAR_EXPRESSION none
- FB.RE_CANT_USE_FILE_SEPARATOR_AS_REGULAR_EXPRESSION none
- FB.RE_POSSIBLE_UNINTENDED_PATTERN none
- FB.RU_INVOKE_RUN none
- FB.RV_01_TO_INT none
- FB.RV_ABSOLUTE_VALUE_OF_HASHCODE none
- FB.RV_ABSOLUTE_VALUE_OF_RANDOM_INT none
- FB.RV_CHECK_COMPARETO_FOR_SPECIFIC_RETURN_VALUE none
- FB.RV_CHECK_FOR_POSITIVE_INDEXOF none
- FB.RV_DONT_JUST_NULL_CHECK_READLINE none
- FB.RV_EXCEPTION_NOT_THROWN none
- FB.RV_NEGATING_RESULT_OF_COMPARETO none
- FB.RV_REM_OF_HASHCODE none
- FB.RV_REM_OF_RANDOM_INT none
- FB.RV_RETURN_VALUE_IGNORED none
- FB.RV_RETURN_VALUE_IGNORED2 none
- FB.RV_RETURN_VALUE_IGNORED_BAD_PRACTICE none
- FB.RV_RETURN_VALUE_IGNORED_INFERRED none
- FB.RV_RETURN_VALUE_IGNORED_NO_SIDE_EFFECT none
- FB.RV_RETURN_VALUE_OF_PUTIFABSENT_IGNORED none
- FB.SF_DEAD_STORE_DUE_TO_SWITCH_FALLTHROUGH none
- FB.SF_DEAD_STORE_DUE_TO_SWITCH_FALLTHROUGH_TO_THROW none
- FB.SF_SWITCH_FALLTHROUGH none
- FB.SQL_NONCONSTANT_STRING_PASSED_TO_EXECUTE none
- FB.SQL_PREPARED_STATEMENT_GENERATED_FROM_NONCONSTANT_STRING none
- FB.STCAL_INVOKE_ON_STATIC_CALENDAR_INSTANCE none
- FB.STCAL_INVOKE_ON_STATIC_DATE_FORMAT_INSTANCE none
- FB.STCAL_STATIC_CALENDAR_INSTANCE none
- FB.STCAL_STATIC_SIMPLE_DATE_FORMAT_INSTANCE none
- FB.XSS_REQUEST_PARAMETER_TO_JSP_WRITER none
- FB.XSS_REQUEST_PARAMETER_TO_SEND_ERROR none
- FB.XSS_REQUEST_PARAMETER_TO_SERVLET_WRITER none
- FORWARD_NULL deref_constant_null
- FORWARD_NULL deref_constant_zero
- FORWARD_NULL needs_null_check
- FORWARD_NULL none
- GUARDED_BY_VIOLATION none
- GUARDED_BY_VIOLATION unlocked_read
- GUARDED_BY_VIOLATION unlocked_write
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HEADER_INJECTION none
- HIBERNATE_BAD_HASHCODE bad_equals
- IDENTICAL_BRANCHES case
- IDENTICAL_BRANCHES chain
- IDENTICAL_BRANCHES if
- IDENTICAL_BRANCHES ternary
- IMPLICIT_INTENT none
- INFINITE_LOOP no_escape
- INFINITE_LOOP none
- INSECURE_COMMUNICATION insecure_communication
- INSECURE_COMMUNICATION none
- INSECURE_COMMUNICATION unencrypted_connection
- INSECURE_COOKIE java
- INSECURE_HTTP_FIREWALL spring_security
- INSECURE_REMEMBER_ME_COOKIE remember_me_cookie
- INVALIDATE_ITERATOR map_put
- INVALIDATE_ITERATOR none
- JAVA_CODE_INJECTION none
- JCR_INJECTION none
- JSP_DYNAMIC_INCLUDE none
- JSP_SQL_INJECTION none
- LDAP_INJECTION none
- LDAP_NOT_CONSTANT none
- LOCK_EVASION none
- LOCK_INVERSION none
- LOG_INJECTION none
- MISSING_AUTHZ none
- MISSING_BREAK none
- MISSING_HEADER_VALIDATION missing_header_validation
- MISSING_PERMISSION_FOR_BROADCAST none
- MISSING_PERMISSION_ON_EXPORTED_COMPONENT none
- MISSING_RESTORE likely
- MISSING_RESTORE none
- MISSING_RESTORE possible
- NESTING_INDENT_MISMATCH bad_indentation
- NESTING_INDENT_MISMATCH none
- NON_STATIC_GUARDING_STATIC none
- NOSQL_QUERY_INJECTION none
- NULL_RETURNS none
- NULL_RETURNS unimpl
- OGNL_INJECTION none
- OPEN_REDIRECT none
- ORM_LOAD_NULL_CHECK none
- OS_CMD_INJECTION command_as_array_of_args
- OS_CMD_INJECTION command_as_one_string
- OS_CMD_INJECTION none
- OVERFLOW_BEFORE_WIDEN none
- PATH_MANIPULATION none
- PROPERTY_MIXUP none
- REGEX_CONFUSION none
- REGEX_INJECTION none
- RESOURCE_LEAK exceptional_path
- RESOURCE_LEAK none
- RESOURCE_LEAK socket
- RESOURCE_LEAK stream
- REVERSE_INULL none
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_clipboard
- SENSITIVE_DATA_LEAK cleartext_storage_in_content_provider
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_intent
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SERVLET_ATOMICITY attribute_init_race
- SERVLET_ATOMICITY none
- SERVLET_ATOMICITY violation_on_session_object
- SESSION_FIXATION none
- SINGLETON_RACE none
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
- STRAY_SEMICOLON none
- SWAPPED_ARGUMENTS none
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- UNEXPECTED_CONTROL_FLOW continue_in_do_while_false
- UNKNOWN_LANGUAGE_INJECTION none
- UNLIMITED_CONCURRENT_SESSIONS unlimited_concurrent_sessions
- UNLOGGED_SECURITY_EXCEPTION unlogged_security_exception
- UNREACHABLE none
- UNRESTRICTED_DISPATCH none
- UNSAFE_DESERIALIZATION none
- UNSAFE_JNI none
- UNSAFE_NAMED_QUERY none
- UNSAFE_REFLECTION none
- UNUSED_VALUE adjacent
- UNUSED_VALUE none
- URL_MANIPULATION bad_content_uri
- URL_MANIPULATION bad_intent_uri
- URL_MANIPULATION bad_web_uri
- VERBOSE_ERROR_REPORTING exception_information
- VERBOSE_ERROR_REPORTING stack_trace
- VOLATILE_ATOMICITY compare
- VOLATILE_ATOMICITY none
- VOLATILE_ATOMICITY semantic
- VOLATILE_ATOMICITY threshold
- WEAK_GUARD dns
- WEAK_GUARD dns_sensitive_op
- WEAK_GUARD http_referer
- WEAK_GUARD http_referer_sensitive_op
- WEAK_GUARD ip_address
- WEAK_GUARD ip_address_sensitive_op
- WEAK_GUARD none
- WEAK_GUARD os_login
- WEAK_GUARD os_login_sensitive_op
- WEAK_GUARD principal_name
- WEAK_GUARD principal_name_sensitive_op
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
- XML_EXTERNAL_ENTITY entity_expansion
- XML_EXTERNAL_ENTITY unrestricted_dtds
- XML_INJECTION none
- XPATH_INJECTION none
- XSS none
- XSS stored_xss
|
- ANGULAR_BYPASS_SECURITY none
- ANGULAR_ELEMENT_REFERENCE none
- ANGULAR_EXPRESSION_INJECTION none
- ANGULAR_SCE_DISABLED angular_sce_disabled
- AWS_SSL_DISABLED aws_ssl_disabled
- AWS_VALIDATION_DISABLED aws_credentials_validation
- AWS_VALIDATION_DISABLED aws_parameters_validation
- BAD_CERT_VERIFICATION bad_cert_verification
- BAD_CERT_VERIFICATION certificate_validation_disabled
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_fields
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_filesize
- CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
- CONFIG.CORDOVA_EXCESSIVE_LOGGING cordova
- CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_intent_whitelist
- CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_navigation_whitelist
- CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_network_request_whitelist
- CONFIG.CSURF_IGNORE_METHODS csurf_ignore_methods
- CONFIG.HANA_XS_PREVENT_XSRF_DISABLED none
- CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
- CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
- CONFIG.MYSQL_SSL_VERIFY_DISABLED mysql_ssl_verify_disabled
- CONFIG.REQUEST_STRICTSSL_DISABLED request_strictssl_disabled
- CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
- CONFIG.SOCKETIO_MAXHTTPBUFFERSIZE_SET_TOO_LARGE socketio_max_buffer_size
- CONFIG.SOCKETIO_ORIGINS_ACCEPT_ALL socketio_all_origins
- CONFIG.UNSAFE_SESSION_TIMEOUT client_sessions_unsafe_session_timeout
- CONFIG.UNSAFE_SESSION_TIMEOUT connect_mongo_session_timeout_too_long
- CONFIG.UNSAFE_SESSION_TIMEOUT connect_redis_session_timeout_too_long
- CONFIG.UNSAFE_SESSION_TIMEOUT google_cloud_connect_datastore_unsafe_session_timeout
- CONSTANT_EXPRESSION_RESULT bit_and_with_zero
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT missing_parentheses
- CONSTANT_EXPRESSION_RESULT none
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT result_independent_of_operands
- CONSTANT_EXPRESSION_RESULT same_on_both_sides
- CONSTANT_EXPRESSION_RESULT typeof_misuse
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- COOKIE_INJECTION none
- COPY_PASTE_ERROR none
- CORS_MISCONFIGURATION cors_configured_globally
- CORS_MISCONFIGURATION cors_origin_string
- CORS_MISCONFIGURATION cors_with_credentials_all_origin
- CORS_MISCONFIGURATION cors_with_credentials_http_origin
- CORS_MISCONFIGURATION cors_with_credentials_null_origin
- CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
- CORS_MISCONFIGURATION_AUDIT cors_expose_sensitive_header
- CORS_MISCONFIGURATION_AUDIT cors_headers_allowed
- CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
- CORS_MISCONFIGURATION_AUDIT cors_origin_string
- CORS_MISCONFIGURATION_AUDIT cors_preflight_age_too_long
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_all_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_http_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_null_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
- CSRF database_update
- CSRF filesystem_modification
- CSRF none
- CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_cookie_name
- CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_no_validation
- CSRF_MISCONFIGURATION_HAPI_CRUMB insecure_cookie
- CSRF_MISCONFIGURATION_HAPI_CRUMB insufficient_token_entropy
- CSS_INJECTION none
- DEADCODE none
- DEADCODE redundant_test
- DOM_XSS none
- EXPLICIT_THIS_EXPECTED none
- EXPRESS_SESSION_UNSAFE_MEMORYSTORE express_session_unsafe_memorystore
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_fields
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_filesize
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_use_temp_files
- FORWARD_NULL bad_null_value_use
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HEADER_INJECTION none
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_max_age
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_report_uri
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_set_if
- IDENTICAL_BRANCHES case
- IDENTICAL_BRANCHES chain
- IDENTICAL_BRANCHES if
- IDENTICAL_BRANCHES ternary
- IDENTIFIER_TYPO none
- INSECURE_ACL insecure_acl
- INSECURE_COMMUNICATION insecure_connection
- INSECURE_COOKIE client_sessions_express_session
- INSECURE_COOKIE hapi_server_session
- INSECURE_REFERRER_POLICY insecure_referrer_policy
- INSECURE_SALT hardcoded
- INSUFFICIENT_LOGGING logging_obligation
- INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_aws
- INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_google
- JSONWEBTOKEN_UNTRUSTED_DECODE jwt_untrusted_decode
- LOCALSTORAGE_MANIPULATION none
- MISSING_AUTHZ none
- MISSING_BREAK none
- MULTER_MISCONFIGURATION multer_applied_globally
- MULTER_MISCONFIGURATION multer_custom_file_filter
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_count
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
- MULTER_MISCONFIGURATION multer_misconfiguration_of_limits
- MULTER_MISCONFIGURATION multer_misconfiguration_of_storage
- NESTING_INDENT_MISMATCH bad_indentation
- NESTING_INDENT_MISMATCH none
- NOSQL_QUERY_INJECTION none
- NO_EFFECT none
- NO_EFFECT self_assign
- NULL_RETURNS none
- OPEN_REDIRECT none
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- REACT_DANGEROUS_INNERHTML react_set_unsafe_html
- REGEX_INJECTION none
- REVERSE_INULL none
- REVERSE_TABNABBING react_target_blank
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO insecure_cipher
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SA.RISKY_CRYPTO ssl_protocol
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SESSIONSTORAGE_MANIPULATION none
- SQLI none
- SQLI nosink
- SQLI sink
- STRAY_SEMICOLON none
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
- TEMPLATE_INJECTION none
- TEMPORARY_CREDENTIALS_DURATION temporary_credentials_duration
- UNCHECKED_ORIGIN none
- UNEXPECTED_CONTROL_FLOW continue_in_do_while_false
- UNLESS_CASE_SENSITIVE_ROUTE_MATCHING express_unless_case_sensitive_route_matching
- UNREACHABLE none
- UNSAFE_BUFFER_METHOD unsafe_buffer_method
- UNSAFE_DESERIALIZATION none
- URL_MANIPULATION none
- VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
- WEAK_URL_SANITIZATION hostname_regular_expression
- WEAK_URL_SANITIZATION regular_expression_anchor
- WEAK_URL_SANITIZATION url_substring
- XML_EXTERNAL_ENTITY entity_expansion
- XSS none
|
- ANDROID_CAPABILITY_LEAK none
- BAD_CERT_VERIFICATION bad_hostname_verifier
- BAD_CERT_VERIFICATION bad_revocation_check
- BAD_CERT_VERIFICATION bad_ssl_session
- BAD_CERT_VERIFICATION bad_trust_manager
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HEADER_INJECTION none
- IMPLICIT_INTENT none
- INSECURE_COMMUNICATION none
- MISSING_PERMISSION_FOR_BROADCAST none
- OS_CMD_INJECTION command_as_array_of_args
- OS_CMD_INJECTION command_as_one_string
- PATH_MANIPULATION none
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_clipboard
- SENSITIVE_DATA_LEAK cleartext_storage_in_content_provider
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_intent
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- UNSAFE_DESERIALIZATION none
- URL_MANIPULATION bad_content_uri
- URL_MANIPULATION bad_intent_uri
- URL_MANIPULATION bad_web_uri
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
- XML_EXTERNAL_ENTITY entity_expansion
- XML_EXTERNAL_ENTITY unrestricted_dtds
|
- ALLOC_FREE_MISMATCH none
- ARRAY_VS_SINGLETON none
- ASSIGN_NOT_RETURNING_STAR_THIS indirect
- ASSIGN_NOT_RETURNING_STAR_THIS none
- ASSIGN_NOT_RETURNING_STAR_THIS usable_for_chained_assignment
- ATOMICITY none
- BAD_ALLOC_ARITHMETIC none
- BAD_ALLOC_STRLEN none
- BAD_COMPARE comparator_misuse
- BAD_COMPARE misuse_of_not
- BAD_COMPARE none
- BAD_COMPARE string_lit_comparison
- BAD_FREE address
- BAD_FREE alloca
- BAD_FREE array
- BAD_FREE first_field_address
- BAD_FREE function_pointer
- BAD_FREE none
- BAD_OVERRIDE none
- BAD_SIZEOF none
- BAD_SIZEOF sizeof_ptr_expr
- BUFFER_SIZE fixed_size_dest
- BUFFER_SIZE likely_overflow
- BUFFER_SIZE no_null_terminator
- BUFFER_SIZE no_null_terminator_warn
- BUFFER_SIZE none
- BUFFER_SIZE overflow
- BUFFER_SIZE overlapping_buffer
- CHECKED_RETURN library_function
- CHECKED_RETURN none
- CHECKED_RETURN short_read
- CHECKED_RETURN unchecked_arg
- CHECKED_RETURN user_required
- CHROOT none
- CONSTANT_EXPRESSION_RESULT bit_and_with_zero
- CONSTANT_EXPRESSION_RESULT extra_high_bits
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT missing_parentheses
- CONSTANT_EXPRESSION_RESULT none
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT pointless_string_compare
- CONSTANT_EXPRESSION_RESULT result_independent_of_operands
- CONSTANT_EXPRESSION_RESULT same_on_both_sides
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- COPY_PASTE_ERROR none
- CTOR_DTOR_LEAK none
- DC.PREDICTABLE_KEY_PASSWORD none
- DC.STREAM_BUFFER none
- DC.STRING_BUFFER none
- DC.WEAK_CRYPTO none
- DEADCODE dead_case_in_switch
- DEADCODE dead_default_in_switch
- DEADCODE effectively_constant
- DEADCODE none
- DEADCODE redundant_test
- DELETE_ARRAY non_array_delete
- DELETE_ARRAY none
- DELETE_ARRAY object
- DELETE_ARRAY scalar
- DELETE_VOID none
- DIVIDE_BY_ZERO float_divisor
- DIVIDE_BY_ZERO none
- ENUM_AS_BOOLEAN none
- EVALUATION_ORDER none
- FORMAT_STRING_INJECTION none
- FORMAT_STRING_INJECTION paranoid
- FORWARD_NULL deref_constant_null
- FORWARD_NULL dynamic_cast
- FORWARD_NULL none
- FORWARD_NULL throws_on_null
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HEADER_INJECTION none
- IDENTICAL_BRANCHES case
- IDENTICAL_BRANCHES chain
- IDENTICAL_BRANCHES if
- IDENTICAL_BRANCHES ternary
- INCOMPATIBLE_CAST endianness
- INCOMPATIBLE_CAST overrun
- INFINITE_LOOP no_escape
- INFINITE_LOOP none
- INTEGER_OVERFLOW array_index_read
- INTEGER_OVERFLOW array_index_write
- INTEGER_OVERFLOW const_overflow
- INTEGER_OVERFLOW critical_argument
- INTEGER_OVERFLOW none
- INTEGER_OVERFLOW pointer_deref_read
- INTEGER_OVERFLOW pointer_deref_write
- INTEGER_OVERFLOW return_value_error
- INVALIDATE_ITERATOR none
- LOCK double_lock
- LOCK lock_assert
- LOCK missing_unlock
- LOCK none
- MISMATCHED_ITERATOR mismatched_comparison
- MISMATCHED_ITERATOR none
- MISMATCHED_ITERATOR splice_iterator_mismatch
- MISSING_ASSIGN none
- MISSING_ASSIGN uncalled
- MISSING_BREAK none
- MISSING_COPY none
- MISSING_COPY uncalled
- MISSING_LOCK none
- MISSING_RESTORE likely
- MISSING_RESTORE none
- MISSING_RESTORE possible
- MISSING_RETURN multiple_returns
- MISSING_RETURN none
- MIXED_ENUMS inferred
- MIXED_ENUMS none
- NEGATIVE_RETURNS array_index_read
- NEGATIVE_RETURNS array_index_write
- NEGATIVE_RETURNS critical_argument
- NEGATIVE_RETURNS loop_bound
- NESTING_INDENT_MISMATCH bad_indentation
- NESTING_INDENT_MISMATCH none
- NO_EFFECT array_null
- NO_EFFECT bad_memset_zero_size
- NO_EFFECT extra_comma
- NO_EFFECT incomplete_delete
- NO_EFFECT no_effect_deref
- NO_EFFECT no_effect_test
- NO_EFFECT self_assign
- NO_EFFECT static_through_instance
- NO_EFFECT unsigned_compare
- NO_EFFECT unsigned_compare_macros
- NO_EFFECT unsigned_enums
- NO_EFFECT useless_continue
- NULL_RETURNS none
- NULL_RETURNS unimpl
- OPEN_ARGS none
- ORDER_REVERSAL none
- OS_CMD_INJECTION none
- OVERFLOW_BEFORE_WIDEN none
- OVERRUN illegal_address
- OVERRUN none
- OVERRUN read
- OVERRUN strlen
- OVERRUN write
- PASS_BY_VALUE none
- PATH_MANIPULATION none
- PRINTF_ARGS extra_printf_arg
- PRINTF_ARGS invalid_printf_format_string
- PRINTF_ARGS invalid_type_printf_arg
- PRINTF_ARGS missing_printf_arg
- READLINK none
- RESOURCE_LEAK exceptional_path
- RESOURCE_LEAK fds_handles
- RESOURCE_LEAK none
- RETURN_LOCAL escape_local_addr_to_fields_or_globals
- RETURN_LOCAL none
- REVERSE_INULL none
- REVERSE_NEGATIVE array_index_read
- REVERSE_NEGATIVE array_index_write
- REVERSE_NEGATIVE critical_argument
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SECURE_CODING none
- SELF_ASSIGN none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SIZECHECK ampersand_in_size
- SIZECHECK improper_new
- SIZECHECK incorrect_multiplication
- SIZECHECK likely_overflow
- SIZECHECK no_null_terminator
- SIZECHECK none
- SIZEOF_MISMATCH extra_sizeof
- SIZEOF_MISMATCH missing_parentheses
- SIZEOF_MISMATCH none
- SIZEOF_MISMATCH sizeof_punning
- SIZEOF_MISMATCH wrong_size_value
- SIZEOF_MISMATCH wrong_sizeof
- SLEEP none
- SQLI none
- STACK_USE none
- STRAY_SEMICOLON none
- STRING_NULL none
- STRING_OVERFLOW fixed_size_dest
- STRING_OVERFLOW likely_overflow
- STRING_OVERFLOW none
- STRING_SIZE none
- SWAPPED_ARGUMENTS none
- TAINTED_SCALAR allocation
- TAINTED_SCALAR array_index_read
- TAINTED_SCALAR array_index_write
- TAINTED_SCALAR critical_argument
- TAINTED_SCALAR divisor
- TAINTED_SCALAR loop_bound
- TAINTED_SCALAR none
- TAINTED_SCALAR pointer_deref_read
- TAINTED_SCALAR pointer_deref_write
- TAINTED_STRING none
- TOCTOU none
- UNCAUGHT_EXCEPT none
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- UNEXPECTED_CONTROL_FLOW continue_in_do_while_false
- UNINIT array_index_read
- UNINIT array_index_write
- UNINIT none
- UNINIT pointer_deref_read
- UNINIT pointer_deref_write
- UNINIT_CTOR none
- UNINIT_CTOR pointer
- UNREACHABLE none
- UNUSED_VALUE adjacent
- UNUSED_VALUE none
- URL_MANIPULATION none
- USER_POINTER none
- USE_AFTER_FREE deref_read_after_free
- USE_AFTER_FREE deref_write_after_free
- USE_AFTER_FREE double_free
- USE_AFTER_FREE none
- VARARGS none
- VIRTUAL_DTOR empty_dtor
- VIRTUAL_DTOR none
- WEAK_GUARD dns
- WEAK_GUARD dns_sensitive_op
- WEAK_GUARD http_referer
- WEAK_GUARD http_referer_sensitive_op
- WEAK_GUARD ip_address
- WEAK_GUARD ip_address_sensitive_op
- WEAK_GUARD none
- WEAK_GUARD os_login
- WEAK_GUARD os_login_sensitive_op
- WEAK_GUARD principal_name
- WEAK_GUARD principal_name_sensitive_op
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
- WRAPPER_ESCAPE COM_deref_read_after_free
- WRAPPER_ESCAPE COM_deref_write_after_free
- WRAPPER_ESCAPE COM_use_after_free
- WRAPPER_ESCAPE deref_read_after_free
- WRAPPER_ESCAPE deref_write_after_free
- WRAPPER_ESCAPE none
- XPATH_INJECTION none
|
- CONFIG.SYMFONY_CSRF_PROTECTION_DISABLED none
- CONSTANT_EXPRESSION_RESULT bit_and_with_zero
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT missing_parentheses
- CONSTANT_EXPRESSION_RESULT none
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT result_independent_of_operands
- CONSTANT_EXPRESSION_RESULT same_on_both_sides
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- COPY_PASTE_ERROR none
- DEADCODE none
- DEADCODE redundant_test
- FORWARD_NULL bad_null_value_use
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HEADER_INJECTION none
- IDENTICAL_BRANCHES case
- IDENTICAL_BRANCHES chain
- IDENTICAL_BRANCHES if
- IDENTICAL_BRANCHES ternary
- IDENTIFIER_TYPO none
- MISSING_AUTHZ none
- MISSING_BREAK none
- NESTING_INDENT_MISMATCH bad_indentation
- NESTING_INDENT_MISMATCH none
- NOSQL_QUERY_INJECTION none
- NO_EFFECT none
- NO_EFFECT self_assign
- OPEN_REDIRECT none
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- STRAY_SEMICOLON none
- SYMFONY_EL_INJECTION none
- UNEXPECTED_CONTROL_FLOW continue_in_do_while_false
- UNREACHABLE none
- UNSAFE_DESERIALIZATION none
- UNSAFE_REFLECTION none
- XSS none
|
- CONSTANT_EXPRESSION_RESULT bit_and_with_zero
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT missing_parentheses
- CONSTANT_EXPRESSION_RESULT none
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT result_independent_of_operands
- CONSTANT_EXPRESSION_RESULT same_on_both_sides
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- COPY_PASTE_ERROR none
- CSRF database_update
- CSRF none
- DEADCODE none
- DEADCODE redundant_test
- FORWARD_NULL bad_null_value_use
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- IDENTICAL_BRANCHES chain
- IDENTICAL_BRANCHES if
- IDENTICAL_BRANCHES ternary
- IDENTIFIER_TYPO none
- MISSING_AUTHZ none
- NOSQL_QUERY_INJECTION none
- OPEN_REDIRECT none
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- REVERSE_INULL none
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- UNREACHABLE none
- UNSAFE_DESERIALIZATION none
- XSS none
|
- BAD_CERT_VERIFICATION ssl_verification_bypass_hi
- BLACKLIST_FOR_AUTHN auth_blacklist_med
- BLACKLIST_FOR_AUTHN csrf_blacklist_med
- CONSTANT_EXPRESSION_RESULT bit_and_with_zero
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT missing_parentheses
- CONSTANT_EXPRESSION_RESULT none
- CONSTANT_EXPRESSION_RESULT number_as_truth_value
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT result_independent_of_operands
- CONSTANT_EXPRESSION_RESULT same_on_both_sides
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- COOKIE_SERIALIZER_CONFIG unsafe_cookie_serialization_med
- COPY_PASTE_ERROR none
- CSRF csrf_not_protected_by_raising_exception_med
- CSRF csrf_protection_disabled_hi
- CSRF csrf_protection_missing_hi
- CSRF cve_2011_0447_hi
- DEADCODE none
- DEADCODE redundant_test
- DIVIDE_BY_ZERO divide_by_zero_low
- DIVIDE_BY_ZERO divide_by_zero_med
- DYNAMIC_OBJECT_ATTRIBUTES attr_protected_used_med
- DYNAMIC_OBJECT_ATTRIBUTES cve_2013_0276_hi
- DYNAMIC_OBJECT_ATTRIBUTES dangerous_attr_accessible_hi
- DYNAMIC_OBJECT_ATTRIBUTES dangerous_attr_accessible_low
- DYNAMIC_OBJECT_ATTRIBUTES dangerous_attr_accessible_med
- DYNAMIC_OBJECT_ATTRIBUTES dangerous_permit_key_hi
- DYNAMIC_OBJECT_ATTRIBUTES dangerous_permit_key_med
- DYNAMIC_OBJECT_ATTRIBUTES mass_assign_call_hi
- DYNAMIC_OBJECT_ATTRIBUTES mass_assign_call_low
- DYNAMIC_OBJECT_ATTRIBUTES mass_assign_call_med
- DYNAMIC_OBJECT_ATTRIBUTES mass_assign_permit_all_hi
- DYNAMIC_OBJECT_ATTRIBUTES mass_assign_permit_all_med
- DYNAMIC_OBJECT_ATTRIBUTES mass_assign_without_protection_hi
- DYNAMIC_OBJECT_ATTRIBUTES mass_assign_without_protection_med
- DYNAMIC_OBJECT_ATTRIBUTES no_attr_accessible_hi
- FORWARD_NULL bad_null_value_use
- HARDCODED_CREDENTIALS secret_in_source_med
- IDENTICAL_BRANCHES chain
- IDENTICAL_BRANCHES if
- IDENTICAL_BRANCHES ternary
- IDENTIFIER_TYPO none
- INSECURE_COOKIE cookie_missing_secure_flag_low
- INSECURE_COOKIE missing_httponly_low
- INSECURE_DIRECT_OBJECT_REFERENCE unscoped_find_low
- NO_EFFECT none
- NO_EFFECT self_assign
- OPEN_REDIRECT open_redirect_hi
- OPEN_REDIRECT open_redirect_low
- OS_CMD_INJECTION command_injection_hi
- OS_CMD_INJECTION command_injection_med
- PARSE_ERROR none
- PATH_MANIPULATION dynamic_render_path_hi
- PATH_MANIPULATION dynamic_render_path_low
- PATH_MANIPULATION dynamic_render_path_med
- PATH_MANIPULATION dynamic_render_path_rce_hi
- PATH_MANIPULATION file_access_hi
- PATH_MANIPULATION file_access_low
- PATH_MANIPULATION file_access_med
- RAILS_DEFAULT_ROUTES all_default_routes_hi
- RAILS_DEFAULT_ROUTES controller_default_routes_med
- RAILS_DEFAULT_ROUTES cve_2014_0130_hi
- RAILS_DEFAULT_ROUTES cve_2014_0130_med
- RAILS_DEVISE_CONFIG devise_encryptor_hi
- RAILS_DEVISE_CONFIG devise_lock_strategy_low
- RAILS_DEVISE_CONFIG devise_password_length_max_low
- RAILS_DEVISE_CONFIG devise_password_length_max_med
- RAILS_DEVISE_CONFIG devise_password_length_min_low
- RAILS_DEVISE_CONFIG devise_password_length_min_med
- RAILS_DEVISE_CONFIG devise_reset_timeout_hi
- RAILS_MISSING_FILTER_ACTION missing_action_filter_low
- REGEX_INJECTION regex_dos_hi
- REGEX_INJECTION regex_dos_low
- REGEX_INJECTION regex_dos_med
- REGEX_MISSING_ANCHOR validation_regex_hi
- RESOURCE_LEAK unsafe_symbol_creation_low
- REVERSE_INULL none
- REVERSE_TABNABBING reverse_tabnabbing_low
- RUBY_VULNERABLE_LIBRARY cve_2010_3933_hi
- RUBY_VULNERABLE_LIBRARY cve_2011_2929_hi
- RUBY_VULNERABLE_LIBRARY cve_2011_2930_med
- RUBY_VULNERABLE_LIBRARY cve_2011_2931_hi
- RUBY_VULNERABLE_LIBRARY cve_2011_2932_hi
- RUBY_VULNERABLE_LIBRARY cve_2011_3186_med
- RUBY_VULNERABLE_LIBRARY cve_2012_2660_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_2661_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_2695_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_3424_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_3424_low
- RUBY_VULNERABLE_LIBRARY cve_2012_3463_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_3465_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_5664_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_0155_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_0156_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_0269_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_0269_low
- RUBY_VULNERABLE_LIBRARY cve_2013_0269_med
- RUBY_VULNERABLE_LIBRARY cve_2013_0277_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_0277_med
- RUBY_VULNERABLE_LIBRARY cve_2013_0333_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_1854_med
- RUBY_VULNERABLE_LIBRARY cve_2013_1855_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_1857_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_4491_med
- RUBY_VULNERABLE_LIBRARY cve_2013_6414_med
- RUBY_VULNERABLE_LIBRARY cve_2013_6416_call_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_6416_med
- RUBY_VULNERABLE_LIBRARY cve_2013_6417_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_0080_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_0081_call_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_0081_med
- RUBY_VULNERABLE_LIBRARY cve_2014_0082_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_3482_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_3483_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_low
- RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_med
- RUBY_VULNERABLE_LIBRARY cve_2014_3514_med
- RUBY_VULNERABLE_LIBRARY cve_2014_7829_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_3226_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_3226_med
- RUBY_VULNERABLE_LIBRARY cve_2015_3227_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7576_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_7577_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7578_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_7578_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7579_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_7579_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7580_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_7580_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7581_med
- RUBY_VULNERABLE_LIBRARY cve_2016_0751_med
- RUBY_VULNERABLE_LIBRARY cve_2016_6317_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_3741_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_3741_med
- RUBY_VULNERABLE_LIBRARY cve_2018_3760_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_3760_low
- RUBY_VULNERABLE_LIBRARY cve_2018_8048_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_8048_med
- RUBY_VULNERABLE_LIBRARY safe_buffer_vuln_med
- RUBY_VULNERABLE_LIBRARY select_options_vuln_low
- RUBY_VULNERABLE_LIBRARY select_options_vuln_med
- RUBY_VULNERABLE_LIBRARY translate_vuln_hi
- RUBY_VULNERABLE_LIBRARY translate_vuln_med
- SCRIPT_CODE_INJECTION code_eval_hi
- SCRIPT_CODE_INJECTION code_eval_low
- SENSITIVE_DATA_LEAK detailed_exceptions_hi
- SENSITIVE_DATA_LEAK detailed_exceptions_med
- SENSITIVE_DATA_LEAK local_request_config_hi
- SQLI sql_injection_calculate_hi
- SQLI sql_injection_calculate_low
- SQLI sql_injection_calculate_med
- SQLI sql_injection_connection_hi
- SQLI sql_injection_connection_low
- SQLI sql_injection_connection_med
- SQLI sql_injection_delete_hi
- SQLI sql_injection_delete_low
- SQLI sql_injection_delete_med
- SQLI sql_injection_dynamic_finder_med
- SQLI sql_injection_exists_hi
- SQLI sql_injection_find_by_hi
- SQLI sql_injection_find_hi
- SQLI sql_injection_find_low
- SQLI sql_injection_find_med
- SQLI sql_injection_from_hi
- SQLI sql_injection_from_low
- SQLI sql_injection_from_med
- SQLI sql_injection_group_low
- SQLI sql_injection_group_med
- SQLI sql_injection_having_low
- SQLI sql_injection_having_med
- SQLI sql_injection_hi
- SQLI sql_injection_interp_hi
- SQLI sql_injection_interp_low
- SQLI sql_injection_interp_med
- SQLI sql_injection_joins_hi
- SQLI sql_injection_joins_low
- SQLI sql_injection_joins_med
- SQLI sql_injection_limit_offset_hi
- SQLI sql_injection_limit_offset_low
- SQLI sql_injection_low
- SQLI sql_injection_med
- SQLI sql_injection_not_low
- SQLI sql_injection_order_hi
- SQLI sql_injection_order_low
- SQLI sql_injection_order_med
- SQLI sql_injection_pluck_hi
- SQLI sql_injection_pluck_low
- SQLI sql_injection_pluck_med
- SQLI sql_injection_reorder_hi
- SQLI sql_injection_reorder_low
- SQLI sql_injection_reorder_med
- SQLI sql_injection_select_hi
- SQLI sql_injection_select_med
- SQLI sql_injection_where_hi
- SQLI sql_injection_where_low
- SQLI sql_injection_where_med
- STRICT_TRANSPORT_SECURITY force_ssl_disabled_med
- UNESCAPED_HTML unescaped_output_low
- UNEXPECTED_CONTROL_FLOW continue_in_do_while_false
- UNREACHABLE none
- UNSAFE_BASIC_AUTH basic_auth_password_hi
- UNSAFE_BASIC_AUTH basic_auth_timing_attack_low
- UNSAFE_BASIC_AUTH basic_auth_usage_low
- UNSAFE_DESERIALIZATION unsafe_deserialize_hi
- UNSAFE_DESERIALIZATION unsafe_deserialize_med
- UNSAFE_REFLECTION dangerous_send_hi
- UNSAFE_REFLECTION unsafe_constantize_hi
- UNSAFE_REFLECTION unsafe_constantize_med
- UNSAFE_SESSION_SETTING http_cookies_hi
- UNSAFE_SESSION_SETTING secure_cookies_hi
- UNSAFE_SESSION_SETTING session_secret_hi
- WEAK_PASSWORD_HASH weak_hash_digest_hi
- WEAK_PASSWORD_HASH weak_hash_digest_med
- WEAK_PASSWORD_HASH weak_hash_hmac_med
- XSS cross_site_scripting_hi
- XSS cross_site_scripting_inline_hi
- XSS cross_site_scripting_inline_med
- XSS cross_site_scripting_low
- XSS cross_site_scripting_med
- XSS cve_2011_0446_hi
- XSS cve_2012_3464_med
- XSS cve_2016_6316_hi
- XSS cve_2016_6316_med
- XSS unquoted_attribute_hi
- XSS unquoted_attribute_low
- XSS unquoted_attribute_med
- XSS xss_content_tag_hi
- XSS xss_content_tag_med
- XSS xss_link_to_hi
- XSS xss_link_to_href_hi
- XSS xss_link_to_href_low
- XSS xss_link_to_med
- XSS xss_to_json_hi
- XSS xss_to_json_med
|
- CONSTANT_EXPRESSION_RESULT bit_and_with_zero
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT missing_parentheses
- CONSTANT_EXPRESSION_RESULT none
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT result_independent_of_operands
- CONSTANT_EXPRESSION_RESULT same_on_both_sides
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- COPY_PASTE_ERROR none
- DEADCODE dead_case_in_switch
- DEADCODE dead_default_in_switch
- DEADCODE effectively_constant
- DEADCODE none
- DEADCODE redundant_test
- FORWARD_NULL deref_constant_null
- FORWARD_NULL none
- IDENTICAL_BRANCHES case
- IDENTICAL_BRANCHES chain
- IDENTICAL_BRANCHES if
- IDENTICAL_BRANCHES ternary
- NESTING_INDENT_MISMATCH bad_indentation
- NESTING_INDENT_MISMATCH none
- NO_EFFECT none
- NO_EFFECT self_assign
- OVERFLOW_BEFORE_WIDEN none
- REVERSE_INULL none
- UNREACHABLE none
|
- BAD_CERT_VERIFICATION bad_trust_manager
- BAD_CERT_VERIFICATION none
- CONFIG.ATS_INSECURE none
- CONSTANT_EXPRESSION_RESULT bit_and_with_zero
- CONSTANT_EXPRESSION_RESULT none
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT result_independent_of_operands
- CONSTANT_EXPRESSION_RESULT same_on_both_sides
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- COPY_PASTE_ERROR none
- DEADCODE dead_case_in_switch
- DEADCODE dead_default_in_switch
- DEADCODE effectively_constant
- DEADCODE none
- DEADCODE redundant_test
- FORWARD_NULL deref_constant_null
- FORWARD_NULL none
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- IDENTICAL_BRANCHES case
- IDENTICAL_BRANCHES chain
- IDENTICAL_BRANCHES if
- IDENTICAL_BRANCHES ternary
- INSECURE_COMMUNICATION none
- INSECURE_MULTIPEER_CONNECTION none
- PATH_MANIPULATION none
- PROPERTY_MIXUP none
- PW.* none
- REGEX_INJECTION none
- REVERSE_INULL none
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- UNEXPECTED_CONTROL_FLOW continue_in_do_while_false
- UNEXPECTED_CONTROL_FLOW ignored_exception_to_optional
- UNEXPECTED_CONTROL_FLOW useless_defer
- WEAK_BIOMETRIC_AUTH none
- XPATH_INJECTION none
|
- ANGULAR_BYPASS_SECURITY none
- ANGULAR_ELEMENT_REFERENCE none
- ANGULAR_EXPRESSION_INJECTION none
- ANGULAR_SCE_DISABLED angular_sce_disabled
- AWS_SSL_DISABLED aws_ssl_disabled
- AWS_VALIDATION_DISABLED aws_credentials_validation
- AWS_VALIDATION_DISABLED aws_parameters_validation
- BAD_CERT_VERIFICATION bad_cert_verification
- BAD_CERT_VERIFICATION certificate_validation_disabled
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_fields
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_filesize
- CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
- CONFIG.CORDOVA_EXCESSIVE_LOGGING cordova
- CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_intent_whitelist
- CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_navigation_whitelist
- CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_network_request_whitelist
- CONFIG.CSURF_IGNORE_METHODS csurf_ignore_methods
- CONFIG.HANA_XS_PREVENT_XSRF_DISABLED none
- CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
- CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
- CONFIG.MYSQL_SSL_VERIFY_DISABLED mysql_ssl_verify_disabled
- CONFIG.REQUEST_STRICTSSL_DISABLED request_strictssl_disabled
- CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
- CONFIG.SOCKETIO_MAXHTTPBUFFERSIZE_SET_TOO_LARGE socketio_max_buffer_size
- CONFIG.SOCKETIO_ORIGINS_ACCEPT_ALL socketio_all_origins
- CONFIG.UNSAFE_SESSION_TIMEOUT client_sessions_unsafe_session_timeout
- CONFIG.UNSAFE_SESSION_TIMEOUT connect_mongo_session_timeout_too_long
- CONFIG.UNSAFE_SESSION_TIMEOUT connect_redis_session_timeout_too_long
- CONFIG.UNSAFE_SESSION_TIMEOUT google_cloud_connect_datastore_unsafe_session_timeout
- CONSTANT_EXPRESSION_RESULT bit_and_with_zero
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT missing_parentheses
- CONSTANT_EXPRESSION_RESULT none
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT result_independent_of_operands
- CONSTANT_EXPRESSION_RESULT same_on_both_sides
- CONSTANT_EXPRESSION_RESULT typeof_misuse
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- COOKIE_INJECTION none
- COPY_PASTE_ERROR none
- CORS_MISCONFIGURATION cors_configured_globally
- CORS_MISCONFIGURATION cors_origin_string
- CORS_MISCONFIGURATION cors_with_credentials_all_origin
- CORS_MISCONFIGURATION cors_with_credentials_http_origin
- CORS_MISCONFIGURATION cors_with_credentials_null_origin
- CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
- CORS_MISCONFIGURATION_AUDIT cors_expose_sensitive_header
- CORS_MISCONFIGURATION_AUDIT cors_headers_allowed
- CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
- CORS_MISCONFIGURATION_AUDIT cors_origin_string
- CORS_MISCONFIGURATION_AUDIT cors_preflight_age_too_long
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_all_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_http_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_null_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
- CSRF database_update
- CSRF filesystem_modification
- CSRF none
- CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_cookie_name
- CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_no_validation
- CSRF_MISCONFIGURATION_HAPI_CRUMB insecure_cookie
- CSRF_MISCONFIGURATION_HAPI_CRUMB insufficient_token_entropy
- CSS_INJECTION none
- DEADCODE none
- DEADCODE redundant_test
- DOM_XSS none
- EXPLICIT_THIS_EXPECTED none
- EXPRESS_SESSION_UNSAFE_MEMORYSTORE express_session_unsafe_memorystore
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_fields
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_filesize
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_use_temp_files
- FORWARD_NULL bad_null_value_use
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HEADER_INJECTION none
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_max_age
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_report_uri
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_set_if
- IDENTICAL_BRANCHES case
- IDENTICAL_BRANCHES chain
- IDENTICAL_BRANCHES if
- IDENTICAL_BRANCHES ternary
- IDENTIFIER_TYPO none
- INSECURE_ACL insecure_acl
- INSECURE_COMMUNICATION insecure_connection
- INSECURE_COOKIE client_sessions_express_session
- INSECURE_COOKIE hapi_server_session
- INSECURE_REFERRER_POLICY insecure_referrer_policy
- INSECURE_SALT hardcoded
- INSUFFICIENT_LOGGING logging_obligation
- INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_aws
- INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_google
- JSONWEBTOKEN_UNTRUSTED_DECODE jwt_untrusted_decode
- LOCALSTORAGE_MANIPULATION none
- MISSING_AUTHZ none
- MISSING_BREAK none
- MULTER_MISCONFIGURATION multer_applied_globally
- MULTER_MISCONFIGURATION multer_custom_file_filter
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_count
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
- MULTER_MISCONFIGURATION multer_misconfiguration_of_limits
- MULTER_MISCONFIGURATION multer_misconfiguration_of_storage
- NESTING_INDENT_MISMATCH bad_indentation
- NESTING_INDENT_MISMATCH none
- NOSQL_QUERY_INJECTION none
- NO_EFFECT none
- NO_EFFECT self_assign
- NULL_RETURNS none
- OPEN_REDIRECT none
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- REACT_DANGEROUS_INNERHTML react_set_unsafe_html
- REGEX_INJECTION none
- REVERSE_INULL none
- REVERSE_TABNABBING react_target_blank
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO insecure_cipher
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SA.RISKY_CRYPTO ssl_protocol
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SESSIONSTORAGE_MANIPULATION none
- SQLI none
- SQLI nosink
- SQLI sink
- STRAY_SEMICOLON none
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
- TEMPLATE_INJECTION none
- TEMPORARY_CREDENTIALS_DURATION temporary_credentials_duration
- UNCHECKED_ORIGIN none
- UNEXPECTED_CONTROL_FLOW continue_in_do_while_false
- UNLESS_CASE_SENSITIVE_ROUTE_MATCHING express_unless_case_sensitive_route_matching
- UNREACHABLE none
- UNSAFE_BUFFER_METHOD unsafe_buffer_method
- UNSAFE_DESERIALIZATION none
- URL_MANIPULATION none
- VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
- WEAK_URL_SANITIZATION hostname_regular_expression
- WEAK_URL_SANITIZATION regular_expression_anchor
- WEAK_URL_SANITIZATION url_substring
- XML_EXTERNAL_ENTITY entity_expansion
- XSS none
|
- CALL_SUPER none
- COPY_PASTE_ERROR none
- CSRF database_update
- CSRF filesystem_modification
- CSRF none
- DEADCODE dead_case_in_switch
- DEADCODE dead_default_in_switch
- DEADCODE effectively_constant
- DEADCODE none
- DEADCODE redundant_test
- DIVIDE_BY_ZERO float_divisor
- DIVIDE_BY_ZERO none
- FORWARD_NULL deref_constant_null
- FORWARD_NULL deref_constant_zero
- FORWARD_NULL dynamic_cast
- FORWARD_NULL none
- FORWARD_NULL null_from_as
- FORWARD_NULL throws_on_null
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HEADER_INJECTION none
- IDENTICAL_BRANCHES case
- IDENTICAL_BRANCHES chain
- IDENTICAL_BRANCHES if
- IDENTICAL_BRANCHES ternary
- INFINITE_LOOP no_escape
- INFINITE_LOOP none
- LDAP_INJECTION none
- LDAP_NOT_CONSTANT none
- LOCK_EVASION none
- LOG_INJECTION none
- MISSING_AUTHZ none
- NULL_RETURNS none
- OPEN_REDIRECT none
- OS_CMD_INJECTION command_argument
- OS_CMD_INJECTION executable_file
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- PROPERTY_MIXUP none
- REGEX_INJECTION none
- RESOURCE_LEAK channel
- RESOURCE_LEAK database
- RESOURCE_LEAK exceptional_path
- RESOURCE_LEAK none
- RESOURCE_LEAK socket
- RESOURCE_LEAK stream
- REVERSE_INULL none
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
- SWAPPED_ARGUMENTS none
- UNEXPECTED_CONTROL_FLOW continue_in_do_while_false
- UNLOGGED_SECURITY_EXCEPTION unlogged_security_exception
- UNREACHABLE none
- UNRESTRICTED_DISPATCH none
- UNSAFE_DESERIALIZATION none
- UNSAFE_NAMED_QUERY none
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
- XML_EXTERNAL_ENTITY entity_expansion
- XML_EXTERNAL_ENTITY unrestricted_dtds
- XML_INJECTION none
- XPATH_INJECTION none
- XSS none
- XSS stored_xss
|
| 908 Use of Uninitialized Resource |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 909 Missing Initialization of Resource |
|
- NO_EFFECT bad_memset_zero_size
|
- NO_EFFECT bad_memset_zero_size
|
|
|
|
|
- NO_EFFECT bad_memset_zero_size
|
|
|
|
|
|
|
|
| 910 Use of Expired File Descriptor |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 911 Improper Update of Reference Count |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 912 Hidden Functionality |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 913 Improper Control of Dynamically-Managed Code Resources |
- NOSQL_QUERY_INJECTION none
- REGEX_INJECTION none
- SCRIPT_CODE_INJECTION none
- UNKNOWN_LANGUAGE_INJECTION none
- UNSAFE_DESERIALIZATION none
- UNSAFE_NAMED_QUERY none
- XPATH_INJECTION none
|
|
|
- DISTRUSTED_DATA_DESERIALIZATION none
- NOSQL_QUERY_INJECTION none
- TEMPLATE_INJECTION none
|
- JAVA_CODE_INJECTION none
- JCR_INJECTION none
- JSP_DYNAMIC_INCLUDE none
- NOSQL_QUERY_INJECTION none
- OGNL_INJECTION none
- REGEX_INJECTION none
- SCRIPT_CODE_INJECTION none
- UNKNOWN_LANGUAGE_INJECTION none
- UNSAFE_DESERIALIZATION none
- UNSAFE_JNI none
- UNSAFE_NAMED_QUERY none
- UNSAFE_REFLECTION none
- XPATH_INJECTION none
|
- ANGULAR_EXPRESSION_INJECTION none
- NOSQL_QUERY_INJECTION none
- REGEX_INJECTION none
- SCRIPT_CODE_INJECTION none
- TEMPLATE_INJECTION none
- UNSAFE_DESERIALIZATION none
|
- UNSAFE_DESERIALIZATION none
|
|
- NOSQL_QUERY_INJECTION none
- SCRIPT_CODE_INJECTION none
- UNSAFE_DESERIALIZATION none
- UNSAFE_REFLECTION none
|
- NOSQL_QUERY_INJECTION none
- SCRIPT_CODE_INJECTION none
- UNSAFE_DESERIALIZATION none
|
- COOKIE_SERIALIZER_CONFIG unsafe_cookie_serialization_med
- DYNAMIC_OBJECT_ATTRIBUTES attr_protected_used_med
- DYNAMIC_OBJECT_ATTRIBUTES cve_2013_0276_hi
- DYNAMIC_OBJECT_ATTRIBUTES dangerous_attr_accessible_hi
- DYNAMIC_OBJECT_ATTRIBUTES dangerous_attr_accessible_low
- DYNAMIC_OBJECT_ATTRIBUTES dangerous_attr_accessible_med
- DYNAMIC_OBJECT_ATTRIBUTES dangerous_permit_key_hi
- DYNAMIC_OBJECT_ATTRIBUTES dangerous_permit_key_med
- DYNAMIC_OBJECT_ATTRIBUTES mass_assign_call_hi
- DYNAMIC_OBJECT_ATTRIBUTES mass_assign_call_low
- DYNAMIC_OBJECT_ATTRIBUTES mass_assign_call_med
- DYNAMIC_OBJECT_ATTRIBUTES mass_assign_permit_all_hi
- DYNAMIC_OBJECT_ATTRIBUTES mass_assign_permit_all_med
- DYNAMIC_OBJECT_ATTRIBUTES mass_assign_without_protection_hi
- DYNAMIC_OBJECT_ATTRIBUTES mass_assign_without_protection_med
- DYNAMIC_OBJECT_ATTRIBUTES no_attr_accessible_hi
- PATH_MANIPULATION dynamic_render_path_rce_hi
- REGEX_INJECTION regex_dos_hi
- REGEX_INJECTION regex_dos_low
- REGEX_INJECTION regex_dos_med
- RUBY_VULNERABLE_LIBRARY cve_2013_0156_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_0269_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_0269_low
- RUBY_VULNERABLE_LIBRARY cve_2013_0269_med
- RUBY_VULNERABLE_LIBRARY cve_2013_0277_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_0277_med
- RUBY_VULNERABLE_LIBRARY cve_2013_0333_hi
- SCRIPT_CODE_INJECTION code_eval_hi
- SCRIPT_CODE_INJECTION code_eval_low
- UNSAFE_DESERIALIZATION unsafe_deserialize_hi
- UNSAFE_DESERIALIZATION unsafe_deserialize_med
- UNSAFE_REFLECTION dangerous_send_hi
- UNSAFE_REFLECTION unsafe_constantize_hi
- UNSAFE_REFLECTION unsafe_constantize_med
|
|
- REGEX_INJECTION none
- SCRIPT_CODE_INJECTION none
- XPATH_INJECTION none
|
- ANGULAR_EXPRESSION_INJECTION none
- NOSQL_QUERY_INJECTION none
- REGEX_INJECTION none
- SCRIPT_CODE_INJECTION none
- TEMPLATE_INJECTION none
- UNSAFE_DESERIALIZATION none
|
- REGEX_INJECTION none
- SCRIPT_CODE_INJECTION none
- UNSAFE_DESERIALIZATION none
- UNSAFE_NAMED_QUERY none
- XPATH_INJECTION none
|
| 914 Improper Control of Dynamically-Identified Variables |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 915 Improperly Controlled Modification of Dynamically-Determined Object Attributes |
|
|
|
|
|
|
|
|
|
|
- DYNAMIC_OBJECT_ATTRIBUTES attr_protected_used_med
- DYNAMIC_OBJECT_ATTRIBUTES cve_2013_0276_hi
- DYNAMIC_OBJECT_ATTRIBUTES dangerous_attr_accessible_hi
- DYNAMIC_OBJECT_ATTRIBUTES dangerous_attr_accessible_low
- DYNAMIC_OBJECT_ATTRIBUTES dangerous_attr_accessible_med
- DYNAMIC_OBJECT_ATTRIBUTES dangerous_permit_key_hi
- DYNAMIC_OBJECT_ATTRIBUTES dangerous_permit_key_med
- DYNAMIC_OBJECT_ATTRIBUTES mass_assign_call_hi
- DYNAMIC_OBJECT_ATTRIBUTES mass_assign_call_low
- DYNAMIC_OBJECT_ATTRIBUTES mass_assign_call_med
- DYNAMIC_OBJECT_ATTRIBUTES mass_assign_permit_all_hi
- DYNAMIC_OBJECT_ATTRIBUTES mass_assign_permit_all_med
- DYNAMIC_OBJECT_ATTRIBUTES mass_assign_without_protection_hi
- DYNAMIC_OBJECT_ATTRIBUTES mass_assign_without_protection_med
- DYNAMIC_OBJECT_ATTRIBUTES no_attr_accessible_hi
|
|
|
|
|
| 916 Use of Password Hash With Insufficient Computational Effort |
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
|
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
|
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
|
|
- CONFIG.SPRING_SECURITY_WEAK_PASSWORD_HASH weak_encoding_for_password
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
|
|
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
|
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
|
|
|
- RAILS_DEVISE_CONFIG devise_encryptor_hi
- WEAK_PASSWORD_HASH weak_hash_digest_hi
- WEAK_PASSWORD_HASH weak_hash_digest_med
- WEAK_PASSWORD_HASH weak_hash_hmac_med
|
|
|
|
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
|
| 917 Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection') |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 918 Server-Side Request Forgery (SSRF) |
|
|
|
|
- URL_MANIPULATION bad_content_uri
- URL_MANIPULATION bad_intent_uri
- URL_MANIPULATION bad_web_uri
|
|
- URL_MANIPULATION bad_content_uri
- URL_MANIPULATION bad_intent_uri
- URL_MANIPULATION bad_web_uri
|
|
|
|
|
|
|
|
|
| 919 Weaknesses in Mobile Applications |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 920 Improper Restriction of Power Consumption |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 921 Storage of Sensitive Data in a Mechanism without Access Control |
|
|
|
|
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_access
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_access
|
|
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_access
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_access
|
|
|
|
|
|
|
|
|
| 922 Insecure Storage of Sensitive Information |
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
|
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
|
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
|
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
|
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_access
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_access
|
- LOCALSTORAGE_WRITE none
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
|
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_access
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_access
|
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
|
- HARDCODED_CREDENTIALS secret_in_source_med
|
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
|
- LOCALSTORAGE_WRITE none
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
|
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
|
| 923 Improper Restriction of Communication Channel to Intended Endpoints |
- RISKY_CRYPTO ssl_protocol
|
- RISKY_CRYPTO ssl_protocol
- WEAK_GUARD dns
- WEAK_GUARD dns_sensitive_op
- WEAK_GUARD ip_address
- WEAK_GUARD ip_address_sensitive_op
|
- RISKY_CRYPTO ssl_protocol
- WEAK_GUARD dns
- WEAK_GUARD dns_sensitive_op
- WEAK_GUARD ip_address
- WEAK_GUARD ip_address_sensitive_op
|
- RISKY_CRYPTO ssl_protocol
|
- BAD_CERT_VERIFICATION bad_hostname_verifier
- BAD_CERT_VERIFICATION bad_revocation_check
- BAD_CERT_VERIFICATION bad_ssl_session
- BAD_CERT_VERIFICATION bad_trust_manager
- CORS_MISCONFIGURATION cors_with_credentials_http_origin
- RISKY_CRYPTO ssl_protocol
- WEAK_GUARD dns
- WEAK_GUARD dns_sensitive_op
- WEAK_GUARD ip_address
- WEAK_GUARD ip_address_sensitive_op
|
- CONFIG.REQUEST_STRICTSSL_DISABLED request_strictssl_disabled
- CORS_MISCONFIGURATION cors_with_credentials_http_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_http_origin
- RISKY_CRYPTO ssl_protocol
- SA.RISKY_CRYPTO ssl_protocol
|
- BAD_CERT_VERIFICATION bad_hostname_verifier
- BAD_CERT_VERIFICATION bad_revocation_check
- BAD_CERT_VERIFICATION bad_ssl_session
- BAD_CERT_VERIFICATION bad_trust_manager
- RISKY_CRYPTO ssl_protocol
|
- RISKY_CRYPTO ssl_protocol
- WEAK_GUARD dns
- WEAK_GUARD dns_sensitive_op
- WEAK_GUARD ip_address
- WEAK_GUARD ip_address_sensitive_op
|
|
|
- BAD_CERT_VERIFICATION ssl_verification_bypass_hi
|
|
- BAD_CERT_VERIFICATION bad_trust_manager
- BAD_CERT_VERIFICATION none
- RISKY_CRYPTO ssl_protocol
|
- CONFIG.REQUEST_STRICTSSL_DISABLED request_strictssl_disabled
- CORS_MISCONFIGURATION cors_with_credentials_http_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_http_origin
- RISKY_CRYPTO ssl_protocol
- SA.RISKY_CRYPTO ssl_protocol
|
- RISKY_CRYPTO ssl_protocol
|
| 924 Improper Enforcement of Message Integrity During Transmission in a Communication Channel |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 925 Improper Verification of Intent by Broadcast Receiver |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 926 Improper Export of Android Application Components |
|
|
|
|
- ANDROID_CAPABILITY_LEAK none
- MISSING_PERMISSION_ON_EXPORTED_COMPONENT none
|
|
- ANDROID_CAPABILITY_LEAK none
|
|
|
|
|
|
|
|
|
| 927 Use of Implicit Intent for Sensitive Communication |
|
|
|
|
- IMPLICIT_INTENT none
- MISSING_PERMISSION_FOR_BROADCAST none
- SENSITIVE_DATA_LEAK cleartext_storage_in_intent
|
|
- IMPLICIT_INTENT none
- MISSING_PERMISSION_FOR_BROADCAST none
- SENSITIVE_DATA_LEAK cleartext_storage_in_intent
|
|
|
|
|
|
|
|
|
| 928 Weaknesses in OWASP Top Ten (2013) |
- CONFIG.ASPNET_VERSION_HEADER none
- CONFIG.ASP_VIEWSTATE_MAC none
- CONFIG.CONNECTION_STRING_PASSWORD none
- CONFIG.COOKIES_MISSING_HTTPONLY none
- CONFIG.DEAD_AUTHORIZATION_RULE dead_allow_rule
- CONFIG.DEAD_AUTHORIZATION_RULE dead_deny_rule
- CONFIG.ENABLED_DEBUG_MODE none
- CONFIG.ENABLED_TRACE_MODE none
- CONFIG.MISSING_CUSTOM_ERROR_PAGE none
- CSRF database_update
- CSRF filesystem_modification
- CSRF none
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HEADER_INJECTION none
- INSECURE_COOKIE dotnet
- INSECURE_RANDOM insecure_random_used
- INSECURE_RANDOM insecure_random_value
- LDAP_INJECTION none
- LDAP_NOT_CONSTANT none
- MISSING_AUTHZ none
- NOSQL_QUERY_INJECTION none
- OPEN_REDIRECT none
- OS_CMD_INJECTION command_argument
- OS_CMD_INJECTION executable_file
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- REGEX_INJECTION none
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- UNKNOWN_LANGUAGE_INJECTION none
- UNRESTRICTED_DISPATCH none
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
- XML_EXTERNAL_ENTITY unrestricted_dtds
- XML_INJECTION none
- XPATH_INJECTION none
- XSS none
- XSS stored_xss
|
- AUTOSAR C++14 A15-3-3 none
- BUFFER_SIZE no_null_terminator
- BUFFER_SIZE no_null_terminator_warn
- FORMAT_STRING_INJECTION none
- FORMAT_STRING_INJECTION paranoid
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HEADER_INJECTION none
- INCOMPATIBLE_CAST endianness
- MISRA C++-2008 Rule 15-3-2 none
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- PW.NON_CONST_PRINTF_FORMAT_STRING none
- READLINK none
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SIZECHECK no_null_terminator
- SQLI none
- STRING_NULL none
- UNCAUGHT_EXCEPT none
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- URL_MANIPULATION none
- WEAK_GUARD dns
- WEAK_GUARD dns_sensitive_op
- WEAK_GUARD http_referer
- WEAK_GUARD http_referer_sensitive_op
- WEAK_GUARD ip_address
- WEAK_GUARD ip_address_sensitive_op
- WEAK_GUARD none
- WEAK_GUARD os_login
- WEAK_GUARD os_login_sensitive_op
- WEAK_GUARD principal_name
- WEAK_GUARD principal_name_sensitive_op
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
- XPATH_INJECTION none
|
- AUTOSAR C++14 A15-3-3 none
- BUFFER_SIZE no_null_terminator
- BUFFER_SIZE no_null_terminator_warn
- FORMAT_STRING_INJECTION none
- FORMAT_STRING_INJECTION paranoid
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HEADER_INJECTION none
- INCOMPATIBLE_CAST endianness
- MISRA C++-2008 Rule 15-3-2 none
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- PW.NON_CONST_PRINTF_FORMAT_STRING none
- READLINK none
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SIZECHECK no_null_terminator
- SQLI none
- STRING_NULL none
- UNCAUGHT_EXCEPT none
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- URL_MANIPULATION none
- WEAK_GUARD dns
- WEAK_GUARD dns_sensitive_op
- WEAK_GUARD http_referer
- WEAK_GUARD http_referer_sensitive_op
- WEAK_GUARD ip_address
- WEAK_GUARD ip_address_sensitive_op
- WEAK_GUARD none
- WEAK_GUARD os_login
- WEAK_GUARD os_login_sensitive_op
- WEAK_GUARD principal_name
- WEAK_GUARD principal_name_sensitive_op
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
- XPATH_INJECTION none
|
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HEADER_INJECTION none
- NOSQL_QUERY_INJECTION none
- OPEN_REDIRECT none
- OS_CMD_INJECTION command_as_one_string
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
- TEMPLATE_INJECTION none
- URL_MANIPULATION none
- XSS none
|
- ANDROID_CAPABILITY_LEAK none
- ANDROID_DEBUG_MODE none
- BAD_CERT_VERIFICATION bad_hostname_verifier
- BAD_CERT_VERIFICATION bad_revocation_check
- BAD_CERT_VERIFICATION bad_ssl_session
- BAD_CERT_VERIFICATION bad_trust_manager
- CONFIG.DUPLICATE_SERVLET_DEFINITION none
- CONFIG.DWR_DEBUG_MODE none
- CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
- CONFIG.HTTP_VERB_TAMPERING none
- CONFIG.JAVAEE_MISSING_HTTPONLY none
- CONFIG.JAVAEE_MISSING_SERVLET_MAPPING javaee
- CONFIG.MISSING_GLOBAL_EXCEPTION_HANDLER none
- CONFIG.MISSING_JSF2_SECURITY_CONSTRAINT none
- CONFIG.MYBATIS_MAPPER_SQLI none
- CONFIG.SPRING_BOOT_SSL_DISABLED spring_boot_certificate_validation_skipped
- CONFIG.SPRING_BOOT_SSL_DISABLED spring_boot_ssl_disabled
- CONFIG.SPRING_SECURITY_CSRF_PROTECTION_DISABLED spring_security
- CONFIG.SPRING_SECURITY_DEBUG_MODE spring_debug_mode_enabled
- CONFIG.SPRING_SECURITY_DEPRECATED_XSS_HEADER deprecated_xss_header
- CONFIG.SPRING_SECURITY_DISABLE_AUTH_TAGS none
- CONFIG.SPRING_SECURITY_HARDCODED_CREDENTIALS none
- CONFIG.SPRING_SECURITY_LOGIN_OVER_HTTP spring_security_login_over_http
- CONFIG.SPRING_SECURITY_REMEMBER_ME_HARDCODED_KEY none
- CONFIG.SPRING_SECURITY_SESSION_FIXATION none
- CONFIG.SPRING_SECURITY_SESSION_FIXATION spring_security_source_code
- CONFIG.SPRING_SECURITY_WEAK_PASSWORD_HASH weak_encoding_for_password
- CONFIG.STRUTS2_CONFIG_BROWSER_PLUGIN none
- CONFIG.STRUTS2_DYNAMIC_METHOD_INVOCATION none
- CONFIG.STRUTS2_ENABLED_DEV_MODE none
- CONFIG.UNSAFE_SESSION_TIMEOUT none
- CORS_MISCONFIGURATION cors_with_credentials_null_origin
- CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
- CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
- CSRF database_update
- CSRF filesystem_modification
- CSRF none
- DISABLED_ENCRYPTION text_encryptor
- EL_INJECTION none
- FB.DMI_CONSTANT_DB_PASSWORD none
- FB.DMI_EMPTY_DB_PASSWORD none
- FB.HRS_REQUEST_PARAMETER_TO_COOKIE none
- FB.HRS_REQUEST_PARAMETER_TO_HTTP_HEADER none
- FB.PT_ABSOLUTE_PATH_TRAVERSAL none
- FB.PT_RELATIVE_PATH_TRAVERSAL none
- FB.SQL_NONCONSTANT_STRING_PASSED_TO_EXECUTE none
- FB.SQL_PREPARED_STATEMENT_GENERATED_FROM_NONCONSTANT_STRING none
- FB.XSS_REQUEST_PARAMETER_TO_JSP_WRITER none
- FB.XSS_REQUEST_PARAMETER_TO_SEND_ERROR none
- FB.XSS_REQUEST_PARAMETER_TO_SERVLET_WRITER none
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HEADER_INJECTION none
- IMPLICIT_INTENT none
- INSECURE_COMMUNICATION insecure_communication
- INSECURE_COMMUNICATION none
- INSECURE_COMMUNICATION unencrypted_connection
- INSECURE_COOKIE java
- INSECURE_HTTP_FIREWALL spring_security
- INSECURE_RANDOM insecure_random_used
- INSECURE_RANDOM insecure_random_value
- INSECURE_REMEMBER_ME_COOKIE remember_me_cookie
- JAVA_CODE_INJECTION none
- JCR_INJECTION none
- JSP_DYNAMIC_INCLUDE none
- JSP_SQL_INJECTION none
- LDAP_INJECTION none
- LDAP_NOT_CONSTANT none
- MISSING_AUTHZ none
- MISSING_HEADER_VALIDATION missing_header_validation
- MISSING_PERMISSION_FOR_BROADCAST none
- MISSING_PERMISSION_ON_EXPORTED_COMPONENT none
- NOSQL_QUERY_INJECTION none
- OGNL_INJECTION none
- OPEN_REDIRECT none
- OS_CMD_INJECTION command_as_array_of_args
- OS_CMD_INJECTION command_as_one_string
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- PREDICTABLE_RANDOM_SEED random_seed
- PREDICTABLE_RANDOM_SEED secure_random_seed_const
- PREDICTABLE_RANDOM_SEED secure_random_seed_sys_time
- REGEX_INJECTION none
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_intent
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SESSION_FIXATION none
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- UNKNOWN_LANGUAGE_INJECTION none
- UNRESTRICTED_DISPATCH none
- URL_MANIPULATION bad_content_uri
- URL_MANIPULATION bad_intent_uri
- URL_MANIPULATION bad_web_uri
- VERBOSE_ERROR_REPORTING exception_information
- VERBOSE_ERROR_REPORTING stack_trace
- WEAK_GUARD dns
- WEAK_GUARD dns_sensitive_op
- WEAK_GUARD http_referer
- WEAK_GUARD http_referer_sensitive_op
- WEAK_GUARD ip_address
- WEAK_GUARD ip_address_sensitive_op
- WEAK_GUARD none
- WEAK_GUARD os_login
- WEAK_GUARD os_login_sensitive_op
- WEAK_GUARD principal_name
- WEAK_GUARD principal_name_sensitive_op
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
- XML_EXTERNAL_ENTITY unrestricted_dtds
- XML_INJECTION none
- XPATH_INJECTION none
- XSS none
- XSS stored_xss
|
- ANGULAR_BYPASS_SECURITY none
- ANGULAR_ELEMENT_REFERENCE none
- ANGULAR_EXPRESSION_INJECTION none
- ANGULAR_SCE_DISABLED angular_sce_disabled
- AWS_SSL_DISABLED aws_ssl_disabled
- AWS_VALIDATION_DISABLED aws_credentials_validation
- AWS_VALIDATION_DISABLED aws_parameters_validation
- BAD_CERT_VERIFICATION bad_cert_verification
- BAD_CERT_VERIFICATION certificate_validation_disabled
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
- CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
- CONFIG.CSURF_IGNORE_METHODS csurf_ignore_methods
- CONFIG.ENABLED_DEBUG_MODE debug_mode_enabled
- CONFIG.HANA_XS_PREVENT_XSRF_DISABLED none
- CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
- CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
- CONFIG.JSONWEBTOKEN_NON_EXPIRING_TOKEN jwt_non_expiring_token
- CONFIG.MISSING_GLOBAL_EXCEPTION_HANDLER winston_exception_handling
- CONFIG.MYSQL_SSL_VERIFY_DISABLED mysql_ssl_verify_disabled
- CONFIG.REQUEST_STRICTSSL_DISABLED request_strictssl_disabled
- CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
- CONFIG.UNSAFE_SESSION_TIMEOUT client_sessions_unsafe_session_timeout
- CONFIG.UNSAFE_SESSION_TIMEOUT connect_mongo_session_timeout_too_long
- CONFIG.UNSAFE_SESSION_TIMEOUT connect_redis_session_timeout_too_long
- CONFIG.UNSAFE_SESSION_TIMEOUT google_cloud_connect_datastore_unsafe_session_timeout
- CORS_MISCONFIGURATION cors_with_credentials_all_origin
- CORS_MISCONFIGURATION cors_with_credentials_null_origin
- CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
- CORS_MISCONFIGURATION_AUDIT cors_headers_allowed
- CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
- CORS_MISCONFIGURATION_AUDIT cors_preflight_age_too_long
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_all_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_null_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
- CSRF database_update
- CSRF filesystem_modification
- CSRF none
- CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_cookie_name
- CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_no_validation
- CSRF_MISCONFIGURATION_HAPI_CRUMB insecure_cookie
- CSRF_MISCONFIGURATION_HAPI_CRUMB insufficient_token_entropy
- CSS_INJECTION none
- DOM_XSS none
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HEADER_INJECTION none
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_max_age
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_report_uri
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_set_if
- INSECURE_ACL insecure_acl
- INSECURE_COMMUNICATION insecure_connection
- INSECURE_COOKIE client_sessions_express_session
- INSECURE_COOKIE hapi_server_session
- INSECURE_RANDOM insecure_random_used
- INSECURE_RANDOM insecure_random_value
- INSECURE_SALT hardcoded
- INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_aws
- INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_google
- JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_exipration
- JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_not_before
- LOCALSTORAGE_MANIPULATION none
- MISSING_AUTHZ none
- MULTER_MISCONFIGURATION multer_applied_globally
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
- NOSQL_QUERY_INJECTION none
- OPEN_REDIRECT none
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- REACT_DANGEROUS_INNERHTML react_set_unsafe_html
- REGEX_INJECTION none
- REVERSE_TABNABBING react_target_blank
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO insecure_cipher
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SA.RISKY_CRYPTO ssl_protocol
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SESSIONSTORAGE_MANIPULATION none
- SQLI none
- SQLI nosink
- SQLI sink
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
- TEMPLATE_INJECTION none
- TEMPORARY_CREDENTIALS_DURATION temporary_credentials_duration
- UNLESS_CASE_SENSITIVE_ROUTE_MATCHING express_unless_case_sensitive_route_matching
- URL_MANIPULATION none
- VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
- WEAK_URL_SANITIZATION hostname_regular_expression
- WEAK_URL_SANITIZATION regular_expression_anchor
- WEAK_URL_SANITIZATION url_substring
- XSS none
|
- ANDROID_CAPABILITY_LEAK none
- ANDROID_DEBUG_MODE none
- BAD_CERT_VERIFICATION bad_hostname_verifier
- BAD_CERT_VERIFICATION bad_revocation_check
- BAD_CERT_VERIFICATION bad_ssl_session
- BAD_CERT_VERIFICATION bad_trust_manager
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HEADER_INJECTION none
- IMPLICIT_INTENT none
- INSECURE_COMMUNICATION none
- INSECURE_RANDOM insecure_random_used
- INSECURE_RANDOM insecure_random_value
- MISSING_PERMISSION_FOR_BROADCAST none
- OS_CMD_INJECTION command_as_array_of_args
- OS_CMD_INJECTION command_as_one_string
- PATH_MANIPULATION none
- PREDICTABLE_RANDOM_SEED random_seed
- PREDICTABLE_RANDOM_SEED secure_random_seed_const
- PREDICTABLE_RANDOM_SEED secure_random_seed_sys_time
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_intent
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- URL_MANIPULATION bad_content_uri
- URL_MANIPULATION bad_intent_uri
- URL_MANIPULATION bad_web_uri
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
- XML_EXTERNAL_ENTITY unrestricted_dtds
|
- BUFFER_SIZE no_null_terminator
- BUFFER_SIZE no_null_terminator_warn
- FORMAT_STRING_INJECTION none
- FORMAT_STRING_INJECTION paranoid
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HEADER_INJECTION none
- INCOMPATIBLE_CAST endianness
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- READLINK none
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SIZECHECK no_null_terminator
- SQLI none
- STRING_NULL none
- UNCAUGHT_EXCEPT none
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- URL_MANIPULATION none
- WEAK_GUARD dns
- WEAK_GUARD dns_sensitive_op
- WEAK_GUARD http_referer
- WEAK_GUARD http_referer_sensitive_op
- WEAK_GUARD ip_address
- WEAK_GUARD ip_address_sensitive_op
- WEAK_GUARD none
- WEAK_GUARD os_login
- WEAK_GUARD os_login_sensitive_op
- WEAK_GUARD principal_name
- WEAK_GUARD principal_name_sensitive_op
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
- XPATH_INJECTION none
|
- CONFIG.SYMFONY_CSRF_PROTECTION_DISABLED none
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HEADER_INJECTION none
- MISSING_AUTHZ none
- NOSQL_QUERY_INJECTION none
- OPEN_REDIRECT none
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- SYMFONY_EL_INJECTION none
- XSS none
|
- CSRF database_update
- CSRF none
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- MISSING_AUTHZ none
- NOSQL_QUERY_INJECTION none
- OPEN_REDIRECT none
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- XSS none
|
- BAD_CERT_VERIFICATION ssl_verification_bypass_hi
- CSRF csrf_not_protected_by_raising_exception_med
- CSRF csrf_protection_disabled_hi
- CSRF csrf_protection_missing_hi
- CSRF cve_2011_0447_hi
- DYNAMIC_OBJECT_ATTRIBUTES cve_2013_0276_hi
- HARDCODED_CREDENTIALS secret_in_source_med
- INSECURE_COOKIE cookie_missing_secure_flag_low
- INSECURE_COOKIE missing_httponly_low
- INSECURE_DIRECT_OBJECT_REFERENCE unscoped_find_low
- OPEN_REDIRECT open_redirect_hi
- OPEN_REDIRECT open_redirect_low
- OS_CMD_INJECTION command_injection_hi
- OS_CMD_INJECTION command_injection_med
- PATH_MANIPULATION dynamic_render_path_hi
- PATH_MANIPULATION dynamic_render_path_low
- PATH_MANIPULATION dynamic_render_path_med
- PATH_MANIPULATION dynamic_render_path_rce_hi
- PATH_MANIPULATION file_access_hi
- PATH_MANIPULATION file_access_low
- PATH_MANIPULATION file_access_med
- RAILS_DEFAULT_ROUTES all_default_routes_hi
- RAILS_DEFAULT_ROUTES controller_default_routes_med
- RAILS_DEVISE_CONFIG devise_encryptor_hi
- RAILS_DEVISE_CONFIG devise_lock_strategy_low
- RAILS_DEVISE_CONFIG devise_password_length_max_low
- RAILS_DEVISE_CONFIG devise_password_length_max_med
- RAILS_DEVISE_CONFIG devise_password_length_min_low
- RAILS_DEVISE_CONFIG devise_password_length_min_med
- RAILS_DEVISE_CONFIG devise_reset_timeout_hi
- RAILS_MISSING_FILTER_ACTION missing_action_filter_low
- REGEX_INJECTION regex_dos_hi
- REGEX_INJECTION regex_dos_low
- REGEX_INJECTION regex_dos_med
- REVERSE_TABNABBING reverse_tabnabbing_low
- RUBY_VULNERABLE_LIBRARY cve_2010_3933_hi
- RUBY_VULNERABLE_LIBRARY cve_2011_2929_hi
- RUBY_VULNERABLE_LIBRARY cve_2011_2930_med
- RUBY_VULNERABLE_LIBRARY cve_2011_2931_hi
- RUBY_VULNERABLE_LIBRARY cve_2011_2932_hi
- RUBY_VULNERABLE_LIBRARY cve_2011_3186_med
- RUBY_VULNERABLE_LIBRARY cve_2012_2660_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_2661_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_2695_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_3424_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_3424_low
- RUBY_VULNERABLE_LIBRARY cve_2012_3463_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_3465_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_5664_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_0155_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_0156_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_0269_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_0269_low
- RUBY_VULNERABLE_LIBRARY cve_2013_0269_med
- RUBY_VULNERABLE_LIBRARY cve_2013_0277_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_0277_med
- RUBY_VULNERABLE_LIBRARY cve_2013_0333_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_1854_med
- RUBY_VULNERABLE_LIBRARY cve_2013_1855_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_1856_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_1857_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_4491_med
- RUBY_VULNERABLE_LIBRARY cve_2013_6414_med
- RUBY_VULNERABLE_LIBRARY cve_2013_6416_call_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_6416_med
- RUBY_VULNERABLE_LIBRARY cve_2013_6417_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_0080_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_0081_call_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_0081_med
- RUBY_VULNERABLE_LIBRARY cve_2014_0082_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_3482_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_3483_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_low
- RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_med
- RUBY_VULNERABLE_LIBRARY cve_2014_3514_med
- RUBY_VULNERABLE_LIBRARY cve_2014_7829_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_3226_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_3226_med
- RUBY_VULNERABLE_LIBRARY cve_2015_3227_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7576_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_7577_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7578_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_7578_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7579_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_7579_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7580_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_7580_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7581_med
- RUBY_VULNERABLE_LIBRARY cve_2016_0751_med
- RUBY_VULNERABLE_LIBRARY cve_2016_6317_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_3741_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_3741_med
- RUBY_VULNERABLE_LIBRARY cve_2018_3760_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_3760_low
- RUBY_VULNERABLE_LIBRARY cve_2018_8048_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_8048_med
- RUBY_VULNERABLE_LIBRARY safe_buffer_vuln_med
- RUBY_VULNERABLE_LIBRARY select_options_vuln_low
- RUBY_VULNERABLE_LIBRARY select_options_vuln_med
- RUBY_VULNERABLE_LIBRARY translate_vuln_hi
- RUBY_VULNERABLE_LIBRARY translate_vuln_med
- SCRIPT_CODE_INJECTION code_eval_hi
- SCRIPT_CODE_INJECTION code_eval_low
- SENSITIVE_DATA_LEAK detailed_exceptions_hi
- SENSITIVE_DATA_LEAK detailed_exceptions_med
- SENSITIVE_DATA_LEAK local_request_config_hi
- SQLI sql_injection_calculate_hi
- SQLI sql_injection_calculate_low
- SQLI sql_injection_calculate_med
- SQLI sql_injection_connection_hi
- SQLI sql_injection_connection_low
- SQLI sql_injection_connection_med
- SQLI sql_injection_delete_hi
- SQLI sql_injection_delete_low
- SQLI sql_injection_delete_med
- SQLI sql_injection_dynamic_finder_med
- SQLI sql_injection_exists_hi
- SQLI sql_injection_find_by_hi
- SQLI sql_injection_find_hi
- SQLI sql_injection_find_low
- SQLI sql_injection_find_med
- SQLI sql_injection_from_hi
- SQLI sql_injection_from_low
- SQLI sql_injection_from_med
- SQLI sql_injection_group_low
- SQLI sql_injection_group_med
- SQLI sql_injection_having_low
- SQLI sql_injection_having_med
- SQLI sql_injection_hi
- SQLI sql_injection_interp_hi
- SQLI sql_injection_interp_low
- SQLI sql_injection_interp_med
- SQLI sql_injection_joins_hi
- SQLI sql_injection_joins_low
- SQLI sql_injection_joins_med
- SQLI sql_injection_limit_offset_hi
- SQLI sql_injection_limit_offset_low
- SQLI sql_injection_low
- SQLI sql_injection_med
- SQLI sql_injection_not_low
- SQLI sql_injection_order_hi
- SQLI sql_injection_order_low
- SQLI sql_injection_order_med
- SQLI sql_injection_pluck_hi
- SQLI sql_injection_pluck_low
- SQLI sql_injection_pluck_med
- SQLI sql_injection_reorder_hi
- SQLI sql_injection_reorder_low
- SQLI sql_injection_reorder_med
- SQLI sql_injection_select_hi
- SQLI sql_injection_select_med
- SQLI sql_injection_where_hi
- SQLI sql_injection_where_low
- SQLI sql_injection_where_med
- STRICT_TRANSPORT_SECURITY force_ssl_disabled_med
- UNESCAPED_HTML unescaped_output_low
- UNSAFE_BASIC_AUTH basic_auth_password_hi
- UNSAFE_BASIC_AUTH basic_auth_timing_attack_low
- UNSAFE_BASIC_AUTH basic_auth_usage_low
- UNSAFE_SESSION_SETTING http_cookies_hi
- UNSAFE_SESSION_SETTING secure_cookies_hi
- UNSAFE_SESSION_SETTING session_secret_hi
- WEAK_PASSWORD_HASH weak_hash_digest_hi
- WEAK_PASSWORD_HASH weak_hash_digest_med
- WEAK_PASSWORD_HASH weak_hash_hmac_med
- XSS cross_site_scripting_hi
- XSS cross_site_scripting_inline_hi
- XSS cross_site_scripting_inline_med
- XSS cross_site_scripting_low
- XSS cross_site_scripting_med
- XSS cve_2011_0446_hi
- XSS cve_2012_3464_med
- XSS cve_2016_6316_hi
- XSS cve_2016_6316_med
- XSS unquoted_attribute_hi
- XSS unquoted_attribute_low
- XSS unquoted_attribute_med
- XSS xss_content_tag_hi
- XSS xss_content_tag_med
- XSS xss_link_to_hi
- XSS xss_link_to_href_hi
- XSS xss_link_to_href_low
- XSS xss_link_to_med
- XSS xss_to_json_hi
- XSS xss_to_json_med
|
|
- BAD_CERT_VERIFICATION bad_trust_manager
- BAD_CERT_VERIFICATION none
- CONFIG.ATS_INSECURE none
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- INSECURE_COMMUNICATION none
- INSECURE_MULTIPEER_CONNECTION none
- PATH_MANIPULATION none
- REGEX_INJECTION none
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- WEAK_BIOMETRIC_AUTH none
- XPATH_INJECTION none
|
- ANGULAR_BYPASS_SECURITY none
- ANGULAR_ELEMENT_REFERENCE none
- ANGULAR_EXPRESSION_INJECTION none
- ANGULAR_SCE_DISABLED angular_sce_disabled
- AWS_SSL_DISABLED aws_ssl_disabled
- AWS_VALIDATION_DISABLED aws_credentials_validation
- AWS_VALIDATION_DISABLED aws_parameters_validation
- BAD_CERT_VERIFICATION bad_cert_verification
- BAD_CERT_VERIFICATION certificate_validation_disabled
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
- CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
- CONFIG.CSURF_IGNORE_METHODS csurf_ignore_methods
- CONFIG.ENABLED_DEBUG_MODE debug_mode_enabled
- CONFIG.HANA_XS_PREVENT_XSRF_DISABLED none
- CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
- CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
- CONFIG.JSONWEBTOKEN_NON_EXPIRING_TOKEN jwt_non_expiring_token
- CONFIG.MISSING_GLOBAL_EXCEPTION_HANDLER winston_exception_handling
- CONFIG.MYSQL_SSL_VERIFY_DISABLED mysql_ssl_verify_disabled
- CONFIG.REQUEST_STRICTSSL_DISABLED request_strictssl_disabled
- CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
- CONFIG.UNSAFE_SESSION_TIMEOUT client_sessions_unsafe_session_timeout
- CONFIG.UNSAFE_SESSION_TIMEOUT connect_mongo_session_timeout_too_long
- CONFIG.UNSAFE_SESSION_TIMEOUT connect_redis_session_timeout_too_long
- CONFIG.UNSAFE_SESSION_TIMEOUT google_cloud_connect_datastore_unsafe_session_timeout
- CORS_MISCONFIGURATION cors_with_credentials_all_origin
- CORS_MISCONFIGURATION cors_with_credentials_null_origin
- CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
- CORS_MISCONFIGURATION_AUDIT cors_headers_allowed
- CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
- CORS_MISCONFIGURATION_AUDIT cors_preflight_age_too_long
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_all_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_null_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
- CSRF database_update
- CSRF filesystem_modification
- CSRF none
- CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_cookie_name
- CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_no_validation
- CSRF_MISCONFIGURATION_HAPI_CRUMB insecure_cookie
- CSRF_MISCONFIGURATION_HAPI_CRUMB insufficient_token_entropy
- CSS_INJECTION none
- DOM_XSS none
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HEADER_INJECTION none
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_max_age
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_report_uri
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_set_if
- INSECURE_ACL insecure_acl
- INSECURE_COMMUNICATION insecure_connection
- INSECURE_COOKIE client_sessions_express_session
- INSECURE_COOKIE hapi_server_session
- INSECURE_RANDOM insecure_random_used
- INSECURE_RANDOM insecure_random_value
- INSECURE_SALT hardcoded
- INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_aws
- INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_google
- JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_exipration
- JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_not_before
- LOCALSTORAGE_MANIPULATION none
- MISSING_AUTHZ none
- MULTER_MISCONFIGURATION multer_applied_globally
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
- NOSQL_QUERY_INJECTION none
- OPEN_REDIRECT none
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- REACT_DANGEROUS_INNERHTML react_set_unsafe_html
- REGEX_INJECTION none
- REVERSE_TABNABBING react_target_blank
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO insecure_cipher
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SA.RISKY_CRYPTO ssl_protocol
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SESSIONSTORAGE_MANIPULATION none
- SQLI none
- SQLI nosink
- SQLI sink
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
- TEMPLATE_INJECTION none
- TEMPORARY_CREDENTIALS_DURATION temporary_credentials_duration
- UNLESS_CASE_SENSITIVE_ROUTE_MATCHING express_unless_case_sensitive_route_matching
- URL_MANIPULATION none
- VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
- WEAK_URL_SANITIZATION hostname_regular_expression
- WEAK_URL_SANITIZATION regular_expression_anchor
- WEAK_URL_SANITIZATION url_substring
- XSS none
|
- CONFIG.MISSING_CUSTOM_ERROR_PAGE none
- CSRF database_update
- CSRF filesystem_modification
- CSRF none
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HEADER_INJECTION none
- INSECURE_RANDOM insecure_random_used
- INSECURE_RANDOM insecure_random_value
- LDAP_INJECTION none
- LDAP_NOT_CONSTANT none
- MISSING_AUTHZ none
- OPEN_REDIRECT none
- OS_CMD_INJECTION command_argument
- OS_CMD_INJECTION executable_file
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- REGEX_INJECTION none
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
- UNRESTRICTED_DISPATCH none
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
- XML_EXTERNAL_ENTITY unrestricted_dtds
- XML_INJECTION none
- XPATH_INJECTION none
- XSS none
- XSS stored_xss
|
| 929 OWASP Top Ten 2013 Category A1 - Injection |
- HEADER_INJECTION none
- LDAP_INJECTION none
- LDAP_NOT_CONSTANT none
- NOSQL_QUERY_INJECTION none
- OS_CMD_INJECTION command_argument
- OS_CMD_INJECTION executable_file
- OS_CMD_INJECTION none
- REGEX_INJECTION none
- SCRIPT_CODE_INJECTION none
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
- UNKNOWN_LANGUAGE_INJECTION none
- XML_INJECTION none
- XPATH_INJECTION none
- XSS none
- XSS stored_xss
|
- BUFFER_SIZE no_null_terminator
- BUFFER_SIZE no_null_terminator_warn
- FORMAT_STRING_INJECTION none
- FORMAT_STRING_INJECTION paranoid
- HEADER_INJECTION none
- OS_CMD_INJECTION none
- PW.NON_CONST_PRINTF_FORMAT_STRING none
- READLINK none
- SIZECHECK no_null_terminator
- SQLI none
- STRING_NULL none
- URL_MANIPULATION none
- XPATH_INJECTION none
|
- BUFFER_SIZE no_null_terminator
- BUFFER_SIZE no_null_terminator_warn
- FORMAT_STRING_INJECTION none
- FORMAT_STRING_INJECTION paranoid
- HEADER_INJECTION none
- OS_CMD_INJECTION none
- PW.NON_CONST_PRINTF_FORMAT_STRING none
- READLINK none
- SIZECHECK no_null_terminator
- SQLI none
- STRING_NULL none
- URL_MANIPULATION none
- XPATH_INJECTION none
|
- HEADER_INJECTION none
- NOSQL_QUERY_INJECTION none
- OS_CMD_INJECTION command_as_one_string
- OS_CMD_INJECTION none
- SQLI none
- SQLI nosink
- SQLI sink
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
- TEMPLATE_INJECTION none
- URL_MANIPULATION none
- XSS none
|
- CONFIG.MYBATIS_MAPPER_SQLI none
- CONFIG.SPRING_SECURITY_DEPRECATED_XSS_HEADER deprecated_xss_header
- EL_INJECTION none
- FB.HRS_REQUEST_PARAMETER_TO_COOKIE none
- FB.HRS_REQUEST_PARAMETER_TO_HTTP_HEADER none
- FB.SQL_NONCONSTANT_STRING_PASSED_TO_EXECUTE none
- FB.SQL_PREPARED_STATEMENT_GENERATED_FROM_NONCONSTANT_STRING none
- FB.XSS_REQUEST_PARAMETER_TO_JSP_WRITER none
- FB.XSS_REQUEST_PARAMETER_TO_SEND_ERROR none
- FB.XSS_REQUEST_PARAMETER_TO_SERVLET_WRITER none
- HEADER_INJECTION none
- JAVA_CODE_INJECTION none
- JCR_INJECTION none
- JSP_DYNAMIC_INCLUDE none
- JSP_SQL_INJECTION none
- LDAP_INJECTION none
- LDAP_NOT_CONSTANT none
- MISSING_HEADER_VALIDATION missing_header_validation
- NOSQL_QUERY_INJECTION none
- OGNL_INJECTION none
- OS_CMD_INJECTION command_as_array_of_args
- OS_CMD_INJECTION command_as_one_string
- OS_CMD_INJECTION none
- REGEX_INJECTION none
- SCRIPT_CODE_INJECTION none
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
- UNKNOWN_LANGUAGE_INJECTION none
- URL_MANIPULATION bad_content_uri
- URL_MANIPULATION bad_intent_uri
- URL_MANIPULATION bad_web_uri
- XML_INJECTION none
- XPATH_INJECTION none
- XSS none
- XSS stored_xss
|
- ANGULAR_BYPASS_SECURITY none
- ANGULAR_ELEMENT_REFERENCE none
- ANGULAR_EXPRESSION_INJECTION none
- ANGULAR_SCE_DISABLED angular_sce_disabled
- CSS_INJECTION none
- DOM_XSS none
- HEADER_INJECTION none
- LOCALSTORAGE_MANIPULATION none
- NOSQL_QUERY_INJECTION none
- OS_CMD_INJECTION none
- REACT_DANGEROUS_INNERHTML react_set_unsafe_html
- REGEX_INJECTION none
- SCRIPT_CODE_INJECTION none
- SESSIONSTORAGE_MANIPULATION none
- SQLI none
- SQLI nosink
- SQLI sink
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
- TEMPLATE_INJECTION none
- URL_MANIPULATION none
- VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
- XSS none
|
- HEADER_INJECTION none
- OS_CMD_INJECTION command_as_array_of_args
- OS_CMD_INJECTION command_as_one_string
- SQLI none
- SQLI nosink
- SQLI sink
- URL_MANIPULATION bad_content_uri
- URL_MANIPULATION bad_intent_uri
- URL_MANIPULATION bad_web_uri
|
- BUFFER_SIZE no_null_terminator
- BUFFER_SIZE no_null_terminator_warn
- FORMAT_STRING_INJECTION none
- FORMAT_STRING_INJECTION paranoid
- HEADER_INJECTION none
- OS_CMD_INJECTION none
- READLINK none
- SIZECHECK no_null_terminator
- SQLI none
- STRING_NULL none
- URL_MANIPULATION none
- XPATH_INJECTION none
|
- HEADER_INJECTION none
- NOSQL_QUERY_INJECTION none
- OS_CMD_INJECTION none
- SCRIPT_CODE_INJECTION none
- SQLI none
- SQLI nosink
- SQLI sink
- SYMFONY_EL_INJECTION none
- XSS none
|
- NOSQL_QUERY_INJECTION none
- OS_CMD_INJECTION none
- SCRIPT_CODE_INJECTION none
- SQLI none
- SQLI nosink
- SQLI sink
- XSS none
|
- DYNAMIC_OBJECT_ATTRIBUTES cve_2013_0276_hi
- OS_CMD_INJECTION command_injection_hi
- OS_CMD_INJECTION command_injection_med
- PATH_MANIPULATION dynamic_render_path_rce_hi
- REGEX_INJECTION regex_dos_hi
- REGEX_INJECTION regex_dos_low
- REGEX_INJECTION regex_dos_med
- RUBY_VULNERABLE_LIBRARY cve_2010_3933_hi
- RUBY_VULNERABLE_LIBRARY cve_2011_2930_med
- RUBY_VULNERABLE_LIBRARY cve_2011_2931_hi
- RUBY_VULNERABLE_LIBRARY cve_2011_2932_hi
- RUBY_VULNERABLE_LIBRARY cve_2011_3186_med
- RUBY_VULNERABLE_LIBRARY cve_2012_2660_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_2661_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_2695_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_3463_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_3465_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_5664_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_0155_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_1855_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_1857_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_4491_med
- RUBY_VULNERABLE_LIBRARY cve_2013_6416_call_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_6416_med
- RUBY_VULNERABLE_LIBRARY cve_2013_6417_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_0080_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_0081_call_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_0081_med
- RUBY_VULNERABLE_LIBRARY cve_2014_3482_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_3483_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_low
- RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_med
- RUBY_VULNERABLE_LIBRARY cve_2014_3514_med
- RUBY_VULNERABLE_LIBRARY cve_2015_3226_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_3226_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7577_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7578_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_7578_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7579_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_7579_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7580_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_7580_med
- RUBY_VULNERABLE_LIBRARY cve_2016_6317_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_3741_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_3741_med
- RUBY_VULNERABLE_LIBRARY cve_2018_8048_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_8048_med
- RUBY_VULNERABLE_LIBRARY safe_buffer_vuln_med
- RUBY_VULNERABLE_LIBRARY select_options_vuln_low
- RUBY_VULNERABLE_LIBRARY select_options_vuln_med
- RUBY_VULNERABLE_LIBRARY translate_vuln_hi
- RUBY_VULNERABLE_LIBRARY translate_vuln_med
- SCRIPT_CODE_INJECTION code_eval_hi
- SCRIPT_CODE_INJECTION code_eval_low
- SQLI sql_injection_calculate_hi
- SQLI sql_injection_calculate_low
- SQLI sql_injection_calculate_med
- SQLI sql_injection_connection_hi
- SQLI sql_injection_connection_low
- SQLI sql_injection_connection_med
- SQLI sql_injection_delete_hi
- SQLI sql_injection_delete_low
- SQLI sql_injection_delete_med
- SQLI sql_injection_dynamic_finder_med
- SQLI sql_injection_exists_hi
- SQLI sql_injection_find_by_hi
- SQLI sql_injection_find_hi
- SQLI sql_injection_find_low
- SQLI sql_injection_find_med
- SQLI sql_injection_from_hi
- SQLI sql_injection_from_low
- SQLI sql_injection_from_med
- SQLI sql_injection_group_low
- SQLI sql_injection_group_med
- SQLI sql_injection_having_low
- SQLI sql_injection_having_med
- SQLI sql_injection_hi
- SQLI sql_injection_interp_hi
- SQLI sql_injection_interp_low
- SQLI sql_injection_interp_med
- SQLI sql_injection_joins_hi
- SQLI sql_injection_joins_low
- SQLI sql_injection_joins_med
- SQLI sql_injection_limit_offset_hi
- SQLI sql_injection_limit_offset_low
- SQLI sql_injection_low
- SQLI sql_injection_med
- SQLI sql_injection_not_low
- SQLI sql_injection_order_hi
- SQLI sql_injection_order_low
- SQLI sql_injection_order_med
- SQLI sql_injection_pluck_hi
- SQLI sql_injection_pluck_low
- SQLI sql_injection_pluck_med
- SQLI sql_injection_reorder_hi
- SQLI sql_injection_reorder_low
- SQLI sql_injection_reorder_med
- SQLI sql_injection_select_hi
- SQLI sql_injection_select_med
- SQLI sql_injection_where_hi
- SQLI sql_injection_where_low
- SQLI sql_injection_where_med
- UNESCAPED_HTML unescaped_output_low
- XSS cross_site_scripting_hi
- XSS cross_site_scripting_inline_hi
- XSS cross_site_scripting_inline_med
- XSS cross_site_scripting_low
- XSS cross_site_scripting_med
- XSS cve_2011_0446_hi
- XSS cve_2012_3464_med
- XSS cve_2016_6316_hi
- XSS cve_2016_6316_med
- XSS unquoted_attribute_hi
- XSS unquoted_attribute_low
- XSS unquoted_attribute_med
- XSS xss_content_tag_hi
- XSS xss_content_tag_med
- XSS xss_link_to_hi
- XSS xss_link_to_href_hi
- XSS xss_link_to_href_low
- XSS xss_link_to_med
- XSS xss_to_json_hi
- XSS xss_to_json_med
|
|
- REGEX_INJECTION none
- SCRIPT_CODE_INJECTION none
- SQLI none
- SQLI nosink
- SQLI sink
- XPATH_INJECTION none
|
- ANGULAR_BYPASS_SECURITY none
- ANGULAR_ELEMENT_REFERENCE none
- ANGULAR_EXPRESSION_INJECTION none
- ANGULAR_SCE_DISABLED angular_sce_disabled
- CSS_INJECTION none
- DOM_XSS none
- HEADER_INJECTION none
- LOCALSTORAGE_MANIPULATION none
- NOSQL_QUERY_INJECTION none
- OS_CMD_INJECTION none
- REACT_DANGEROUS_INNERHTML react_set_unsafe_html
- REGEX_INJECTION none
- SCRIPT_CODE_INJECTION none
- SESSIONSTORAGE_MANIPULATION none
- SQLI none
- SQLI nosink
- SQLI sink
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
- TEMPLATE_INJECTION none
- URL_MANIPULATION none
- VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
- XSS none
|
- HEADER_INJECTION none
- LDAP_INJECTION none
- LDAP_NOT_CONSTANT none
- OS_CMD_INJECTION command_argument
- OS_CMD_INJECTION executable_file
- OS_CMD_INJECTION none
- REGEX_INJECTION none
- SCRIPT_CODE_INJECTION none
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
- XML_INJECTION none
- XPATH_INJECTION none
- XSS none
- XSS stored_xss
|
| 930 OWASP Top Ten 2013 Category A2 - Broken Authentication and Session Management |
- CONFIG.CONNECTION_STRING_PASSWORD none
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- INSECURE_COOKIE dotnet
- MISSING_AUTHZ none
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
|
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- WEAK_GUARD dns
- WEAK_GUARD dns_sensitive_op
- WEAK_GUARD http_referer
- WEAK_GUARD http_referer_sensitive_op
- WEAK_GUARD ip_address
- WEAK_GUARD ip_address_sensitive_op
- WEAK_GUARD none
- WEAK_GUARD os_login
- WEAK_GUARD os_login_sensitive_op
- WEAK_GUARD principal_name
- WEAK_GUARD principal_name_sensitive_op
|
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- WEAK_GUARD dns
- WEAK_GUARD dns_sensitive_op
- WEAK_GUARD http_referer
- WEAK_GUARD http_referer_sensitive_op
- WEAK_GUARD ip_address
- WEAK_GUARD ip_address_sensitive_op
- WEAK_GUARD none
- WEAK_GUARD os_login
- WEAK_GUARD os_login_sensitive_op
- WEAK_GUARD principal_name
- WEAK_GUARD principal_name_sensitive_op
|
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
|
- CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
- CONFIG.MISSING_JSF2_SECURITY_CONSTRAINT none
- CONFIG.SPRING_BOOT_SSL_DISABLED spring_boot_certificate_validation_skipped
- CONFIG.SPRING_BOOT_SSL_DISABLED spring_boot_ssl_disabled
- CONFIG.SPRING_SECURITY_HARDCODED_CREDENTIALS none
- CONFIG.SPRING_SECURITY_LOGIN_OVER_HTTP spring_security_login_over_http
- CONFIG.SPRING_SECURITY_REMEMBER_ME_HARDCODED_KEY none
- CONFIG.SPRING_SECURITY_SESSION_FIXATION none
- CONFIG.SPRING_SECURITY_SESSION_FIXATION spring_security_source_code
- CONFIG.SPRING_SECURITY_WEAK_PASSWORD_HASH weak_encoding_for_password
- CONFIG.UNSAFE_SESSION_TIMEOUT none
- CORS_MISCONFIGURATION cors_with_credentials_null_origin
- CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
- CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
- DISABLED_ENCRYPTION text_encryptor
- FB.DMI_CONSTANT_DB_PASSWORD none
- FB.DMI_EMPTY_DB_PASSWORD none
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- INSECURE_COMMUNICATION insecure_communication
- INSECURE_COMMUNICATION none
- INSECURE_COMMUNICATION unencrypted_connection
- INSECURE_COOKIE java
- INSECURE_REMEMBER_ME_COOKIE remember_me_cookie
- MISSING_AUTHZ none
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SESSION_FIXATION none
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- WEAK_GUARD dns
- WEAK_GUARD dns_sensitive_op
- WEAK_GUARD http_referer
- WEAK_GUARD http_referer_sensitive_op
- WEAK_GUARD ip_address
- WEAK_GUARD ip_address_sensitive_op
- WEAK_GUARD none
- WEAK_GUARD os_login
- WEAK_GUARD os_login_sensitive_op
- WEAK_GUARD principal_name
- WEAK_GUARD principal_name_sensitive_op
|
- AWS_SSL_DISABLED aws_ssl_disabled
- AWS_VALIDATION_DISABLED aws_credentials_validation
- AWS_VALIDATION_DISABLED aws_parameters_validation
- BAD_CERT_VERIFICATION bad_cert_verification
- BAD_CERT_VERIFICATION certificate_validation_disabled
- CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
- CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
- CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
- CONFIG.JSONWEBTOKEN_NON_EXPIRING_TOKEN jwt_non_expiring_token
- CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
- CONFIG.UNSAFE_SESSION_TIMEOUT client_sessions_unsafe_session_timeout
- CONFIG.UNSAFE_SESSION_TIMEOUT connect_mongo_session_timeout_too_long
- CONFIG.UNSAFE_SESSION_TIMEOUT connect_redis_session_timeout_too_long
- CONFIG.UNSAFE_SESSION_TIMEOUT google_cloud_connect_datastore_unsafe_session_timeout
- CORS_MISCONFIGURATION cors_with_credentials_all_origin
- CORS_MISCONFIGURATION cors_with_credentials_null_origin
- CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
- CORS_MISCONFIGURATION_AUDIT cors_headers_allowed
- CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
- CORS_MISCONFIGURATION_AUDIT cors_preflight_age_too_long
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_all_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_null_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_max_age
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_set_if
- INSECURE_COMMUNICATION insecure_connection
- INSECURE_COOKIE client_sessions_express_session
- INSECURE_COOKIE hapi_server_session
- INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_aws
- INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_google
- JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_exipration
- JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_not_before
- MISSING_AUTHZ none
- MULTER_MISCONFIGURATION multer_applied_globally
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- TEMPORARY_CREDENTIALS_DURATION temporary_credentials_duration
- UNLESS_CASE_SENSITIVE_ROUTE_MATCHING express_unless_case_sensitive_route_matching
- WEAK_URL_SANITIZATION hostname_regular_expression
- WEAK_URL_SANITIZATION regular_expression_anchor
- WEAK_URL_SANITIZATION url_substring
|
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- INSECURE_COMMUNICATION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
|
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- WEAK_GUARD dns
- WEAK_GUARD dns_sensitive_op
- WEAK_GUARD http_referer
- WEAK_GUARD http_referer_sensitive_op
- WEAK_GUARD ip_address
- WEAK_GUARD ip_address_sensitive_op
- WEAK_GUARD none
- WEAK_GUARD os_login
- WEAK_GUARD os_login_sensitive_op
- WEAK_GUARD principal_name
- WEAK_GUARD principal_name_sensitive_op
|
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- MISSING_AUTHZ none
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
|
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- MISSING_AUTHZ none
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
|
- HARDCODED_CREDENTIALS secret_in_source_med
- INSECURE_COOKIE cookie_missing_secure_flag_low
- RAILS_DEVISE_CONFIG devise_lock_strategy_low
- RAILS_DEVISE_CONFIG devise_password_length_max_low
- RAILS_DEVISE_CONFIG devise_password_length_max_med
- RAILS_DEVISE_CONFIG devise_password_length_min_low
- RAILS_DEVISE_CONFIG devise_password_length_min_med
- RAILS_DEVISE_CONFIG devise_reset_timeout_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_7576_hi
- STRICT_TRANSPORT_SECURITY force_ssl_disabled_med
- UNSAFE_BASIC_AUTH basic_auth_password_hi
- UNSAFE_BASIC_AUTH basic_auth_timing_attack_low
- UNSAFE_BASIC_AUTH basic_auth_usage_low
- UNSAFE_SESSION_SETTING secure_cookies_hi
- UNSAFE_SESSION_SETTING session_secret_hi
|
|
- CONFIG.ATS_INSECURE none
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- INSECURE_COMMUNICATION none
- INSECURE_MULTIPEER_CONNECTION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- WEAK_BIOMETRIC_AUTH none
|
- AWS_SSL_DISABLED aws_ssl_disabled
- AWS_VALIDATION_DISABLED aws_credentials_validation
- AWS_VALIDATION_DISABLED aws_parameters_validation
- BAD_CERT_VERIFICATION bad_cert_verification
- BAD_CERT_VERIFICATION certificate_validation_disabled
- CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
- CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
- CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
- CONFIG.JSONWEBTOKEN_NON_EXPIRING_TOKEN jwt_non_expiring_token
- CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
- CONFIG.UNSAFE_SESSION_TIMEOUT client_sessions_unsafe_session_timeout
- CONFIG.UNSAFE_SESSION_TIMEOUT connect_mongo_session_timeout_too_long
- CONFIG.UNSAFE_SESSION_TIMEOUT connect_redis_session_timeout_too_long
- CONFIG.UNSAFE_SESSION_TIMEOUT google_cloud_connect_datastore_unsafe_session_timeout
- CORS_MISCONFIGURATION cors_with_credentials_all_origin
- CORS_MISCONFIGURATION cors_with_credentials_null_origin
- CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
- CORS_MISCONFIGURATION_AUDIT cors_headers_allowed
- CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
- CORS_MISCONFIGURATION_AUDIT cors_preflight_age_too_long
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_all_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_null_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_max_age
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_set_if
- INSECURE_COMMUNICATION insecure_connection
- INSECURE_COOKIE client_sessions_express_session
- INSECURE_COOKIE hapi_server_session
- INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_aws
- INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_google
- JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_exipration
- JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_not_before
- MISSING_AUTHZ none
- MULTER_MISCONFIGURATION multer_applied_globally
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- TEMPORARY_CREDENTIALS_DURATION temporary_credentials_duration
- UNLESS_CASE_SENSITIVE_ROUTE_MATCHING express_unless_case_sensitive_route_matching
- WEAK_URL_SANITIZATION hostname_regular_expression
- WEAK_URL_SANITIZATION regular_expression_anchor
- WEAK_URL_SANITIZATION url_substring
|
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- MISSING_AUTHZ none
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
|
| 931 OWASP Top Ten 2013 Category A3 - Cross-Site Scripting (XSS) |
|
|
|
|
- CONFIG.SPRING_SECURITY_DEPRECATED_XSS_HEADER deprecated_xss_header
- FB.XSS_REQUEST_PARAMETER_TO_JSP_WRITER none
- FB.XSS_REQUEST_PARAMETER_TO_SEND_ERROR none
- FB.XSS_REQUEST_PARAMETER_TO_SERVLET_WRITER none
- XSS none
- XSS stored_xss
|
- ANGULAR_BYPASS_SECURITY none
- ANGULAR_ELEMENT_REFERENCE none
- ANGULAR_SCE_DISABLED angular_sce_disabled
- DOM_XSS none
- REACT_DANGEROUS_INNERHTML react_set_unsafe_html
- VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
- XSS none
|
|
|
|
|
- RUBY_VULNERABLE_LIBRARY cve_2011_2931_hi
- RUBY_VULNERABLE_LIBRARY cve_2011_2932_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_3463_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_3465_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_1855_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_1857_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_4491_med
- RUBY_VULNERABLE_LIBRARY cve_2013_6416_call_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_6416_med
- RUBY_VULNERABLE_LIBRARY cve_2014_0081_call_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_0081_med
- RUBY_VULNERABLE_LIBRARY cve_2015_3226_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_3226_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7578_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_7578_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7579_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_7579_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7580_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_7580_med
- RUBY_VULNERABLE_LIBRARY cve_2018_3741_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_3741_med
- RUBY_VULNERABLE_LIBRARY cve_2018_8048_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_8048_med
- RUBY_VULNERABLE_LIBRARY safe_buffer_vuln_med
- RUBY_VULNERABLE_LIBRARY select_options_vuln_low
- RUBY_VULNERABLE_LIBRARY select_options_vuln_med
- RUBY_VULNERABLE_LIBRARY translate_vuln_hi
- RUBY_VULNERABLE_LIBRARY translate_vuln_med
- UNESCAPED_HTML unescaped_output_low
- XSS cross_site_scripting_hi
- XSS cross_site_scripting_inline_hi
- XSS cross_site_scripting_inline_med
- XSS cross_site_scripting_low
- XSS cross_site_scripting_med
- XSS cve_2011_0446_hi
- XSS cve_2012_3464_med
- XSS cve_2016_6316_hi
- XSS cve_2016_6316_med
- XSS unquoted_attribute_hi
- XSS unquoted_attribute_low
- XSS unquoted_attribute_med
- XSS xss_content_tag_hi
- XSS xss_content_tag_med
- XSS xss_link_to_hi
- XSS xss_link_to_href_hi
- XSS xss_link_to_href_low
- XSS xss_link_to_med
- XSS xss_to_json_hi
- XSS xss_to_json_med
|
|
|
- ANGULAR_BYPASS_SECURITY none
- ANGULAR_ELEMENT_REFERENCE none
- ANGULAR_SCE_DISABLED angular_sce_disabled
- DOM_XSS none
- REACT_DANGEROUS_INNERHTML react_set_unsafe_html
- VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
- XSS none
|
|
| 932 OWASP Top Ten 2013 Category A4 - Insecure Direct Object References |
- PATH_MANIPULATION none
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
- XML_EXTERNAL_ENTITY unrestricted_dtds
|
- PATH_MANIPULATION none
- SQLI none
- URL_MANIPULATION none
|
- PATH_MANIPULATION none
- SQLI none
- URL_MANIPULATION none
|
- PATH_MANIPULATION none
- SQLI none
- SQLI nosink
- SQLI sink
- URL_MANIPULATION none
|
- CONFIG.MYBATIS_MAPPER_SQLI none
- FB.PT_ABSOLUTE_PATH_TRAVERSAL none
- FB.PT_RELATIVE_PATH_TRAVERSAL none
- JSP_DYNAMIC_INCLUDE none
- JSP_SQL_INJECTION none
- PATH_MANIPULATION none
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
- URL_MANIPULATION bad_content_uri
- URL_MANIPULATION bad_intent_uri
- URL_MANIPULATION bad_web_uri
- XML_EXTERNAL_ENTITY unrestricted_dtds
|
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
- LOCALSTORAGE_MANIPULATION none
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
- PATH_MANIPULATION none
- SESSIONSTORAGE_MANIPULATION none
- SQLI none
- SQLI nosink
- SQLI sink
- URL_MANIPULATION none
|
- PATH_MANIPULATION none
- SQLI none
- SQLI nosink
- SQLI sink
- URL_MANIPULATION bad_content_uri
- URL_MANIPULATION bad_intent_uri
- URL_MANIPULATION bad_web_uri
- XML_EXTERNAL_ENTITY unrestricted_dtds
|
- PATH_MANIPULATION none
- SQLI none
- URL_MANIPULATION none
|
- PATH_MANIPULATION none
- SQLI none
- SQLI nosink
- SQLI sink
|
- PATH_MANIPULATION none
- SQLI none
- SQLI nosink
- SQLI sink
|
- INSECURE_DIRECT_OBJECT_REFERENCE unscoped_find_low
- PATH_MANIPULATION dynamic_render_path_hi
- PATH_MANIPULATION dynamic_render_path_low
- PATH_MANIPULATION dynamic_render_path_med
- PATH_MANIPULATION dynamic_render_path_rce_hi
- PATH_MANIPULATION file_access_hi
- PATH_MANIPULATION file_access_low
- PATH_MANIPULATION file_access_med
- RUBY_VULNERABLE_LIBRARY cve_2011_2929_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_3760_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_3760_low
|
|
- PATH_MANIPULATION none
- SQLI none
- SQLI nosink
- SQLI sink
|
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
- LOCALSTORAGE_MANIPULATION none
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
- PATH_MANIPULATION none
- SESSIONSTORAGE_MANIPULATION none
- SQLI none
- SQLI nosink
- SQLI sink
- URL_MANIPULATION none
|
- PATH_MANIPULATION none
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
- XML_EXTERNAL_ENTITY unrestricted_dtds
|
| 933 OWASP Top Ten 2013 Category A5 - Security Misconfiguration |
- CONFIG.ASPNET_VERSION_HEADER none
- CONFIG.ASP_VIEWSTATE_MAC none
- CONFIG.CONNECTION_STRING_PASSWORD none
- CONFIG.COOKIES_MISSING_HTTPONLY none
- CONFIG.DEAD_AUTHORIZATION_RULE dead_allow_rule
- CONFIG.DEAD_AUTHORIZATION_RULE dead_deny_rule
- CONFIG.ENABLED_DEBUG_MODE none
- CONFIG.ENABLED_TRACE_MODE none
- CONFIG.MISSING_CUSTOM_ERROR_PAGE none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- XSS none
- XSS stored_xss
|
- AUTOSAR C++14 A15-3-3 none
- INCOMPATIBLE_CAST endianness
- MISRA C++-2008 Rule 15-3-2 none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNCAUGHT_EXCEPT none
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
|
- AUTOSAR C++14 A15-3-3 none
- INCOMPATIBLE_CAST endianness
- MISRA C++-2008 Rule 15-3-2 none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNCAUGHT_EXCEPT none
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
|
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_transmission
- XSS none
|
- ANDROID_DEBUG_MODE none
- CONFIG.DUPLICATE_SERVLET_DEFINITION none
- CONFIG.DWR_DEBUG_MODE none
- CONFIG.HTTP_VERB_TAMPERING none
- CONFIG.JAVAEE_MISSING_HTTPONLY none
- CONFIG.MISSING_GLOBAL_EXCEPTION_HANDLER none
- CONFIG.MISSING_JSF2_SECURITY_CONSTRAINT none
- CONFIG.SPRING_SECURITY_DEBUG_MODE spring_debug_mode_enabled
- CONFIG.SPRING_SECURITY_DEPRECATED_XSS_HEADER deprecated_xss_header
- CONFIG.SPRING_SECURITY_DISABLE_AUTH_TAGS none
- CONFIG.SPRING_SECURITY_HARDCODED_CREDENTIALS none
- CONFIG.SPRING_SECURITY_LOGIN_OVER_HTTP spring_security_login_over_http
- CONFIG.SPRING_SECURITY_REMEMBER_ME_HARDCODED_KEY none
- CONFIG.SPRING_SECURITY_SESSION_FIXATION none
- CONFIG.STRUTS2_CONFIG_BROWSER_PLUGIN none
- CONFIG.STRUTS2_DYNAMIC_METHOD_INVOCATION none
- CONFIG.STRUTS2_ENABLED_DEV_MODE none
- CONFIG.UNSAFE_SESSION_TIMEOUT none
- INSECURE_COMMUNICATION insecure_communication
- INSECURE_COMMUNICATION none
- INSECURE_COMMUNICATION unencrypted_connection
- INSECURE_HTTP_FIREWALL spring_security
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- VERBOSE_ERROR_REPORTING exception_information
- VERBOSE_ERROR_REPORTING stack_trace
- XSS none
- XSS stored_xss
|
- ANGULAR_SCE_DISABLED angular_sce_disabled
- CONFIG.ENABLED_DEBUG_MODE debug_mode_enabled
- CONFIG.HANA_XS_PREVENT_XSRF_DISABLED none
- CONFIG.MISSING_GLOBAL_EXCEPTION_HANDLER winston_exception_handling
- CONFIG.UNSAFE_SESSION_TIMEOUT client_sessions_unsafe_session_timeout
- CONFIG.UNSAFE_SESSION_TIMEOUT connect_mongo_session_timeout_too_long
- CONFIG.UNSAFE_SESSION_TIMEOUT connect_redis_session_timeout_too_long
- CONFIG.UNSAFE_SESSION_TIMEOUT google_cloud_connect_datastore_unsafe_session_timeout
- CORS_MISCONFIGURATION_AUDIT cors_preflight_age_too_long
- DOM_XSS none
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_max_age
- INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_aws
- INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_google
- REACT_DANGEROUS_INNERHTML react_set_unsafe_html
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_transmission
- TEMPORARY_CREDENTIALS_DURATION temporary_credentials_duration
- VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
- XSS none
|
- ANDROID_DEBUG_MODE none
- INSECURE_COMMUNICATION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
|
- INCOMPATIBLE_CAST endianness
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNCAUGHT_EXCEPT none
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
|
- CONFIG.SYMFONY_CSRF_PROTECTION_DISABLED none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_transmission
- XSS none
|
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_transmission
- XSS none
|
- SENSITIVE_DATA_LEAK detailed_exceptions_hi
- SENSITIVE_DATA_LEAK detailed_exceptions_med
- SENSITIVE_DATA_LEAK local_request_config_hi
- XSS cross_site_scripting_hi
- XSS cross_site_scripting_inline_hi
- XSS cross_site_scripting_inline_med
- XSS cross_site_scripting_low
- XSS cross_site_scripting_med
- XSS cve_2011_0446_hi
- XSS cve_2012_3464_med
- XSS cve_2016_6316_hi
- XSS cve_2016_6316_med
- XSS unquoted_attribute_hi
- XSS unquoted_attribute_low
- XSS unquoted_attribute_med
- XSS xss_content_tag_hi
- XSS xss_content_tag_med
- XSS xss_link_to_hi
- XSS xss_link_to_href_hi
- XSS xss_link_to_href_low
- XSS xss_link_to_med
- XSS xss_to_json_hi
- XSS xss_to_json_med
|
|
- INSECURE_COMMUNICATION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
|
- ANGULAR_SCE_DISABLED angular_sce_disabled
- CONFIG.ENABLED_DEBUG_MODE debug_mode_enabled
- CONFIG.HANA_XS_PREVENT_XSRF_DISABLED none
- CONFIG.MISSING_GLOBAL_EXCEPTION_HANDLER winston_exception_handling
- CONFIG.UNSAFE_SESSION_TIMEOUT client_sessions_unsafe_session_timeout
- CONFIG.UNSAFE_SESSION_TIMEOUT connect_mongo_session_timeout_too_long
- CONFIG.UNSAFE_SESSION_TIMEOUT connect_redis_session_timeout_too_long
- CONFIG.UNSAFE_SESSION_TIMEOUT google_cloud_connect_datastore_unsafe_session_timeout
- CORS_MISCONFIGURATION_AUDIT cors_preflight_age_too_long
- DOM_XSS none
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_max_age
- INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_aws
- INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_google
- REACT_DANGEROUS_INNERHTML react_set_unsafe_html
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_transmission
- TEMPORARY_CREDENTIALS_DURATION temporary_credentials_duration
- VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
- XSS none
|
- CONFIG.MISSING_CUSTOM_ERROR_PAGE none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_transmission
- XSS none
- XSS stored_xss
|
| 934 OWASP Top Ten 2013 Category A6 - Sensitive Data Exposure |
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- INSECURE_COOKIE dotnet
- INSECURE_RANDOM insecure_random_used
- INSECURE_RANDOM insecure_random_value
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
|
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
|
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
|
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
|
- BAD_CERT_VERIFICATION bad_hostname_verifier
- BAD_CERT_VERIFICATION bad_revocation_check
- BAD_CERT_VERIFICATION bad_ssl_session
- BAD_CERT_VERIFICATION bad_trust_manager
- CONFIG.SPRING_BOOT_SSL_DISABLED spring_boot_certificate_validation_skipped
- CONFIG.SPRING_BOOT_SSL_DISABLED spring_boot_ssl_disabled
- CONFIG.SPRING_SECURITY_LOGIN_OVER_HTTP spring_security_login_over_http
- CONFIG.SPRING_SECURITY_WEAK_PASSWORD_HASH weak_encoding_for_password
- DISABLED_ENCRYPTION text_encryptor
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- INSECURE_COMMUNICATION insecure_communication
- INSECURE_COMMUNICATION none
- INSECURE_COMMUNICATION unencrypted_connection
- INSECURE_COOKIE java
- INSECURE_RANDOM insecure_random_used
- INSECURE_RANDOM insecure_random_value
- INSECURE_REMEMBER_ME_COOKIE remember_me_cookie
- PREDICTABLE_RANDOM_SEED random_seed
- PREDICTABLE_RANDOM_SEED secure_random_seed_const
- PREDICTABLE_RANDOM_SEED secure_random_seed_sys_time
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
|
- AWS_SSL_DISABLED aws_ssl_disabled
- AWS_VALIDATION_DISABLED aws_credentials_validation
- BAD_CERT_VERIFICATION bad_cert_verification
- BAD_CERT_VERIFICATION certificate_validation_disabled
- CONFIG.MYSQL_SSL_VERIFY_DISABLED mysql_ssl_verify_disabled
- CONFIG.REQUEST_STRICTSSL_DISABLED request_strictssl_disabled
- CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_max_age
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_report_uri
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_set_if
- INSECURE_COMMUNICATION insecure_connection
- INSECURE_COOKIE client_sessions_express_session
- INSECURE_COOKIE hapi_server_session
- INSECURE_RANDOM insecure_random_used
- INSECURE_RANDOM insecure_random_value
- INSECURE_SALT hardcoded
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO insecure_cipher
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SA.RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
|
- BAD_CERT_VERIFICATION bad_hostname_verifier
- BAD_CERT_VERIFICATION bad_revocation_check
- BAD_CERT_VERIFICATION bad_ssl_session
- BAD_CERT_VERIFICATION bad_trust_manager
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- INSECURE_COMMUNICATION none
- INSECURE_RANDOM insecure_random_used
- INSECURE_RANDOM insecure_random_value
- PREDICTABLE_RANDOM_SEED random_seed
- PREDICTABLE_RANDOM_SEED secure_random_seed_const
- PREDICTABLE_RANDOM_SEED secure_random_seed_sys_time
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
|
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
|
- BAD_CERT_VERIFICATION ssl_verification_bypass_hi
- HARDCODED_CREDENTIALS secret_in_source_med
- INSECURE_COOKIE cookie_missing_secure_flag_low
- RAILS_DEVISE_CONFIG devise_encryptor_hi
- STRICT_TRANSPORT_SECURITY force_ssl_disabled_med
- UNSAFE_SESSION_SETTING secure_cookies_hi
- UNSAFE_SESSION_SETTING session_secret_hi
- WEAK_PASSWORD_HASH weak_hash_digest_hi
- WEAK_PASSWORD_HASH weak_hash_digest_med
- WEAK_PASSWORD_HASH weak_hash_hmac_med
|
|
- BAD_CERT_VERIFICATION bad_trust_manager
- BAD_CERT_VERIFICATION none
- CONFIG.ATS_INSECURE none
- INSECURE_COMMUNICATION none
- INSECURE_MULTIPEER_CONNECTION none
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
|
- AWS_SSL_DISABLED aws_ssl_disabled
- AWS_VALIDATION_DISABLED aws_credentials_validation
- BAD_CERT_VERIFICATION bad_cert_verification
- BAD_CERT_VERIFICATION certificate_validation_disabled
- CONFIG.MYSQL_SSL_VERIFY_DISABLED mysql_ssl_verify_disabled
- CONFIG.REQUEST_STRICTSSL_DISABLED request_strictssl_disabled
- CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_max_age
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_report_uri
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_set_if
- INSECURE_COMMUNICATION insecure_connection
- INSECURE_COOKIE client_sessions_express_session
- INSECURE_COOKIE hapi_server_session
- INSECURE_RANDOM insecure_random_used
- INSECURE_RANDOM insecure_random_value
- INSECURE_SALT hardcoded
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO insecure_cipher
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SA.RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
|
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- INSECURE_RANDOM insecure_random_used
- INSECURE_RANDOM insecure_random_value
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
|
| 935 OWASP Top Ten 2013 Category A7 - Missing Function Level Access Control |
- CONFIG.CONNECTION_STRING_PASSWORD none
- CONFIG.DEAD_AUTHORIZATION_RULE dead_allow_rule
- CONFIG.DEAD_AUTHORIZATION_RULE dead_deny_rule
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- INSECURE_COOKIE dotnet
- MISSING_AUTHZ none
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
|
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- WEAK_GUARD dns
- WEAK_GUARD dns_sensitive_op
- WEAK_GUARD http_referer
- WEAK_GUARD http_referer_sensitive_op
- WEAK_GUARD ip_address
- WEAK_GUARD ip_address_sensitive_op
- WEAK_GUARD none
- WEAK_GUARD os_login
- WEAK_GUARD os_login_sensitive_op
- WEAK_GUARD principal_name
- WEAK_GUARD principal_name_sensitive_op
|
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- WEAK_GUARD dns
- WEAK_GUARD dns_sensitive_op
- WEAK_GUARD http_referer
- WEAK_GUARD http_referer_sensitive_op
- WEAK_GUARD ip_address
- WEAK_GUARD ip_address_sensitive_op
- WEAK_GUARD none
- WEAK_GUARD os_login
- WEAK_GUARD os_login_sensitive_op
- WEAK_GUARD principal_name
- WEAK_GUARD principal_name_sensitive_op
|
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
|
- ANDROID_CAPABILITY_LEAK none
- CONFIG.DWR_DEBUG_MODE none
- CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
- CONFIG.JAVAEE_MISSING_SERVLET_MAPPING javaee
- CONFIG.MISSING_JSF2_SECURITY_CONSTRAINT none
- CONFIG.MYBATIS_MAPPER_SQLI none
- CONFIG.SPRING_BOOT_SSL_DISABLED spring_boot_certificate_validation_skipped
- CONFIG.SPRING_SECURITY_DISABLE_AUTH_TAGS none
- CONFIG.SPRING_SECURITY_HARDCODED_CREDENTIALS none
- CONFIG.SPRING_SECURITY_REMEMBER_ME_HARDCODED_KEY none
- CONFIG.SPRING_SECURITY_SESSION_FIXATION none
- CONFIG.SPRING_SECURITY_SESSION_FIXATION spring_security_source_code
- CONFIG.SPRING_SECURITY_WEAK_PASSWORD_HASH weak_encoding_for_password
- CONFIG.STRUTS2_CONFIG_BROWSER_PLUGIN none
- CONFIG.STRUTS2_DYNAMIC_METHOD_INVOCATION none
- CONFIG.STRUTS2_ENABLED_DEV_MODE none
- CORS_MISCONFIGURATION cors_with_credentials_null_origin
- CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
- CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
- FB.DMI_CONSTANT_DB_PASSWORD none
- FB.DMI_EMPTY_DB_PASSWORD none
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- IMPLICIT_INTENT none
- INSECURE_COMMUNICATION none
- JSP_SQL_INJECTION none
- MISSING_AUTHZ none
- MISSING_PERMISSION_FOR_BROADCAST none
- MISSING_PERMISSION_ON_EXPORTED_COMPONENT none
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_intent
- SENSITIVE_DATA_LEAK cleartext_transmission
- SESSION_FIXATION none
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- WEAK_GUARD dns
- WEAK_GUARD dns_sensitive_op
- WEAK_GUARD http_referer
- WEAK_GUARD http_referer_sensitive_op
- WEAK_GUARD ip_address
- WEAK_GUARD ip_address_sensitive_op
- WEAK_GUARD none
- WEAK_GUARD os_login
- WEAK_GUARD os_login_sensitive_op
- WEAK_GUARD principal_name
- WEAK_GUARD principal_name_sensitive_op
|
- AWS_SSL_DISABLED aws_ssl_disabled
- AWS_VALIDATION_DISABLED aws_credentials_validation
- AWS_VALIDATION_DISABLED aws_parameters_validation
- BAD_CERT_VERIFICATION bad_cert_verification
- BAD_CERT_VERIFICATION certificate_validation_disabled
- CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
- CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
- CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
- CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
- CORS_MISCONFIGURATION cors_with_credentials_all_origin
- CORS_MISCONFIGURATION cors_with_credentials_null_origin
- CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
- CORS_MISCONFIGURATION_AUDIT cors_headers_allowed
- CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_all_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_null_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_set_if
- INSECURE_ACL insecure_acl
- INSECURE_COMMUNICATION insecure_connection
- INSECURE_COOKIE client_sessions_express_session
- INSECURE_COOKIE hapi_server_session
- MISSING_AUTHZ none
- MULTER_MISCONFIGURATION multer_applied_globally
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- UNLESS_CASE_SENSITIVE_ROUTE_MATCHING express_unless_case_sensitive_route_matching
- WEAK_URL_SANITIZATION hostname_regular_expression
- WEAK_URL_SANITIZATION regular_expression_anchor
- WEAK_URL_SANITIZATION url_substring
|
- ANDROID_CAPABILITY_LEAK none
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- IMPLICIT_INTENT none
- INSECURE_COMMUNICATION none
- MISSING_PERMISSION_FOR_BROADCAST none
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_intent
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
|
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- WEAK_GUARD dns
- WEAK_GUARD dns_sensitive_op
- WEAK_GUARD http_referer
- WEAK_GUARD http_referer_sensitive_op
- WEAK_GUARD ip_address
- WEAK_GUARD ip_address_sensitive_op
- WEAK_GUARD none
- WEAK_GUARD os_login
- WEAK_GUARD os_login_sensitive_op
- WEAK_GUARD principal_name
- WEAK_GUARD principal_name_sensitive_op
|
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- MISSING_AUTHZ none
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
|
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- MISSING_AUTHZ none
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
|
- HARDCODED_CREDENTIALS secret_in_source_med
- INSECURE_COOKIE missing_httponly_low
- INSECURE_DIRECT_OBJECT_REFERENCE unscoped_find_low
- RAILS_DEFAULT_ROUTES all_default_routes_hi
- RAILS_DEFAULT_ROUTES controller_default_routes_med
- RAILS_DEVISE_CONFIG devise_lock_strategy_low
- RAILS_DEVISE_CONFIG devise_password_length_max_low
- RAILS_DEVISE_CONFIG devise_password_length_max_med
- RAILS_DEVISE_CONFIG devise_password_length_min_low
- RAILS_DEVISE_CONFIG devise_password_length_min_med
- RAILS_DEVISE_CONFIG devise_reset_timeout_hi
- RAILS_MISSING_FILTER_ACTION missing_action_filter_low
- RUBY_VULNERABLE_LIBRARY cve_2015_7576_hi
- STRICT_TRANSPORT_SECURITY force_ssl_disabled_med
- UNSAFE_BASIC_AUTH basic_auth_password_hi
- UNSAFE_BASIC_AUTH basic_auth_timing_attack_low
- UNSAFE_BASIC_AUTH basic_auth_usage_low
- UNSAFE_SESSION_SETTING http_cookies_hi
- UNSAFE_SESSION_SETTING session_secret_hi
|
|
- CONFIG.ATS_INSECURE none
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- INSECURE_COMMUNICATION none
- INSECURE_MULTIPEER_CONNECTION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- WEAK_BIOMETRIC_AUTH none
|
- AWS_SSL_DISABLED aws_ssl_disabled
- AWS_VALIDATION_DISABLED aws_credentials_validation
- AWS_VALIDATION_DISABLED aws_parameters_validation
- BAD_CERT_VERIFICATION bad_cert_verification
- BAD_CERT_VERIFICATION certificate_validation_disabled
- CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
- CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
- CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
- CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
- CORS_MISCONFIGURATION cors_with_credentials_all_origin
- CORS_MISCONFIGURATION cors_with_credentials_null_origin
- CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
- CORS_MISCONFIGURATION_AUDIT cors_headers_allowed
- CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_all_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_null_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_set_if
- INSECURE_ACL insecure_acl
- INSECURE_COMMUNICATION insecure_connection
- INSECURE_COOKIE client_sessions_express_session
- INSECURE_COOKIE hapi_server_session
- MISSING_AUTHZ none
- MULTER_MISCONFIGURATION multer_applied_globally
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- UNLESS_CASE_SENSITIVE_ROUTE_MATCHING express_unless_case_sensitive_route_matching
- WEAK_URL_SANITIZATION hostname_regular_expression
- WEAK_URL_SANITIZATION regular_expression_anchor
- WEAK_URL_SANITIZATION url_substring
|
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- MISSING_AUTHZ none
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
|
| 936 OWASP Top Ten 2013 Category A8 - Cross-Site Request Forgery (CSRF) |
- CSRF database_update
- CSRF filesystem_modification
- CSRF none
|
|
|
|
- CONFIG.SPRING_SECURITY_CSRF_PROTECTION_DISABLED spring_security
- CSRF database_update
- CSRF filesystem_modification
- CSRF none
|
- CONFIG.CSURF_IGNORE_METHODS csurf_ignore_methods
- CONFIG.HANA_XS_PREVENT_XSRF_DISABLED none
- CSRF database_update
- CSRF filesystem_modification
- CSRF none
- CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_cookie_name
- CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_no_validation
- CSRF_MISCONFIGURATION_HAPI_CRUMB insecure_cookie
- CSRF_MISCONFIGURATION_HAPI_CRUMB insufficient_token_entropy
|
|
|
- CONFIG.SYMFONY_CSRF_PROTECTION_DISABLED none
|
- CSRF database_update
- CSRF none
|
- CSRF csrf_not_protected_by_raising_exception_med
- CSRF csrf_protection_disabled_hi
- CSRF csrf_protection_missing_hi
- CSRF cve_2011_0447_hi
|
|
|
- CONFIG.CSURF_IGNORE_METHODS csurf_ignore_methods
- CONFIG.HANA_XS_PREVENT_XSRF_DISABLED none
- CSRF database_update
- CSRF filesystem_modification
- CSRF none
- CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_cookie_name
- CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_no_validation
- CSRF_MISCONFIGURATION_HAPI_CRUMB insecure_cookie
- CSRF_MISCONFIGURATION_HAPI_CRUMB insufficient_token_entropy
|
- CSRF database_update
- CSRF filesystem_modification
- CSRF none
|
| 937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities |
|
|
|
|
|
|
|
|
|
|
- RUBY_VULNERABLE_LIBRARY cve_2010_3933_hi
- RUBY_VULNERABLE_LIBRARY cve_2011_2929_hi
- RUBY_VULNERABLE_LIBRARY cve_2011_2930_med
- RUBY_VULNERABLE_LIBRARY cve_2011_2931_hi
- RUBY_VULNERABLE_LIBRARY cve_2011_2932_hi
- RUBY_VULNERABLE_LIBRARY cve_2011_3186_med
- RUBY_VULNERABLE_LIBRARY cve_2012_2660_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_2661_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_2695_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_3424_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_3424_low
- RUBY_VULNERABLE_LIBRARY cve_2012_3463_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_3465_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_5664_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_0155_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_0156_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_0269_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_0269_low
- RUBY_VULNERABLE_LIBRARY cve_2013_0269_med
- RUBY_VULNERABLE_LIBRARY cve_2013_0277_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_0277_med
- RUBY_VULNERABLE_LIBRARY cve_2013_0333_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_1854_med
- RUBY_VULNERABLE_LIBRARY cve_2013_1855_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_1856_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_1857_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_4491_med
- RUBY_VULNERABLE_LIBRARY cve_2013_6414_med
- RUBY_VULNERABLE_LIBRARY cve_2013_6416_call_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_6416_med
- RUBY_VULNERABLE_LIBRARY cve_2013_6417_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_0080_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_0081_call_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_0081_med
- RUBY_VULNERABLE_LIBRARY cve_2014_0082_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_3482_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_3483_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_low
- RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_med
- RUBY_VULNERABLE_LIBRARY cve_2014_3514_med
- RUBY_VULNERABLE_LIBRARY cve_2014_7829_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_3226_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_3226_med
- RUBY_VULNERABLE_LIBRARY cve_2015_3227_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7576_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_7577_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7578_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_7578_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7579_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_7579_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7580_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_7580_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7581_med
- RUBY_VULNERABLE_LIBRARY cve_2016_0751_med
- RUBY_VULNERABLE_LIBRARY cve_2016_6317_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_3741_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_3741_med
- RUBY_VULNERABLE_LIBRARY cve_2018_3760_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_3760_low
- RUBY_VULNERABLE_LIBRARY cve_2018_8048_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_8048_med
- RUBY_VULNERABLE_LIBRARY safe_buffer_vuln_med
- RUBY_VULNERABLE_LIBRARY select_options_vuln_low
- RUBY_VULNERABLE_LIBRARY select_options_vuln_med
- RUBY_VULNERABLE_LIBRARY translate_vuln_hi
- RUBY_VULNERABLE_LIBRARY translate_vuln_med
|
|
|
|
|
| 938 OWASP Top Ten 2013 Category A10 - Unvalidated Redirects and Forwards |
- OPEN_REDIRECT none
- UNRESTRICTED_DISPATCH none
|
|
|
|
- OPEN_REDIRECT none
- UNRESTRICTED_DISPATCH none
|
- OPEN_REDIRECT none
- REVERSE_TABNABBING react_target_blank
|
|
|
|
|
- OPEN_REDIRECT open_redirect_hi
- OPEN_REDIRECT open_redirect_low
- REVERSE_TABNABBING reverse_tabnabbing_low
|
|
|
- OPEN_REDIRECT none
- REVERSE_TABNABBING react_target_blank
|
- OPEN_REDIRECT none
- UNRESTRICTED_DISPATCH none
|
| 939 Improper Authorization in Handler for Custom URL Scheme |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 940 Improper Verification of Source of a Communication Channel |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 941 Incorrectly Specified Destination in a Communication Channel |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 942 Permissive Cross-domain Policy with Untrusted Domains |
|
|
|
|
- CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
- INSECURE_REMEMBER_ME_COOKIE remember_me_cookie
|
- CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
- INSECURE_COOKIE client_sessions_express_session
- INSECURE_COOKIE hapi_server_session
|
|
|
|
|
|
|
|
- CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
- INSECURE_COOKIE client_sessions_express_session
- INSECURE_COOKIE hapi_server_session
|
|
| 943 Improper Neutralization of Special Elements in Data Query Logic |
- LDAP_INJECTION none
- LDAP_NOT_CONSTANT none
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
- XPATH_INJECTION none
|
- SQLI none
- XPATH_INJECTION none
|
- SQLI none
- XPATH_INJECTION none
|
- SQLI none
- SQLI nosink
- SQLI sink
|
- CONFIG.MYBATIS_MAPPER_SQLI none
- FB.SQL_NONCONSTANT_STRING_PASSED_TO_EXECUTE none
- FB.SQL_PREPARED_STATEMENT_GENERATED_FROM_NONCONSTANT_STRING none
- JSP_SQL_INJECTION none
- LDAP_INJECTION none
- LDAP_NOT_CONSTANT none
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
- XPATH_INJECTION none
|
- SQLI none
- SQLI nosink
- SQLI sink
|
- SQLI none
- SQLI nosink
- SQLI sink
|
- SQLI none
- XPATH_INJECTION none
|
- SQLI none
- SQLI nosink
- SQLI sink
|
- SQLI none
- SQLI nosink
- SQLI sink
|
- DYNAMIC_OBJECT_ATTRIBUTES cve_2013_0276_hi
- RUBY_VULNERABLE_LIBRARY cve_2010_3933_hi
- RUBY_VULNERABLE_LIBRARY cve_2011_2930_med
- RUBY_VULNERABLE_LIBRARY cve_2012_2660_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_2661_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_2695_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_5664_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_0155_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_6417_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_0080_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_3482_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_3483_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_low
- RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_med
- RUBY_VULNERABLE_LIBRARY cve_2014_3514_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7577_med
- RUBY_VULNERABLE_LIBRARY cve_2016_6317_hi
- SQLI sql_injection_calculate_hi
- SQLI sql_injection_calculate_low
- SQLI sql_injection_calculate_med
- SQLI sql_injection_connection_hi
- SQLI sql_injection_connection_low
- SQLI sql_injection_connection_med
- SQLI sql_injection_delete_hi
- SQLI sql_injection_delete_low
- SQLI sql_injection_delete_med
- SQLI sql_injection_dynamic_finder_med
- SQLI sql_injection_exists_hi
- SQLI sql_injection_find_by_hi
- SQLI sql_injection_find_hi
- SQLI sql_injection_find_low
- SQLI sql_injection_find_med
- SQLI sql_injection_from_hi
- SQLI sql_injection_from_low
- SQLI sql_injection_from_med
- SQLI sql_injection_group_low
- SQLI sql_injection_group_med
- SQLI sql_injection_having_low
- SQLI sql_injection_having_med
- SQLI sql_injection_hi
- SQLI sql_injection_interp_hi
- SQLI sql_injection_interp_low
- SQLI sql_injection_interp_med
- SQLI sql_injection_joins_hi
- SQLI sql_injection_joins_low
- SQLI sql_injection_joins_med
- SQLI sql_injection_limit_offset_hi
- SQLI sql_injection_limit_offset_low
- SQLI sql_injection_low
- SQLI sql_injection_med
- SQLI sql_injection_not_low
- SQLI sql_injection_order_hi
- SQLI sql_injection_order_low
- SQLI sql_injection_order_med
- SQLI sql_injection_pluck_hi
- SQLI sql_injection_pluck_low
- SQLI sql_injection_pluck_med
- SQLI sql_injection_reorder_hi
- SQLI sql_injection_reorder_low
- SQLI sql_injection_reorder_med
- SQLI sql_injection_select_hi
- SQLI sql_injection_select_med
- SQLI sql_injection_where_hi
- SQLI sql_injection_where_low
- SQLI sql_injection_where_med
|
|
- SQLI none
- SQLI nosink
- SQLI sink
- XPATH_INJECTION none
|
- SQLI none
- SQLI nosink
- SQLI sink
|
- LDAP_INJECTION none
- LDAP_NOT_CONSTANT none
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
- XPATH_INJECTION none
|
| 944 SFP Secondary Cluster: Access Management |
- CONFIG.CONNECTION_STRING_PASSWORD none
- CONFIG.DEAD_AUTHORIZATION_RULE dead_allow_rule
- CONFIG.DEAD_AUTHORIZATION_RULE dead_deny_rule
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- INSECURE_COOKIE dotnet
- MISSING_AUTHZ none
- RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
|
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- WEAK_GUARD dns
- WEAK_GUARD dns_sensitive_op
- WEAK_GUARD http_referer
- WEAK_GUARD http_referer_sensitive_op
- WEAK_GUARD ip_address
- WEAK_GUARD ip_address_sensitive_op
- WEAK_GUARD none
- WEAK_GUARD os_login
- WEAK_GUARD os_login_sensitive_op
- WEAK_GUARD principal_name
- WEAK_GUARD principal_name_sensitive_op
|
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- WEAK_GUARD dns
- WEAK_GUARD dns_sensitive_op
- WEAK_GUARD http_referer
- WEAK_GUARD http_referer_sensitive_op
- WEAK_GUARD ip_address
- WEAK_GUARD ip_address_sensitive_op
- WEAK_GUARD none
- WEAK_GUARD os_login
- WEAK_GUARD os_login_sensitive_op
- WEAK_GUARD principal_name
- WEAK_GUARD principal_name_sensitive_op
|
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
|
- ANDROID_CAPABILITY_LEAK none
- ANDROID_WEBVIEW_FILEACCESS android_webview_file_access
- BAD_CERT_VERIFICATION bad_hostname_verifier
- BAD_CERT_VERIFICATION bad_revocation_check
- BAD_CERT_VERIFICATION bad_ssl_session
- BAD_CERT_VERIFICATION bad_trust_manager
- CONFIG.DWR_DEBUG_MODE none
- CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
- CONFIG.JAVAEE_MISSING_SERVLET_MAPPING javaee
- CONFIG.MISSING_JSF2_SECURITY_CONSTRAINT none
- CONFIG.MYBATIS_MAPPER_SQLI none
- CONFIG.SPRING_BOOT_SSL_DISABLED spring_boot_certificate_validation_skipped
- CONFIG.SPRING_SECURITY_DISABLE_AUTH_TAGS none
- CONFIG.SPRING_SECURITY_HARDCODED_CREDENTIALS none
- CONFIG.SPRING_SECURITY_REMEMBER_ME_HARDCODED_KEY none
- CONFIG.SPRING_SECURITY_SESSION_FIXATION none
- CONFIG.SPRING_SECURITY_SESSION_FIXATION spring_security_source_code
- CONFIG.SPRING_SECURITY_WEAK_PASSWORD_HASH weak_encoding_for_password
- CONFIG.STRUTS2_CONFIG_BROWSER_PLUGIN none
- CONFIG.STRUTS2_DYNAMIC_METHOD_INVOCATION none
- CONFIG.STRUTS2_ENABLED_DEV_MODE none
- CONFIG.UNSAFE_SESSION_TIMEOUT none
- CORS_MISCONFIGURATION cors_with_credentials_http_origin
- CORS_MISCONFIGURATION cors_with_credentials_null_origin
- CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
- CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
- FB.DMI_CONSTANT_DB_PASSWORD none
- FB.DMI_EMPTY_DB_PASSWORD none
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- IMPLICIT_INTENT none
- INSECURE_COMMUNICATION none
- INSECURE_REMEMBER_ME_COOKIE remember_me_cookie
- JSP_SQL_INJECTION none
- MISSING_AUTHZ none
- MISSING_PERMISSION_FOR_BROADCAST none
- MISSING_PERMISSION_ON_EXPORTED_COMPONENT none
- RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_intent
- SENSITIVE_DATA_LEAK cleartext_transmission
- SESSION_FIXATION none
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- WEAK_GUARD dns
- WEAK_GUARD dns_sensitive_op
- WEAK_GUARD http_referer
- WEAK_GUARD http_referer_sensitive_op
- WEAK_GUARD ip_address
- WEAK_GUARD ip_address_sensitive_op
- WEAK_GUARD none
- WEAK_GUARD os_login
- WEAK_GUARD os_login_sensitive_op
- WEAK_GUARD principal_name
- WEAK_GUARD principal_name_sensitive_op
|
- AWS_SSL_DISABLED aws_ssl_disabled
- AWS_VALIDATION_DISABLED aws_credentials_validation
- AWS_VALIDATION_DISABLED aws_parameters_validation
- BAD_CERT_VERIFICATION bad_cert_verification
- BAD_CERT_VERIFICATION certificate_validation_disabled
- CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
- CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
- CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
- CONFIG.REQUEST_STRICTSSL_DISABLED request_strictssl_disabled
- CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
- CONFIG.UNSAFE_SESSION_TIMEOUT client_sessions_unsafe_session_timeout
- CONFIG.UNSAFE_SESSION_TIMEOUT connect_mongo_session_timeout_too_long
- CONFIG.UNSAFE_SESSION_TIMEOUT connect_redis_session_timeout_too_long
- CONFIG.UNSAFE_SESSION_TIMEOUT google_cloud_connect_datastore_unsafe_session_timeout
- CORS_MISCONFIGURATION cors_with_credentials_all_origin
- CORS_MISCONFIGURATION cors_with_credentials_http_origin
- CORS_MISCONFIGURATION cors_with_credentials_null_origin
- CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
- CORS_MISCONFIGURATION_AUDIT cors_headers_allowed
- CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
- CORS_MISCONFIGURATION_AUDIT cors_preflight_age_too_long
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_all_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_http_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_null_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_max_age
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_set_if
- INSECURE_ACL insecure_acl
- INSECURE_COMMUNICATION insecure_connection
- INSECURE_COOKIE client_sessions_express_session
- INSECURE_COOKIE hapi_server_session
- INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_aws
- INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_google
- MISSING_AUTHZ none
- MULTER_MISCONFIGURATION multer_applied_globally
- RISKY_CRYPTO ssl_protocol
- SA.RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- TEMPORARY_CREDENTIALS_DURATION temporary_credentials_duration
- UNCHECKED_ORIGIN none
- UNLESS_CASE_SENSITIVE_ROUTE_MATCHING express_unless_case_sensitive_route_matching
- WEAK_URL_SANITIZATION hostname_regular_expression
- WEAK_URL_SANITIZATION regular_expression_anchor
- WEAK_URL_SANITIZATION url_substring
|
- ANDROID_CAPABILITY_LEAK none
- BAD_CERT_VERIFICATION bad_hostname_verifier
- BAD_CERT_VERIFICATION bad_revocation_check
- BAD_CERT_VERIFICATION bad_ssl_session
- BAD_CERT_VERIFICATION bad_trust_manager
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- IMPLICIT_INTENT none
- INSECURE_COMMUNICATION none
- MISSING_PERMISSION_FOR_BROADCAST none
- RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_intent
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
|
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- WEAK_GUARD dns
- WEAK_GUARD dns_sensitive_op
- WEAK_GUARD http_referer
- WEAK_GUARD http_referer_sensitive_op
- WEAK_GUARD ip_address
- WEAK_GUARD ip_address_sensitive_op
- WEAK_GUARD none
- WEAK_GUARD os_login
- WEAK_GUARD os_login_sensitive_op
- WEAK_GUARD principal_name
- WEAK_GUARD principal_name_sensitive_op
|
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- MISSING_AUTHZ none
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
|
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- MISSING_AUTHZ none
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
|
- BAD_CERT_VERIFICATION ssl_verification_bypass_hi
- HARDCODED_CREDENTIALS secret_in_source_med
- INSECURE_COOKIE missing_httponly_low
- INSECURE_DIRECT_OBJECT_REFERENCE unscoped_find_low
- RAILS_DEFAULT_ROUTES all_default_routes_hi
- RAILS_DEFAULT_ROUTES controller_default_routes_med
- RAILS_DEVISE_CONFIG devise_lock_strategy_low
- RAILS_DEVISE_CONFIG devise_password_length_max_low
- RAILS_DEVISE_CONFIG devise_password_length_max_med
- RAILS_DEVISE_CONFIG devise_password_length_min_low
- RAILS_DEVISE_CONFIG devise_password_length_min_med
- RAILS_DEVISE_CONFIG devise_reset_timeout_hi
- RAILS_MISSING_FILTER_ACTION missing_action_filter_low
- RUBY_VULNERABLE_LIBRARY cve_2015_7576_hi
- STRICT_TRANSPORT_SECURITY force_ssl_disabled_med
- UNSAFE_BASIC_AUTH basic_auth_password_hi
- UNSAFE_BASIC_AUTH basic_auth_timing_attack_low
- UNSAFE_BASIC_AUTH basic_auth_usage_low
- UNSAFE_SESSION_SETTING http_cookies_hi
- UNSAFE_SESSION_SETTING session_secret_hi
|
|
- BAD_CERT_VERIFICATION bad_trust_manager
- BAD_CERT_VERIFICATION none
- CONFIG.ATS_INSECURE none
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- INSECURE_COMMUNICATION none
- INSECURE_MULTIPEER_CONNECTION none
- RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- WEAK_BIOMETRIC_AUTH none
|
- AWS_SSL_DISABLED aws_ssl_disabled
- AWS_VALIDATION_DISABLED aws_credentials_validation
- AWS_VALIDATION_DISABLED aws_parameters_validation
- BAD_CERT_VERIFICATION bad_cert_verification
- BAD_CERT_VERIFICATION certificate_validation_disabled
- CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
- CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
- CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
- CONFIG.REQUEST_STRICTSSL_DISABLED request_strictssl_disabled
- CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
- CONFIG.UNSAFE_SESSION_TIMEOUT client_sessions_unsafe_session_timeout
- CONFIG.UNSAFE_SESSION_TIMEOUT connect_mongo_session_timeout_too_long
- CONFIG.UNSAFE_SESSION_TIMEOUT connect_redis_session_timeout_too_long
- CONFIG.UNSAFE_SESSION_TIMEOUT google_cloud_connect_datastore_unsafe_session_timeout
- CORS_MISCONFIGURATION cors_with_credentials_all_origin
- CORS_MISCONFIGURATION cors_with_credentials_http_origin
- CORS_MISCONFIGURATION cors_with_credentials_null_origin
- CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
- CORS_MISCONFIGURATION_AUDIT cors_headers_allowed
- CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
- CORS_MISCONFIGURATION_AUDIT cors_preflight_age_too_long
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_all_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_http_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_null_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_max_age
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_set_if
- INSECURE_ACL insecure_acl
- INSECURE_COMMUNICATION insecure_connection
- INSECURE_COOKIE client_sessions_express_session
- INSECURE_COOKIE hapi_server_session
- INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_aws
- INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_google
- MISSING_AUTHZ none
- MULTER_MISCONFIGURATION multer_applied_globally
- RISKY_CRYPTO ssl_protocol
- SA.RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- TEMPORARY_CREDENTIALS_DURATION temporary_credentials_duration
- UNCHECKED_ORIGIN none
- UNLESS_CASE_SENSITIVE_ROUTE_MATCHING express_unless_case_sensitive_route_matching
- WEAK_URL_SANITIZATION hostname_regular_expression
- WEAK_URL_SANITIZATION regular_expression_anchor
- WEAK_URL_SANITIZATION url_substring
|
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- MISSING_AUTHZ none
- RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
|
| 945 SFP Secondary Cluster: Insecure Resource Access |
- CONFIG.DEAD_AUTHORIZATION_RULE dead_allow_rule
- CONFIG.DEAD_AUTHORIZATION_RULE dead_deny_rule
- INSECURE_COOKIE dotnet
- MISSING_AUTHZ none
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
|
|
|
- SQLI none
- SQLI nosink
- SQLI sink
|
- ANDROID_CAPABILITY_LEAK none
- CONFIG.DWR_DEBUG_MODE none
- CONFIG.HTTP_VERB_TAMPERING none
- CONFIG.JAVAEE_MISSING_SERVLET_MAPPING javaee
- CONFIG.MISSING_JSF2_SECURITY_CONSTRAINT none
- CONFIG.MYBATIS_MAPPER_SQLI none
- CONFIG.SPRING_BOOT_SSL_DISABLED spring_boot_certificate_validation_skipped
- CONFIG.SPRING_SECURITY_DISABLE_AUTH_TAGS none
- CONFIG.STRUTS2_CONFIG_BROWSER_PLUGIN none
- CONFIG.STRUTS2_DYNAMIC_METHOD_INVOCATION none
- CONFIG.STRUTS2_ENABLED_DEV_MODE none
- CORS_MISCONFIGURATION cors_with_credentials_null_origin
- CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
- CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
- IMPLICIT_INTENT none
- INSECURE_HTTP_FIREWALL spring_security
- JSP_SQL_INJECTION none
- MISSING_AUTHZ none
- MISSING_PERMISSION_FOR_BROADCAST none
- MISSING_PERMISSION_ON_EXPORTED_COMPONENT none
- SENSITIVE_DATA_LEAK cleartext_storage_in_intent
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
|
- AWS_VALIDATION_DISABLED aws_credentials_validation
- AWS_VALIDATION_DISABLED aws_parameters_validation
- BAD_CERT_VERIFICATION bad_cert_verification
- BAD_CERT_VERIFICATION certificate_validation_disabled
- CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
- CORS_MISCONFIGURATION cors_with_credentials_all_origin
- CORS_MISCONFIGURATION cors_with_credentials_null_origin
- CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
- CORS_MISCONFIGURATION_AUDIT cors_headers_allowed
- CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_all_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_null_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_set_if
- INSECURE_ACL insecure_acl
- INSECURE_COOKIE client_sessions_express_session
- INSECURE_COOKIE hapi_server_session
- MISSING_AUTHZ none
- SQLI none
- SQLI nosink
- SQLI sink
|
- ANDROID_CAPABILITY_LEAK none
- IMPLICIT_INTENT none
- MISSING_PERMISSION_FOR_BROADCAST none
- SENSITIVE_DATA_LEAK cleartext_storage_in_intent
- SQLI none
- SQLI nosink
- SQLI sink
|
|
- MISSING_AUTHZ none
- SQLI none
- SQLI nosink
- SQLI sink
|
- MISSING_AUTHZ none
- SQLI none
- SQLI nosink
- SQLI sink
|
- INSECURE_COOKIE missing_httponly_low
- INSECURE_DIRECT_OBJECT_REFERENCE unscoped_find_low
- RAILS_DEFAULT_ROUTES all_default_routes_hi
- RAILS_DEFAULT_ROUTES controller_default_routes_med
- RAILS_MISSING_FILTER_ACTION missing_action_filter_low
- UNSAFE_SESSION_SETTING http_cookies_hi
|
|
- SQLI none
- SQLI nosink
- SQLI sink
|
- AWS_VALIDATION_DISABLED aws_credentials_validation
- AWS_VALIDATION_DISABLED aws_parameters_validation
- BAD_CERT_VERIFICATION bad_cert_verification
- BAD_CERT_VERIFICATION certificate_validation_disabled
- CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
- CORS_MISCONFIGURATION cors_with_credentials_all_origin
- CORS_MISCONFIGURATION cors_with_credentials_null_origin
- CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
- CORS_MISCONFIGURATION_AUDIT cors_headers_allowed
- CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_all_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_null_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_set_if
- INSECURE_ACL insecure_acl
- INSECURE_COOKIE client_sessions_express_session
- INSECURE_COOKIE hapi_server_session
- MISSING_AUTHZ none
- SQLI none
- SQLI nosink
- SQLI sink
|
- MISSING_AUTHZ none
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
|
| 946 SFP Secondary Cluster: Insecure Resource Permissions |
|
|
|
|
|
- INSECURE_ACL insecure_acl
- INSECURE_COOKIE client_sessions_express_session
- INSECURE_COOKIE hapi_server_session
|
|
|
|
|
- INSECURE_COOKIE missing_httponly_low
- UNSAFE_SESSION_SETTING http_cookies_hi
|
|
|
- INSECURE_ACL insecure_acl
- INSECURE_COOKIE client_sessions_express_session
- INSECURE_COOKIE hapi_server_session
|
|
| 947 SFP Secondary Cluster: Authentication Bypass |
- CONFIG.CONNECTION_STRING_PASSWORD none
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- MISSING_AUTHZ none
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
|
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- WEAK_GUARD dns
- WEAK_GUARD dns_sensitive_op
- WEAK_GUARD http_referer
- WEAK_GUARD http_referer_sensitive_op
- WEAK_GUARD ip_address
- WEAK_GUARD ip_address_sensitive_op
- WEAK_GUARD none
- WEAK_GUARD os_login
- WEAK_GUARD os_login_sensitive_op
- WEAK_GUARD principal_name
- WEAK_GUARD principal_name_sensitive_op
|
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- WEAK_GUARD dns
- WEAK_GUARD dns_sensitive_op
- WEAK_GUARD http_referer
- WEAK_GUARD http_referer_sensitive_op
- WEAK_GUARD ip_address
- WEAK_GUARD ip_address_sensitive_op
- WEAK_GUARD none
- WEAK_GUARD os_login
- WEAK_GUARD os_login_sensitive_op
- WEAK_GUARD principal_name
- WEAK_GUARD principal_name_sensitive_op
|
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_transmission
|
- CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
- CONFIG.MISSING_JSF2_SECURITY_CONSTRAINT none
- CONFIG.SPRING_BOOT_SSL_DISABLED spring_boot_certificate_validation_skipped
- CONFIG.SPRING_SECURITY_HARDCODED_CREDENTIALS none
- CONFIG.SPRING_SECURITY_REMEMBER_ME_HARDCODED_KEY none
- CONFIG.SPRING_SECURITY_SESSION_FIXATION none
- CONFIG.SPRING_SECURITY_SESSION_FIXATION spring_security_source_code
- CONFIG.SPRING_SECURITY_WEAK_PASSWORD_HASH weak_encoding_for_password
- CORS_MISCONFIGURATION cors_with_credentials_null_origin
- CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
- CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
- FB.DMI_CONSTANT_DB_PASSWORD none
- FB.DMI_EMPTY_DB_PASSWORD none
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- INSECURE_COMMUNICATION none
- MISSING_AUTHZ none
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_transmission
- SESSION_FIXATION none
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- WEAK_GUARD dns
- WEAK_GUARD dns_sensitive_op
- WEAK_GUARD http_referer
- WEAK_GUARD http_referer_sensitive_op
- WEAK_GUARD ip_address
- WEAK_GUARD ip_address_sensitive_op
- WEAK_GUARD none
- WEAK_GUARD os_login
- WEAK_GUARD os_login_sensitive_op
- WEAK_GUARD principal_name
- WEAK_GUARD principal_name_sensitive_op
|
- AWS_SSL_DISABLED aws_ssl_disabled
- AWS_VALIDATION_DISABLED aws_credentials_validation
- AWS_VALIDATION_DISABLED aws_parameters_validation
- BAD_CERT_VERIFICATION bad_cert_verification
- BAD_CERT_VERIFICATION certificate_validation_disabled
- CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
- CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
- CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
- CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
- CORS_MISCONFIGURATION cors_with_credentials_all_origin
- CORS_MISCONFIGURATION cors_with_credentials_null_origin
- CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
- CORS_MISCONFIGURATION_AUDIT cors_headers_allowed
- CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_all_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_null_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_set_if
- INSECURE_COMMUNICATION insecure_connection
- MISSING_AUTHZ none
- MULTER_MISCONFIGURATION multer_applied_globally
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNLESS_CASE_SENSITIVE_ROUTE_MATCHING express_unless_case_sensitive_route_matching
- WEAK_URL_SANITIZATION hostname_regular_expression
- WEAK_URL_SANITIZATION regular_expression_anchor
- WEAK_URL_SANITIZATION url_substring
|
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- INSECURE_COMMUNICATION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
|
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- WEAK_GUARD dns
- WEAK_GUARD dns_sensitive_op
- WEAK_GUARD http_referer
- WEAK_GUARD http_referer_sensitive_op
- WEAK_GUARD ip_address
- WEAK_GUARD ip_address_sensitive_op
- WEAK_GUARD none
- WEAK_GUARD os_login
- WEAK_GUARD os_login_sensitive_op
- WEAK_GUARD principal_name
- WEAK_GUARD principal_name_sensitive_op
|
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- MISSING_AUTHZ none
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_transmission
|
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- MISSING_AUTHZ none
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_transmission
|
- HARDCODED_CREDENTIALS secret_in_source_med
- RAILS_DEVISE_CONFIG devise_lock_strategy_low
- RAILS_DEVISE_CONFIG devise_password_length_max_low
- RAILS_DEVISE_CONFIG devise_password_length_max_med
- RAILS_DEVISE_CONFIG devise_password_length_min_low
- RAILS_DEVISE_CONFIG devise_password_length_min_med
- RAILS_DEVISE_CONFIG devise_reset_timeout_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_7576_hi
- STRICT_TRANSPORT_SECURITY force_ssl_disabled_med
- UNSAFE_BASIC_AUTH basic_auth_password_hi
- UNSAFE_BASIC_AUTH basic_auth_timing_attack_low
- UNSAFE_BASIC_AUTH basic_auth_usage_low
- UNSAFE_SESSION_SETTING session_secret_hi
|
|
- CONFIG.ATS_INSECURE none
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- INSECURE_COMMUNICATION none
- INSECURE_MULTIPEER_CONNECTION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- WEAK_BIOMETRIC_AUTH none
|
- AWS_SSL_DISABLED aws_ssl_disabled
- AWS_VALIDATION_DISABLED aws_credentials_validation
- AWS_VALIDATION_DISABLED aws_parameters_validation
- BAD_CERT_VERIFICATION bad_cert_verification
- BAD_CERT_VERIFICATION certificate_validation_disabled
- CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
- CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
- CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
- CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
- CORS_MISCONFIGURATION cors_with_credentials_all_origin
- CORS_MISCONFIGURATION cors_with_credentials_null_origin
- CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
- CORS_MISCONFIGURATION_AUDIT cors_headers_allowed
- CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_all_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_null_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_set_if
- INSECURE_COMMUNICATION insecure_connection
- MISSING_AUTHZ none
- MULTER_MISCONFIGURATION multer_applied_globally
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNLESS_CASE_SENSITIVE_ROUTE_MATCHING express_unless_case_sensitive_route_matching
- WEAK_URL_SANITIZATION hostname_regular_expression
- WEAK_URL_SANITIZATION regular_expression_anchor
- WEAK_URL_SANITIZATION url_substring
|
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- MISSING_AUTHZ none
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_transmission
|
| 948 SFP Secondary Cluster: Digital Certificate |
|
|
|
|
- BAD_CERT_VERIFICATION bad_hostname_verifier
- BAD_CERT_VERIFICATION bad_revocation_check
- BAD_CERT_VERIFICATION bad_ssl_session
- BAD_CERT_VERIFICATION bad_trust_manager
|
|
- BAD_CERT_VERIFICATION bad_hostname_verifier
- BAD_CERT_VERIFICATION bad_revocation_check
- BAD_CERT_VERIFICATION bad_ssl_session
- BAD_CERT_VERIFICATION bad_trust_manager
|
|
|
|
- BAD_CERT_VERIFICATION ssl_verification_bypass_hi
|
|
- BAD_CERT_VERIFICATION bad_trust_manager
|
|
|
| 949 SFP Secondary Cluster: Faulty Endpoint Authentication |
- CSRF database_update
- CSRF filesystem_modification
- CSRF none
|
- WEAK_GUARD dns
- WEAK_GUARD dns_sensitive_op
- WEAK_GUARD http_referer
- WEAK_GUARD http_referer_sensitive_op
|
- WEAK_GUARD dns
- WEAK_GUARD dns_sensitive_op
- WEAK_GUARD http_referer
- WEAK_GUARD http_referer_sensitive_op
|
|
- CONFIG.SPRING_SECURITY_CSRF_PROTECTION_DISABLED spring_security
- CONFIG.UNSAFE_SESSION_TIMEOUT none
- CSRF database_update
- CSRF filesystem_modification
- CSRF none
- WEAK_GUARD dns
- WEAK_GUARD dns_sensitive_op
- WEAK_GUARD http_referer
- WEAK_GUARD http_referer_sensitive_op
|
- CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
- CONFIG.CSURF_IGNORE_METHODS csurf_ignore_methods
- CONFIG.HANA_XS_PREVENT_XSRF_DISABLED none
- CONFIG.UNSAFE_SESSION_TIMEOUT client_sessions_unsafe_session_timeout
- CONFIG.UNSAFE_SESSION_TIMEOUT connect_mongo_session_timeout_too_long
- CONFIG.UNSAFE_SESSION_TIMEOUT connect_redis_session_timeout_too_long
- CONFIG.UNSAFE_SESSION_TIMEOUT google_cloud_connect_datastore_unsafe_session_timeout
- CORS_MISCONFIGURATION_AUDIT cors_preflight_age_too_long
- CSRF database_update
- CSRF filesystem_modification
- CSRF none
- CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_cookie_name
- CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_no_validation
- CSRF_MISCONFIGURATION_HAPI_CRUMB insecure_cookie
- CSRF_MISCONFIGURATION_HAPI_CRUMB insufficient_token_entropy
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_max_age
- INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_aws
- INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_google
- JSONWEBTOKEN_UNTRUSTED_DECODE jwt_untrusted_decode
- MULTER_MISCONFIGURATION multer_custom_file_filter
- TEMPORARY_CREDENTIALS_DURATION temporary_credentials_duration
- UNCHECKED_ORIGIN none
|
|
- WEAK_GUARD dns
- WEAK_GUARD dns_sensitive_op
- WEAK_GUARD http_referer
- WEAK_GUARD http_referer_sensitive_op
|
- CONFIG.SYMFONY_CSRF_PROTECTION_DISABLED none
|
- CSRF database_update
- CSRF none
|
- CSRF csrf_not_protected_by_raising_exception_med
- CSRF csrf_protection_disabled_hi
- CSRF csrf_protection_missing_hi
- CSRF cve_2011_0447_hi
|
|
|
- CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
- CONFIG.CSURF_IGNORE_METHODS csurf_ignore_methods
- CONFIG.HANA_XS_PREVENT_XSRF_DISABLED none
- CONFIG.UNSAFE_SESSION_TIMEOUT client_sessions_unsafe_session_timeout
- CONFIG.UNSAFE_SESSION_TIMEOUT connect_mongo_session_timeout_too_long
- CONFIG.UNSAFE_SESSION_TIMEOUT connect_redis_session_timeout_too_long
- CONFIG.UNSAFE_SESSION_TIMEOUT google_cloud_connect_datastore_unsafe_session_timeout
- CORS_MISCONFIGURATION_AUDIT cors_preflight_age_too_long
- CSRF database_update
- CSRF filesystem_modification
- CSRF none
- CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_cookie_name
- CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_no_validation
- CSRF_MISCONFIGURATION_HAPI_CRUMB insecure_cookie
- CSRF_MISCONFIGURATION_HAPI_CRUMB insufficient_token_entropy
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_max_age
- INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_aws
- INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_google
- JSONWEBTOKEN_UNTRUSTED_DECODE jwt_untrusted_decode
- MULTER_MISCONFIGURATION multer_custom_file_filter
- TEMPORARY_CREDENTIALS_DURATION temporary_credentials_duration
- UNCHECKED_ORIGIN none
|
- CSRF database_update
- CSRF filesystem_modification
- CSRF none
|
| 950 SFP Secondary Cluster: Hardcoded Sensitive Data |
- CONFIG.CONNECTION_STRING_PASSWORD none
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
|
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
|
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
|
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
|
- FB.DMI_CONSTANT_DB_PASSWORD none
- FB.DMI_EMPTY_DB_PASSWORD none
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
|
|
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
|
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
|
|
|
- HARDCODED_CREDENTIALS secret_in_source_med
- UNSAFE_SESSION_SETTING session_secret_hi
|
|
|
|
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
|
| 951 SFP Secondary Cluster: Insecure Authentication Policy |
|
|
|
|
- CONFIG.UNSAFE_SESSION_TIMEOUT none
|
- CONFIG.JSONWEBTOKEN_NON_EXPIRING_TOKEN jwt_non_expiring_token
- CONFIG.UNSAFE_SESSION_TIMEOUT client_sessions_unsafe_session_timeout
- CONFIG.UNSAFE_SESSION_TIMEOUT connect_mongo_session_timeout_too_long
- CONFIG.UNSAFE_SESSION_TIMEOUT connect_redis_session_timeout_too_long
- CONFIG.UNSAFE_SESSION_TIMEOUT google_cloud_connect_datastore_unsafe_session_timeout
- CORS_MISCONFIGURATION_AUDIT cors_preflight_age_too_long
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_max_age
- INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_aws
- INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_google
- JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_exipration
- JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_not_before
- TEMPORARY_CREDENTIALS_DURATION temporary_credentials_duration
|
|
|
|
|
- RAILS_DEVISE_CONFIG devise_password_length_max_low
- RAILS_DEVISE_CONFIG devise_password_length_max_med
- RAILS_DEVISE_CONFIG devise_password_length_min_low
- RAILS_DEVISE_CONFIG devise_password_length_min_med
- RAILS_DEVISE_CONFIG devise_reset_timeout_hi
|
|
|
- CONFIG.JSONWEBTOKEN_NON_EXPIRING_TOKEN jwt_non_expiring_token
- CONFIG.UNSAFE_SESSION_TIMEOUT client_sessions_unsafe_session_timeout
- CONFIG.UNSAFE_SESSION_TIMEOUT connect_mongo_session_timeout_too_long
- CONFIG.UNSAFE_SESSION_TIMEOUT connect_redis_session_timeout_too_long
- CONFIG.UNSAFE_SESSION_TIMEOUT google_cloud_connect_datastore_unsafe_session_timeout
- CORS_MISCONFIGURATION_AUDIT cors_preflight_age_too_long
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_max_age
- INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_aws
- INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_google
- JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_exipration
- JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_not_before
- TEMPORARY_CREDENTIALS_DURATION temporary_credentials_duration
|
|
| 952 SFP Secondary Cluster: Missing Authentication |
|
|
|
|
- CONFIG.SPRING_BOOT_SSL_DISABLED spring_boot_certificate_validation_skipped
- CORS_MISCONFIGURATION cors_with_credentials_null_origin
- CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
- CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
- MISSING_AUTHZ none
|
- AWS_VALIDATION_DISABLED aws_credentials_validation
- AWS_VALIDATION_DISABLED aws_parameters_validation
- BAD_CERT_VERIFICATION bad_cert_verification
- BAD_CERT_VERIFICATION certificate_validation_disabled
- CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
- CORS_MISCONFIGURATION cors_with_credentials_all_origin
- CORS_MISCONFIGURATION cors_with_credentials_null_origin
- CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
- CORS_MISCONFIGURATION_AUDIT cors_headers_allowed
- CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_all_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_null_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_set_if
- MISSING_AUTHZ none
|
|
|
|
|
|
|
|
- AWS_VALIDATION_DISABLED aws_credentials_validation
- AWS_VALIDATION_DISABLED aws_parameters_validation
- BAD_CERT_VERIFICATION bad_cert_verification
- BAD_CERT_VERIFICATION certificate_validation_disabled
- CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
- CORS_MISCONFIGURATION cors_with_credentials_all_origin
- CORS_MISCONFIGURATION cors_with_credentials_null_origin
- CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
- CORS_MISCONFIGURATION_AUDIT cors_headers_allowed
- CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_all_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_null_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_set_if
- MISSING_AUTHZ none
|
|
| 953 SFP Secondary Cluster: Missing Endpoint Authentication |
|
|
|
|
- CONFIG.MISSING_JSF2_SECURITY_CONSTRAINT none
|
|
|
|
|
|
|
|
|
|
|
| 954 SFP Secondary Cluster: Multiple Binds to the Same Port |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 955 SFP Secondary Cluster: Unrestricted Authentication |
|
|
|
|
|
|
|
|
|
|
- RAILS_DEVISE_CONFIG devise_lock_strategy_low
|
|
|
|
|
| 956 SFP Secondary Cluster: Channel Attack |
- RISKY_CRYPTO ssl_protocol
|
- RISKY_CRYPTO ssl_protocol
- URL_MANIPULATION none
- WEAK_GUARD dns
- WEAK_GUARD dns_sensitive_op
- WEAK_GUARD http_referer
- WEAK_GUARD http_referer_sensitive_op
- WEAK_GUARD ip_address
- WEAK_GUARD ip_address_sensitive_op
- WEAK_GUARD none
- WEAK_GUARD os_login
- WEAK_GUARD os_login_sensitive_op
- WEAK_GUARD principal_name
- WEAK_GUARD principal_name_sensitive_op
|
- RISKY_CRYPTO ssl_protocol
- URL_MANIPULATION none
- WEAK_GUARD dns
- WEAK_GUARD dns_sensitive_op
- WEAK_GUARD http_referer
- WEAK_GUARD http_referer_sensitive_op
- WEAK_GUARD ip_address
- WEAK_GUARD ip_address_sensitive_op
- WEAK_GUARD none
- WEAK_GUARD os_login
- WEAK_GUARD os_login_sensitive_op
- WEAK_GUARD principal_name
- WEAK_GUARD principal_name_sensitive_op
|
- RISKY_CRYPTO ssl_protocol
- URL_MANIPULATION none
|
- BAD_CERT_VERIFICATION bad_hostname_verifier
- BAD_CERT_VERIFICATION bad_revocation_check
- BAD_CERT_VERIFICATION bad_ssl_session
- BAD_CERT_VERIFICATION bad_trust_manager
- CORS_MISCONFIGURATION cors_with_credentials_http_origin
- RISKY_CRYPTO ssl_protocol
- URL_MANIPULATION bad_content_uri
- URL_MANIPULATION bad_intent_uri
- URL_MANIPULATION bad_web_uri
- WEAK_GUARD dns
- WEAK_GUARD dns_sensitive_op
- WEAK_GUARD http_referer
- WEAK_GUARD http_referer_sensitive_op
- WEAK_GUARD ip_address
- WEAK_GUARD ip_address_sensitive_op
- WEAK_GUARD none
- WEAK_GUARD os_login
- WEAK_GUARD os_login_sensitive_op
- WEAK_GUARD principal_name
- WEAK_GUARD principal_name_sensitive_op
|
- CONFIG.REQUEST_STRICTSSL_DISABLED request_strictssl_disabled
- CORS_MISCONFIGURATION cors_with_credentials_http_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_http_origin
- RISKY_CRYPTO ssl_protocol
- SA.RISKY_CRYPTO ssl_protocol
- URL_MANIPULATION none
- WEAK_URL_SANITIZATION hostname_regular_expression
- WEAK_URL_SANITIZATION regular_expression_anchor
- WEAK_URL_SANITIZATION url_substring
|
- BAD_CERT_VERIFICATION bad_hostname_verifier
- BAD_CERT_VERIFICATION bad_revocation_check
- BAD_CERT_VERIFICATION bad_ssl_session
- BAD_CERT_VERIFICATION bad_trust_manager
- RISKY_CRYPTO ssl_protocol
- URL_MANIPULATION bad_content_uri
- URL_MANIPULATION bad_intent_uri
- URL_MANIPULATION bad_web_uri
|
- RISKY_CRYPTO ssl_protocol
- URL_MANIPULATION none
- WEAK_GUARD dns
- WEAK_GUARD dns_sensitive_op
- WEAK_GUARD http_referer
- WEAK_GUARD http_referer_sensitive_op
- WEAK_GUARD ip_address
- WEAK_GUARD ip_address_sensitive_op
- WEAK_GUARD none
- WEAK_GUARD os_login
- WEAK_GUARD os_login_sensitive_op
- WEAK_GUARD principal_name
- WEAK_GUARD principal_name_sensitive_op
|
|
|
- BAD_CERT_VERIFICATION ssl_verification_bypass_hi
|
|
- BAD_CERT_VERIFICATION bad_trust_manager
- BAD_CERT_VERIFICATION none
- RISKY_CRYPTO ssl_protocol
|
- CONFIG.REQUEST_STRICTSSL_DISABLED request_strictssl_disabled
- CORS_MISCONFIGURATION cors_with_credentials_http_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_http_origin
- RISKY_CRYPTO ssl_protocol
- SA.RISKY_CRYPTO ssl_protocol
- URL_MANIPULATION none
- WEAK_URL_SANITIZATION hostname_regular_expression
- WEAK_URL_SANITIZATION regular_expression_anchor
- WEAK_URL_SANITIZATION url_substring
|
- RISKY_CRYPTO ssl_protocol
|
| 957 SFP Secondary Cluster: Protocol Error |
|
- INCOMPATIBLE_CAST endianness
|
- INCOMPATIBLE_CAST endianness
|
|
- CONFIG.HTTP_VERB_TAMPERING none
- CONFIG.SPRING_SECURITY_DEPRECATED_XSS_HEADER deprecated_xss_header
- INSECURE_HTTP_FIREWALL spring_security
- XSS none
- XSS stored_xss
|
- ANGULAR_SCE_DISABLED angular_sce_disabled
- DOM_XSS none
- REACT_DANGEROUS_INNERHTML react_set_unsafe_html
- VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
- XSS none
|
|
- INCOMPATIBLE_CAST endianness
|
|
|
- XSS cross_site_scripting_hi
- XSS cross_site_scripting_inline_hi
- XSS cross_site_scripting_inline_med
- XSS cross_site_scripting_low
- XSS cross_site_scripting_med
- XSS cve_2011_0446_hi
- XSS cve_2012_3464_med
- XSS cve_2016_6316_hi
- XSS cve_2016_6316_med
- XSS unquoted_attribute_hi
- XSS unquoted_attribute_low
- XSS unquoted_attribute_med
- XSS xss_content_tag_hi
- XSS xss_content_tag_med
- XSS xss_link_to_hi
- XSS xss_link_to_href_hi
- XSS xss_link_to_href_low
- XSS xss_link_to_med
- XSS xss_to_json_hi
- XSS xss_to_json_med
|
|
|
- ANGULAR_SCE_DISABLED angular_sce_disabled
- DOM_XSS none
- REACT_DANGEROUS_INNERHTML react_set_unsafe_html
- VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
- XSS none
|
|
| 958 SFP Secondary Cluster: Broken Cryptography |
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
|
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
|
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
|
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
|
- CONFIG.SPRING_SECURITY_WEAK_PASSWORD_HASH weak_encoding_for_password
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
|
- INSECURE_SALT hardcoded
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO insecure_cipher
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SA.RISKY_CRYPTO ssl_protocol
|
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
|
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
|
|
|
- RAILS_DEVISE_CONFIG devise_encryptor_hi
- WEAK_PASSWORD_HASH weak_hash_digest_hi
- WEAK_PASSWORD_HASH weak_hash_digest_med
- WEAK_PASSWORD_HASH weak_hash_hmac_med
|
|
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
|
- INSECURE_SALT hardcoded
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO insecure_cipher
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SA.RISKY_CRYPTO ssl_protocol
|
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
|
| 959 SFP Secondary Cluster: Weak Cryptography |
|
|
|
|
- CONFIG.SPRING_SECURITY_WEAK_PASSWORD_HASH weak_encoding_for_password
- RISKY_CRYPTO hashing
|
|
|
|
|
|
|
|
|
|
|
| 960 SFP Secondary Cluster: Ambiguous Exception Type |
|
|
|
|
- FB.REC_CATCH_EXCEPTION none
|
|
|
|
|
|
|
|
|
|
|
| 961 SFP Secondary Cluster: Incorrect Exception Behavior |
- CONFIG.MISSING_CUSTOM_ERROR_PAGE none
- MISSING_THROW none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
|
- AUTOSAR C++14 A15-3-3 none
- BAD_COMPARE comparator_misuse
- CHECKED_RETURN library_function
- CHECKED_RETURN none
- CHECKED_RETURN returns_error_info
- CHECKED_RETURN short_read
- CHECKED_RETURN unchecked_arg
- CHECKED_RETURN user_required
- MISRA C++-2008 Rule 15-3-2 none
- NEGATIVE_RETURNS none
- REVERSE_NEGATIVE none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- TAINTED_SCALAR allocation
- TAINTED_SCALAR array_index_read
- TAINTED_SCALAR array_index_write
- TAINTED_SCALAR critical_argument
- TAINTED_SCALAR divisor
- TAINTED_SCALAR loop_bound
- TAINTED_SCALAR none
- TAINTED_SCALAR pointer_deref_read
- TAINTED_SCALAR pointer_deref_write
- UNCAUGHT_EXCEPT none
|
- AUTOSAR C++14 A15-3-3 none
- BAD_COMPARE comparator_misuse
- CHECKED_RETURN library_function
- CHECKED_RETURN none
- CHECKED_RETURN returns_error_info
- CHECKED_RETURN short_read
- CHECKED_RETURN unchecked_arg
- CHECKED_RETURN user_required
- MISRA C++-2008 Rule 15-3-2 none
- NEGATIVE_RETURNS none
- REVERSE_NEGATIVE none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- TAINTED_SCALAR allocation
- TAINTED_SCALAR array_index_read
- TAINTED_SCALAR array_index_write
- TAINTED_SCALAR critical_argument
- TAINTED_SCALAR divisor
- TAINTED_SCALAR loop_bound
- TAINTED_SCALAR none
- TAINTED_SCALAR pointer_deref_read
- TAINTED_SCALAR pointer_deref_write
- UNCAUGHT_EXCEPT none
|
- CHECKED_RETURN none
- CHECKED_RETURN unchecked_arg
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
|
- CHECKED_RETURN library_function
- CHECKED_RETURN none
- CHECKED_RETURN short_read
- CHECKED_RETURN user_required
- CONFIG.MISSING_GLOBAL_EXCEPTION_HANDLER none
- FB.DE_MIGHT_DROP none
- FB.DE_MIGHT_IGNORE none
- FB.REC_CATCH_EXCEPTION none
- FB.RV_RETURN_VALUE_IGNORED_BAD_PRACTICE none
- MISSING_THROW none
- ORM_LOAD_NULL_CHECK none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- VERBOSE_ERROR_REPORTING exception_information
- VERBOSE_ERROR_REPORTING stack_trace
|
- CONFIG.MISSING_GLOBAL_EXCEPTION_HANDLER winston_exception_handling
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
|
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
|
- BAD_COMPARE comparator_misuse
- CHECKED_RETURN library_function
- CHECKED_RETURN none
- CHECKED_RETURN short_read
- CHECKED_RETURN unchecked_arg
- CHECKED_RETURN user_required
- NEGATIVE_RETURNS none
- REVERSE_NEGATIVE none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- TAINTED_SCALAR allocation
- TAINTED_SCALAR array_index_read
- TAINTED_SCALAR array_index_write
- TAINTED_SCALAR critical_argument
- TAINTED_SCALAR divisor
- TAINTED_SCALAR loop_bound
- TAINTED_SCALAR none
- TAINTED_SCALAR pointer_deref_read
- TAINTED_SCALAR pointer_deref_write
- UNCAUGHT_EXCEPT none
|
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
|
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
|
- SENSITIVE_DATA_LEAK detailed_exceptions_hi
- SENSITIVE_DATA_LEAK detailed_exceptions_med
|
|
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- UNEXPECTED_CONTROL_FLOW ignored_exception_to_optional
|
- CONFIG.MISSING_GLOBAL_EXCEPTION_HANDLER winston_exception_handling
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
|
- CONFIG.MISSING_CUSTOM_ERROR_PAGE none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
|
| 962 SFP Secondary Cluster: Unchecked Status Condition |
- CONFIG.MISSING_CUSTOM_ERROR_PAGE none
- MISSING_THROW none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
|
- AUTOSAR C++14 A15-3-3 none
- BAD_COMPARE comparator_misuse
- CHECKED_RETURN library_function
- CHECKED_RETURN none
- CHECKED_RETURN returns_error_info
- CHECKED_RETURN short_read
- CHECKED_RETURN unchecked_arg
- CHECKED_RETURN user_required
- MISRA C++-2008 Rule 15-3-2 none
- MISSING_BREAK none
- NEGATIVE_RETURNS none
- NO_EFFECT bad_memset_fill_value
- NO_EFFECT bad_memset_zero_size
- NO_EFFECT self_assign
- PW.BRANCH_PAST_INITIALIZATION none
- REVERSE_NEGATIVE none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- TAINTED_SCALAR allocation
- UNCAUGHT_EXCEPT none
- UNINIT array_index_read
- UNINIT array_index_write
- UNINIT none
- UNINIT pointer_deref_read
- UNINIT pointer_deref_write
- UNINIT_CTOR none
- UNINIT_CTOR pointer
|
- AUTOSAR C++14 A15-3-3 none
- BAD_COMPARE comparator_misuse
- CHECKED_RETURN library_function
- CHECKED_RETURN none
- CHECKED_RETURN returns_error_info
- CHECKED_RETURN short_read
- CHECKED_RETURN unchecked_arg
- CHECKED_RETURN user_required
- MISRA C++-2008 Rule 15-3-2 none
- MISSING_BREAK none
- NEGATIVE_RETURNS none
- NO_EFFECT bad_memset_fill_value
- NO_EFFECT bad_memset_zero_size
- NO_EFFECT self_assign
- PW.BRANCH_PAST_INITIALIZATION none
- REVERSE_NEGATIVE none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- TAINTED_SCALAR allocation
- UNCAUGHT_EXCEPT none
- UNINIT array_index_read
- UNINIT array_index_write
- UNINIT none
- UNINIT pointer_deref_read
- UNINIT pointer_deref_write
- UNINIT_CTOR none
- UNINIT_CTOR pointer
|
- CHECKED_RETURN none
- CHECKED_RETURN unchecked_arg
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
|
- CHECKED_RETURN library_function
- CHECKED_RETURN none
- CHECKED_RETURN short_read
- CHECKED_RETURN user_required
- CONFIG.MISSING_GLOBAL_EXCEPTION_HANDLER none
- FB.DE_MIGHT_DROP none
- FB.DE_MIGHT_IGNORE none
- FB.REC_CATCH_EXCEPTION none
- FB.RV_RETURN_VALUE_IGNORED_BAD_PRACTICE none
- FB.SF_DEAD_STORE_DUE_TO_SWITCH_FALLTHROUGH none
- FB.SF_DEAD_STORE_DUE_TO_SWITCH_FALLTHROUGH_TO_THROW none
- FB.SF_SWITCH_FALLTHROUGH none
- MISSING_BREAK none
- MISSING_THROW none
- ORM_LOAD_NULL_CHECK none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- VERBOSE_ERROR_REPORTING exception_information
- VERBOSE_ERROR_REPORTING stack_trace
|
- CONFIG.MISSING_GLOBAL_EXCEPTION_HANDLER winston_exception_handling
- EXPRESS_SESSION_UNSAFE_MEMORYSTORE express_session_unsafe_memorystore
- MISSING_BREAK none
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_count
- MULTER_MISCONFIGURATION multer_misconfiguration_of_limits
- NO_EFFECT self_assign
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
|
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
|
- BAD_COMPARE comparator_misuse
- CHECKED_RETURN library_function
- CHECKED_RETURN none
- CHECKED_RETURN short_read
- CHECKED_RETURN unchecked_arg
- CHECKED_RETURN user_required
- MISSING_BREAK none
- NEGATIVE_RETURNS none
- NO_EFFECT bad_memset_fill_value
- NO_EFFECT bad_memset_zero_size
- NO_EFFECT self_assign
- REVERSE_NEGATIVE none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- TAINTED_SCALAR allocation
- UNCAUGHT_EXCEPT none
- UNINIT array_index_read
- UNINIT array_index_write
- UNINIT none
- UNINIT pointer_deref_read
- UNINIT pointer_deref_write
- UNINIT_CTOR none
- UNINIT_CTOR pointer
|
- MISSING_BREAK none
- NO_EFFECT self_assign
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
|
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
|
- NO_EFFECT self_assign
- SENSITIVE_DATA_LEAK detailed_exceptions_hi
- SENSITIVE_DATA_LEAK detailed_exceptions_med
|
|
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- UNEXPECTED_CONTROL_FLOW ignored_exception_to_optional
|
- CONFIG.MISSING_GLOBAL_EXCEPTION_HANDLER winston_exception_handling
- EXPRESS_SESSION_UNSAFE_MEMORYSTORE express_session_unsafe_memorystore
- MISSING_BREAK none
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_count
- MULTER_MISCONFIGURATION multer_misconfiguration_of_limits
- NO_EFFECT self_assign
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
|
- CONFIG.MISSING_CUSTOM_ERROR_PAGE none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
|
| 963 SFP Secondary Cluster: Exposed Data |
- ASPNET_MVC_VERSION_HEADER none
- CONFIG.ASPNET_VERSION_HEADER none
- CONFIG.CONNECTION_STRING_PASSWORD none
- CONFIG.COOKIES_MISSING_HTTPONLY none
- CONFIG.DYNAMIC_DATA_HTML_COMMENT none
- CONFIG.ENABLED_DEBUG_MODE none
- CONFIG.ENABLED_TRACE_MODE none
- CONFIG.MISSING_CUSTOM_ERROR_PAGE none
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- INSECURE_COOKIE dotnet
- LOG_INJECTION none
- PATH_MANIPULATION none
- RESOURCE_LEAK socket
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- UNRESTRICTED_DISPATCH none
- XML_EXTERNAL_ENTITY unrestricted_dtds
|
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK nested_memory_access
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK sensitive_data_comparison
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_execution_data_leak
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_uninitialized_use
- AUTOSAR C++14 A15-3-3 none
- CHROOT none
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- MISRA C++-2008 Rule 15-3-2 none
- PATH_MANIPULATION none
- SECURE_TEMP none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNCAUGHT_EXCEPT none
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
|
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK nested_memory_access
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK sensitive_data_comparison
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_execution_data_leak
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_uninitialized_use
- AUTOSAR C++14 A15-3-3 none
- CHROOT none
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- MISRA C++-2008 Rule 15-3-2 none
- PATH_MANIPULATION none
- SECURE_TEMP none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNCAUGHT_EXCEPT none
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
|
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- PATH_MANIPULATION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
|
- ANDROID_DEBUG_MODE none
- CONFIG.ANDROID_BACKUPS_ALLOWED android
- CONFIG.DWR_DEBUG_MODE none
- CONFIG.DYNAMIC_DATA_HTML_COMMENT none
- CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
- CONFIG.JAVAEE_MISSING_HTTPONLY none
- CONFIG.MISSING_GLOBAL_EXCEPTION_HANDLER none
- CONFIG.SPRING_BOOT_SENSITIVE_LOGGING spring_boot_logging
- CONFIG.SPRING_BOOT_SSL_DISABLED spring_boot_ssl_disabled
- CONFIG.SPRING_SECURITY_DEBUG_MODE spring_debug_mode_enabled
- CONFIG.SPRING_SECURITY_EXPOSED_SESSIONID session_id_in_url
- CONFIG.SPRING_SECURITY_LOGIN_OVER_HTTP spring_security_login_over_http
- CONFIG.SPRING_SECURITY_UNSAFE_AUTHENTICATION_FILTER authentication_filter
- CONFIG.STRUTS2_CONFIG_BROWSER_PLUGIN none
- CORS_MISCONFIGURATION_AUDIT cors_expose_sensitive_header
- CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
- DISABLED_ENCRYPTION text_encryptor
- EXPOSED_PREFERENCES none
- FB.EI_EXPOSE_REP none
- FB.EI_EXPOSE_REP2 none
- FB.FI_PUBLIC_SHOULD_BE_PROTECTED none
- FB.MS_CANNOT_BE_FINAL none
- FB.PT_ABSOLUTE_PATH_TRAVERSAL none
- FB.PT_RELATIVE_PATH_TRAVERSAL none
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- IMPLICIT_INTENT none
- INSECURE_COMMUNICATION insecure_communication
- INSECURE_COMMUNICATION none
- INSECURE_COMMUNICATION unencrypted_connection
- INSECURE_COOKIE java
- INSECURE_REMEMBER_ME_COOKIE remember_me_cookie
- JAVA_CODE_INJECTION none
- JSP_DYNAMIC_INCLUDE none
- LOG_INJECTION none
- MISSING_PERMISSION_FOR_BROADCAST none
- PATH_MANIPULATION none
- RESOURCE_LEAK socket
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_clipboard
- SENSITIVE_DATA_LEAK cleartext_storage_in_content_provider
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_intent
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- TRUST_BOUNDARY_VIOLATION none
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_access
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_read
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_write
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_access
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_read
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_write
- UNRESTRICTED_DISPATCH none
- UNSAFE_JNI none
- VERBOSE_ERROR_REPORTING exception_information
- VERBOSE_ERROR_REPORTING stack_trace
- XML_EXTERNAL_ENTITY unrestricted_dtds
|
- AWS_SSL_DISABLED aws_ssl_disabled
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
- CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
- CONFIG.ENABLED_DEBUG_MODE debug_mode_enabled
- CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
- CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
- CONFIG.MISSING_GLOBAL_EXCEPTION_HANDLER winston_exception_handling
- CONFIG.MYSQL_SSL_VERIFY_DISABLED mysql_ssl_verify_disabled
- CONFIG.SEQUELIZE_ENABLED_LOGGING sequelize_logging_enabled
- CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
- CONFIG.VUE_ROUTER_PARAMS_EXPOSED_TO_PROPS vuerouter_exposed_params
- CORS_MISCONFIGURATION cors_configured_globally
- CORS_MISCONFIGURATION cors_origin_string
- CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
- CORS_MISCONFIGURATION_AUDIT cors_expose_sensitive_header
- CORS_MISCONFIGURATION_AUDIT cors_origin_string
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
- DNS_PREFETCHING helmet_dns_prefetching
- EXPRESS_WINSTON_SENSITIVE_LOGGING error_logger
- EXPRESS_WINSTON_SENSITIVE_LOGGING meta_data
- EXPRESS_WINSTON_SENSITIVE_LOGGING request_logger
- EXPRESS_X_POWERED_BY_ENABLED x_powered_by_http_header
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_report_uri
- INSECURE_ACL insecure_acl
- INSECURE_COMMUNICATION insecure_connection
- INSECURE_COOKIE client_sessions_express_session
- INSECURE_COOKIE hapi_server_session
- INSECURE_REFERRER_POLICY insecure_referrer_policy
- MISSING_IFRAME_SANDBOX none
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
- PATH_MANIPULATION none
- REVERSE_TABNABBING react_target_blank
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNRESTRICTED_MESSAGE_TARGET none
- UNSAFE_BUFFER_METHOD unsafe_buffer_method
|
- ANDROID_DEBUG_MODE none
- CONFIG.ANDROID_BACKUPS_ALLOWED android
- EXPOSED_PREFERENCES none
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- IMPLICIT_INTENT none
- INSECURE_COMMUNICATION none
- MISSING_PERMISSION_FOR_BROADCAST none
- PATH_MANIPULATION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_clipboard
- SENSITIVE_DATA_LEAK cleartext_storage_in_content_provider
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_intent
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_access
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_read
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_write
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_access
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_read
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_write
- XML_EXTERNAL_ENTITY unrestricted_dtds
|
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK nested_memory_access
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK sensitive_data_comparison
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_execution_data_leak
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_uninitialized_use
- CHROOT none
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- PATH_MANIPULATION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNCAUGHT_EXCEPT none
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
|
- PATH_MANIPULATION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
|
- PATH_MANIPULATION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
|
- HARDCODED_CREDENTIALS secret_in_source_med
- INSECURE_COOKIE cookie_missing_secure_flag_low
- INSECURE_COOKIE missing_httponly_low
- PATH_MANIPULATION dynamic_render_path_hi
- PATH_MANIPULATION dynamic_render_path_low
- PATH_MANIPULATION dynamic_render_path_med
- PATH_MANIPULATION dynamic_render_path_rce_hi
- PATH_MANIPULATION file_access_hi
- PATH_MANIPULATION file_access_low
- PATH_MANIPULATION file_access_med
- RUBY_VULNERABLE_LIBRARY cve_2011_2929_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_7829_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_3760_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_3760_low
- SENSITIVE_DATA_LEAK detailed_exceptions_hi
- SENSITIVE_DATA_LEAK detailed_exceptions_med
- SENSITIVE_DATA_LEAK local_request_config_hi
- SESSION_MANIPULATION session_key_manipulation_hi
- SESSION_MANIPULATION session_key_manipulation_med
- STRICT_TRANSPORT_SECURITY force_ssl_disabled_med
- UNSAFE_SESSION_SETTING http_cookies_hi
- UNSAFE_SESSION_SETTING secure_cookies_hi
|
|
- CONFIG.ATS_INSECURE none
- CUSTOM_KEYBOARD_DATA_LEAK none
- INSECURE_COMMUNICATION none
- INSECURE_MULTIPEER_CONNECTION none
- PATH_MANIPULATION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
|
- AWS_SSL_DISABLED aws_ssl_disabled
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
- CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
- CONFIG.ENABLED_DEBUG_MODE debug_mode_enabled
- CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
- CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
- CONFIG.MISSING_GLOBAL_EXCEPTION_HANDLER winston_exception_handling
- CONFIG.MYSQL_SSL_VERIFY_DISABLED mysql_ssl_verify_disabled
- CONFIG.SEQUELIZE_ENABLED_LOGGING sequelize_logging_enabled
- CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
- CONFIG.VUE_ROUTER_PARAMS_EXPOSED_TO_PROPS vuerouter_exposed_params
- CORS_MISCONFIGURATION cors_configured_globally
- CORS_MISCONFIGURATION cors_origin_string
- CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
- CORS_MISCONFIGURATION_AUDIT cors_expose_sensitive_header
- CORS_MISCONFIGURATION_AUDIT cors_origin_string
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
- DNS_PREFETCHING helmet_dns_prefetching
- EXPRESS_WINSTON_SENSITIVE_LOGGING error_logger
- EXPRESS_WINSTON_SENSITIVE_LOGGING meta_data
- EXPRESS_WINSTON_SENSITIVE_LOGGING request_logger
- EXPRESS_X_POWERED_BY_ENABLED x_powered_by_http_header
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_report_uri
- INSECURE_ACL insecure_acl
- INSECURE_COMMUNICATION insecure_connection
- INSECURE_COOKIE client_sessions_express_session
- INSECURE_COOKIE hapi_server_session
- INSECURE_REFERRER_POLICY insecure_referrer_policy
- MISSING_IFRAME_SANDBOX none
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
- PATH_MANIPULATION none
- REVERSE_TABNABBING react_target_blank
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNRESTRICTED_MESSAGE_TARGET none
- UNSAFE_BUFFER_METHOD unsafe_buffer_method
|
- ASPNET_MVC_VERSION_HEADER none
- CONFIG.DYNAMIC_DATA_HTML_COMMENT none
- CONFIG.MISSING_CUSTOM_ERROR_PAGE none
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- LOG_INJECTION none
- PATH_MANIPULATION none
- RESOURCE_LEAK socket
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNRESTRICTED_DISPATCH none
- XML_EXTERNAL_ENTITY unrestricted_dtds
|
| 964 SFP Secondary Cluster: Exposure Temporary File |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 965 SFP Secondary Cluster: Insecure Session Management |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 966 SFP Secondary Cluster: Other Exposures |
- INSECURE_COOKIE dotnet
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
|
- CALL_SUPER clone
- CONFIG.SPRING_BOOT_SENSITIVE_LOGGING spring_boot_logging
- CONFIG.SPRING_SECURITY_DEBUG_MODE spring_debug_mode_enabled
- FB.CN_IDIOM none
- FB.CN_IDIOM_NO_SUPER_CALL none
- FB.CN_IMPLEMENTS_CLONE_BUT_NOT_CLONEABLE none
- FB.EI_EXPOSE_REP none
- FB.EI_EXPOSE_REP2 none
- FB.FI_PUBLIC_SHOULD_BE_PROTECTED none
- FB.MS_CANNOT_BE_FINAL none
- INSECURE_COOKIE java
- INSECURE_REMEMBER_ME_COOKIE remember_me_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- TRUST_BOUNDARY_VIOLATION none
|
- CONFIG.ENABLED_DEBUG_MODE debug_mode_enabled
- CONFIG.SEQUELIZE_ENABLED_LOGGING sequelize_logging_enabled
- EXPRESS_WINSTON_SENSITIVE_LOGGING error_logger
- EXPRESS_WINSTON_SENSITIVE_LOGGING meta_data
- EXPRESS_WINSTON_SENSITIVE_LOGGING request_logger
- INSECURE_COOKIE client_sessions_express_session
- INSECURE_COOKIE hapi_server_session
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
|
- INSECURE_COOKIE cookie_missing_secure_flag_low
- UNSAFE_SESSION_SETTING secure_cookies_hi
|
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
|
- CONFIG.ENABLED_DEBUG_MODE debug_mode_enabled
- CONFIG.SEQUELIZE_ENABLED_LOGGING sequelize_logging_enabled
- EXPRESS_WINSTON_SENSITIVE_LOGGING error_logger
- EXPRESS_WINSTON_SENSITIVE_LOGGING meta_data
- EXPRESS_WINSTON_SENSITIVE_LOGGING request_logger
- INSECURE_COOKIE client_sessions_express_session
- INSECURE_COOKIE hapi_server_session
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
|
| 967 SFP Secondary Cluster: State Disclosure |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 968 SFP Secondary Cluster: Covert Channel |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 969 SFP Secondary Cluster: Faulty Memory Release |
|
- ALLOC_FREE_MISMATCH none
- BAD_FREE address
- BAD_FREE alloca
- BAD_FREE array
- BAD_FREE first_field_address
- BAD_FREE function_pointer
- BAD_FREE none
- COM.BAD_FREE none
- COM.BSTR.ALLOC double_free
- USE_AFTER_FREE double_free
|
- ALLOC_FREE_MISMATCH none
- BAD_FREE address
- BAD_FREE alloca
- BAD_FREE array
- BAD_FREE first_field_address
- BAD_FREE function_pointer
- BAD_FREE none
- USE_AFTER_FREE double_free
|
|
|
|
|
- ALLOC_FREE_MISMATCH none
- BAD_FREE address
- BAD_FREE alloca
- BAD_FREE array
- BAD_FREE first_field_address
- BAD_FREE function_pointer
- BAD_FREE none
- USE_AFTER_FREE double_free
|
|
|
|
|
|
|
|
| 970 SFP Secondary Cluster: Faulty Buffer Access |
|
- ARRAY_VS_SINGLETON none
- BAD_ALLOC_ARITHMETIC none
- BUFFER_SIZE fixed_size_dest
- BUFFER_SIZE likely_overflow
- BUFFER_SIZE none
- BUFFER_SIZE overflow
- BUFFER_SIZE overlapping_buffer
- COM.BAD_FREE none
- COM.BSTR.ALLOC double_free
- COM.BSTR.ALLOC free_uninit
- COM.BSTR.ALLOC none
- COM.BSTR.ALLOC use_after_free
- COM.BSTR.ALLOC use_uninit
- COM.BSTR.CONV none
- INCOMPATIBLE_CAST overrun
- INTEGER_OVERFLOW array_index_read
- INTEGER_OVERFLOW array_index_write
- INTEGER_OVERFLOW pointer_deref_read
- INTEGER_OVERFLOW pointer_deref_write
- INVALIDATE_ITERATOR none
- MISMATCHED_ITERATOR none
- MISMATCHED_ITERATOR splice_iterator_mismatch
- MISSING_ASSIGN none
- MISSING_ASSIGN uncalled
- MISSING_COPY none
- MISSING_COPY uncalled
- NEGATIVE_RETURNS array_index_read
- NEGATIVE_RETURNS array_index_write
- OVERRUN illegal_address
- OVERRUN none
- OVERRUN read
- OVERRUN strlen
- OVERRUN write
- REVERSE_NEGATIVE array_index_read
- REVERSE_NEGATIVE array_index_write
- REVERSE_NEGATIVE critical_argument
- SIZECHECK likely_overflow
- STRING_OVERFLOW fixed_size_dest
- STRING_OVERFLOW likely_overflow
- STRING_OVERFLOW none
- STRING_SIZE none
- TAINTED_SCALAR allocation
- TAINTED_SCALAR array_index_read
- TAINTED_SCALAR array_index_write
- TAINTED_SCALAR critical_argument
- TAINTED_SCALAR divisor
- TAINTED_SCALAR loop_bound
- TAINTED_SCALAR none
- TAINTED_SCALAR pointer_deref_read
- TAINTED_SCALAR pointer_deref_write
- USE_AFTER_FREE deref_read_after_free
- USE_AFTER_FREE deref_write_after_free
- USE_AFTER_FREE double_free
- USE_AFTER_FREE none
- WRAPPER_ESCAPE COM_deref_read_after_free
- WRAPPER_ESCAPE COM_deref_write_after_free
- WRAPPER_ESCAPE COM_use_after_free
- WRAPPER_ESCAPE deref_read_after_free
- WRAPPER_ESCAPE deref_write_after_free
- WRAPPER_ESCAPE none
|
- ARRAY_VS_SINGLETON none
- BAD_ALLOC_ARITHMETIC none
- BUFFER_SIZE fixed_size_dest
- BUFFER_SIZE likely_overflow
- BUFFER_SIZE none
- BUFFER_SIZE overflow
- BUFFER_SIZE overlapping_buffer
- INCOMPATIBLE_CAST overrun
- INTEGER_OVERFLOW array_index_read
- INTEGER_OVERFLOW array_index_write
- INTEGER_OVERFLOW pointer_deref_read
- INTEGER_OVERFLOW pointer_deref_write
- INVALIDATE_ITERATOR none
- MISMATCHED_ITERATOR none
- MISMATCHED_ITERATOR splice_iterator_mismatch
- MISSING_ASSIGN none
- MISSING_ASSIGN uncalled
- MISSING_COPY none
- MISSING_COPY uncalled
- NEGATIVE_RETURNS array_index_read
- NEGATIVE_RETURNS array_index_write
- OVERRUN illegal_address
- OVERRUN none
- OVERRUN read
- OVERRUN strlen
- OVERRUN write
- REVERSE_NEGATIVE array_index_read
- REVERSE_NEGATIVE array_index_write
- REVERSE_NEGATIVE critical_argument
- SIZECHECK likely_overflow
- STRING_OVERFLOW fixed_size_dest
- STRING_OVERFLOW likely_overflow
- STRING_OVERFLOW none
- STRING_SIZE none
- TAINTED_SCALAR allocation
- TAINTED_SCALAR array_index_read
- TAINTED_SCALAR array_index_write
- TAINTED_SCALAR critical_argument
- TAINTED_SCALAR divisor
- TAINTED_SCALAR loop_bound
- TAINTED_SCALAR none
- TAINTED_SCALAR pointer_deref_read
- TAINTED_SCALAR pointer_deref_write
- USE_AFTER_FREE deref_read_after_free
- USE_AFTER_FREE deref_write_after_free
- USE_AFTER_FREE double_free
- USE_AFTER_FREE none
- WRAPPER_ESCAPE COM_deref_read_after_free
- WRAPPER_ESCAPE COM_deref_write_after_free
- WRAPPER_ESCAPE COM_use_after_free
- WRAPPER_ESCAPE deref_read_after_free
- WRAPPER_ESCAPE deref_write_after_free
- WRAPPER_ESCAPE none
|
|
- INVALIDATE_ITERATOR map_put
- INVALIDATE_ITERATOR none
|
|
|
- ARRAY_VS_SINGLETON none
- BAD_ALLOC_ARITHMETIC none
- BUFFER_SIZE fixed_size_dest
- BUFFER_SIZE likely_overflow
- BUFFER_SIZE none
- BUFFER_SIZE overflow
- BUFFER_SIZE overlapping_buffer
- INCOMPATIBLE_CAST overrun
- INTEGER_OVERFLOW array_index_read
- INTEGER_OVERFLOW array_index_write
- INTEGER_OVERFLOW pointer_deref_read
- INTEGER_OVERFLOW pointer_deref_write
- INVALIDATE_ITERATOR none
- MISMATCHED_ITERATOR none
- MISMATCHED_ITERATOR splice_iterator_mismatch
- MISSING_ASSIGN none
- MISSING_ASSIGN uncalled
- MISSING_COPY none
- MISSING_COPY uncalled
- NEGATIVE_RETURNS array_index_read
- NEGATIVE_RETURNS array_index_write
- OVERRUN illegal_address
- OVERRUN none
- OVERRUN read
- OVERRUN strlen
- OVERRUN write
- REVERSE_NEGATIVE array_index_read
- REVERSE_NEGATIVE array_index_write
- REVERSE_NEGATIVE critical_argument
- SIZECHECK likely_overflow
- STRING_OVERFLOW fixed_size_dest
- STRING_OVERFLOW likely_overflow
- STRING_OVERFLOW none
- STRING_SIZE none
- TAINTED_SCALAR allocation
- TAINTED_SCALAR array_index_read
- TAINTED_SCALAR array_index_write
- TAINTED_SCALAR critical_argument
- TAINTED_SCALAR divisor
- TAINTED_SCALAR loop_bound
- TAINTED_SCALAR none
- TAINTED_SCALAR pointer_deref_read
- TAINTED_SCALAR pointer_deref_write
- USE_AFTER_FREE deref_read_after_free
- USE_AFTER_FREE deref_write_after_free
- USE_AFTER_FREE double_free
- USE_AFTER_FREE none
- WRAPPER_ESCAPE COM_deref_read_after_free
- WRAPPER_ESCAPE COM_deref_write_after_free
- WRAPPER_ESCAPE COM_use_after_free
- WRAPPER_ESCAPE deref_read_after_free
- WRAPPER_ESCAPE deref_write_after_free
- WRAPPER_ESCAPE none
|
|
|
|
|
|
|
|
| 971 SFP Secondary Cluster: Faulty Pointer Use |
- FORWARD_NULL deref_constant_null
- FORWARD_NULL deref_constant_zero
- FORWARD_NULL dynamic_cast
- FORWARD_NULL none
- FORWARD_NULL null_from_as
- FORWARD_NULL throws_on_null
- NULL_RETURNS none
- NULL_RETURNS unimpl
- REVERSE_INULL none
|
- COM.BAD_FREE none
- COM.BSTR.ALLOC double_free
- COM.BSTR.ALLOC free_uninit
- COM.BSTR.ALLOC none
- COM.BSTR.ALLOC use_after_free
- COM.BSTR.ALLOC use_uninit
- FORWARD_NULL deref_constant_null
- FORWARD_NULL dynamic_cast
- FORWARD_NULL none
- FORWARD_NULL throws_on_null
- MISSING_ASSIGN none
- MISSING_ASSIGN uncalled
- MISSING_COPY none
- MISSING_COPY uncalled
- NULL_RETURNS none
- NULL_RETURNS unimpl
- REVERSE_INULL none
- USE_AFTER_FREE deref_read_after_free
- USE_AFTER_FREE deref_write_after_free
- USE_AFTER_FREE none
- WRAPPER_ESCAPE COM_deref_read_after_free
- WRAPPER_ESCAPE COM_deref_write_after_free
- WRAPPER_ESCAPE COM_use_after_free
- WRAPPER_ESCAPE deref_read_after_free
- WRAPPER_ESCAPE deref_write_after_free
- WRAPPER_ESCAPE none
|
- FORWARD_NULL deref_constant_null
- FORWARD_NULL dynamic_cast
- FORWARD_NULL none
- FORWARD_NULL throws_on_null
- MISSING_ASSIGN none
- MISSING_ASSIGN uncalled
- MISSING_COPY none
- MISSING_COPY uncalled
- NULL_RETURNS none
- NULL_RETURNS unimpl
- REVERSE_INULL none
- USE_AFTER_FREE deref_read_after_free
- USE_AFTER_FREE deref_write_after_free
- USE_AFTER_FREE none
- WRAPPER_ESCAPE COM_deref_read_after_free
- WRAPPER_ESCAPE COM_deref_write_after_free
- WRAPPER_ESCAPE COM_use_after_free
- WRAPPER_ESCAPE deref_read_after_free
- WRAPPER_ESCAPE deref_write_after_free
- WRAPPER_ESCAPE none
|
- FORWARD_NULL deref_constant_null
- FORWARD_NULL none
- NULL_RETURNS none
- NULL_RETURNS unimpl
- REVERSE_INULL none
|
- FB.BC_NULL_INSTANCEOF none
- FB.NP_ALWAYS_NULL none
- FB.NP_ALWAYS_NULL_EXCEPTION none
- FB.NP_ARGUMENT_MIGHT_BE_NULL none
- FB.NP_BOOLEAN_RETURN_NULL none
- FB.NP_CLONE_COULD_RETURN_NULL none
- FB.NP_CLOSING_NULL none
- FB.NP_DEREFERENCE_OF_READLINE_VALUE none
- FB.NP_DOES_NOT_HANDLE_NULL none
- FB.NP_EQUALS_SHOULD_HANDLE_NULL_ARGUMENT none
- FB.NP_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR none
- FB.NP_GUARANTEED_DEREF none
- FB.NP_GUARANTEED_DEREF_ON_EXCEPTION_PATH none
- FB.NP_IMMEDIATE_DEREFERENCE_OF_READLINE none
- FB.NP_LOAD_OF_KNOWN_NULL_VALUE none
- FB.NP_METHOD_PARAMETER_RELAXING_ANNOTATION none
- FB.NP_METHOD_PARAMETER_TIGHTENS_ANNOTATION none
- FB.NP_METHOD_RETURN_RELAXING_ANNOTATION none
- FB.NP_NONNULL_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR none
- FB.NP_NONNULL_PARAM_VIOLATION none
- FB.NP_NONNULL_RETURN_VIOLATION none
- FB.NP_NULL_INSTANCEOF none
- FB.NP_NULL_ON_SOME_PATH none
- FB.NP_NULL_ON_SOME_PATH_EXCEPTION none
- FB.NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE none
- FB.NP_NULL_ON_SOME_PATH_MIGHT_BE_INFEASIBLE none
- FB.NP_NULL_PARAM_DEREF none
- FB.NP_NULL_PARAM_DEREF_ALL_TARGETS_DANGEROUS none
- FB.NP_NULL_PARAM_DEREF_NONVIRTUAL none
- FB.NP_OPTIONAL_RETURN_NULL none
- FB.NP_PARAMETER_MUST_BE_NONNULL_BUT_MARKED_AS_NULLABLE none
- FB.NP_STORE_INTO_NONNULL_FIELD none
- FB.NP_TOSTRING_COULD_RETURN_NULL none
- FB.NP_UNWRITTEN_FIELD none
- FB.NP_UNWRITTEN_PUBLIC_OR_PROTECTED_FIELD none
- FB.RCN_REDUNDANT_COMPARISON_OF_NULL_AND_NONNULL_VALUE none
- FB.RCN_REDUNDANT_COMPARISON_TWO_NULL_VALUES none
- FB.RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE none
- FB.RCN_REDUNDANT_NULLCHECK_OF_NULL_VALUE none
- FB.RCN_REDUNDANT_NULLCHECK_WOULD_HAVE_BEEN_A_NPE none
- FORWARD_NULL deref_constant_null
- FORWARD_NULL deref_constant_zero
- FORWARD_NULL needs_null_check
- FORWARD_NULL none
- NULL_RETURNS none
- NULL_RETURNS unimpl
- REVERSE_INULL none
|
- FORWARD_NULL bad_null_value_use
- NULL_RETURNS none
- REVERSE_INULL none
|
|
- FORWARD_NULL deref_constant_null
- FORWARD_NULL dynamic_cast
- FORWARD_NULL none
- FORWARD_NULL throws_on_null
- MISSING_ASSIGN none
- MISSING_ASSIGN uncalled
- MISSING_COPY none
- MISSING_COPY uncalled
- NULL_RETURNS none
- NULL_RETURNS unimpl
- REVERSE_INULL none
- USE_AFTER_FREE deref_read_after_free
- USE_AFTER_FREE deref_write_after_free
- USE_AFTER_FREE none
- WRAPPER_ESCAPE COM_deref_read_after_free
- WRAPPER_ESCAPE COM_deref_write_after_free
- WRAPPER_ESCAPE COM_use_after_free
- WRAPPER_ESCAPE deref_read_after_free
- WRAPPER_ESCAPE deref_write_after_free
- WRAPPER_ESCAPE none
|
- FORWARD_NULL bad_null_value_use
|
- FORWARD_NULL bad_null_value_use
- REVERSE_INULL none
|
- FORWARD_NULL bad_null_value_use
- REVERSE_INULL none
|
- FORWARD_NULL deref_constant_null
- FORWARD_NULL none
- REVERSE_INULL none
|
- FORWARD_NULL deref_constant_null
- FORWARD_NULL none
- REVERSE_INULL none
|
- FORWARD_NULL bad_null_value_use
- NULL_RETURNS none
- REVERSE_INULL none
|
- FORWARD_NULL deref_constant_null
- FORWARD_NULL deref_constant_zero
- FORWARD_NULL dynamic_cast
- FORWARD_NULL none
- FORWARD_NULL null_from_as
- FORWARD_NULL throws_on_null
- NULL_RETURNS none
- REVERSE_INULL none
|
| 972 SFP Secondary Cluster: Faulty String Expansion |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 973 SFP Secondary Cluster: Improper NULL Termination |
|
- BUFFER_SIZE no_null_terminator
- BUFFER_SIZE no_null_terminator_warn
- READLINK none
- SIZECHECK no_null_terminator
- STRING_NULL none
|
- BUFFER_SIZE no_null_terminator
- BUFFER_SIZE no_null_terminator_warn
- READLINK none
- SIZECHECK no_null_terminator
- STRING_NULL none
|
|
|
|
|
- BUFFER_SIZE no_null_terminator
- BUFFER_SIZE no_null_terminator_warn
- READLINK none
- SIZECHECK no_null_terminator
- STRING_NULL none
|
|
|
|
|
|
|
|
| 974 SFP Secondary Cluster: Incorrect Buffer Length Computation |
|
- BAD_ALLOC_STRLEN none
- BAD_SIZEOF none
- BAD_SIZEOF sizeof_ptr_expr
- COM.BSTR.CONV none
- SIZECHECK ampersand_in_size
- SIZECHECK improper_new
- SIZECHECK incorrect_multiplication
- SIZECHECK likely_overflow
- SIZECHECK none
- SIZEOF_MISMATCH sizeof_punning
|
- BAD_ALLOC_STRLEN none
- BAD_SIZEOF none
- BAD_SIZEOF sizeof_ptr_expr
- SIZECHECK ampersand_in_size
- SIZECHECK improper_new
- SIZECHECK incorrect_multiplication
- SIZECHECK likely_overflow
- SIZECHECK none
- SIZEOF_MISMATCH sizeof_punning
|
|
|
|
|
- BAD_ALLOC_STRLEN none
- BAD_SIZEOF none
- BAD_SIZEOF sizeof_ptr_expr
- SIZECHECK ampersand_in_size
- SIZECHECK improper_new
- SIZECHECK incorrect_multiplication
- SIZECHECK likely_overflow
- SIZECHECK none
- SIZEOF_MISMATCH sizeof_punning
|
|
|
|
|
|
|
|
| 975 SFP Secondary Cluster: Architecture |
- CONFIG.CONNECTION_STRING_PASSWORD none
- CONFIG.DEAD_AUTHORIZATION_RULE dead_allow_rule
- CONFIG.DEAD_AUTHORIZATION_RULE dead_deny_rule
- CSRF database_update
- CSRF filesystem_modification
- CSRF none
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HEADER_INJECTION none
- INSECURE_COOKIE dotnet
- LDAP_INJECTION none
- LDAP_NOT_CONSTANT none
- LOG_INJECTION none
- MISSING_AUTHZ none
- NOSQL_QUERY_INJECTION none
- OPEN_REDIRECT none
- OS_CMD_INJECTION command_argument
- OS_CMD_INJECTION executable_file
- OS_CMD_INJECTION none
- OVERFLOW_BEFORE_WIDEN none
- PATH_MANIPULATION none
- REGEX_INJECTION none
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- UNKNOWN_LANGUAGE_INJECTION none
- UNLOGGED_SECURITY_EXCEPTION unlogged_security_exception
- UNRESTRICTED_DISPATCH none
- UNSAFE_NAMED_QUERY none
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
- XML_INJECTION none
- XPATH_INJECTION none
- XSS none
- XSS stored_xss
|
- ARRAY_VS_SINGLETON none
- BAD_ALLOC_ARITHMETIC none
- BUFFER_SIZE fixed_size_dest
- BUFFER_SIZE likely_overflow
- BUFFER_SIZE no_null_terminator
- BUFFER_SIZE no_null_terminator_warn
- BUFFER_SIZE none
- BUFFER_SIZE overflow
- BUFFER_SIZE overlapping_buffer
- COM.BAD_FREE none
- COM.BSTR.ALLOC double_free
- COM.BSTR.ALLOC free_uninit
- COM.BSTR.ALLOC none
- COM.BSTR.ALLOC use_after_free
- COM.BSTR.ALLOC use_uninit
- COM.BSTR.CONV none
- FORMAT_STRING_INJECTION none
- FORMAT_STRING_INJECTION paranoid
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HEADER_INJECTION none
- INCOMPATIBLE_CAST overrun
- INTEGER_OVERFLOW array_index_read
- INTEGER_OVERFLOW array_index_write
- INTEGER_OVERFLOW const_overflow
- INTEGER_OVERFLOW critical_argument
- INTEGER_OVERFLOW none
- INTEGER_OVERFLOW pointer_deref_read
- INTEGER_OVERFLOW pointer_deref_write
- INTEGER_OVERFLOW return_value_error
- INVALIDATE_ITERATOR none
- MISMATCHED_ITERATOR none
- MISMATCHED_ITERATOR splice_iterator_mismatch
- MISSING_ASSIGN none
- MISSING_ASSIGN uncalled
- MISSING_COPY none
- MISSING_COPY uncalled
- NEGATIVE_RETURNS array_index_read
- NEGATIVE_RETURNS array_index_write
- NEGATIVE_RETURNS loop_bound
- OS_CMD_INJECTION none
- OVERFLOW_BEFORE_WIDEN none
- OVERRUN illegal_address
- OVERRUN none
- OVERRUN read
- OVERRUN strlen
- OVERRUN write
- PATH_MANIPULATION none
- PW.INTEGER_OVERFLOW none
- PW.INTEGER_TOO_LARGE none
- PW.NON_CONST_PRINTF_FORMAT_STRING none
- PW.SHIFT_COUNT_TOO_LARGE none
- READLINK none
- REVERSE_NEGATIVE array_index_read
- REVERSE_NEGATIVE array_index_write
- REVERSE_NEGATIVE critical_argument
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SIZECHECK likely_overflow
- SIZECHECK no_null_terminator
- SQLI none
- STRING_NULL none
- STRING_OVERFLOW fixed_size_dest
- STRING_OVERFLOW likely_overflow
- STRING_OVERFLOW none
- STRING_SIZE none
- TAINTED_SCALAR allocation
- TAINTED_SCALAR array_index_read
- TAINTED_SCALAR array_index_write
- TAINTED_SCALAR critical_argument
- TAINTED_SCALAR divisor
- TAINTED_SCALAR loop_bound
- TAINTED_SCALAR none
- TAINTED_SCALAR pointer_deref_read
- TAINTED_SCALAR pointer_deref_write
- TAINTED_STRING none
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- URL_MANIPULATION none
- USER_POINTER none
- USE_AFTER_FREE deref_read_after_free
- USE_AFTER_FREE deref_write_after_free
- USE_AFTER_FREE double_free
- USE_AFTER_FREE none
- WEAK_GUARD dns
- WEAK_GUARD dns_sensitive_op
- WEAK_GUARD http_referer
- WEAK_GUARD http_referer_sensitive_op
- WEAK_GUARD ip_address
- WEAK_GUARD ip_address_sensitive_op
- WEAK_GUARD none
- WEAK_GUARD os_login
- WEAK_GUARD os_login_sensitive_op
- WEAK_GUARD principal_name
- WEAK_GUARD principal_name_sensitive_op
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
- WRAPPER_ESCAPE COM_deref_read_after_free
- WRAPPER_ESCAPE COM_deref_write_after_free
- WRAPPER_ESCAPE COM_use_after_free
- WRAPPER_ESCAPE deref_read_after_free
- WRAPPER_ESCAPE deref_write_after_free
- WRAPPER_ESCAPE none
- XPATH_INJECTION none
|
- ARRAY_VS_SINGLETON none
- BAD_ALLOC_ARITHMETIC none
- BUFFER_SIZE fixed_size_dest
- BUFFER_SIZE likely_overflow
- BUFFER_SIZE no_null_terminator
- BUFFER_SIZE no_null_terminator_warn
- BUFFER_SIZE none
- BUFFER_SIZE overflow
- BUFFER_SIZE overlapping_buffer
- FORMAT_STRING_INJECTION none
- FORMAT_STRING_INJECTION paranoid
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HEADER_INJECTION none
- INCOMPATIBLE_CAST overrun
- INTEGER_OVERFLOW array_index_read
- INTEGER_OVERFLOW array_index_write
- INTEGER_OVERFLOW const_overflow
- INTEGER_OVERFLOW critical_argument
- INTEGER_OVERFLOW none
- INTEGER_OVERFLOW pointer_deref_read
- INTEGER_OVERFLOW pointer_deref_write
- INTEGER_OVERFLOW return_value_error
- INVALIDATE_ITERATOR none
- MISMATCHED_ITERATOR none
- MISMATCHED_ITERATOR splice_iterator_mismatch
- MISSING_ASSIGN none
- MISSING_ASSIGN uncalled
- MISSING_COPY none
- MISSING_COPY uncalled
- NEGATIVE_RETURNS array_index_read
- NEGATIVE_RETURNS array_index_write
- NEGATIVE_RETURNS loop_bound
- OS_CMD_INJECTION none
- OVERFLOW_BEFORE_WIDEN none
- OVERRUN illegal_address
- OVERRUN none
- OVERRUN read
- OVERRUN strlen
- OVERRUN write
- PATH_MANIPULATION none
- PW.INTEGER_OVERFLOW none
- PW.INTEGER_TOO_LARGE none
- PW.NON_CONST_PRINTF_FORMAT_STRING none
- PW.SHIFT_COUNT_TOO_LARGE none
- READLINK none
- REVERSE_NEGATIVE array_index_read
- REVERSE_NEGATIVE array_index_write
- REVERSE_NEGATIVE critical_argument
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SIZECHECK likely_overflow
- SIZECHECK no_null_terminator
- SQLI none
- STRING_NULL none
- STRING_OVERFLOW fixed_size_dest
- STRING_OVERFLOW likely_overflow
- STRING_OVERFLOW none
- STRING_SIZE none
- TAINTED_SCALAR allocation
- TAINTED_SCALAR array_index_read
- TAINTED_SCALAR array_index_write
- TAINTED_SCALAR critical_argument
- TAINTED_SCALAR divisor
- TAINTED_SCALAR loop_bound
- TAINTED_SCALAR none
- TAINTED_SCALAR pointer_deref_read
- TAINTED_SCALAR pointer_deref_write
- TAINTED_STRING none
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- URL_MANIPULATION none
- USER_POINTER none
- USE_AFTER_FREE deref_read_after_free
- USE_AFTER_FREE deref_write_after_free
- USE_AFTER_FREE double_free
- USE_AFTER_FREE none
- WEAK_GUARD dns
- WEAK_GUARD dns_sensitive_op
- WEAK_GUARD http_referer
- WEAK_GUARD http_referer_sensitive_op
- WEAK_GUARD ip_address
- WEAK_GUARD ip_address_sensitive_op
- WEAK_GUARD none
- WEAK_GUARD os_login
- WEAK_GUARD os_login_sensitive_op
- WEAK_GUARD principal_name
- WEAK_GUARD principal_name_sensitive_op
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
- WRAPPER_ESCAPE COM_deref_read_after_free
- WRAPPER_ESCAPE COM_deref_write_after_free
- WRAPPER_ESCAPE COM_use_after_free
- WRAPPER_ESCAPE deref_read_after_free
- WRAPPER_ESCAPE deref_write_after_free
- WRAPPER_ESCAPE none
- XPATH_INJECTION none
|
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HEADER_INJECTION none
- INSUFFICIENT_LOGGING logging_obligation
- NOSQL_QUERY_INJECTION none
- OPEN_REDIRECT none
- OS_CMD_INJECTION command_as_one_string
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
- TEMPLATE_INJECTION none
- URL_MANIPULATION none
- XSS none
|
- ANDROID_CAPABILITY_LEAK none
- ANDROID_WEBVIEW_FILEACCESS android_webview_file_access
- BAD_CERT_VERIFICATION bad_hostname_verifier
- BAD_CERT_VERIFICATION bad_revocation_check
- BAD_CERT_VERIFICATION bad_ssl_session
- BAD_CERT_VERIFICATION bad_trust_manager
- CONFIG.DWR_DEBUG_MODE none
- CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
- CONFIG.JAVAEE_MISSING_SERVLET_MAPPING javaee
- CONFIG.MISSING_JSF2_SECURITY_CONSTRAINT none
- CONFIG.MYBATIS_MAPPER_SQLI none
- CONFIG.SPRING_BOOT_SSL_DISABLED spring_boot_certificate_validation_skipped
- CONFIG.SPRING_BOOT_SSL_DISABLED spring_boot_ssl_disabled
- CONFIG.SPRING_SECURITY_CSRF_PROTECTION_DISABLED spring_security
- CONFIG.SPRING_SECURITY_DEPRECATED_XSS_HEADER deprecated_xss_header
- CONFIG.SPRING_SECURITY_DISABLE_AUTH_TAGS none
- CONFIG.SPRING_SECURITY_EXPOSED_SESSIONID session_id_in_url
- CONFIG.SPRING_SECURITY_HARDCODED_CREDENTIALS none
- CONFIG.SPRING_SECURITY_LOGIN_OVER_HTTP spring_security_login_over_http
- CONFIG.SPRING_SECURITY_REMEMBER_ME_HARDCODED_KEY none
- CONFIG.SPRING_SECURITY_SESSION_FIXATION none
- CONFIG.SPRING_SECURITY_SESSION_FIXATION spring_security_source_code
- CONFIG.SPRING_SECURITY_UNSAFE_AUTHENTICATION_FILTER authentication_filter
- CONFIG.SPRING_SECURITY_WEAK_PASSWORD_HASH weak_encoding_for_password
- CONFIG.STRUTS2_CONFIG_BROWSER_PLUGIN none
- CONFIG.STRUTS2_DYNAMIC_METHOD_INVOCATION none
- CONFIG.STRUTS2_ENABLED_DEV_MODE none
- CONFIG.UNSAFE_SESSION_TIMEOUT none
- CORS_MISCONFIGURATION cors_with_credentials_http_origin
- CORS_MISCONFIGURATION cors_with_credentials_null_origin
- CORS_MISCONFIGURATION_AUDIT cors_expose_sensitive_header
- CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
- CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
- CSRF database_update
- CSRF filesystem_modification
- CSRF none
- DISABLED_ENCRYPTION text_encryptor
- EL_INJECTION none
- FB.DMI_CONSTANT_DB_PASSWORD none
- FB.DMI_EMPTY_DB_PASSWORD none
- FB.HRS_REQUEST_PARAMETER_TO_COOKIE none
- FB.HRS_REQUEST_PARAMETER_TO_HTTP_HEADER none
- FB.PT_ABSOLUTE_PATH_TRAVERSAL none
- FB.PT_RELATIVE_PATH_TRAVERSAL none
- FB.SQL_NONCONSTANT_STRING_PASSED_TO_EXECUTE none
- FB.SQL_PREPARED_STATEMENT_GENERATED_FROM_NONCONSTANT_STRING none
- FB.XSS_REQUEST_PARAMETER_TO_JSP_WRITER none
- FB.XSS_REQUEST_PARAMETER_TO_SEND_ERROR none
- FB.XSS_REQUEST_PARAMETER_TO_SERVLET_WRITER none
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HEADER_INJECTION none
- IMPLICIT_INTENT none
- INSECURE_COMMUNICATION insecure_communication
- INSECURE_COMMUNICATION none
- INSECURE_COMMUNICATION unencrypted_connection
- INSECURE_COOKIE java
- INSECURE_HTTP_FIREWALL spring_security
- INSECURE_REMEMBER_ME_COOKIE remember_me_cookie
- INVALIDATE_ITERATOR map_put
- INVALIDATE_ITERATOR none
- JAVA_CODE_INJECTION none
- JCR_INJECTION none
- JSP_DYNAMIC_INCLUDE none
- JSP_SQL_INJECTION none
- LDAP_INJECTION none
- LDAP_NOT_CONSTANT none
- LOG_INJECTION none
- MISSING_AUTHZ none
- MISSING_HEADER_VALIDATION missing_header_validation
- MISSING_PERMISSION_FOR_BROADCAST none
- MISSING_PERMISSION_ON_EXPORTED_COMPONENT none
- NOSQL_QUERY_INJECTION none
- OGNL_INJECTION none
- OPEN_REDIRECT none
- OS_CMD_INJECTION command_as_array_of_args
- OS_CMD_INJECTION command_as_one_string
- OS_CMD_INJECTION none
- OVERFLOW_BEFORE_WIDEN none
- PATH_MANIPULATION none
- REGEX_INJECTION none
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_clipboard
- SENSITIVE_DATA_LEAK cleartext_storage_in_content_provider
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_intent
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SESSION_FIXATION none
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- UNKNOWN_LANGUAGE_INJECTION none
- UNLOGGED_SECURITY_EXCEPTION unlogged_security_exception
- UNRESTRICTED_DISPATCH none
- UNSAFE_JNI none
- UNSAFE_NAMED_QUERY none
- UNSAFE_REFLECTION none
- URL_MANIPULATION bad_content_uri
- URL_MANIPULATION bad_intent_uri
- URL_MANIPULATION bad_web_uri
- VERBOSE_ERROR_REPORTING exception_information
- VERBOSE_ERROR_REPORTING stack_trace
- WEAK_GUARD dns
- WEAK_GUARD dns_sensitive_op
- WEAK_GUARD http_referer
- WEAK_GUARD http_referer_sensitive_op
- WEAK_GUARD ip_address
- WEAK_GUARD ip_address_sensitive_op
- WEAK_GUARD none
- WEAK_GUARD os_login
- WEAK_GUARD os_login_sensitive_op
- WEAK_GUARD principal_name
- WEAK_GUARD principal_name_sensitive_op
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
- XML_INJECTION none
- XPATH_INJECTION none
- XSS none
- XSS stored_xss
|
- ANGULAR_BYPASS_SECURITY none
- ANGULAR_ELEMENT_REFERENCE none
- ANGULAR_EXPRESSION_INJECTION none
- ANGULAR_SCE_DISABLED angular_sce_disabled
- AWS_SSL_DISABLED aws_ssl_disabled
- AWS_VALIDATION_DISABLED aws_credentials_validation
- AWS_VALIDATION_DISABLED aws_parameters_validation
- BAD_CERT_VERIFICATION bad_cert_verification
- BAD_CERT_VERIFICATION certificate_validation_disabled
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
- CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
- CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_intent_whitelist
- CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_navigation_whitelist
- CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_network_request_whitelist
- CONFIG.CSURF_IGNORE_METHODS csurf_ignore_methods
- CONFIG.HANA_XS_PREVENT_XSRF_DISABLED none
- CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
- CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
- CONFIG.MYSQL_SSL_VERIFY_DISABLED mysql_ssl_verify_disabled
- CONFIG.REQUEST_STRICTSSL_DISABLED request_strictssl_disabled
- CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
- CONFIG.UNSAFE_SESSION_TIMEOUT client_sessions_unsafe_session_timeout
- CONFIG.UNSAFE_SESSION_TIMEOUT connect_mongo_session_timeout_too_long
- CONFIG.UNSAFE_SESSION_TIMEOUT connect_redis_session_timeout_too_long
- CONFIG.UNSAFE_SESSION_TIMEOUT google_cloud_connect_datastore_unsafe_session_timeout
- COOKIE_INJECTION none
- CORS_MISCONFIGURATION cors_configured_globally
- CORS_MISCONFIGURATION cors_origin_string
- CORS_MISCONFIGURATION cors_with_credentials_all_origin
- CORS_MISCONFIGURATION cors_with_credentials_http_origin
- CORS_MISCONFIGURATION cors_with_credentials_null_origin
- CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
- CORS_MISCONFIGURATION_AUDIT cors_expose_sensitive_header
- CORS_MISCONFIGURATION_AUDIT cors_headers_allowed
- CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
- CORS_MISCONFIGURATION_AUDIT cors_origin_string
- CORS_MISCONFIGURATION_AUDIT cors_preflight_age_too_long
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_all_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_http_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_null_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
- CSRF database_update
- CSRF filesystem_modification
- CSRF none
- CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_cookie_name
- CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_no_validation
- CSRF_MISCONFIGURATION_HAPI_CRUMB insecure_cookie
- CSRF_MISCONFIGURATION_HAPI_CRUMB insufficient_token_entropy
- CSS_INJECTION none
- DOM_XSS none
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HEADER_INJECTION none
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_max_age
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_report_uri
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_set_if
- INSECURE_ACL insecure_acl
- INSECURE_COMMUNICATION insecure_connection
- INSECURE_COOKIE client_sessions_express_session
- INSECURE_COOKIE hapi_server_session
- INSECURE_REFERRER_POLICY insecure_referrer_policy
- INSECURE_SALT hardcoded
- INSUFFICIENT_LOGGING logging_obligation
- INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_aws
- INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_google
- JSONWEBTOKEN_UNTRUSTED_DECODE jwt_untrusted_decode
- LOCALSTORAGE_MANIPULATION none
- MISSING_AUTHZ none
- MULTER_MISCONFIGURATION multer_applied_globally
- MULTER_MISCONFIGURATION multer_custom_file_filter
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
- NOSQL_QUERY_INJECTION none
- OPEN_REDIRECT none
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- REACT_DANGEROUS_INNERHTML react_set_unsafe_html
- REGEX_INJECTION none
- REVERSE_TABNABBING react_target_blank
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO insecure_cipher
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SA.RISKY_CRYPTO ssl_protocol
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SESSIONSTORAGE_MANIPULATION none
- SQLI none
- SQLI nosink
- SQLI sink
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
- TEMPLATE_INJECTION none
- TEMPORARY_CREDENTIALS_DURATION temporary_credentials_duration
- UNCHECKED_ORIGIN none
- UNLESS_CASE_SENSITIVE_ROUTE_MATCHING express_unless_case_sensitive_route_matching
- UNSAFE_BUFFER_METHOD unsafe_buffer_method
- URL_MANIPULATION none
- VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
- WEAK_URL_SANITIZATION hostname_regular_expression
- WEAK_URL_SANITIZATION regular_expression_anchor
- WEAK_URL_SANITIZATION url_substring
- XSS none
|
- ANDROID_CAPABILITY_LEAK none
- BAD_CERT_VERIFICATION bad_hostname_verifier
- BAD_CERT_VERIFICATION bad_revocation_check
- BAD_CERT_VERIFICATION bad_ssl_session
- BAD_CERT_VERIFICATION bad_trust_manager
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HEADER_INJECTION none
- IMPLICIT_INTENT none
- INSECURE_COMMUNICATION none
- MISSING_PERMISSION_FOR_BROADCAST none
- OS_CMD_INJECTION command_as_array_of_args
- OS_CMD_INJECTION command_as_one_string
- PATH_MANIPULATION none
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_clipboard
- SENSITIVE_DATA_LEAK cleartext_storage_in_content_provider
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_intent
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- URL_MANIPULATION bad_content_uri
- URL_MANIPULATION bad_intent_uri
- URL_MANIPULATION bad_web_uri
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
|
- ARRAY_VS_SINGLETON none
- BAD_ALLOC_ARITHMETIC none
- BUFFER_SIZE fixed_size_dest
- BUFFER_SIZE likely_overflow
- BUFFER_SIZE no_null_terminator
- BUFFER_SIZE no_null_terminator_warn
- BUFFER_SIZE none
- BUFFER_SIZE overflow
- BUFFER_SIZE overlapping_buffer
- FORMAT_STRING_INJECTION none
- FORMAT_STRING_INJECTION paranoid
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HEADER_INJECTION none
- INCOMPATIBLE_CAST overrun
- INTEGER_OVERFLOW array_index_read
- INTEGER_OVERFLOW array_index_write
- INTEGER_OVERFLOW const_overflow
- INTEGER_OVERFLOW critical_argument
- INTEGER_OVERFLOW none
- INTEGER_OVERFLOW pointer_deref_read
- INTEGER_OVERFLOW pointer_deref_write
- INTEGER_OVERFLOW return_value_error
- INVALIDATE_ITERATOR none
- MISMATCHED_ITERATOR none
- MISMATCHED_ITERATOR splice_iterator_mismatch
- MISSING_ASSIGN none
- MISSING_ASSIGN uncalled
- MISSING_COPY none
- MISSING_COPY uncalled
- NEGATIVE_RETURNS array_index_read
- NEGATIVE_RETURNS array_index_write
- NEGATIVE_RETURNS loop_bound
- OS_CMD_INJECTION none
- OVERFLOW_BEFORE_WIDEN none
- OVERRUN illegal_address
- OVERRUN none
- OVERRUN read
- OVERRUN strlen
- OVERRUN write
- PATH_MANIPULATION none
- READLINK none
- REVERSE_NEGATIVE array_index_read
- REVERSE_NEGATIVE array_index_write
- REVERSE_NEGATIVE critical_argument
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SIZECHECK likely_overflow
- SIZECHECK no_null_terminator
- SQLI none
- STRING_NULL none
- STRING_OVERFLOW fixed_size_dest
- STRING_OVERFLOW likely_overflow
- STRING_OVERFLOW none
- STRING_SIZE none
- TAINTED_SCALAR allocation
- TAINTED_SCALAR array_index_read
- TAINTED_SCALAR array_index_write
- TAINTED_SCALAR critical_argument
- TAINTED_SCALAR divisor
- TAINTED_SCALAR loop_bound
- TAINTED_SCALAR none
- TAINTED_SCALAR pointer_deref_read
- TAINTED_SCALAR pointer_deref_write
- TAINTED_STRING none
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- URL_MANIPULATION none
- USER_POINTER none
- USE_AFTER_FREE deref_read_after_free
- USE_AFTER_FREE deref_write_after_free
- USE_AFTER_FREE double_free
- USE_AFTER_FREE none
- WEAK_GUARD dns
- WEAK_GUARD dns_sensitive_op
- WEAK_GUARD http_referer
- WEAK_GUARD http_referer_sensitive_op
- WEAK_GUARD ip_address
- WEAK_GUARD ip_address_sensitive_op
- WEAK_GUARD none
- WEAK_GUARD os_login
- WEAK_GUARD os_login_sensitive_op
- WEAK_GUARD principal_name
- WEAK_GUARD principal_name_sensitive_op
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
- WRAPPER_ESCAPE COM_deref_read_after_free
- WRAPPER_ESCAPE COM_deref_write_after_free
- WRAPPER_ESCAPE COM_use_after_free
- WRAPPER_ESCAPE deref_read_after_free
- WRAPPER_ESCAPE deref_write_after_free
- WRAPPER_ESCAPE none
- XPATH_INJECTION none
|
- CONFIG.SYMFONY_CSRF_PROTECTION_DISABLED none
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HEADER_INJECTION none
- MISSING_AUTHZ none
- NOSQL_QUERY_INJECTION none
- OPEN_REDIRECT none
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- SYMFONY_EL_INJECTION none
- UNSAFE_REFLECTION none
- XSS none
|
- CSRF database_update
- CSRF none
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- MISSING_AUTHZ none
- NOSQL_QUERY_INJECTION none
- OPEN_REDIRECT none
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- XSS none
|
- BAD_CERT_VERIFICATION ssl_verification_bypass_hi
- BLACKLIST_FOR_AUTHN auth_blacklist_med
- BLACKLIST_FOR_AUTHN csrf_blacklist_med
- CSRF csrf_not_protected_by_raising_exception_med
- CSRF csrf_protection_disabled_hi
- CSRF csrf_protection_missing_hi
- CSRF cve_2011_0447_hi
- DYNAMIC_OBJECT_ATTRIBUTES cve_2013_0276_hi
- DYNAMIC_OBJECT_ATTRIBUTES dangerous_attr_accessible_hi
- DYNAMIC_OBJECT_ATTRIBUTES dangerous_attr_accessible_low
- DYNAMIC_OBJECT_ATTRIBUTES dangerous_attr_accessible_med
- DYNAMIC_OBJECT_ATTRIBUTES dangerous_permit_key_hi
- DYNAMIC_OBJECT_ATTRIBUTES dangerous_permit_key_med
- HARDCODED_CREDENTIALS secret_in_source_med
- INSECURE_COOKIE cookie_missing_secure_flag_low
- INSECURE_COOKIE missing_httponly_low
- INSECURE_DIRECT_OBJECT_REFERENCE unscoped_find_low
- OPEN_REDIRECT open_redirect_hi
- OPEN_REDIRECT open_redirect_low
- OS_CMD_INJECTION command_injection_hi
- OS_CMD_INJECTION command_injection_med
- PATH_MANIPULATION dynamic_render_path_hi
- PATH_MANIPULATION dynamic_render_path_low
- PATH_MANIPULATION dynamic_render_path_med
- PATH_MANIPULATION dynamic_render_path_rce_hi
- PATH_MANIPULATION file_access_hi
- PATH_MANIPULATION file_access_low
- PATH_MANIPULATION file_access_med
- RAILS_DEFAULT_ROUTES all_default_routes_hi
- RAILS_DEFAULT_ROUTES controller_default_routes_med
- RAILS_DEVISE_CONFIG devise_encryptor_hi
- RAILS_DEVISE_CONFIG devise_lock_strategy_low
- RAILS_DEVISE_CONFIG devise_password_length_max_low
- RAILS_DEVISE_CONFIG devise_password_length_max_med
- RAILS_DEVISE_CONFIG devise_password_length_min_low
- RAILS_DEVISE_CONFIG devise_password_length_min_med
- RAILS_DEVISE_CONFIG devise_reset_timeout_hi
- RAILS_MISSING_FILTER_ACTION missing_action_filter_low
- REGEX_INJECTION regex_dos_hi
- REGEX_INJECTION regex_dos_low
- REGEX_INJECTION regex_dos_med
- REVERSE_TABNABBING reverse_tabnabbing_low
- RUBY_VULNERABLE_LIBRARY cve_2010_3933_hi
- RUBY_VULNERABLE_LIBRARY cve_2011_2929_hi
- RUBY_VULNERABLE_LIBRARY cve_2011_2930_med
- RUBY_VULNERABLE_LIBRARY cve_2011_2931_hi
- RUBY_VULNERABLE_LIBRARY cve_2011_2932_hi
- RUBY_VULNERABLE_LIBRARY cve_2011_3186_med
- RUBY_VULNERABLE_LIBRARY cve_2012_2660_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_2661_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_2695_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_3463_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_3465_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_5664_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_0155_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_1855_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_1857_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_4491_med
- RUBY_VULNERABLE_LIBRARY cve_2013_6416_call_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_6416_med
- RUBY_VULNERABLE_LIBRARY cve_2013_6417_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_0080_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_0081_call_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_0081_med
- RUBY_VULNERABLE_LIBRARY cve_2014_3482_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_3483_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_low
- RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_med
- RUBY_VULNERABLE_LIBRARY cve_2014_3514_med
- RUBY_VULNERABLE_LIBRARY cve_2014_7829_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_3226_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_3226_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7576_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_7577_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7578_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_7578_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7579_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_7579_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7580_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_7580_med
- RUBY_VULNERABLE_LIBRARY cve_2016_6317_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_3741_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_3741_med
- RUBY_VULNERABLE_LIBRARY cve_2018_3760_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_3760_low
- RUBY_VULNERABLE_LIBRARY cve_2018_8048_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_8048_med
- RUBY_VULNERABLE_LIBRARY safe_buffer_vuln_med
- RUBY_VULNERABLE_LIBRARY select_options_vuln_low
- RUBY_VULNERABLE_LIBRARY select_options_vuln_med
- RUBY_VULNERABLE_LIBRARY translate_vuln_hi
- RUBY_VULNERABLE_LIBRARY translate_vuln_med
- SCRIPT_CODE_INJECTION code_eval_hi
- SCRIPT_CODE_INJECTION code_eval_low
- SENSITIVE_DATA_LEAK detailed_exceptions_hi
- SENSITIVE_DATA_LEAK detailed_exceptions_med
- SENSITIVE_DATA_LEAK local_request_config_hi
- SQLI sql_injection_calculate_hi
- SQLI sql_injection_calculate_low
- SQLI sql_injection_calculate_med
- SQLI sql_injection_connection_hi
- SQLI sql_injection_connection_low
- SQLI sql_injection_connection_med
- SQLI sql_injection_delete_hi
- SQLI sql_injection_delete_low
- SQLI sql_injection_delete_med
- SQLI sql_injection_dynamic_finder_med
- SQLI sql_injection_exists_hi
- SQLI sql_injection_find_by_hi
- SQLI sql_injection_find_hi
- SQLI sql_injection_find_low
- SQLI sql_injection_find_med
- SQLI sql_injection_from_hi
- SQLI sql_injection_from_low
- SQLI sql_injection_from_med
- SQLI sql_injection_group_low
- SQLI sql_injection_group_med
- SQLI sql_injection_having_low
- SQLI sql_injection_having_med
- SQLI sql_injection_hi
- SQLI sql_injection_interp_hi
- SQLI sql_injection_interp_low
- SQLI sql_injection_interp_med
- SQLI sql_injection_joins_hi
- SQLI sql_injection_joins_low
- SQLI sql_injection_joins_med
- SQLI sql_injection_limit_offset_hi
- SQLI sql_injection_limit_offset_low
- SQLI sql_injection_low
- SQLI sql_injection_med
- SQLI sql_injection_not_low
- SQLI sql_injection_order_hi
- SQLI sql_injection_order_low
- SQLI sql_injection_order_med
- SQLI sql_injection_pluck_hi
- SQLI sql_injection_pluck_low
- SQLI sql_injection_pluck_med
- SQLI sql_injection_reorder_hi
- SQLI sql_injection_reorder_low
- SQLI sql_injection_reorder_med
- SQLI sql_injection_select_hi
- SQLI sql_injection_select_med
- SQLI sql_injection_where_hi
- SQLI sql_injection_where_low
- SQLI sql_injection_where_med
- STRICT_TRANSPORT_SECURITY force_ssl_disabled_med
- UNESCAPED_HTML unescaped_output_low
- UNSAFE_BASIC_AUTH basic_auth_password_hi
- UNSAFE_BASIC_AUTH basic_auth_timing_attack_low
- UNSAFE_BASIC_AUTH basic_auth_usage_low
- UNSAFE_REFLECTION dangerous_send_hi
- UNSAFE_REFLECTION unsafe_constantize_hi
- UNSAFE_REFLECTION unsafe_constantize_med
- UNSAFE_SESSION_SETTING http_cookies_hi
- UNSAFE_SESSION_SETTING secure_cookies_hi
- UNSAFE_SESSION_SETTING session_secret_hi
- WEAK_PASSWORD_HASH weak_hash_digest_hi
- WEAK_PASSWORD_HASH weak_hash_digest_med
- WEAK_PASSWORD_HASH weak_hash_hmac_med
- XSS cross_site_scripting_hi
- XSS cross_site_scripting_inline_hi
- XSS cross_site_scripting_inline_med
- XSS cross_site_scripting_low
- XSS cross_site_scripting_med
- XSS cve_2011_0446_hi
- XSS cve_2012_3464_med
- XSS cve_2016_6316_hi
- XSS cve_2016_6316_med
- XSS unquoted_attribute_hi
- XSS unquoted_attribute_low
- XSS unquoted_attribute_med
- XSS xss_content_tag_hi
- XSS xss_content_tag_med
- XSS xss_link_to_hi
- XSS xss_link_to_href_hi
- XSS xss_link_to_href_low
- XSS xss_link_to_med
- XSS xss_to_json_hi
- XSS xss_to_json_med
|
- OVERFLOW_BEFORE_WIDEN none
|
- BAD_CERT_VERIFICATION bad_trust_manager
- BAD_CERT_VERIFICATION none
- CONFIG.ATS_INSECURE none
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- INSECURE_COMMUNICATION none
- INSECURE_MULTIPEER_CONNECTION none
- PATH_MANIPULATION none
- REGEX_INJECTION none
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- WEAK_BIOMETRIC_AUTH none
- XPATH_INJECTION none
|
- ANGULAR_BYPASS_SECURITY none
- ANGULAR_ELEMENT_REFERENCE none
- ANGULAR_EXPRESSION_INJECTION none
- ANGULAR_SCE_DISABLED angular_sce_disabled
- AWS_SSL_DISABLED aws_ssl_disabled
- AWS_VALIDATION_DISABLED aws_credentials_validation
- AWS_VALIDATION_DISABLED aws_parameters_validation
- BAD_CERT_VERIFICATION bad_cert_verification
- BAD_CERT_VERIFICATION certificate_validation_disabled
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
- CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
- CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_intent_whitelist
- CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_navigation_whitelist
- CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_network_request_whitelist
- CONFIG.CSURF_IGNORE_METHODS csurf_ignore_methods
- CONFIG.HANA_XS_PREVENT_XSRF_DISABLED none
- CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
- CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
- CONFIG.MYSQL_SSL_VERIFY_DISABLED mysql_ssl_verify_disabled
- CONFIG.REQUEST_STRICTSSL_DISABLED request_strictssl_disabled
- CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
- CONFIG.UNSAFE_SESSION_TIMEOUT client_sessions_unsafe_session_timeout
- CONFIG.UNSAFE_SESSION_TIMEOUT connect_mongo_session_timeout_too_long
- CONFIG.UNSAFE_SESSION_TIMEOUT connect_redis_session_timeout_too_long
- CONFIG.UNSAFE_SESSION_TIMEOUT google_cloud_connect_datastore_unsafe_session_timeout
- COOKIE_INJECTION none
- CORS_MISCONFIGURATION cors_configured_globally
- CORS_MISCONFIGURATION cors_origin_string
- CORS_MISCONFIGURATION cors_with_credentials_all_origin
- CORS_MISCONFIGURATION cors_with_credentials_http_origin
- CORS_MISCONFIGURATION cors_with_credentials_null_origin
- CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
- CORS_MISCONFIGURATION_AUDIT cors_expose_sensitive_header
- CORS_MISCONFIGURATION_AUDIT cors_headers_allowed
- CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
- CORS_MISCONFIGURATION_AUDIT cors_origin_string
- CORS_MISCONFIGURATION_AUDIT cors_preflight_age_too_long
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_all_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_http_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_null_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
- CSRF database_update
- CSRF filesystem_modification
- CSRF none
- CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_cookie_name
- CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_no_validation
- CSRF_MISCONFIGURATION_HAPI_CRUMB insecure_cookie
- CSRF_MISCONFIGURATION_HAPI_CRUMB insufficient_token_entropy
- CSS_INJECTION none
- DOM_XSS none
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HEADER_INJECTION none
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_max_age
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_report_uri
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_set_if
- INSECURE_ACL insecure_acl
- INSECURE_COMMUNICATION insecure_connection
- INSECURE_COOKIE client_sessions_express_session
- INSECURE_COOKIE hapi_server_session
- INSECURE_REFERRER_POLICY insecure_referrer_policy
- INSECURE_SALT hardcoded
- INSUFFICIENT_LOGGING logging_obligation
- INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_aws
- INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_google
- JSONWEBTOKEN_UNTRUSTED_DECODE jwt_untrusted_decode
- LOCALSTORAGE_MANIPULATION none
- MISSING_AUTHZ none
- MULTER_MISCONFIGURATION multer_applied_globally
- MULTER_MISCONFIGURATION multer_custom_file_filter
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
- NOSQL_QUERY_INJECTION none
- OPEN_REDIRECT none
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- REACT_DANGEROUS_INNERHTML react_set_unsafe_html
- REGEX_INJECTION none
- REVERSE_TABNABBING react_target_blank
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO insecure_cipher
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SA.RISKY_CRYPTO ssl_protocol
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SESSIONSTORAGE_MANIPULATION none
- SQLI none
- SQLI nosink
- SQLI sink
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
- TEMPLATE_INJECTION none
- TEMPORARY_CREDENTIALS_DURATION temporary_credentials_duration
- UNCHECKED_ORIGIN none
- UNLESS_CASE_SENSITIVE_ROUTE_MATCHING express_unless_case_sensitive_route_matching
- UNSAFE_BUFFER_METHOD unsafe_buffer_method
- URL_MANIPULATION none
- VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
- WEAK_URL_SANITIZATION hostname_regular_expression
- WEAK_URL_SANITIZATION regular_expression_anchor
- WEAK_URL_SANITIZATION url_substring
- XSS none
|
- CSRF database_update
- CSRF filesystem_modification
- CSRF none
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HEADER_INJECTION none
- LDAP_INJECTION none
- LDAP_NOT_CONSTANT none
- LOG_INJECTION none
- MISSING_AUTHZ none
- OPEN_REDIRECT none
- OS_CMD_INJECTION command_argument
- OS_CMD_INJECTION executable_file
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- REGEX_INJECTION none
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
- UNLOGGED_SECURITY_EXCEPTION unlogged_security_exception
- UNRESTRICTED_DISPATCH none
- UNSAFE_NAMED_QUERY none
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
- XML_INJECTION none
- XPATH_INJECTION none
- XSS none
- XSS stored_xss
|
| 976 SFP Secondary Cluster: Compiler |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 977 SFP Secondary Cluster: Design |
- BAD_EQ referential
- BAD_LOCK_OBJECT boxed_lock
- BAD_LOCK_OBJECT interned_string_lock
- BAD_LOCK_OBJECT none
- BAD_LOCK_OBJECT single_thread_lock
- BAD_LOCK_OBJECT unsafe_assign_to_locked_field
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT missing_parentheses
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- DIVIDE_BY_ZERO float_divisor
- DIVIDE_BY_ZERO none
- GUARDED_BY_VIOLATION none
- INFINITE_LOOP no_escape
- INFINITE_LOOP none
- LOCK_EVASION none
- LOCK_INVERSION none
- NESTING_INDENT_MISMATCH bad_indentation
- NESTING_INDENT_MISMATCH none
- NON_STATIC_GUARDING_STATIC none
- NOSQL_QUERY_INJECTION none
- OVERFLOW_BEFORE_WIDEN none
- REGEX_INJECTION none
- SCRIPT_CODE_INJECTION none
- STRAY_SEMICOLON none
- UNKNOWN_LANGUAGE_INJECTION none
- VOLATILE_ATOMICITY compare
- VOLATILE_ATOMICITY none
- VOLATILE_ATOMICITY semantic
- VOLATILE_ATOMICITY threshold
- XML_EXTERNAL_ENTITY entity_expansion
- XML_EXTERNAL_ENTITY unrestricted_dtds
- XPATH_INJECTION none
|
- ATOMICITY none
- BAD_ALLOC_STRLEN none
- BAD_COMPARE misuse_of_not
- BAD_COMPARE string_lit_comparison
- BAD_SIZEOF none
- BAD_SIZEOF sizeof_ptr_expr
- COM.BSTR.CONV none
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT missing_parentheses
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- DIVIDE_BY_ZERO float_divisor
- DIVIDE_BY_ZERO none
- INCOMPATIBLE_CAST endianness
- INFINITE_LOOP no_escape
- INFINITE_LOOP none
- INTEGER_OVERFLOW array_index_read
- INTEGER_OVERFLOW array_index_write
- INTEGER_OVERFLOW const_overflow
- INTEGER_OVERFLOW critical_argument
- INTEGER_OVERFLOW none
- INTEGER_OVERFLOW pointer_deref_read
- INTEGER_OVERFLOW pointer_deref_write
- INTEGER_OVERFLOW return_value_error
- LOCK double_lock
- LOCK lock_assert
- LOCK missing_unlock
- LOCK none
- MISSING_BREAK none
- MISSING_LOCK none
- NESTING_INDENT_MISMATCH bad_indentation
- NESTING_INDENT_MISMATCH none
- NO_EFFECT extra_comma
- NO_EFFECT no_effect_test
- ORDER_REVERSAL none
- OVERFLOW_BEFORE_WIDEN none
- PW.ASSIGN_WHERE_COMPARE_MEANT none
- PW.DIVIDE_BY_ZERO none
- PW.INTEGER_OVERFLOW none
- PW.INTEGER_TOO_LARGE none
- PW.SHIFT_COUNT_TOO_LARGE none
- SIZECHECK ampersand_in_size
- SIZECHECK improper_new
- SIZECHECK incorrect_multiplication
- SIZECHECK likely_overflow
- SIZECHECK none
- SIZEOF_MISMATCH missing_parentheses
- SIZEOF_MISMATCH sizeof_punning
- SLEEP none
- STRAY_SEMICOLON none
- TAINTED_SCALAR divisor
- TOCTOU none
- UNCAUGHT_EXCEPT none
- XPATH_INJECTION none
|
- ATOMICITY none
- BAD_ALLOC_STRLEN none
- BAD_COMPARE misuse_of_not
- BAD_COMPARE string_lit_comparison
- BAD_SIZEOF none
- BAD_SIZEOF sizeof_ptr_expr
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT missing_parentheses
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- DIVIDE_BY_ZERO float_divisor
- DIVIDE_BY_ZERO none
- INCOMPATIBLE_CAST endianness
- INFINITE_LOOP no_escape
- INFINITE_LOOP none
- INTEGER_OVERFLOW array_index_read
- INTEGER_OVERFLOW array_index_write
- INTEGER_OVERFLOW const_overflow
- INTEGER_OVERFLOW critical_argument
- INTEGER_OVERFLOW none
- INTEGER_OVERFLOW pointer_deref_read
- INTEGER_OVERFLOW pointer_deref_write
- INTEGER_OVERFLOW return_value_error
- LOCK double_lock
- LOCK lock_assert
- LOCK missing_unlock
- LOCK none
- MISSING_BREAK none
- MISSING_LOCK none
- NESTING_INDENT_MISMATCH bad_indentation
- NESTING_INDENT_MISMATCH none
- NO_EFFECT extra_comma
- NO_EFFECT no_effect_test
- ORDER_REVERSAL none
- OVERFLOW_BEFORE_WIDEN none
- PW.ASSIGN_WHERE_COMPARE_MEANT none
- PW.DIVIDE_BY_ZERO none
- PW.INTEGER_OVERFLOW none
- PW.INTEGER_TOO_LARGE none
- PW.SHIFT_COUNT_TOO_LARGE none
- SIZECHECK ampersand_in_size
- SIZECHECK improper_new
- SIZECHECK incorrect_multiplication
- SIZECHECK likely_overflow
- SIZECHECK none
- SIZEOF_MISMATCH missing_parentheses
- SIZEOF_MISMATCH sizeof_punning
- SLEEP none
- STRAY_SEMICOLON none
- TAINTED_SCALAR divisor
- TOCTOU none
- UNCAUGHT_EXCEPT none
- XPATH_INJECTION none
|
- ATOMICITY none
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT missing_parentheses
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- DIVIDE_BY_ZERO float_divisor
- DIVIDE_BY_ZERO none
- GUARDED_BY_VIOLATION none
- INFINITE_LOOP no_escape
- INFINITE_LOOP none
- LOCK double_lock
- LOCK lock_assert
- LOCK missing_unlock
- LOCK none
- LOCK_INVERSION none
- NOSQL_QUERY_INJECTION none
- SLEEP none
- TEMPLATE_INJECTION none
- XML_EXTERNAL_ENTITY entity_expansion
|
- ATOMICITY none
- BAD_LOCK_OBJECT boxed_lock
- BAD_LOCK_OBJECT interned_string_lock
- BAD_LOCK_OBJECT none
- BAD_LOCK_OBJECT single_thread_lock
- BAD_LOCK_OBJECT unsafe_assign_to_locked_field
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT missing_parentheses
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
- DC.DEADLOCK none
- DIVIDE_BY_ZERO float_divisor
- DIVIDE_BY_ZERO none
- FB.BX_BOXING_IMMEDIATELY_UNBOXED_TO_PERFORM_COERCION none
- FB.DC_DOUBLECHECK none
- FB.DC_PARTIALLY_CONSTRUCTED none
- FB.DM_EXIT none
- FB.EQ_ABSTRACT_SELF none
- FB.EQ_ALWAYS_FALSE none
- FB.EQ_ALWAYS_TRUE none
- FB.EQ_CHECK_FOR_OPERAND_NOT_COMPATIBLE_WITH_THIS none
- FB.EQ_COMPARETO_USE_OBJECT_EQUALS none
- FB.EQ_COMPARING_CLASS_NAMES none
- FB.EQ_DOESNT_OVERRIDE_EQUALS none
- FB.EQ_DONT_DEFINE_EQUALS_FOR_ENUM none
- FB.EQ_GETCLASS_AND_CLASS_CONSTANT none
- FB.EQ_OTHER_NO_OBJECT none
- FB.EQ_OTHER_USE_OBJECT none
- FB.EQ_OVERRIDING_EQUALS_NOT_SYMMETRIC none
- FB.EQ_SELF_NO_OBJECT none
- FB.EQ_SELF_USE_OBJECT none
- FB.EQ_UNUSUAL none
- FB.ES_COMPARING_PARAMETER_STRING_WITH_EQ none
- FB.ES_COMPARING_STRINGS_WITH_EQ none
- FB.ICAST_BAD_SHIFT_AMOUNT none
- FB.ICAST_IDIV_CAST_TO_DOUBLE none
- FB.ICAST_INTEGER_MULTIPLY_CAST_TO_LONG none
- FB.ICAST_INT_2_LONG_AS_INSTANT none
- FB.ICAST_INT_CAST_TO_DOUBLE_PASSED_TO_CEIL none
- FB.ICAST_INT_CAST_TO_FLOAT_PASSED_TO_ROUND none
- FB.ICAST_QUESTIONABLE_UNSIGNED_RIGHT_SHIFT none
- FB.IL_INFINITE_RECURSIVE_LOOP none
- FB.IS2_INCONSISTENT_SYNC none
- FB.IS_FIELD_NOT_GUARDED none
- FB.IS_INCONSISTENT_SYNC none
- FB.LI_LAZY_INIT_STATIC none
- FB.LI_LAZY_INIT_UPDATE_STATIC none
- FB.QBA_QUESTIONABLE_BOOLEAN_ASSIGNMENT none
- FB.REC_CATCH_EXCEPTION none
- FB.RE_BAD_SYNTAX_FOR_REGULAR_EXPRESSION none
- FB.RE_CANT_USE_FILE_SEPARATOR_AS_REGULAR_EXPRESSION none
- FB.RE_POSSIBLE_UNINTENDED_PATTERN none
- FB.RU_INVOKE_RUN none
- FB.SF_DEAD_STORE_DUE_TO_SWITCH_FALLTHROUGH none
- FB.SF_DEAD_STORE_DUE_TO_SWITCH_FALLTHROUGH_TO_THROW none
- FB.SF_SWITCH_FALLTHROUGH none
- FB.STCAL_INVOKE_ON_STATIC_CALENDAR_INSTANCE none
- FB.STCAL_INVOKE_ON_STATIC_DATE_FORMAT_INSTANCE none
- FB.STCAL_STATIC_CALENDAR_INSTANCE none
- FB.STCAL_STATIC_SIMPLE_DATE_FORMAT_INSTANCE none
- GUARDED_BY_VIOLATION none
- GUARDED_BY_VIOLATION unlocked_read
- GUARDED_BY_VIOLATION unlocked_write
- HIBERNATE_BAD_HASHCODE bad_equals
- INFINITE_LOOP no_escape
- INFINITE_LOOP none
- INSECURE_HTTP_FIREWALL spring_security
- INSECURE_REMEMBER_ME_COOKIE remember_me_cookie
- JAVA_CODE_INJECTION none
- JCR_INJECTION none
- JSP_DYNAMIC_INCLUDE none
- LOCK_EVASION none
- LOCK_INVERSION none
- MISSING_BREAK none
- NESTING_INDENT_MISMATCH bad_indentation
- NESTING_INDENT_MISMATCH none
- NON_STATIC_GUARDING_STATIC none
- NOSQL_QUERY_INJECTION none
- OGNL_INJECTION none
- OVERFLOW_BEFORE_WIDEN none
- REGEX_CONFUSION none
- REGEX_INJECTION none
- SCRIPT_CODE_INJECTION none
- SERVLET_ATOMICITY attribute_init_race
- SERVLET_ATOMICITY none
- SERVLET_ATOMICITY violation_on_session_object
- SINGLETON_RACE none
- STRAY_SEMICOLON none
- UNKNOWN_LANGUAGE_INJECTION none
- VOLATILE_ATOMICITY compare
- VOLATILE_ATOMICITY none
- VOLATILE_ATOMICITY semantic
- VOLATILE_ATOMICITY threshold
- XML_EXTERNAL_ENTITY entity_expansion
- XML_EXTERNAL_ENTITY unrestricted_dtds
- XPATH_INJECTION none
|
- ANGULAR_EXPRESSION_INJECTION none
- CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_intent_whitelist
- CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_navigation_whitelist
- CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_network_request_whitelist
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT missing_parentheses
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
- INSECURE_COOKIE client_sessions_express_session
- INSECURE_COOKIE hapi_server_session
- MISSING_BREAK none
- NESTING_INDENT_MISMATCH bad_indentation
- NESTING_INDENT_MISMATCH none
- NOSQL_QUERY_INJECTION none
- REGEX_INJECTION none
- SCRIPT_CODE_INJECTION none
- STRAY_SEMICOLON none
- TEMPLATE_INJECTION none
- WEAK_URL_SANITIZATION hostname_regular_expression
- WEAK_URL_SANITIZATION regular_expression_anchor
- XML_EXTERNAL_ENTITY entity_expansion
|
- XML_EXTERNAL_ENTITY entity_expansion
- XML_EXTERNAL_ENTITY unrestricted_dtds
|
- ATOMICITY none
- BAD_ALLOC_STRLEN none
- BAD_COMPARE misuse_of_not
- BAD_COMPARE string_lit_comparison
- BAD_SIZEOF none
- BAD_SIZEOF sizeof_ptr_expr
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT missing_parentheses
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- DIVIDE_BY_ZERO float_divisor
- DIVIDE_BY_ZERO none
- INCOMPATIBLE_CAST endianness
- INFINITE_LOOP no_escape
- INFINITE_LOOP none
- INTEGER_OVERFLOW array_index_read
- INTEGER_OVERFLOW array_index_write
- INTEGER_OVERFLOW const_overflow
- INTEGER_OVERFLOW critical_argument
- INTEGER_OVERFLOW none
- INTEGER_OVERFLOW pointer_deref_read
- INTEGER_OVERFLOW pointer_deref_write
- INTEGER_OVERFLOW return_value_error
- LOCK double_lock
- LOCK lock_assert
- LOCK missing_unlock
- LOCK none
- MISSING_BREAK none
- MISSING_LOCK none
- NESTING_INDENT_MISMATCH bad_indentation
- NESTING_INDENT_MISMATCH none
- NO_EFFECT extra_comma
- NO_EFFECT no_effect_test
- ORDER_REVERSAL none
- OVERFLOW_BEFORE_WIDEN none
- SIZECHECK ampersand_in_size
- SIZECHECK improper_new
- SIZECHECK incorrect_multiplication
- SIZECHECK likely_overflow
- SIZECHECK none
- SIZEOF_MISMATCH missing_parentheses
- SIZEOF_MISMATCH sizeof_punning
- SLEEP none
- STRAY_SEMICOLON none
- TAINTED_SCALAR divisor
- TOCTOU none
- UNCAUGHT_EXCEPT none
- XPATH_INJECTION none
|
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT missing_parentheses
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- MISSING_BREAK none
- NESTING_INDENT_MISMATCH bad_indentation
- NESTING_INDENT_MISMATCH none
- NOSQL_QUERY_INJECTION none
- SCRIPT_CODE_INJECTION none
- STRAY_SEMICOLON none
|
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT missing_parentheses
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- NOSQL_QUERY_INJECTION none
- SCRIPT_CODE_INJECTION none
|
- BLACKLIST_FOR_AUTHN auth_blacklist_med
- BLACKLIST_FOR_AUTHN csrf_blacklist_med
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT missing_parentheses
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- DIVIDE_BY_ZERO divide_by_zero_low
- DIVIDE_BY_ZERO divide_by_zero_med
- DYNAMIC_OBJECT_ATTRIBUTES dangerous_attr_accessible_hi
- DYNAMIC_OBJECT_ATTRIBUTES dangerous_attr_accessible_low
- DYNAMIC_OBJECT_ATTRIBUTES dangerous_attr_accessible_med
- DYNAMIC_OBJECT_ATTRIBUTES dangerous_permit_key_hi
- DYNAMIC_OBJECT_ATTRIBUTES dangerous_permit_key_med
- PATH_MANIPULATION dynamic_render_path_rce_hi
- RAILS_DEVISE_CONFIG devise_lock_strategy_low
- REGEX_INJECTION regex_dos_hi
- REGEX_INJECTION regex_dos_low
- REGEX_INJECTION regex_dos_med
- REGEX_MISSING_ANCHOR validation_regex_hi
- SCRIPT_CODE_INJECTION code_eval_hi
- SCRIPT_CODE_INJECTION code_eval_low
|
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT missing_parentheses
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- NESTING_INDENT_MISMATCH bad_indentation
- NESTING_INDENT_MISMATCH none
- OVERFLOW_BEFORE_WIDEN none
|
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- REGEX_INJECTION none
- SCRIPT_CODE_INJECTION none
- XPATH_INJECTION none
|
- ANGULAR_EXPRESSION_INJECTION none
- CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_intent_whitelist
- CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_navigation_whitelist
- CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_network_request_whitelist
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT missing_parentheses
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
- INSECURE_COOKIE client_sessions_express_session
- INSECURE_COOKIE hapi_server_session
- MISSING_BREAK none
- NESTING_INDENT_MISMATCH bad_indentation
- NESTING_INDENT_MISMATCH none
- NOSQL_QUERY_INJECTION none
- REGEX_INJECTION none
- SCRIPT_CODE_INJECTION none
- STRAY_SEMICOLON none
- TEMPLATE_INJECTION none
- WEAK_URL_SANITIZATION hostname_regular_expression
- WEAK_URL_SANITIZATION regular_expression_anchor
- XML_EXTERNAL_ENTITY entity_expansion
|
- DIVIDE_BY_ZERO float_divisor
- DIVIDE_BY_ZERO none
- INFINITE_LOOP no_escape
- INFINITE_LOOP none
- LOCK_EVASION none
- REGEX_INJECTION none
- SCRIPT_CODE_INJECTION none
- XML_EXTERNAL_ENTITY entity_expansion
- XML_EXTERNAL_ENTITY unrestricted_dtds
- XPATH_INJECTION none
|
| 978 SFP Secondary Cluster: Implementation |
- BAD_EQ referential
- BAD_EQ_TYPES none
- CALL_SUPER none
- CONFIG.CONNECTION_STRING_PASSWORD none
- CONSTANT_EXPRESSION_RESULT bit_and_with_zero
- CONSTANT_EXPRESSION_RESULT extra_high_bits
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT missing_parentheses
- CONSTANT_EXPRESSION_RESULT none
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT result_independent_of_operands
- CONSTANT_EXPRESSION_RESULT same_on_both_sides
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- COPY_PASTE_ERROR none
- DEADCODE dead_case_in_switch
- DEADCODE dead_default_in_switch
- DEADCODE effectively_constant
- DEADCODE none
- DEADCODE redundant_test
- FORWARD_NULL deref_constant_null
- FORWARD_NULL deref_constant_zero
- FORWARD_NULL dynamic_cast
- FORWARD_NULL none
- FORWARD_NULL null_from_as
- FORWARD_NULL throws_on_null
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- IDENTICAL_BRANCHES case
- IDENTICAL_BRANCHES chain
- IDENTICAL_BRANCHES if
- IDENTICAL_BRANCHES ternary
- LOCK_INVERSION none
- MISSING_RESTORE likely
- MISSING_RESTORE none
- MISSING_RESTORE possible
- NESTING_INDENT_MISMATCH bad_indentation
- NESTING_INDENT_MISMATCH none
- NOSQL_QUERY_INJECTION none
- NULL_RETURNS none
- NULL_RETURNS unimpl
- PROPERTY_MIXUP none
- REGEX_INJECTION none
- RESOURCE_LEAK channel
- RESOURCE_LEAK database
- RESOURCE_LEAK exceptional_path
- RESOURCE_LEAK none
- RESOURCE_LEAK socket
- RESOURCE_LEAK stream
- REVERSE_INULL none
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SWAPPED_ARGUMENTS none
- UNEXPECTED_CONTROL_FLOW continue_in_do_while_false
- UNKNOWN_LANGUAGE_INJECTION none
- UNREACHABLE none
- UNRESTRICTED_DISPATCH none
- UNSAFE_DESERIALIZATION none
- UNSAFE_NAMED_QUERY none
- UNUSED_VALUE adjacent
- UNUSED_VALUE none
- XML_EXTERNAL_ENTITY entity_expansion
- XML_EXTERNAL_ENTITY unrestricted_dtds
- XPATH_INJECTION none
|
- ALLOC_FREE_MISMATCH none
- ASSIGN_NOT_RETURNING_STAR_THIS indirect
- ASSIGN_NOT_RETURNING_STAR_THIS none
- ASSIGN_NOT_RETURNING_STAR_THIS usable_for_chained_assignment
- BAD_COMPARE comparator_misuse
- BAD_COMPARE misuse_of_not
- BAD_COMPARE none
- BAD_COMPARE string_lit_comparison
- BAD_FREE address
- BAD_FREE alloca
- BAD_FREE array
- BAD_FREE first_field_address
- BAD_FREE function_pointer
- BAD_FREE none
- BAD_OVERRIDE none
- CHECKED_RETURN library_function
- CHECKED_RETURN none
- CHECKED_RETURN returns_error_info
- CHECKED_RETURN short_read
- CHECKED_RETURN unchecked_arg
- CHECKED_RETURN user_required
- CHROOT none
- COM.ADDROF_LEAK none
- COM.BAD_FREE none
- COM.BSTR.ALLOC double_free
- COM.BSTR.ALLOC free_uninit
- COM.BSTR.ALLOC leak
- COM.BSTR.ALLOC none
- COM.BSTR.ALLOC use_after_free
- COM.BSTR.ALLOC use_uninit
- CONSTANT_EXPRESSION_RESULT bit_and_with_zero
- CONSTANT_EXPRESSION_RESULT extra_high_bits
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT missing_parentheses
- CONSTANT_EXPRESSION_RESULT none
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT pointless_string_compare
- CONSTANT_EXPRESSION_RESULT result_independent_of_operands
- CONSTANT_EXPRESSION_RESULT same_on_both_sides
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- COPY_PASTE_ERROR none
- CTOR_DTOR_LEAK none
- DC.PREDICTABLE_KEY_PASSWORD none
- DC.STREAM_BUFFER none
- DC.STRING_BUFFER none
- DC.WEAK_CRYPTO none
- DEADCODE dead_case_in_switch
- DEADCODE dead_default_in_switch
- DEADCODE effectively_constant
- DEADCODE none
- DEADCODE redundant_test
- DELETE_ARRAY non_array_delete
- DELETE_ARRAY none
- DELETE_ARRAY object
- DELETE_ARRAY scalar
- DELETE_VOID none
- ENUM_AS_BOOLEAN none
- EVALUATION_ORDER none
- FORWARD_NULL deref_constant_null
- FORWARD_NULL dynamic_cast
- FORWARD_NULL none
- FORWARD_NULL throws_on_null
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HFA none
- IDENTICAL_BRANCHES case
- IDENTICAL_BRANCHES chain
- IDENTICAL_BRANCHES if
- IDENTICAL_BRANCHES ternary
- INCOMPATIBLE_CAST endianness
- INVALIDATE_ITERATOR none
- LOCK double_lock
- LOCK lock_assert
- MISMATCHED_ITERATOR mismatched_comparison
- MISSING_ASSIGN none
- MISSING_ASSIGN uncalled
- MISSING_BREAK none
- MISSING_COPY none
- MISSING_COPY uncalled
- MISSING_RESTORE likely
- MISSING_RESTORE none
- MISSING_RESTORE possible
- MISSING_RETURN multiple_returns
- MISSING_RETURN none
- MIXED_ENUMS inferred
- MIXED_ENUMS none
- NEGATIVE_RETURNS critical_argument
- NESTING_INDENT_MISMATCH bad_indentation
- NESTING_INDENT_MISMATCH none
- NO_EFFECT array_null
- NO_EFFECT bad_memset_zero_size
- NO_EFFECT extra_comma
- NO_EFFECT incomplete_delete
- NO_EFFECT no_effect_deref
- NO_EFFECT no_effect_test
- NO_EFFECT self_assign
- NO_EFFECT static_through_instance
- NO_EFFECT unsigned_compare
- NO_EFFECT unsigned_compare_macros
- NO_EFFECT unsigned_enums
- NO_EFFECT useless_continue
- NULL_RETURNS none
- NULL_RETURNS unimpl
- OPEN_ARGS none
- ORDER_REVERSAL none
- PASS_BY_VALUE none
- PRINTF_ARGS extra_printf_arg
- PRINTF_ARGS invalid_printf_format_string
- PRINTF_ARGS invalid_type_printf_arg
- PRINTF_ARGS missing_printf_arg
- PW.* none
- PW.ASSIGN_WHERE_COMPARE_MEANT none
- PW.BAD_PRINTF_FORMAT_STRING none
- PW.BRANCH_PAST_INITIALIZATION none
- PW.RETURN_PTR_TO_LOCAL_TEMP none
- PW.TOO_FEW_PRINTF_ARGS none
- PW.TOO_MANY_PRINTF_ARGS none
- PW.UNSIGNED_COMPARE_WITH_NEGATIVE none
- RESOURCE_LEAK exceptional_path
- RESOURCE_LEAK fds_handles
- RESOURCE_LEAK none
- RETURN_LOCAL escape_local_addr_to_fields_or_globals
- RETURN_LOCAL none
- REVERSE_INULL none
- SECURE_CODING none
- SELF_ASSIGN none
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SIZEOF_MISMATCH extra_sizeof
- SIZEOF_MISMATCH missing_parentheses
- SIZEOF_MISMATCH none
- SIZEOF_MISMATCH sizeof_punning
- SIZEOF_MISMATCH wrong_size_value
- SIZEOF_MISMATCH wrong_sizeof
- STACK_USE none
- SWAPPED_ARGUMENTS none
- TAINTED_SCALAR allocation
- UNCAUGHT_EXCEPT none
- UNEXPECTED_CONTROL_FLOW continue_in_do_while_false
- UNINIT array_index_read
- UNINIT array_index_write
- UNINIT none
- UNINIT pointer_deref_read
- UNINIT pointer_deref_write
- UNINIT_CTOR none
- UNINIT_CTOR pointer
- UNREACHABLE none
- UNUSED_VALUE adjacent
- UNUSED_VALUE none
- USE_AFTER_FREE deref_read_after_free
- USE_AFTER_FREE deref_write_after_free
- USE_AFTER_FREE double_free
- USE_AFTER_FREE none
- VARARGS none
- VIRTUAL_DTOR empty_dtor
- VIRTUAL_DTOR none
- WEAK_GUARD dns
- WEAK_GUARD dns_sensitive_op
- WRAPPER_ESCAPE COM_deref_read_after_free
- WRAPPER_ESCAPE COM_deref_write_after_free
- WRAPPER_ESCAPE COM_use_after_free
- WRAPPER_ESCAPE deref_read_after_free
- WRAPPER_ESCAPE deref_write_after_free
- WRAPPER_ESCAPE none
- XPATH_INJECTION none
|
- ALLOC_FREE_MISMATCH none
- ASSIGN_NOT_RETURNING_STAR_THIS indirect
- ASSIGN_NOT_RETURNING_STAR_THIS none
- ASSIGN_NOT_RETURNING_STAR_THIS usable_for_chained_assignment
- BAD_COMPARE comparator_misuse
- BAD_COMPARE misuse_of_not
- BAD_COMPARE none
- BAD_COMPARE string_lit_comparison
- BAD_FREE address
- BAD_FREE alloca
- BAD_FREE array
- BAD_FREE first_field_address
- BAD_FREE function_pointer
- BAD_FREE none
- BAD_OVERRIDE none
- CHECKED_RETURN library_function
- CHECKED_RETURN none
- CHECKED_RETURN returns_error_info
- CHECKED_RETURN short_read
- CHECKED_RETURN unchecked_arg
- CHECKED_RETURN user_required
- CHROOT none
- CONSTANT_EXPRESSION_RESULT bit_and_with_zero
- CONSTANT_EXPRESSION_RESULT extra_high_bits
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT missing_parentheses
- CONSTANT_EXPRESSION_RESULT none
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT pointless_string_compare
- CONSTANT_EXPRESSION_RESULT result_independent_of_operands
- CONSTANT_EXPRESSION_RESULT same_on_both_sides
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- COPY_PASTE_ERROR none
- CTOR_DTOR_LEAK none
- DC.PREDICTABLE_KEY_PASSWORD none
- DC.STREAM_BUFFER none
- DC.STRING_BUFFER none
- DC.WEAK_CRYPTO none
- DEADCODE dead_case_in_switch
- DEADCODE dead_default_in_switch
- DEADCODE effectively_constant
- DEADCODE none
- DEADCODE redundant_test
- DELETE_ARRAY non_array_delete
- DELETE_ARRAY none
- DELETE_ARRAY object
- DELETE_ARRAY scalar
- DELETE_VOID none
- ENUM_AS_BOOLEAN none
- EVALUATION_ORDER none
- FORWARD_NULL deref_constant_null
- FORWARD_NULL dynamic_cast
- FORWARD_NULL none
- FORWARD_NULL throws_on_null
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- IDENTICAL_BRANCHES case
- IDENTICAL_BRANCHES chain
- IDENTICAL_BRANCHES if
- IDENTICAL_BRANCHES ternary
- INCOMPATIBLE_CAST endianness
- INVALIDATE_ITERATOR none
- LOCK double_lock
- LOCK lock_assert
- MISMATCHED_ITERATOR mismatched_comparison
- MISSING_ASSIGN none
- MISSING_ASSIGN uncalled
- MISSING_BREAK none
- MISSING_COPY none
- MISSING_COPY uncalled
- MISSING_RESTORE likely
- MISSING_RESTORE none
- MISSING_RESTORE possible
- MISSING_RETURN multiple_returns
- MISSING_RETURN none
- MIXED_ENUMS inferred
- MIXED_ENUMS none
- NEGATIVE_RETURNS critical_argument
- NESTING_INDENT_MISMATCH bad_indentation
- NESTING_INDENT_MISMATCH none
- NO_EFFECT array_null
- NO_EFFECT bad_memset_zero_size
- NO_EFFECT extra_comma
- NO_EFFECT incomplete_delete
- NO_EFFECT no_effect_deref
- NO_EFFECT no_effect_test
- NO_EFFECT self_assign
- NO_EFFECT static_through_instance
- NO_EFFECT unsigned_compare
- NO_EFFECT unsigned_compare_macros
- NO_EFFECT unsigned_enums
- NO_EFFECT useless_continue
- NULL_RETURNS none
- NULL_RETURNS unimpl
- OPEN_ARGS none
- ORDER_REVERSAL none
- PASS_BY_VALUE none
- PRINTF_ARGS extra_printf_arg
- PRINTF_ARGS invalid_printf_format_string
- PRINTF_ARGS invalid_type_printf_arg
- PRINTF_ARGS missing_printf_arg
- PW.* none
- PW.ASSIGN_WHERE_COMPARE_MEANT none
- PW.BAD_PRINTF_FORMAT_STRING none
- PW.BRANCH_PAST_INITIALIZATION none
- PW.RETURN_PTR_TO_LOCAL_TEMP none
- PW.TOO_FEW_PRINTF_ARGS none
- PW.TOO_MANY_PRINTF_ARGS none
- PW.UNSIGNED_COMPARE_WITH_NEGATIVE none
- RESOURCE_LEAK exceptional_path
- RESOURCE_LEAK fds_handles
- RESOURCE_LEAK none
- RETURN_LOCAL escape_local_addr_to_fields_or_globals
- RETURN_LOCAL none
- REVERSE_INULL none
- SECURE_CODING none
- SELF_ASSIGN none
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SIZEOF_MISMATCH extra_sizeof
- SIZEOF_MISMATCH missing_parentheses
- SIZEOF_MISMATCH none
- SIZEOF_MISMATCH sizeof_punning
- SIZEOF_MISMATCH wrong_size_value
- SIZEOF_MISMATCH wrong_sizeof
- STACK_USE none
- SWAPPED_ARGUMENTS none
- TAINTED_SCALAR allocation
- UNCAUGHT_EXCEPT none
- UNEXPECTED_CONTROL_FLOW continue_in_do_while_false
- UNINIT array_index_read
- UNINIT array_index_write
- UNINIT none
- UNINIT pointer_deref_read
- UNINIT pointer_deref_write
- UNINIT_CTOR none
- UNINIT_CTOR pointer
- UNREACHABLE none
- UNUSED_VALUE adjacent
- UNUSED_VALUE none
- USE_AFTER_FREE deref_read_after_free
- USE_AFTER_FREE deref_write_after_free
- USE_AFTER_FREE double_free
- USE_AFTER_FREE none
- VARARGS none
- VIRTUAL_DTOR empty_dtor
- VIRTUAL_DTOR none
- WEAK_GUARD dns
- WEAK_GUARD dns_sensitive_op
- WRAPPER_ESCAPE COM_deref_read_after_free
- WRAPPER_ESCAPE COM_deref_write_after_free
- WRAPPER_ESCAPE COM_use_after_free
- WRAPPER_ESCAPE deref_read_after_free
- WRAPPER_ESCAPE deref_write_after_free
- WRAPPER_ESCAPE none
- XPATH_INJECTION none
|
- CHECKED_RETURN none
- CHECKED_RETURN unchecked_arg
- CONSTANT_EXPRESSION_RESULT bit_and_with_zero
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT missing_parentheses
- CONSTANT_EXPRESSION_RESULT none
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT result_independent_of_operands
- CONSTANT_EXPRESSION_RESULT same_on_both_sides
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- COPY_PASTE_ERROR none
- DEADCODE dead_case_in_switch
- DEADCODE dead_default_in_switch
- DEADCODE effectively_constant
- DEADCODE none
- DEADCODE redundant_test
- DISTRUSTED_DATA_DESERIALIZATION none
- FORWARD_NULL deref_constant_null
- FORWARD_NULL none
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- IDENTICAL_BRANCHES case
- IDENTICAL_BRANCHES chain
- IDENTICAL_BRANCHES if
- IDENTICAL_BRANCHES ternary
- LOCK double_lock
- LOCK lock_assert
- LOCK_INVERSION none
- NOSQL_QUERY_INJECTION none
- NULL_RETURNS none
- NULL_RETURNS unimpl
- REVERSE_INULL none
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- TEMPLATE_INJECTION none
- UNUSED_VALUE adjacent
- UNUSED_VALUE none
- XML_EXTERNAL_ENTITY entity_expansion
|
- ATTRIBUTE_NAME_CONFLICT jsp_tag
- BAD_CERT_VERIFICATION bad_revocation_check
- BAD_CERT_VERIFICATION bad_trust_manager
- CALL_SUPER clone
- CALL_SUPER finalize
- CALL_SUPER none
- CHECKED_RETURN library_function
- CHECKED_RETURN none
- CHECKED_RETURN short_read
- CHECKED_RETURN user_required
- CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
- CONFIG.HTTP_VERB_TAMPERING none
- CONFIG.MISSING_JSF2_SECURITY_CONSTRAINT none
- CONFIG.SPRING_SECURITY_HARDCODED_CREDENTIALS none
- CONFIG.SPRING_SECURITY_REMEMBER_ME_HARDCODED_KEY none
- CONSTANT_EXPRESSION_RESULT bit_and_with_zero
- CONSTANT_EXPRESSION_RESULT extra_high_bits
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT missing_parentheses
- CONSTANT_EXPRESSION_RESULT none
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT result_independent_of_operands
- CONSTANT_EXPRESSION_RESULT same_on_both_sides
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- COPY_PASTE_ERROR none
- DC.DANGEROUS none
- DC.DEADLOCK none
- DEADCODE dead_case_in_switch
- DEADCODE dead_default_in_switch
- DEADCODE effectively_constant
- DEADCODE none
- DEADCODE redundant_test
- FB.AM_CREATES_EMPTY_JAR_FILE_ENTRY none
- FB.AM_CREATES_EMPTY_ZIP_FILE_ENTRY none
- FB.BC_IMPOSSIBLE_CAST none
- FB.BC_IMPOSSIBLE_DOWNCAST none
- FB.BC_IMPOSSIBLE_DOWNCAST_OF_TOARRAY none
- FB.BC_IMPOSSIBLE_INSTANCEOF none
- FB.BC_NULL_INSTANCEOF none
- FB.BC_VACUOUS_INSTANCEOF none
- FB.CN_IDIOM none
- FB.CN_IDIOM_NO_SUPER_CALL none
- FB.CN_IMPLEMENTS_CLONE_BUT_NOT_CLONEABLE none
- FB.DC_DOUBLECHECK none
- FB.DC_PARTIALLY_CONSTRUCTED none
- FB.DLS_DEAD_LOCAL_INCREMENT_IN_RETURN none
- FB.DLS_DEAD_LOCAL_STORE none
- FB.DLS_DEAD_LOCAL_STORE_IN_RETURN none
- FB.DLS_DEAD_LOCAL_STORE_OF_NULL none
- FB.DLS_DEAD_LOCAL_STORE_SHADOWS_FIELD none
- FB.DLS_DEAD_STORE_OF_CLASS_LITERAL none
- FB.DLS_OVERWRITTEN_INCREMENT none
- FB.DMI_ANNOTATION_IS_NOT_VISIBLE_TO_REFLECTION none
- FB.DMI_ARGUMENTS_WRONG_ORDER none
- FB.DMI_BAD_MONTH none
- FB.DMI_BIGDECIMAL_CONSTRUCTED_FROM_DOUBLE none
- FB.DMI_BLOCKING_METHODS_ON_URL none
- FB.DMI_CALLING_NEXT_FROM_HASNEXT none
- FB.DMI_COLLECTIONS_SHOULD_NOT_CONTAIN_THEMSELVES none
- FB.DMI_COLLECTION_OF_URLS none
- FB.DMI_CONSTANT_DB_PASSWORD none
- FB.DMI_DOH none
- FB.DMI_EMPTY_DB_PASSWORD none
- FB.DMI_ENTRY_SETS_MAY_REUSE_ENTRY_OBJECTS none
- FB.DMI_FUTILE_ATTEMPT_TO_CHANGE_MAXPOOL_SIZE_OF_SCHEDULED_THREAD none
- FB.DMI_HARDCODED_ABSOLUTE_FILENAME none
- FB.DMI_INVOKING_HASHCODE_ON_ARRAY none
- FB.DMI_INVOKING_TOSTRING_ON_ANONYMOUS_ARRAY none
- FB.DMI_INVOKING_TOSTRING_ON_ARRAY none
- FB.DMI_LONG_BITS_TO_DOUBLE_INVOKED_ON_INT none
- FB.DMI_NONSERIALIZABLE_OBJECT_WRITTEN none
- FB.DMI_RANDOM_USED_ONLY_ONCE none
- FB.DMI_SCHEDULED_THREAD_POOL_EXECUTOR_WITH_ZERO_CORE_THREADS none
- FB.DMI_THREAD_PASSED_WHERE_RUNNABLE_EXPECTED none
- FB.DMI_UNSUPPORTED_METHOD none
- FB.DMI_USELESS_SUBSTRING none
- FB.DMI_USING_REMOVEALL_TO_CLEAR_COLLECTION none
- FB.DMI_VACUOUS_CALL_TO_EASYMOCK_METHOD none
- FB.DMI_VACUOUS_SELF_COLLECTION_CALL none
- FB.DM_EXIT none
- FB.EQ_ABSTRACT_SELF none
- FB.EQ_ALWAYS_FALSE none
- FB.EQ_ALWAYS_TRUE none
- FB.EQ_CHECK_FOR_OPERAND_NOT_COMPATIBLE_WITH_THIS none
- FB.EQ_COMPARETO_USE_OBJECT_EQUALS none
- FB.EQ_COMPARING_CLASS_NAMES none
- FB.EQ_DOESNT_OVERRIDE_EQUALS none
- FB.EQ_DONT_DEFINE_EQUALS_FOR_ENUM none
- FB.EQ_GETCLASS_AND_CLASS_CONSTANT none
- FB.EQ_OTHER_NO_OBJECT none
- FB.EQ_OTHER_USE_OBJECT none
- FB.EQ_OVERRIDING_EQUALS_NOT_SYMMETRIC none
- FB.EQ_SELF_NO_OBJECT none
- FB.EQ_SELF_USE_OBJECT none
- FB.EQ_UNUSUAL none
- FB.ESYNC_EMPTY_SYNC none
- FB.ES_COMPARING_PARAMETER_STRING_WITH_EQ none
- FB.ES_COMPARING_STRINGS_WITH_EQ none
- FB.FI_EMPTY none
- FB.FI_EXPLICIT_INVOCATION none
- FB.FI_FINALIZER_NULLS_FIELDS none
- FB.FI_FINALIZER_ONLY_NULLS_FIELDS none
- FB.FI_MISSING_SUPER_CALL none
- FB.FI_NULLIFY_SUPER none
- FB.FI_USELESS none
- FB.IP_PARAMETER_IS_DEAD_BUT_OVERWRITTEN none
- FB.J2EE_STORE_OF_NON_SERIALIZABLE_OBJECT_INTO_SESSION none
- FB.MS_CANNOT_BE_FINAL none
- FB.NP_ALWAYS_NULL none
- FB.NP_ALWAYS_NULL_EXCEPTION none
- FB.NP_ARGUMENT_MIGHT_BE_NULL none
- FB.NP_BOOLEAN_RETURN_NULL none
- FB.NP_CLONE_COULD_RETURN_NULL none
- FB.NP_CLOSING_NULL none
- FB.NP_DEREFERENCE_OF_READLINE_VALUE none
- FB.NP_DOES_NOT_HANDLE_NULL none
- FB.NP_EQUALS_SHOULD_HANDLE_NULL_ARGUMENT none
- FB.NP_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR none
- FB.NP_GUARANTEED_DEREF none
- FB.NP_GUARANTEED_DEREF_ON_EXCEPTION_PATH none
- FB.NP_IMMEDIATE_DEREFERENCE_OF_READLINE none
- FB.NP_LOAD_OF_KNOWN_NULL_VALUE none
- FB.NP_METHOD_PARAMETER_RELAXING_ANNOTATION none
- FB.NP_METHOD_PARAMETER_TIGHTENS_ANNOTATION none
- FB.NP_METHOD_RETURN_RELAXING_ANNOTATION none
- FB.NP_NONNULL_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR none
- FB.NP_NONNULL_PARAM_VIOLATION none
- FB.NP_NONNULL_RETURN_VIOLATION none
- FB.NP_NULL_INSTANCEOF none
- FB.NP_NULL_ON_SOME_PATH none
- FB.NP_NULL_ON_SOME_PATH_EXCEPTION none
- FB.NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE none
- FB.NP_NULL_ON_SOME_PATH_MIGHT_BE_INFEASIBLE none
- FB.NP_NULL_PARAM_DEREF none
- FB.NP_NULL_PARAM_DEREF_ALL_TARGETS_DANGEROUS none
- FB.NP_NULL_PARAM_DEREF_NONVIRTUAL none
- FB.NP_OPTIONAL_RETURN_NULL none
- FB.NP_PARAMETER_MUST_BE_NONNULL_BUT_MARKED_AS_NULLABLE none
- FB.NP_STORE_INTO_NONNULL_FIELD none
- FB.NP_SYNC_AND_NULL_CHECK_FIELD none
- FB.NP_TOSTRING_COULD_RETURN_NULL none
- FB.NP_UNWRITTEN_FIELD none
- FB.NP_UNWRITTEN_PUBLIC_OR_PROTECTED_FIELD none
- FB.QBA_QUESTIONABLE_BOOLEAN_ASSIGNMENT none
- FB.RCN_REDUNDANT_COMPARISON_OF_NULL_AND_NONNULL_VALUE none
- FB.RCN_REDUNDANT_COMPARISON_TWO_NULL_VALUES none
- FB.RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE none
- FB.RCN_REDUNDANT_NULLCHECK_OF_NULL_VALUE none
- FB.RCN_REDUNDANT_NULLCHECK_WOULD_HAVE_BEEN_A_NPE none
- FB.RV_01_TO_INT none
- FB.RV_ABSOLUTE_VALUE_OF_HASHCODE none
- FB.RV_ABSOLUTE_VALUE_OF_RANDOM_INT none
- FB.RV_CHECK_COMPARETO_FOR_SPECIFIC_RETURN_VALUE none
- FB.RV_CHECK_FOR_POSITIVE_INDEXOF none
- FB.RV_DONT_JUST_NULL_CHECK_READLINE none
- FB.RV_EXCEPTION_NOT_THROWN none
- FB.RV_NEGATING_RESULT_OF_COMPARETO none
- FB.RV_REM_OF_HASHCODE none
- FB.RV_REM_OF_RANDOM_INT none
- FB.RV_RETURN_VALUE_IGNORED none
- FB.RV_RETURN_VALUE_IGNORED2 none
- FB.RV_RETURN_VALUE_IGNORED_BAD_PRACTICE none
- FB.RV_RETURN_VALUE_IGNORED_INFERRED none
- FB.RV_RETURN_VALUE_IGNORED_NO_SIDE_EFFECT none
- FB.RV_RETURN_VALUE_OF_PUTIFABSENT_IGNORED none
- FB.SF_DEAD_STORE_DUE_TO_SWITCH_FALLTHROUGH none
- FB.SF_DEAD_STORE_DUE_TO_SWITCH_FALLTHROUGH_TO_THROW none
- FB.SF_SWITCH_FALLTHROUGH none
- FORWARD_NULL deref_constant_null
- FORWARD_NULL deref_constant_zero
- FORWARD_NULL needs_null_check
- FORWARD_NULL none
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HIBERNATE_BAD_HASHCODE bad_equals
- IDENTICAL_BRANCHES case
- IDENTICAL_BRANCHES chain
- IDENTICAL_BRANCHES if
- IDENTICAL_BRANCHES ternary
- INSECURE_HTTP_FIREWALL spring_security
- INVALIDATE_ITERATOR map_put
- INVALIDATE_ITERATOR none
- JAVA_CODE_INJECTION none
- JCR_INJECTION none
- JSP_DYNAMIC_INCLUDE none
- LOCK_INVERSION none
- MISSING_BREAK none
- MISSING_RESTORE likely
- MISSING_RESTORE none
- MISSING_RESTORE possible
- NESTING_INDENT_MISMATCH bad_indentation
- NESTING_INDENT_MISMATCH none
- NOSQL_QUERY_INJECTION none
- NULL_RETURNS none
- NULL_RETURNS unimpl
- OGNL_INJECTION none
- ORM_LOAD_NULL_CHECK none
- PROPERTY_MIXUP none
- REGEX_INJECTION none
- RESOURCE_LEAK exceptional_path
- RESOURCE_LEAK none
- RESOURCE_LEAK socket
- RESOURCE_LEAK stream
- REVERSE_INULL none
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SWAPPED_ARGUMENTS none
- UNEXPECTED_CONTROL_FLOW continue_in_do_while_false
- UNKNOWN_LANGUAGE_INJECTION none
- UNLIMITED_CONCURRENT_SESSIONS unlimited_concurrent_sessions
- UNREACHABLE none
- UNRESTRICTED_DISPATCH none
- UNSAFE_DESERIALIZATION none
- UNSAFE_JNI none
- UNSAFE_NAMED_QUERY none
- UNSAFE_REFLECTION none
- UNUSED_VALUE adjacent
- UNUSED_VALUE none
- WEAK_GUARD dns
- WEAK_GUARD dns_sensitive_op
- XML_EXTERNAL_ENTITY entity_expansion
- XML_EXTERNAL_ENTITY unrestricted_dtds
- XPATH_INJECTION none
|
- ANGULAR_EXPRESSION_INJECTION none
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_fields
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_filesize
- CONFIG.CORDOVA_EXCESSIVE_LOGGING cordova
- CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
- CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
- CONFIG.SOCKETIO_MAXHTTPBUFFERSIZE_SET_TOO_LARGE socketio_max_buffer_size
- CONFIG.SOCKETIO_ORIGINS_ACCEPT_ALL socketio_all_origins
- CONSTANT_EXPRESSION_RESULT bit_and_with_zero
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT missing_parentheses
- CONSTANT_EXPRESSION_RESULT none
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT result_independent_of_operands
- CONSTANT_EXPRESSION_RESULT same_on_both_sides
- CONSTANT_EXPRESSION_RESULT typeof_misuse
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- COPY_PASTE_ERROR none
- DEADCODE none
- DEADCODE redundant_test
- EXPLICIT_THIS_EXPECTED none
- EXPRESS_SESSION_UNSAFE_MEMORYSTORE express_session_unsafe_memorystore
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_fields
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_filesize
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_use_temp_files
- FORWARD_NULL bad_null_value_use
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- IDENTICAL_BRANCHES case
- IDENTICAL_BRANCHES chain
- IDENTICAL_BRANCHES if
- IDENTICAL_BRANCHES ternary
- IDENTIFIER_TYPO none
- INSECURE_COOKIE client_sessions_express_session
- INSECURE_COOKIE hapi_server_session
- MISSING_BREAK none
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_count
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
- MULTER_MISCONFIGURATION multer_misconfiguration_of_limits
- MULTER_MISCONFIGURATION multer_misconfiguration_of_storage
- NESTING_INDENT_MISMATCH bad_indentation
- NESTING_INDENT_MISMATCH none
- NOSQL_QUERY_INJECTION none
- NO_EFFECT none
- NO_EFFECT self_assign
- NULL_RETURNS none
- REGEX_INJECTION none
- REVERSE_INULL none
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- TEMPLATE_INJECTION none
- UNEXPECTED_CONTROL_FLOW continue_in_do_while_false
- UNREACHABLE none
- UNSAFE_DESERIALIZATION none
- XML_EXTERNAL_ENTITY entity_expansion
|
- BAD_CERT_VERIFICATION bad_revocation_check
- BAD_CERT_VERIFICATION bad_trust_manager
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- UNSAFE_DESERIALIZATION none
- XML_EXTERNAL_ENTITY entity_expansion
- XML_EXTERNAL_ENTITY unrestricted_dtds
|
- ALLOC_FREE_MISMATCH none
- ASSIGN_NOT_RETURNING_STAR_THIS indirect
- ASSIGN_NOT_RETURNING_STAR_THIS none
- ASSIGN_NOT_RETURNING_STAR_THIS usable_for_chained_assignment
- BAD_COMPARE comparator_misuse
- BAD_COMPARE misuse_of_not
- BAD_COMPARE none
- BAD_COMPARE string_lit_comparison
- BAD_FREE address
- BAD_FREE alloca
- BAD_FREE array
- BAD_FREE first_field_address
- BAD_FREE function_pointer
- BAD_FREE none
- BAD_OVERRIDE none
- CHECKED_RETURN library_function
- CHECKED_RETURN none
- CHECKED_RETURN short_read
- CHECKED_RETURN unchecked_arg
- CHECKED_RETURN user_required
- CHROOT none
- CONSTANT_EXPRESSION_RESULT bit_and_with_zero
- CONSTANT_EXPRESSION_RESULT extra_high_bits
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT missing_parentheses
- CONSTANT_EXPRESSION_RESULT none
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT pointless_string_compare
- CONSTANT_EXPRESSION_RESULT result_independent_of_operands
- CONSTANT_EXPRESSION_RESULT same_on_both_sides
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- COPY_PASTE_ERROR none
- CTOR_DTOR_LEAK none
- DC.PREDICTABLE_KEY_PASSWORD none
- DC.STREAM_BUFFER none
- DC.STRING_BUFFER none
- DC.WEAK_CRYPTO none
- DEADCODE dead_case_in_switch
- DEADCODE dead_default_in_switch
- DEADCODE effectively_constant
- DEADCODE none
- DEADCODE redundant_test
- DELETE_ARRAY non_array_delete
- DELETE_ARRAY none
- DELETE_ARRAY object
- DELETE_ARRAY scalar
- DELETE_VOID none
- ENUM_AS_BOOLEAN none
- EVALUATION_ORDER none
- FORWARD_NULL deref_constant_null
- FORWARD_NULL dynamic_cast
- FORWARD_NULL none
- FORWARD_NULL throws_on_null
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- IDENTICAL_BRANCHES case
- IDENTICAL_BRANCHES chain
- IDENTICAL_BRANCHES if
- IDENTICAL_BRANCHES ternary
- INCOMPATIBLE_CAST endianness
- INVALIDATE_ITERATOR none
- LOCK double_lock
- LOCK lock_assert
- MISMATCHED_ITERATOR mismatched_comparison
- MISSING_ASSIGN none
- MISSING_ASSIGN uncalled
- MISSING_BREAK none
- MISSING_COPY none
- MISSING_COPY uncalled
- MISSING_RESTORE likely
- MISSING_RESTORE none
- MISSING_RESTORE possible
- MISSING_RETURN multiple_returns
- MISSING_RETURN none
- MIXED_ENUMS inferred
- MIXED_ENUMS none
- NEGATIVE_RETURNS critical_argument
- NESTING_INDENT_MISMATCH bad_indentation
- NESTING_INDENT_MISMATCH none
- NO_EFFECT array_null
- NO_EFFECT bad_memset_zero_size
- NO_EFFECT extra_comma
- NO_EFFECT incomplete_delete
- NO_EFFECT no_effect_deref
- NO_EFFECT no_effect_test
- NO_EFFECT self_assign
- NO_EFFECT static_through_instance
- NO_EFFECT unsigned_compare
- NO_EFFECT unsigned_compare_macros
- NO_EFFECT unsigned_enums
- NO_EFFECT useless_continue
- NULL_RETURNS none
- NULL_RETURNS unimpl
- OPEN_ARGS none
- ORDER_REVERSAL none
- PASS_BY_VALUE none
- PRINTF_ARGS extra_printf_arg
- PRINTF_ARGS invalid_printf_format_string
- PRINTF_ARGS invalid_type_printf_arg
- PRINTF_ARGS missing_printf_arg
- RESOURCE_LEAK exceptional_path
- RESOURCE_LEAK fds_handles
- RESOURCE_LEAK none
- RETURN_LOCAL escape_local_addr_to_fields_or_globals
- RETURN_LOCAL none
- REVERSE_INULL none
- SECURE_CODING none
- SELF_ASSIGN none
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SIZEOF_MISMATCH extra_sizeof
- SIZEOF_MISMATCH missing_parentheses
- SIZEOF_MISMATCH none
- SIZEOF_MISMATCH sizeof_punning
- SIZEOF_MISMATCH wrong_size_value
- SIZEOF_MISMATCH wrong_sizeof
- STACK_USE none
- SWAPPED_ARGUMENTS none
- TAINTED_SCALAR allocation
- UNCAUGHT_EXCEPT none
- UNEXPECTED_CONTROL_FLOW continue_in_do_while_false
- UNINIT array_index_read
- UNINIT array_index_write
- UNINIT none
- UNINIT pointer_deref_read
- UNINIT pointer_deref_write
- UNINIT_CTOR none
- UNINIT_CTOR pointer
- UNREACHABLE none
- UNUSED_VALUE adjacent
- UNUSED_VALUE none
- USE_AFTER_FREE deref_read_after_free
- USE_AFTER_FREE deref_write_after_free
- USE_AFTER_FREE double_free
- USE_AFTER_FREE none
- VARARGS none
- VIRTUAL_DTOR empty_dtor
- VIRTUAL_DTOR none
- WEAK_GUARD dns
- WEAK_GUARD dns_sensitive_op
- WRAPPER_ESCAPE COM_deref_read_after_free
- WRAPPER_ESCAPE COM_deref_write_after_free
- WRAPPER_ESCAPE COM_use_after_free
- WRAPPER_ESCAPE deref_read_after_free
- WRAPPER_ESCAPE deref_write_after_free
- WRAPPER_ESCAPE none
- XPATH_INJECTION none
|
- CONSTANT_EXPRESSION_RESULT bit_and_with_zero
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT missing_parentheses
- CONSTANT_EXPRESSION_RESULT none
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT result_independent_of_operands
- CONSTANT_EXPRESSION_RESULT same_on_both_sides
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- COPY_PASTE_ERROR none
- DEADCODE none
- DEADCODE redundant_test
- FORWARD_NULL bad_null_value_use
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- IDENTICAL_BRANCHES case
- IDENTICAL_BRANCHES chain
- IDENTICAL_BRANCHES if
- IDENTICAL_BRANCHES ternary
- IDENTIFIER_TYPO none
- MISSING_BREAK none
- NESTING_INDENT_MISMATCH bad_indentation
- NESTING_INDENT_MISMATCH none
- NOSQL_QUERY_INJECTION none
- NO_EFFECT none
- NO_EFFECT self_assign
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- UNEXPECTED_CONTROL_FLOW continue_in_do_while_false
- UNREACHABLE none
- UNSAFE_DESERIALIZATION none
- UNSAFE_REFLECTION none
|
- CONSTANT_EXPRESSION_RESULT bit_and_with_zero
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT missing_parentheses
- CONSTANT_EXPRESSION_RESULT none
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT result_independent_of_operands
- CONSTANT_EXPRESSION_RESULT same_on_both_sides
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- COPY_PASTE_ERROR none
- DEADCODE none
- DEADCODE redundant_test
- FORWARD_NULL bad_null_value_use
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- IDENTICAL_BRANCHES chain
- IDENTICAL_BRANCHES if
- IDENTICAL_BRANCHES ternary
- IDENTIFIER_TYPO none
- NOSQL_QUERY_INJECTION none
- REVERSE_INULL none
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- UNREACHABLE none
- UNSAFE_DESERIALIZATION none
|
- CONSTANT_EXPRESSION_RESULT bit_and_with_zero
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT missing_parentheses
- CONSTANT_EXPRESSION_RESULT none
- CONSTANT_EXPRESSION_RESULT number_as_truth_value
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT result_independent_of_operands
- CONSTANT_EXPRESSION_RESULT same_on_both_sides
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- COOKIE_SERIALIZER_CONFIG unsafe_cookie_serialization_med
- COPY_PASTE_ERROR none
- DEADCODE none
- DEADCODE redundant_test
- DYNAMIC_OBJECT_ATTRIBUTES attr_protected_used_med
- DYNAMIC_OBJECT_ATTRIBUTES cve_2013_0276_hi
- DYNAMIC_OBJECT_ATTRIBUTES dangerous_attr_accessible_hi
- DYNAMIC_OBJECT_ATTRIBUTES dangerous_attr_accessible_low
- DYNAMIC_OBJECT_ATTRIBUTES dangerous_attr_accessible_med
- DYNAMIC_OBJECT_ATTRIBUTES dangerous_permit_key_hi
- DYNAMIC_OBJECT_ATTRIBUTES dangerous_permit_key_med
- DYNAMIC_OBJECT_ATTRIBUTES mass_assign_call_hi
- DYNAMIC_OBJECT_ATTRIBUTES mass_assign_call_low
- DYNAMIC_OBJECT_ATTRIBUTES mass_assign_call_med
- DYNAMIC_OBJECT_ATTRIBUTES mass_assign_permit_all_hi
- DYNAMIC_OBJECT_ATTRIBUTES mass_assign_permit_all_med
- DYNAMIC_OBJECT_ATTRIBUTES mass_assign_without_protection_hi
- DYNAMIC_OBJECT_ATTRIBUTES mass_assign_without_protection_med
- DYNAMIC_OBJECT_ATTRIBUTES no_attr_accessible_hi
- FORWARD_NULL bad_null_value_use
- HARDCODED_CREDENTIALS secret_in_source_med
- IDENTICAL_BRANCHES chain
- IDENTICAL_BRANCHES if
- IDENTICAL_BRANCHES ternary
- IDENTIFIER_TYPO none
- NO_EFFECT none
- NO_EFFECT self_assign
- PARSE_ERROR none
- PATH_MANIPULATION dynamic_render_path_rce_hi
- RAILS_DEFAULT_ROUTES cve_2014_0130_hi
- RAILS_DEFAULT_ROUTES cve_2014_0130_med
- RAILS_DEVISE_CONFIG devise_reset_timeout_hi
- REGEX_INJECTION regex_dos_hi
- REGEX_INJECTION regex_dos_low
- REGEX_INJECTION regex_dos_med
- RESOURCE_LEAK unsafe_symbol_creation_low
- REVERSE_INULL none
- RUBY_VULNERABLE_LIBRARY cve_2012_3424_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_3424_low
- RUBY_VULNERABLE_LIBRARY cve_2013_0156_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_0269_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_0269_low
- RUBY_VULNERABLE_LIBRARY cve_2013_0269_med
- RUBY_VULNERABLE_LIBRARY cve_2013_0277_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_0277_med
- RUBY_VULNERABLE_LIBRARY cve_2013_0333_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_1854_med
- RUBY_VULNERABLE_LIBRARY cve_2013_6414_med
- RUBY_VULNERABLE_LIBRARY cve_2014_0082_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_7829_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_3227_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7581_med
- RUBY_VULNERABLE_LIBRARY cve_2016_0751_med
- SCRIPT_CODE_INJECTION code_eval_hi
- SCRIPT_CODE_INJECTION code_eval_low
- UNEXPECTED_CONTROL_FLOW continue_in_do_while_false
- UNREACHABLE none
- UNSAFE_BASIC_AUTH basic_auth_password_hi
- UNSAFE_DESERIALIZATION unsafe_deserialize_hi
- UNSAFE_DESERIALIZATION unsafe_deserialize_med
- UNSAFE_REFLECTION dangerous_send_hi
- UNSAFE_REFLECTION unsafe_constantize_hi
- UNSAFE_REFLECTION unsafe_constantize_med
- UNSAFE_SESSION_SETTING session_secret_hi
|
- CONSTANT_EXPRESSION_RESULT bit_and_with_zero
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT missing_parentheses
- CONSTANT_EXPRESSION_RESULT none
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT result_independent_of_operands
- CONSTANT_EXPRESSION_RESULT same_on_both_sides
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- COPY_PASTE_ERROR none
- DEADCODE dead_case_in_switch
- DEADCODE dead_default_in_switch
- DEADCODE effectively_constant
- DEADCODE none
- DEADCODE redundant_test
- FORWARD_NULL deref_constant_null
- FORWARD_NULL none
- IDENTICAL_BRANCHES case
- IDENTICAL_BRANCHES chain
- IDENTICAL_BRANCHES if
- IDENTICAL_BRANCHES ternary
- NESTING_INDENT_MISMATCH bad_indentation
- NESTING_INDENT_MISMATCH none
- NO_EFFECT none
- NO_EFFECT self_assign
- REVERSE_INULL none
- UNREACHABLE none
|
- BAD_CERT_VERIFICATION bad_trust_manager
- CONSTANT_EXPRESSION_RESULT bit_and_with_zero
- CONSTANT_EXPRESSION_RESULT none
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT result_independent_of_operands
- CONSTANT_EXPRESSION_RESULT same_on_both_sides
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- COPY_PASTE_ERROR none
- DEADCODE dead_case_in_switch
- DEADCODE dead_default_in_switch
- DEADCODE effectively_constant
- DEADCODE none
- DEADCODE redundant_test
- FORWARD_NULL deref_constant_null
- FORWARD_NULL none
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- IDENTICAL_BRANCHES case
- IDENTICAL_BRANCHES chain
- IDENTICAL_BRANCHES if
- IDENTICAL_BRANCHES ternary
- PROPERTY_MIXUP none
- PW.* none
- REGEX_INJECTION none
- REVERSE_INULL none
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- UNEXPECTED_CONTROL_FLOW continue_in_do_while_false
- UNEXPECTED_CONTROL_FLOW ignored_exception_to_optional
- UNEXPECTED_CONTROL_FLOW useless_defer
- XPATH_INJECTION none
|
- ANGULAR_EXPRESSION_INJECTION none
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_fields
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_filesize
- CONFIG.CORDOVA_EXCESSIVE_LOGGING cordova
- CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
- CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
- CONFIG.SOCKETIO_MAXHTTPBUFFERSIZE_SET_TOO_LARGE socketio_max_buffer_size
- CONFIG.SOCKETIO_ORIGINS_ACCEPT_ALL socketio_all_origins
- CONSTANT_EXPRESSION_RESULT bit_and_with_zero
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT missing_parentheses
- CONSTANT_EXPRESSION_RESULT none
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT result_independent_of_operands
- CONSTANT_EXPRESSION_RESULT same_on_both_sides
- CONSTANT_EXPRESSION_RESULT typeof_misuse
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- COPY_PASTE_ERROR none
- DEADCODE none
- DEADCODE redundant_test
- EXPLICIT_THIS_EXPECTED none
- EXPRESS_SESSION_UNSAFE_MEMORYSTORE express_session_unsafe_memorystore
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_fields
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_filesize
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_use_temp_files
- FORWARD_NULL bad_null_value_use
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- IDENTICAL_BRANCHES case
- IDENTICAL_BRANCHES chain
- IDENTICAL_BRANCHES if
- IDENTICAL_BRANCHES ternary
- IDENTIFIER_TYPO none
- INSECURE_COOKIE client_sessions_express_session
- INSECURE_COOKIE hapi_server_session
- MISSING_BREAK none
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_count
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
- MULTER_MISCONFIGURATION multer_misconfiguration_of_limits
- MULTER_MISCONFIGURATION multer_misconfiguration_of_storage
- NESTING_INDENT_MISMATCH bad_indentation
- NESTING_INDENT_MISMATCH none
- NOSQL_QUERY_INJECTION none
- NO_EFFECT none
- NO_EFFECT self_assign
- NULL_RETURNS none
- REGEX_INJECTION none
- REVERSE_INULL none
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- TEMPLATE_INJECTION none
- UNEXPECTED_CONTROL_FLOW continue_in_do_while_false
- UNREACHABLE none
- UNSAFE_DESERIALIZATION none
- XML_EXTERNAL_ENTITY entity_expansion
|
- CALL_SUPER none
- COPY_PASTE_ERROR none
- DEADCODE dead_case_in_switch
- DEADCODE dead_default_in_switch
- DEADCODE effectively_constant
- DEADCODE none
- DEADCODE redundant_test
- FORWARD_NULL deref_constant_null
- FORWARD_NULL deref_constant_zero
- FORWARD_NULL dynamic_cast
- FORWARD_NULL none
- FORWARD_NULL null_from_as
- FORWARD_NULL throws_on_null
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- IDENTICAL_BRANCHES case
- IDENTICAL_BRANCHES chain
- IDENTICAL_BRANCHES if
- IDENTICAL_BRANCHES ternary
- NULL_RETURNS none
- PROPERTY_MIXUP none
- REGEX_INJECTION none
- RESOURCE_LEAK channel
- RESOURCE_LEAK database
- RESOURCE_LEAK exceptional_path
- RESOURCE_LEAK none
- RESOURCE_LEAK socket
- RESOURCE_LEAK stream
- REVERSE_INULL none
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SWAPPED_ARGUMENTS none
- UNEXPECTED_CONTROL_FLOW continue_in_do_while_false
- UNREACHABLE none
- UNRESTRICTED_DISPATCH none
- UNSAFE_DESERIALIZATION none
- UNSAFE_NAMED_QUERY none
- XML_EXTERNAL_ENTITY entity_expansion
- XML_EXTERNAL_ENTITY unrestricted_dtds
- XPATH_INJECTION none
|
| 979 SFP Secondary Cluster: Failed Chroot Jail |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 980 SFP Secondary Cluster: Link in Resource Name Resolution |
- HEADER_INJECTION none
- OPEN_REDIRECT none
- UNRESTRICTED_DISPATCH none
- UNSAFE_NAMED_QUERY none
- XML_EXTERNAL_ENTITY external_entities
- XML_EXTERNAL_ENTITY unrestricted_dtds
|
|
|
- OPEN_REDIRECT none
- URL_MANIPULATION none
- XML_EXTERNAL_ENTITY external_entities
|
- HEADER_INJECTION none
- JSP_DYNAMIC_INCLUDE none
- OPEN_REDIRECT none
- UNRESTRICTED_DISPATCH none
- UNSAFE_JNI none
- UNSAFE_NAMED_QUERY none
- UNSAFE_REFLECTION none
- URL_MANIPULATION bad_content_uri
- URL_MANIPULATION bad_intent_uri
- URL_MANIPULATION bad_web_uri
- XML_EXTERNAL_ENTITY external_entities
- XML_EXTERNAL_ENTITY unrestricted_dtds
|
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
- OPEN_REDIRECT none
- REVERSE_TABNABBING react_target_blank
- URL_MANIPULATION none
- XML_EXTERNAL_ENTITY external_entities
|
- HEADER_INJECTION none
- URL_MANIPULATION bad_content_uri
- URL_MANIPULATION bad_intent_uri
- URL_MANIPULATION bad_web_uri
- XML_EXTERNAL_ENTITY external_entities
- XML_EXTERNAL_ENTITY unrestricted_dtds
|
|
- HEADER_INJECTION none
- OPEN_REDIRECT none
- UNSAFE_REFLECTION none
- XML_EXTERNAL_ENTITY external_entities
|
- OPEN_REDIRECT none
- XML_EXTERNAL_ENTITY external_entities
|
- OPEN_REDIRECT open_redirect_hi
- OPEN_REDIRECT open_redirect_low
- REVERSE_TABNABBING reverse_tabnabbing_low
- RUBY_VULNERABLE_LIBRARY cve_2014_7829_hi
- UNSAFE_REFLECTION dangerous_send_hi
- UNSAFE_REFLECTION unsafe_constantize_hi
- UNSAFE_REFLECTION unsafe_constantize_med
|
|
- XML_EXTERNAL_ENTITY external_entities
|
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
- OPEN_REDIRECT none
- REVERSE_TABNABBING react_target_blank
- URL_MANIPULATION none
- XML_EXTERNAL_ENTITY external_entities
|
- HEADER_INJECTION none
- OPEN_REDIRECT none
- UNRESTRICTED_DISPATCH none
- UNSAFE_NAMED_QUERY none
- XML_EXTERNAL_ENTITY external_entities
- XML_EXTERNAL_ENTITY unrestricted_dtds
|
| 981 SFP Secondary Cluster: Path Traversal |
- PATH_MANIPULATION none
- UNRESTRICTED_DISPATCH none
- XML_EXTERNAL_ENTITY unrestricted_dtds
|
|
|
|
- FB.PT_ABSOLUTE_PATH_TRAVERSAL none
- FB.PT_RELATIVE_PATH_TRAVERSAL none
- JSP_DYNAMIC_INCLUDE none
- PATH_MANIPULATION none
- UNRESTRICTED_DISPATCH none
- XML_EXTERNAL_ENTITY unrestricted_dtds
|
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
- PATH_MANIPULATION none
|
- PATH_MANIPULATION none
- XML_EXTERNAL_ENTITY unrestricted_dtds
|
|
|
|
- PATH_MANIPULATION dynamic_render_path_hi
- PATH_MANIPULATION dynamic_render_path_low
- PATH_MANIPULATION dynamic_render_path_med
- PATH_MANIPULATION dynamic_render_path_rce_hi
- PATH_MANIPULATION file_access_hi
- PATH_MANIPULATION file_access_low
- PATH_MANIPULATION file_access_med
- RUBY_VULNERABLE_LIBRARY cve_2011_2929_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_7829_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_3760_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_3760_low
|
|
|
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
- PATH_MANIPULATION none
|
- PATH_MANIPULATION none
- UNRESTRICTED_DISPATCH none
- XML_EXTERNAL_ENTITY unrestricted_dtds
|
| 982 SFP Secondary Cluster: Failure to Release Resource |
- RESOURCE_LEAK channel
- RESOURCE_LEAK database
- RESOURCE_LEAK exceptional_path
- RESOURCE_LEAK none
- RESOURCE_LEAK socket
- RESOURCE_LEAK stream
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
|
- ALLOC_FREE_MISMATCH none
- BAD_FREE address
- BAD_FREE alloca
- BAD_FREE array
- BAD_FREE first_field_address
- BAD_FREE function_pointer
- BAD_FREE none
- COM.ADDROF_LEAK none
- COM.BAD_FREE none
- COM.BSTR.ALLOC leak
- CTOR_DTOR_LEAK none
- DELETE_ARRAY non_array_delete
- DELETE_ARRAY none
- DELETE_ARRAY object
- DELETE_ARRAY scalar
- NO_EFFECT incomplete_delete
- RESOURCE_LEAK exceptional_path
- RESOURCE_LEAK fds_handles
- RESOURCE_LEAK none
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- VIRTUAL_DTOR empty_dtor
- VIRTUAL_DTOR none
|
- ALLOC_FREE_MISMATCH none
- BAD_FREE address
- BAD_FREE alloca
- BAD_FREE array
- BAD_FREE first_field_address
- BAD_FREE function_pointer
- BAD_FREE none
- CTOR_DTOR_LEAK none
- DELETE_ARRAY non_array_delete
- DELETE_ARRAY none
- DELETE_ARRAY object
- DELETE_ARRAY scalar
- NO_EFFECT incomplete_delete
- RESOURCE_LEAK exceptional_path
- RESOURCE_LEAK fds_handles
- RESOURCE_LEAK none
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- VIRTUAL_DTOR empty_dtor
- VIRTUAL_DTOR none
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
|
- BAD_CERT_VERIFICATION bad_revocation_check
- CALL_SUPER finalize
- RESOURCE_LEAK exceptional_path
- RESOURCE_LEAK none
- RESOURCE_LEAK socket
- RESOURCE_LEAK stream
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
|
- BAD_CERT_VERIFICATION bad_revocation_check
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
|
- ALLOC_FREE_MISMATCH none
- BAD_FREE address
- BAD_FREE alloca
- BAD_FREE array
- BAD_FREE first_field_address
- BAD_FREE function_pointer
- BAD_FREE none
- CTOR_DTOR_LEAK none
- DELETE_ARRAY non_array_delete
- DELETE_ARRAY none
- DELETE_ARRAY object
- DELETE_ARRAY scalar
- NO_EFFECT incomplete_delete
- RESOURCE_LEAK exceptional_path
- RESOURCE_LEAK fds_handles
- RESOURCE_LEAK none
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- VIRTUAL_DTOR empty_dtor
- VIRTUAL_DTOR none
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
|
- RAILS_DEVISE_CONFIG devise_reset_timeout_hi
- RESOURCE_LEAK unsafe_symbol_creation_low
|
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
|
- RESOURCE_LEAK channel
- RESOURCE_LEAK database
- RESOURCE_LEAK exceptional_path
- RESOURCE_LEAK none
- RESOURCE_LEAK socket
- RESOURCE_LEAK stream
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
|
| 983 SFP Secondary Cluster: Faulty Resource Use |
|
- COM.BAD_FREE none
- COM.BSTR.ALLOC double_free
- COM.BSTR.ALLOC free_uninit
- COM.BSTR.ALLOC none
- COM.BSTR.ALLOC use_after_free
- COM.BSTR.ALLOC use_uninit
- MISSING_ASSIGN none
- MISSING_ASSIGN uncalled
- MISSING_COPY none
- MISSING_COPY uncalled
- PW.RETURN_PTR_TO_LOCAL_TEMP none
- RETURN_LOCAL escape_local_addr_to_fields_or_globals
- RETURN_LOCAL none
- USE_AFTER_FREE deref_read_after_free
- USE_AFTER_FREE deref_write_after_free
- USE_AFTER_FREE double_close
- USE_AFTER_FREE double_free
- USE_AFTER_FREE none
- USE_AFTER_FREE use_after_close
- WRAPPER_ESCAPE COM_deref_read_after_free
- WRAPPER_ESCAPE COM_deref_write_after_free
- WRAPPER_ESCAPE COM_use_after_free
- WRAPPER_ESCAPE deref_read_after_free
- WRAPPER_ESCAPE deref_write_after_free
- WRAPPER_ESCAPE none
|
- MISSING_ASSIGN none
- MISSING_ASSIGN uncalled
- MISSING_COPY none
- MISSING_COPY uncalled
- PW.RETURN_PTR_TO_LOCAL_TEMP none
- RETURN_LOCAL escape_local_addr_to_fields_or_globals
- RETURN_LOCAL none
- USE_AFTER_FREE deref_read_after_free
- USE_AFTER_FREE deref_write_after_free
- USE_AFTER_FREE double_close
- USE_AFTER_FREE double_free
- USE_AFTER_FREE none
- USE_AFTER_FREE use_after_close
- WRAPPER_ESCAPE COM_deref_read_after_free
- WRAPPER_ESCAPE COM_deref_write_after_free
- WRAPPER_ESCAPE COM_use_after_free
- WRAPPER_ESCAPE deref_read_after_free
- WRAPPER_ESCAPE deref_write_after_free
- WRAPPER_ESCAPE none
|
|
- CONFIG.UNSAFE_SESSION_TIMEOUT none
- USE_AFTER_FREE none
|
- CONFIG.JSONWEBTOKEN_NON_EXPIRING_TOKEN jwt_non_expiring_token
- CONFIG.UNSAFE_SESSION_TIMEOUT client_sessions_unsafe_session_timeout
- CONFIG.UNSAFE_SESSION_TIMEOUT connect_mongo_session_timeout_too_long
- CONFIG.UNSAFE_SESSION_TIMEOUT connect_redis_session_timeout_too_long
- CONFIG.UNSAFE_SESSION_TIMEOUT google_cloud_connect_datastore_unsafe_session_timeout
- CORS_MISCONFIGURATION_AUDIT cors_preflight_age_too_long
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_max_age
- INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_aws
- INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_google
- JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_exipration
- JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_not_before
- TEMPORARY_CREDENTIALS_DURATION temporary_credentials_duration
|
|
- MISSING_ASSIGN none
- MISSING_ASSIGN uncalled
- MISSING_COPY none
- MISSING_COPY uncalled
- RETURN_LOCAL escape_local_addr_to_fields_or_globals
- RETURN_LOCAL none
- USE_AFTER_FREE deref_read_after_free
- USE_AFTER_FREE deref_write_after_free
- USE_AFTER_FREE double_close
- USE_AFTER_FREE double_free
- USE_AFTER_FREE none
- USE_AFTER_FREE use_after_close
- WRAPPER_ESCAPE COM_deref_read_after_free
- WRAPPER_ESCAPE COM_deref_write_after_free
- WRAPPER_ESCAPE COM_use_after_free
- WRAPPER_ESCAPE deref_read_after_free
- WRAPPER_ESCAPE deref_write_after_free
- WRAPPER_ESCAPE none
|
|
|
|
|
|
- CONFIG.JSONWEBTOKEN_NON_EXPIRING_TOKEN jwt_non_expiring_token
- CONFIG.UNSAFE_SESSION_TIMEOUT client_sessions_unsafe_session_timeout
- CONFIG.UNSAFE_SESSION_TIMEOUT connect_mongo_session_timeout_too_long
- CONFIG.UNSAFE_SESSION_TIMEOUT connect_redis_session_timeout_too_long
- CONFIG.UNSAFE_SESSION_TIMEOUT google_cloud_connect_datastore_unsafe_session_timeout
- CORS_MISCONFIGURATION_AUDIT cors_preflight_age_too_long
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_max_age
- INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_aws
- INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_google
- JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_exipration
- JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_not_before
- TEMPORARY_CREDENTIALS_DURATION temporary_credentials_duration
|
|
| 984 SFP Secondary Cluster: Life Cycle |
- ASPNET_MVC_VERSION_HEADER none
- BAD_LOCK_OBJECT boxed_lock
- BAD_LOCK_OBJECT interned_string_lock
- BAD_LOCK_OBJECT none
- BAD_LOCK_OBJECT single_thread_lock
- BAD_LOCK_OBJECT unsafe_assign_to_locked_field
- CONFIG.ASPNET_VERSION_HEADER none
- CONFIG.CONNECTION_STRING_PASSWORD none
- CONFIG.COOKIES_MISSING_HTTPONLY none
- CONFIG.DEAD_AUTHORIZATION_RULE dead_allow_rule
- CONFIG.DEAD_AUTHORIZATION_RULE dead_deny_rule
- CONFIG.DYNAMIC_DATA_HTML_COMMENT none
- CONFIG.ENABLED_DEBUG_MODE none
- CONFIG.ENABLED_TRACE_MODE none
- GUARDED_BY_VIOLATION none
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HEADER_INJECTION none
- INSECURE_COOKIE dotnet
- LOCK_EVASION none
- LOCK_INVERSION none
- MISSING_AUTHZ none
- NON_STATIC_GUARDING_STATIC none
- NOSQL_QUERY_INJECTION none
- OPEN_REDIRECT none
- PATH_MANIPULATION none
- REGEX_INJECTION none
- RESOURCE_LEAK channel
- RESOURCE_LEAK database
- RESOURCE_LEAK exceptional_path
- RESOURCE_LEAK none
- RESOURCE_LEAK socket
- RESOURCE_LEAK stream
- RISKY_CRYPTO ssl_protocol
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- UNKNOWN_LANGUAGE_INJECTION none
- UNLOGGED_SECURITY_EXCEPTION unlogged_security_exception
- UNRESTRICTED_DISPATCH none
- UNSAFE_DESERIALIZATION none
- UNSAFE_NAMED_QUERY none
- XML_EXTERNAL_ENTITY entity_expansion
- XML_EXTERNAL_ENTITY external_entities
- XML_EXTERNAL_ENTITY unrestricted_dtds
- XPATH_INJECTION none
|
- ALLOC_FREE_MISMATCH none
- ATOMICITY none
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK nested_memory_access
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK sensitive_data_comparison
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_execution_data_leak
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_uninitialized_use
- AUTOSAR C++14 A15-3-3 none
- BAD_FREE address
- BAD_FREE alloca
- BAD_FREE array
- BAD_FREE first_field_address
- BAD_FREE function_pointer
- BAD_FREE none
- CHAR_IO none
- CHROOT none
- COM.ADDROF_LEAK none
- COM.BAD_FREE none
- COM.BSTR.ALLOC double_free
- COM.BSTR.ALLOC free_uninit
- COM.BSTR.ALLOC leak
- COM.BSTR.ALLOC none
- COM.BSTR.ALLOC use_after_free
- COM.BSTR.ALLOC use_uninit
- CTOR_DTOR_LEAK none
- DELETE_ARRAY non_array_delete
- DELETE_ARRAY none
- DELETE_ARRAY object
- DELETE_ARRAY scalar
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- INCOMPATIBLE_CAST float_vs_integral
- INCOMPATIBLE_CAST none
- LOCK double_lock
- LOCK missing_unlock
- LOCK none
- MISRA C++-2008 Rule 15-3-2 none
- MISRA_CAST bitwise_op_bad_cast
- MISRA_CAST bitwise_op_no_cast
- MISRA_CAST float_complex_conversion
- MISRA_CAST float_narrowing_conversion
- MISRA_CAST float_non_constant_arg_conversion
- MISRA_CAST float_non_constant_conversion
- MISRA_CAST float_non_constant_rtn_conversion
- MISRA_CAST float_to_integer_cast
- MISRA_CAST float_to_integer_conversion
- MISRA_CAST float_widening_cast
- MISRA_CAST integer_complex_conversion
- MISRA_CAST integer_narrowing_conversion
- MISRA_CAST integer_non_constant_arg_conversion
- MISRA_CAST integer_non_constant_conversion
- MISRA_CAST integer_non_constant_rtn_conversion
- MISRA_CAST integer_signedness_changing_cast
- MISRA_CAST integer_signedness_changing_conversion
- MISRA_CAST integer_to_float_cast
- MISRA_CAST integer_to_float_conversion
- MISRA_CAST integer_widening_cast
- MISRA_CAST none
- MISSING_ASSIGN none
- MISSING_ASSIGN uncalled
- MISSING_COPY none
- MISSING_COPY uncalled
- MISSING_LOCK none
- NO_EFFECT bad_memset_fill_value
- NO_EFFECT bad_memset_truncated_fill
- NO_EFFECT bad_memset_zero_size
- NO_EFFECT incomplete_delete
- NO_EFFECT self_assign
- ORDER_REVERSAL none
- PATH_MANIPULATION none
- PW.BAD_CAST none
- PW.BRANCH_PAST_INITIALIZATION none
- PW.CONVERSION_TO_POINTER_LOSES_BITS none
- PW.RETURN_PTR_TO_LOCAL_TEMP none
- RESOURCE_LEAK exceptional_path
- RESOURCE_LEAK fds_handles
- RESOURCE_LEAK none
- RETURN_LOCAL escape_local_addr_to_fields_or_globals
- RETURN_LOCAL none
- RISKY_CRYPTO ssl_protocol
- SECURE_TEMP none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SIGN_EXTENSION none
- SLEEP none
- SQLI none
- STACK_USE none
- TAINTED_SCALAR allocation
- UNCAUGHT_EXCEPT none
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- UNINIT array_index_read
- UNINIT array_index_write
- UNINIT none
- UNINIT pointer_deref_read
- UNINIT pointer_deref_write
- UNINIT_CTOR none
- UNINIT_CTOR pointer
- URL_MANIPULATION none
- USE_AFTER_FREE deref_read_after_free
- USE_AFTER_FREE deref_write_after_free
- USE_AFTER_FREE double_close
- USE_AFTER_FREE double_free
- USE_AFTER_FREE none
- USE_AFTER_FREE use_after_close
- VIRTUAL_DTOR empty_dtor
- VIRTUAL_DTOR none
- WEAK_GUARD dns
- WEAK_GUARD dns_sensitive_op
- WEAK_GUARD http_referer
- WEAK_GUARD http_referer_sensitive_op
- WEAK_GUARD ip_address
- WEAK_GUARD ip_address_sensitive_op
- WEAK_GUARD none
- WEAK_GUARD os_login
- WEAK_GUARD os_login_sensitive_op
- WEAK_GUARD principal_name
- WEAK_GUARD principal_name_sensitive_op
- WRAPPER_ESCAPE COM_deref_read_after_free
- WRAPPER_ESCAPE COM_deref_write_after_free
- WRAPPER_ESCAPE COM_use_after_free
- WRAPPER_ESCAPE deref_read_after_free
- WRAPPER_ESCAPE deref_write_after_free
- WRAPPER_ESCAPE none
- XPATH_INJECTION none
- Y2K38_SAFETY declaration_with_small_time_t
- Y2K38_SAFETY truncation_of_time_t
|
- ALLOC_FREE_MISMATCH none
- ATOMICITY none
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK nested_memory_access
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK sensitive_data_comparison
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_execution_data_leak
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_uninitialized_use
- AUTOSAR C++14 A15-3-3 none
- BAD_FREE address
- BAD_FREE alloca
- BAD_FREE array
- BAD_FREE first_field_address
- BAD_FREE function_pointer
- BAD_FREE none
- CHAR_IO none
- CHROOT none
- CTOR_DTOR_LEAK none
- DELETE_ARRAY non_array_delete
- DELETE_ARRAY none
- DELETE_ARRAY object
- DELETE_ARRAY scalar
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- INCOMPATIBLE_CAST float_vs_integral
- INCOMPATIBLE_CAST none
- LOCK double_lock
- LOCK missing_unlock
- LOCK none
- MISRA C++-2008 Rule 15-3-2 none
- MISRA_CAST bitwise_op_bad_cast
- MISRA_CAST bitwise_op_no_cast
- MISRA_CAST float_complex_conversion
- MISRA_CAST float_narrowing_conversion
- MISRA_CAST float_non_constant_arg_conversion
- MISRA_CAST float_non_constant_conversion
- MISRA_CAST float_non_constant_rtn_conversion
- MISRA_CAST float_to_integer_cast
- MISRA_CAST float_to_integer_conversion
- MISRA_CAST float_widening_cast
- MISRA_CAST integer_complex_conversion
- MISRA_CAST integer_narrowing_conversion
- MISRA_CAST integer_non_constant_arg_conversion
- MISRA_CAST integer_non_constant_conversion
- MISRA_CAST integer_non_constant_rtn_conversion
- MISRA_CAST integer_signedness_changing_cast
- MISRA_CAST integer_signedness_changing_conversion
- MISRA_CAST integer_to_float_cast
- MISRA_CAST integer_to_float_conversion
- MISRA_CAST integer_widening_cast
- MISRA_CAST none
- MISSING_ASSIGN none
- MISSING_ASSIGN uncalled
- MISSING_COPY none
- MISSING_COPY uncalled
- MISSING_LOCK none
- NO_EFFECT bad_memset_fill_value
- NO_EFFECT bad_memset_truncated_fill
- NO_EFFECT bad_memset_zero_size
- NO_EFFECT incomplete_delete
- NO_EFFECT self_assign
- ORDER_REVERSAL none
- PATH_MANIPULATION none
- PW.BAD_CAST none
- PW.BRANCH_PAST_INITIALIZATION none
- PW.CONVERSION_TO_POINTER_LOSES_BITS none
- PW.RETURN_PTR_TO_LOCAL_TEMP none
- RESOURCE_LEAK exceptional_path
- RESOURCE_LEAK fds_handles
- RESOURCE_LEAK none
- RETURN_LOCAL escape_local_addr_to_fields_or_globals
- RETURN_LOCAL none
- RISKY_CRYPTO ssl_protocol
- SECURE_TEMP none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SIGN_EXTENSION none
- SLEEP none
- SQLI none
- STACK_USE none
- TAINTED_SCALAR allocation
- UNCAUGHT_EXCEPT none
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- UNINIT array_index_read
- UNINIT array_index_write
- UNINIT none
- UNINIT pointer_deref_read
- UNINIT pointer_deref_write
- UNINIT_CTOR none
- UNINIT_CTOR pointer
- URL_MANIPULATION none
- USE_AFTER_FREE deref_read_after_free
- USE_AFTER_FREE deref_write_after_free
- USE_AFTER_FREE double_close
- USE_AFTER_FREE double_free
- USE_AFTER_FREE none
- USE_AFTER_FREE use_after_close
- VIRTUAL_DTOR empty_dtor
- VIRTUAL_DTOR none
- WEAK_GUARD dns
- WEAK_GUARD dns_sensitive_op
- WEAK_GUARD http_referer
- WEAK_GUARD http_referer_sensitive_op
- WEAK_GUARD ip_address
- WEAK_GUARD ip_address_sensitive_op
- WEAK_GUARD none
- WEAK_GUARD os_login
- WEAK_GUARD os_login_sensitive_op
- WEAK_GUARD principal_name
- WEAK_GUARD principal_name_sensitive_op
- WRAPPER_ESCAPE COM_deref_read_after_free
- WRAPPER_ESCAPE COM_deref_write_after_free
- WRAPPER_ESCAPE COM_use_after_free
- WRAPPER_ESCAPE deref_read_after_free
- WRAPPER_ESCAPE deref_write_after_free
- WRAPPER_ESCAPE none
- XPATH_INJECTION none
|
- ATOMICITY none
- DISTRUSTED_DATA_DESERIALIZATION none
- GUARDED_BY_VIOLATION none
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- INSUFFICIENT_LOGGING logging_obligation
- LOCK double_lock
- LOCK missing_unlock
- LOCK none
- LOCK_INVERSION none
- NOSQL_QUERY_INJECTION none
- OPEN_REDIRECT none
- PATH_MANIPULATION none
- RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SLEEP none
- SQLI none
- SQLI nosink
- SQLI sink
- TEMPLATE_INJECTION none
- URL_MANIPULATION none
- XML_EXTERNAL_ENTITY entity_expansion
- XML_EXTERNAL_ENTITY external_entities
|
- ANDROID_CAPABILITY_LEAK none
- ANDROID_DEBUG_MODE none
- ANDROID_WEBVIEW_FILEACCESS android_webview_file_access
- ATOMICITY none
- BAD_CERT_VERIFICATION bad_hostname_verifier
- BAD_CERT_VERIFICATION bad_revocation_check
- BAD_CERT_VERIFICATION bad_ssl_session
- BAD_CERT_VERIFICATION bad_trust_manager
- BAD_LOCK_OBJECT boxed_lock
- BAD_LOCK_OBJECT interned_string_lock
- BAD_LOCK_OBJECT none
- BAD_LOCK_OBJECT single_thread_lock
- BAD_LOCK_OBJECT unsafe_assign_to_locked_field
- CALL_SUPER clone
- CALL_SUPER finalize
- CONFIG.ANDROID_BACKUPS_ALLOWED android
- CONFIG.DWR_DEBUG_MODE none
- CONFIG.DYNAMIC_DATA_HTML_COMMENT none
- CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
- CONFIG.JAVAEE_MISSING_HTTPONLY none
- CONFIG.JAVAEE_MISSING_SERVLET_MAPPING javaee
- CONFIG.MISSING_JSF2_SECURITY_CONSTRAINT none
- CONFIG.MYBATIS_MAPPER_SQLI none
- CONFIG.SPRING_BOOT_SENSITIVE_LOGGING spring_boot_logging
- CONFIG.SPRING_BOOT_SSL_DISABLED spring_boot_certificate_validation_skipped
- CONFIG.SPRING_BOOT_SSL_DISABLED spring_boot_ssl_disabled
- CONFIG.SPRING_SECURITY_DEBUG_MODE spring_debug_mode_enabled
- CONFIG.SPRING_SECURITY_DISABLE_AUTH_TAGS none
- CONFIG.SPRING_SECURITY_EXPOSED_SESSIONID session_id_in_url
- CONFIG.SPRING_SECURITY_HARDCODED_CREDENTIALS none
- CONFIG.SPRING_SECURITY_LOGIN_OVER_HTTP spring_security_login_over_http
- CONFIG.SPRING_SECURITY_REMEMBER_ME_HARDCODED_KEY none
- CONFIG.SPRING_SECURITY_SESSION_FIXATION none
- CONFIG.SPRING_SECURITY_SESSION_FIXATION spring_security_source_code
- CONFIG.SPRING_SECURITY_UNSAFE_AUTHENTICATION_FILTER authentication_filter
- CONFIG.SPRING_SECURITY_WEAK_PASSWORD_HASH weak_encoding_for_password
- CONFIG.STRUTS2_CONFIG_BROWSER_PLUGIN none
- CONFIG.STRUTS2_DYNAMIC_METHOD_INVOCATION none
- CONFIG.STRUTS2_ENABLED_DEV_MODE none
- CONFIG.UNSAFE_SESSION_TIMEOUT none
- CORS_MISCONFIGURATION cors_with_credentials_http_origin
- CORS_MISCONFIGURATION cors_with_credentials_null_origin
- CORS_MISCONFIGURATION_AUDIT cors_expose_sensitive_header
- CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
- CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
- DC.DEADLOCK none
- DISABLED_ENCRYPTION text_encryptor
- EXPOSED_PREFERENCES none
- FB.BX_BOXING_IMMEDIATELY_UNBOXED_TO_PERFORM_COERCION none
- FB.CN_IDIOM none
- FB.CN_IDIOM_NO_SUPER_CALL none
- FB.CN_IMPLEMENTS_CLONE_BUT_NOT_CLONEABLE none
- FB.DC_DOUBLECHECK none
- FB.DC_PARTIALLY_CONSTRUCTED none
- FB.DMI_CONSTANT_DB_PASSWORD none
- FB.DMI_EMPTY_DB_PASSWORD none
- FB.EI_EXPOSE_REP none
- FB.EI_EXPOSE_REP2 none
- FB.FI_PUBLIC_SHOULD_BE_PROTECTED none
- FB.ICAST_BAD_SHIFT_AMOUNT none
- FB.ICAST_IDIV_CAST_TO_DOUBLE none
- FB.ICAST_INTEGER_MULTIPLY_CAST_TO_LONG none
- FB.ICAST_INT_2_LONG_AS_INSTANT none
- FB.ICAST_INT_CAST_TO_DOUBLE_PASSED_TO_CEIL none
- FB.ICAST_INT_CAST_TO_FLOAT_PASSED_TO_ROUND none
- FB.ICAST_QUESTIONABLE_UNSIGNED_RIGHT_SHIFT none
- FB.LI_LAZY_INIT_STATIC none
- FB.LI_LAZY_INIT_UPDATE_STATIC none
- FB.MS_CANNOT_BE_FINAL none
- FB.PT_ABSOLUTE_PATH_TRAVERSAL none
- FB.PT_RELATIVE_PATH_TRAVERSAL none
- FB.REC_CATCH_EXCEPTION none
- FB.RU_INVOKE_RUN none
- GUARDED_BY_VIOLATION none
- GUARDED_BY_VIOLATION unlocked_read
- GUARDED_BY_VIOLATION unlocked_write
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HEADER_INJECTION none
- IMPLICIT_INTENT none
- INSECURE_COMMUNICATION insecure_communication
- INSECURE_COMMUNICATION none
- INSECURE_COMMUNICATION unencrypted_connection
- INSECURE_REMEMBER_ME_COOKIE remember_me_cookie
- JAVA_CODE_INJECTION none
- JCR_INJECTION none
- JSP_DYNAMIC_INCLUDE none
- JSP_SQL_INJECTION none
- LOCK_EVASION none
- LOCK_INVERSION none
- MISSING_AUTHZ none
- MISSING_PERMISSION_FOR_BROADCAST none
- MISSING_PERMISSION_ON_EXPORTED_COMPONENT none
- NON_STATIC_GUARDING_STATIC none
- NOSQL_QUERY_INJECTION none
- OGNL_INJECTION none
- OPEN_REDIRECT none
- PATH_MANIPULATION none
- REGEX_INJECTION none
- RESOURCE_LEAK exceptional_path
- RESOURCE_LEAK none
- RESOURCE_LEAK socket
- RESOURCE_LEAK stream
- RISKY_CRYPTO ssl_protocol
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_clipboard
- SENSITIVE_DATA_LEAK cleartext_storage_in_content_provider
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_intent
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SERVLET_ATOMICITY attribute_init_race
- SERVLET_ATOMICITY none
- SERVLET_ATOMICITY violation_on_session_object
- SESSION_FIXATION none
- SINGLETON_RACE none
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
- TRUST_BOUNDARY_VIOLATION none
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- UNKNOWN_LANGUAGE_INJECTION none
- UNLIMITED_CONCURRENT_SESSIONS unlimited_concurrent_sessions
- UNLOGGED_SECURITY_EXCEPTION unlogged_security_exception
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_access
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_read
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_write
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_access
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_read
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_write
- UNRESTRICTED_DISPATCH none
- UNSAFE_DESERIALIZATION none
- UNSAFE_JNI none
- UNSAFE_NAMED_QUERY none
- UNSAFE_REFLECTION none
- URL_MANIPULATION bad_content_uri
- URL_MANIPULATION bad_intent_uri
- URL_MANIPULATION bad_web_uri
- USE_AFTER_FREE none
- VERBOSE_ERROR_REPORTING exception_information
- VERBOSE_ERROR_REPORTING stack_trace
- WEAK_GUARD dns
- WEAK_GUARD dns_sensitive_op
- WEAK_GUARD http_referer
- WEAK_GUARD http_referer_sensitive_op
- WEAK_GUARD ip_address
- WEAK_GUARD ip_address_sensitive_op
- WEAK_GUARD none
- WEAK_GUARD os_login
- WEAK_GUARD os_login_sensitive_op
- WEAK_GUARD principal_name
- WEAK_GUARD principal_name_sensitive_op
- XML_EXTERNAL_ENTITY entity_expansion
- XML_EXTERNAL_ENTITY external_entities
- XML_EXTERNAL_ENTITY unrestricted_dtds
- XPATH_INJECTION none
|
- ANGULAR_EXPRESSION_INJECTION none
- AWS_SSL_DISABLED aws_ssl_disabled
- AWS_VALIDATION_DISABLED aws_credentials_validation
- AWS_VALIDATION_DISABLED aws_parameters_validation
- BAD_CERT_VERIFICATION bad_cert_verification
- BAD_CERT_VERIFICATION certificate_validation_disabled
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_fields
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_filesize
- CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
- CONFIG.CORDOVA_EXCESSIVE_LOGGING cordova
- CONFIG.ENABLED_DEBUG_MODE debug_mode_enabled
- CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
- CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
- CONFIG.JSONWEBTOKEN_NON_EXPIRING_TOKEN jwt_non_expiring_token
- CONFIG.MYSQL_SSL_VERIFY_DISABLED mysql_ssl_verify_disabled
- CONFIG.REQUEST_STRICTSSL_DISABLED request_strictssl_disabled
- CONFIG.SEQUELIZE_ENABLED_LOGGING sequelize_logging_enabled
- CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
- CONFIG.SOCKETIO_MAXHTTPBUFFERSIZE_SET_TOO_LARGE socketio_max_buffer_size
- CONFIG.SOCKETIO_ORIGINS_ACCEPT_ALL socketio_all_origins
- CONFIG.UNSAFE_SESSION_TIMEOUT client_sessions_unsafe_session_timeout
- CONFIG.UNSAFE_SESSION_TIMEOUT connect_mongo_session_timeout_too_long
- CONFIG.UNSAFE_SESSION_TIMEOUT connect_redis_session_timeout_too_long
- CONFIG.UNSAFE_SESSION_TIMEOUT google_cloud_connect_datastore_unsafe_session_timeout
- CONFIG.VUE_ROUTER_PARAMS_EXPOSED_TO_PROPS vuerouter_exposed_params
- CORS_MISCONFIGURATION cors_configured_globally
- CORS_MISCONFIGURATION cors_origin_string
- CORS_MISCONFIGURATION cors_with_credentials_all_origin
- CORS_MISCONFIGURATION cors_with_credentials_http_origin
- CORS_MISCONFIGURATION cors_with_credentials_null_origin
- CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
- CORS_MISCONFIGURATION_AUDIT cors_expose_sensitive_header
- CORS_MISCONFIGURATION_AUDIT cors_headers_allowed
- CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
- CORS_MISCONFIGURATION_AUDIT cors_origin_string
- CORS_MISCONFIGURATION_AUDIT cors_preflight_age_too_long
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_all_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_http_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_null_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
- DNS_PREFETCHING helmet_dns_prefetching
- EXPRESS_SESSION_UNSAFE_MEMORYSTORE express_session_unsafe_memorystore
- EXPRESS_WINSTON_SENSITIVE_LOGGING error_logger
- EXPRESS_WINSTON_SENSITIVE_LOGGING meta_data
- EXPRESS_WINSTON_SENSITIVE_LOGGING request_logger
- EXPRESS_X_POWERED_BY_ENABLED x_powered_by_http_header
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_fields
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_filesize
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_use_temp_files
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_max_age
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_report_uri
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_set_if
- INSECURE_ACL insecure_acl
- INSECURE_COMMUNICATION insecure_connection
- INSECURE_COOKIE client_sessions_express_session
- INSECURE_COOKIE hapi_server_session
- INSECURE_REFERRER_POLICY insecure_referrer_policy
- INSUFFICIENT_LOGGING logging_obligation
- INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_aws
- INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_google
- JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_exipration
- JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_not_before
- LOCALSTORAGE_WRITE none
- MISSING_AUTHZ none
- MISSING_IFRAME_SANDBOX none
- MULTER_MISCONFIGURATION multer_applied_globally
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_count
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
- MULTER_MISCONFIGURATION multer_misconfiguration_of_limits
- MULTER_MISCONFIGURATION multer_misconfiguration_of_storage
- NOSQL_QUERY_INJECTION none
- NO_EFFECT self_assign
- OPEN_REDIRECT none
- PATH_MANIPULATION none
- REGEX_INJECTION none
- REVERSE_TABNABBING react_target_blank
- RISKY_CRYPTO ssl_protocol
- SA.RISKY_CRYPTO ssl_protocol
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- TEMPLATE_INJECTION none
- TEMPORARY_CREDENTIALS_DURATION temporary_credentials_duration
- UNCHECKED_ORIGIN none
- UNLESS_CASE_SENSITIVE_ROUTE_MATCHING express_unless_case_sensitive_route_matching
- UNRESTRICTED_MESSAGE_TARGET none
- UNSAFE_BUFFER_METHOD unsafe_buffer_method
- UNSAFE_DESERIALIZATION none
- URL_MANIPULATION none
- WEAK_URL_SANITIZATION hostname_regular_expression
- WEAK_URL_SANITIZATION regular_expression_anchor
- WEAK_URL_SANITIZATION url_substring
- XML_EXTERNAL_ENTITY entity_expansion
- XML_EXTERNAL_ENTITY external_entities
|
- ANDROID_CAPABILITY_LEAK none
- ANDROID_DEBUG_MODE none
- BAD_CERT_VERIFICATION bad_hostname_verifier
- BAD_CERT_VERIFICATION bad_revocation_check
- BAD_CERT_VERIFICATION bad_ssl_session
- BAD_CERT_VERIFICATION bad_trust_manager
- CONFIG.ANDROID_BACKUPS_ALLOWED android
- EXPOSED_PREFERENCES none
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HEADER_INJECTION none
- IMPLICIT_INTENT none
- INSECURE_COMMUNICATION none
- MISSING_PERMISSION_FOR_BROADCAST none
- PATH_MANIPULATION none
- RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_clipboard
- SENSITIVE_DATA_LEAK cleartext_storage_in_content_provider
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_intent
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_access
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_read
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_write
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_access
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_read
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_write
- UNSAFE_DESERIALIZATION none
- URL_MANIPULATION bad_content_uri
- URL_MANIPULATION bad_intent_uri
- URL_MANIPULATION bad_web_uri
- XML_EXTERNAL_ENTITY entity_expansion
- XML_EXTERNAL_ENTITY external_entities
- XML_EXTERNAL_ENTITY unrestricted_dtds
|
- ALLOC_FREE_MISMATCH none
- ATOMICITY none
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK nested_memory_access
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK sensitive_data_comparison
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_execution_data_leak
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_uninitialized_use
- BAD_FREE address
- BAD_FREE alloca
- BAD_FREE array
- BAD_FREE first_field_address
- BAD_FREE function_pointer
- BAD_FREE none
- CHAR_IO none
- CHROOT none
- CTOR_DTOR_LEAK none
- DELETE_ARRAY non_array_delete
- DELETE_ARRAY none
- DELETE_ARRAY object
- DELETE_ARRAY scalar
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- INCOMPATIBLE_CAST float_vs_integral
- INCOMPATIBLE_CAST none
- LOCK double_lock
- LOCK missing_unlock
- LOCK none
- MISRA_CAST bitwise_op_bad_cast
- MISRA_CAST bitwise_op_no_cast
- MISRA_CAST float_complex_conversion
- MISRA_CAST float_narrowing_conversion
- MISRA_CAST float_non_constant_arg_conversion
- MISRA_CAST float_non_constant_conversion
- MISRA_CAST float_non_constant_rtn_conversion
- MISRA_CAST float_to_integer_cast
- MISRA_CAST float_to_integer_conversion
- MISRA_CAST float_widening_cast
- MISRA_CAST integer_complex_conversion
- MISRA_CAST integer_narrowing_conversion
- MISRA_CAST integer_non_constant_arg_conversion
- MISRA_CAST integer_non_constant_conversion
- MISRA_CAST integer_non_constant_rtn_conversion
- MISRA_CAST integer_signedness_changing_cast
- MISRA_CAST integer_signedness_changing_conversion
- MISRA_CAST integer_to_float_cast
- MISRA_CAST integer_to_float_conversion
- MISRA_CAST integer_widening_cast
- MISRA_CAST none
- MISSING_ASSIGN none
- MISSING_ASSIGN uncalled
- MISSING_COPY none
- MISSING_COPY uncalled
- MISSING_LOCK none
- NO_EFFECT bad_memset_fill_value
- NO_EFFECT bad_memset_truncated_fill
- NO_EFFECT bad_memset_zero_size
- NO_EFFECT incomplete_delete
- NO_EFFECT self_assign
- ORDER_REVERSAL none
- PATH_MANIPULATION none
- RESOURCE_LEAK exceptional_path
- RESOURCE_LEAK fds_handles
- RESOURCE_LEAK none
- RETURN_LOCAL escape_local_addr_to_fields_or_globals
- RETURN_LOCAL none
- RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SIGN_EXTENSION none
- SLEEP none
- SQLI none
- STACK_USE none
- TAINTED_SCALAR allocation
- UNCAUGHT_EXCEPT none
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- UNINIT array_index_read
- UNINIT array_index_write
- UNINIT none
- UNINIT pointer_deref_read
- UNINIT pointer_deref_write
- UNINIT_CTOR none
- UNINIT_CTOR pointer
- URL_MANIPULATION none
- USE_AFTER_FREE deref_read_after_free
- USE_AFTER_FREE deref_write_after_free
- USE_AFTER_FREE double_close
- USE_AFTER_FREE double_free
- USE_AFTER_FREE none
- USE_AFTER_FREE use_after_close
- VIRTUAL_DTOR empty_dtor
- VIRTUAL_DTOR none
- WEAK_GUARD dns
- WEAK_GUARD dns_sensitive_op
- WEAK_GUARD http_referer
- WEAK_GUARD http_referer_sensitive_op
- WEAK_GUARD ip_address
- WEAK_GUARD ip_address_sensitive_op
- WEAK_GUARD none
- WEAK_GUARD os_login
- WEAK_GUARD os_login_sensitive_op
- WEAK_GUARD principal_name
- WEAK_GUARD principal_name_sensitive_op
- WRAPPER_ESCAPE COM_deref_read_after_free
- WRAPPER_ESCAPE COM_deref_write_after_free
- WRAPPER_ESCAPE COM_use_after_free
- WRAPPER_ESCAPE deref_read_after_free
- WRAPPER_ESCAPE deref_write_after_free
- WRAPPER_ESCAPE none
- XPATH_INJECTION none
|
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HEADER_INJECTION none
- MISSING_AUTHZ none
- NOSQL_QUERY_INJECTION none
- NO_EFFECT self_assign
- OPEN_REDIRECT none
- PATH_MANIPULATION none
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- UNSAFE_DESERIALIZATION none
- UNSAFE_REFLECTION none
- XML_EXTERNAL_ENTITY external_entities
|
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- MISSING_AUTHZ none
- NOSQL_QUERY_INJECTION none
- OPEN_REDIRECT none
- PATH_MANIPULATION none
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- UNSAFE_DESERIALIZATION none
- XML_EXTERNAL_ENTITY external_entities
|
- BAD_CERT_VERIFICATION ssl_verification_bypass_hi
- COOKIE_SERIALIZER_CONFIG unsafe_cookie_serialization_med
- DYNAMIC_OBJECT_ATTRIBUTES attr_protected_used_med
- DYNAMIC_OBJECT_ATTRIBUTES cve_2013_0276_hi
- DYNAMIC_OBJECT_ATTRIBUTES dangerous_attr_accessible_hi
- DYNAMIC_OBJECT_ATTRIBUTES dangerous_attr_accessible_low
- DYNAMIC_OBJECT_ATTRIBUTES dangerous_attr_accessible_med
- DYNAMIC_OBJECT_ATTRIBUTES dangerous_permit_key_hi
- DYNAMIC_OBJECT_ATTRIBUTES dangerous_permit_key_med
- DYNAMIC_OBJECT_ATTRIBUTES mass_assign_call_hi
- DYNAMIC_OBJECT_ATTRIBUTES mass_assign_call_low
- DYNAMIC_OBJECT_ATTRIBUTES mass_assign_call_med
- DYNAMIC_OBJECT_ATTRIBUTES mass_assign_permit_all_hi
- DYNAMIC_OBJECT_ATTRIBUTES mass_assign_permit_all_med
- DYNAMIC_OBJECT_ATTRIBUTES mass_assign_without_protection_hi
- DYNAMIC_OBJECT_ATTRIBUTES mass_assign_without_protection_med
- DYNAMIC_OBJECT_ATTRIBUTES no_attr_accessible_hi
- HARDCODED_CREDENTIALS secret_in_source_med
- INSECURE_COOKIE missing_httponly_low
- INSECURE_DIRECT_OBJECT_REFERENCE unscoped_find_low
- NO_EFFECT self_assign
- OPEN_REDIRECT open_redirect_hi
- OPEN_REDIRECT open_redirect_low
- PATH_MANIPULATION dynamic_render_path_hi
- PATH_MANIPULATION dynamic_render_path_low
- PATH_MANIPULATION dynamic_render_path_med
- PATH_MANIPULATION dynamic_render_path_rce_hi
- PATH_MANIPULATION file_access_hi
- PATH_MANIPULATION file_access_low
- PATH_MANIPULATION file_access_med
- RAILS_DEFAULT_ROUTES all_default_routes_hi
- RAILS_DEFAULT_ROUTES controller_default_routes_med
- RAILS_DEFAULT_ROUTES cve_2014_0130_hi
- RAILS_DEFAULT_ROUTES cve_2014_0130_med
- RAILS_DEVISE_CONFIG devise_lock_strategy_low
- RAILS_DEVISE_CONFIG devise_password_length_max_low
- RAILS_DEVISE_CONFIG devise_password_length_max_med
- RAILS_DEVISE_CONFIG devise_password_length_min_low
- RAILS_DEVISE_CONFIG devise_password_length_min_med
- RAILS_DEVISE_CONFIG devise_reset_timeout_hi
- RAILS_MISSING_FILTER_ACTION missing_action_filter_low
- REGEX_INJECTION regex_dos_hi
- REGEX_INJECTION regex_dos_low
- REGEX_INJECTION regex_dos_med
- RESOURCE_LEAK unsafe_symbol_creation_low
- REVERSE_TABNABBING reverse_tabnabbing_low
- RUBY_VULNERABLE_LIBRARY cve_2011_2929_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_3424_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_3424_low
- RUBY_VULNERABLE_LIBRARY cve_2013_0156_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_0269_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_0269_low
- RUBY_VULNERABLE_LIBRARY cve_2013_0269_med
- RUBY_VULNERABLE_LIBRARY cve_2013_0277_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_0277_med
- RUBY_VULNERABLE_LIBRARY cve_2013_0333_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_1854_med
- RUBY_VULNERABLE_LIBRARY cve_2013_6414_med
- RUBY_VULNERABLE_LIBRARY cve_2014_0082_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_7829_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_3227_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7576_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_7581_med
- RUBY_VULNERABLE_LIBRARY cve_2016_0751_med
- RUBY_VULNERABLE_LIBRARY cve_2018_3760_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_3760_low
- SCRIPT_CODE_INJECTION code_eval_hi
- SCRIPT_CODE_INJECTION code_eval_low
- SENSITIVE_DATA_LEAK detailed_exceptions_hi
- SENSITIVE_DATA_LEAK detailed_exceptions_med
- SENSITIVE_DATA_LEAK local_request_config_hi
- SESSION_MANIPULATION session_key_manipulation_hi
- SESSION_MANIPULATION session_key_manipulation_med
- SQLI sql_injection_dynamic_finder_med
- STRICT_TRANSPORT_SECURITY force_ssl_disabled_med
- UNSAFE_BASIC_AUTH basic_auth_password_hi
- UNSAFE_BASIC_AUTH basic_auth_timing_attack_low
- UNSAFE_BASIC_AUTH basic_auth_usage_low
- UNSAFE_DESERIALIZATION unsafe_deserialize_hi
- UNSAFE_DESERIALIZATION unsafe_deserialize_med
- UNSAFE_REFLECTION dangerous_send_hi
- UNSAFE_REFLECTION unsafe_constantize_hi
- UNSAFE_REFLECTION unsafe_constantize_med
- UNSAFE_SESSION_SETTING http_cookies_hi
- UNSAFE_SESSION_SETTING session_secret_hi
|
|
- BAD_CERT_VERIFICATION bad_trust_manager
- BAD_CERT_VERIFICATION none
- CONFIG.ATS_INSECURE none
- CUSTOM_KEYBOARD_DATA_LEAK none
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- INSECURE_COMMUNICATION none
- INSECURE_MULTIPEER_CONNECTION none
- PATH_MANIPULATION none
- REGEX_INJECTION none
- RISKY_CRYPTO ssl_protocol
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- WEAK_BIOMETRIC_AUTH none
- XML_EXTERNAL_ENTITY external_entities
- XPATH_INJECTION none
|
- ANGULAR_EXPRESSION_INJECTION none
- AWS_SSL_DISABLED aws_ssl_disabled
- AWS_VALIDATION_DISABLED aws_credentials_validation
- AWS_VALIDATION_DISABLED aws_parameters_validation
- BAD_CERT_VERIFICATION bad_cert_verification
- BAD_CERT_VERIFICATION certificate_validation_disabled
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_fields
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_filesize
- CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
- CONFIG.CORDOVA_EXCESSIVE_LOGGING cordova
- CONFIG.ENABLED_DEBUG_MODE debug_mode_enabled
- CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
- CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
- CONFIG.JSONWEBTOKEN_NON_EXPIRING_TOKEN jwt_non_expiring_token
- CONFIG.MYSQL_SSL_VERIFY_DISABLED mysql_ssl_verify_disabled
- CONFIG.REQUEST_STRICTSSL_DISABLED request_strictssl_disabled
- CONFIG.SEQUELIZE_ENABLED_LOGGING sequelize_logging_enabled
- CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
- CONFIG.SOCKETIO_MAXHTTPBUFFERSIZE_SET_TOO_LARGE socketio_max_buffer_size
- CONFIG.SOCKETIO_ORIGINS_ACCEPT_ALL socketio_all_origins
- CONFIG.UNSAFE_SESSION_TIMEOUT client_sessions_unsafe_session_timeout
- CONFIG.UNSAFE_SESSION_TIMEOUT connect_mongo_session_timeout_too_long
- CONFIG.UNSAFE_SESSION_TIMEOUT connect_redis_session_timeout_too_long
- CONFIG.UNSAFE_SESSION_TIMEOUT google_cloud_connect_datastore_unsafe_session_timeout
- CONFIG.VUE_ROUTER_PARAMS_EXPOSED_TO_PROPS vuerouter_exposed_params
- CORS_MISCONFIGURATION cors_configured_globally
- CORS_MISCONFIGURATION cors_origin_string
- CORS_MISCONFIGURATION cors_with_credentials_all_origin
- CORS_MISCONFIGURATION cors_with_credentials_http_origin
- CORS_MISCONFIGURATION cors_with_credentials_null_origin
- CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
- CORS_MISCONFIGURATION_AUDIT cors_expose_sensitive_header
- CORS_MISCONFIGURATION_AUDIT cors_headers_allowed
- CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
- CORS_MISCONFIGURATION_AUDIT cors_origin_string
- CORS_MISCONFIGURATION_AUDIT cors_preflight_age_too_long
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_all_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_http_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_null_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
- DNS_PREFETCHING helmet_dns_prefetching
- EXPRESS_SESSION_UNSAFE_MEMORYSTORE express_session_unsafe_memorystore
- EXPRESS_WINSTON_SENSITIVE_LOGGING error_logger
- EXPRESS_WINSTON_SENSITIVE_LOGGING meta_data
- EXPRESS_WINSTON_SENSITIVE_LOGGING request_logger
- EXPRESS_X_POWERED_BY_ENABLED x_powered_by_http_header
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_fields
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_filesize
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_use_temp_files
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_max_age
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_report_uri
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_set_if
- INSECURE_ACL insecure_acl
- INSECURE_COMMUNICATION insecure_connection
- INSECURE_COOKIE client_sessions_express_session
- INSECURE_COOKIE hapi_server_session
- INSECURE_REFERRER_POLICY insecure_referrer_policy
- INSUFFICIENT_LOGGING logging_obligation
- INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_aws
- INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_google
- JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_exipration
- JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_not_before
- LOCALSTORAGE_WRITE none
- MISSING_AUTHZ none
- MISSING_IFRAME_SANDBOX none
- MULTER_MISCONFIGURATION multer_applied_globally
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_count
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
- MULTER_MISCONFIGURATION multer_misconfiguration_of_limits
- MULTER_MISCONFIGURATION multer_misconfiguration_of_storage
- NOSQL_QUERY_INJECTION none
- NO_EFFECT self_assign
- OPEN_REDIRECT none
- PATH_MANIPULATION none
- REGEX_INJECTION none
- REVERSE_TABNABBING react_target_blank
- RISKY_CRYPTO ssl_protocol
- SA.RISKY_CRYPTO ssl_protocol
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- TEMPLATE_INJECTION none
- TEMPORARY_CREDENTIALS_DURATION temporary_credentials_duration
- UNCHECKED_ORIGIN none
- UNLESS_CASE_SENSITIVE_ROUTE_MATCHING express_unless_case_sensitive_route_matching
- UNRESTRICTED_MESSAGE_TARGET none
- UNSAFE_BUFFER_METHOD unsafe_buffer_method
- UNSAFE_DESERIALIZATION none
- URL_MANIPULATION none
- WEAK_URL_SANITIZATION hostname_regular_expression
- WEAK_URL_SANITIZATION regular_expression_anchor
- WEAK_URL_SANITIZATION url_substring
- XML_EXTERNAL_ENTITY entity_expansion
- XML_EXTERNAL_ENTITY external_entities
|
- ASPNET_MVC_VERSION_HEADER none
- CONFIG.DYNAMIC_DATA_HTML_COMMENT none
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HEADER_INJECTION none
- LOCK_EVASION none
- MISSING_AUTHZ none
- OPEN_REDIRECT none
- PATH_MANIPULATION none
- REGEX_INJECTION none
- RESOURCE_LEAK channel
- RESOURCE_LEAK database
- RESOURCE_LEAK exceptional_path
- RESOURCE_LEAK none
- RESOURCE_LEAK socket
- RESOURCE_LEAK stream
- RISKY_CRYPTO ssl_protocol
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
- UNLOGGED_SECURITY_EXCEPTION unlogged_security_exception
- UNRESTRICTED_DISPATCH none
- UNSAFE_DESERIALIZATION none
- UNSAFE_NAMED_QUERY none
- XML_EXTERNAL_ENTITY entity_expansion
- XML_EXTERNAL_ENTITY external_entities
- XML_EXTERNAL_ENTITY unrestricted_dtds
- XPATH_INJECTION none
|
| 985 SFP Secondary Cluster: Unrestricted Consumption |
- XML_EXTERNAL_ENTITY entity_expansion
- XML_EXTERNAL_ENTITY unrestricted_dtds
|
- COM.ADDROF_LEAK none
- COM.BSTR.ALLOC leak
- CTOR_DTOR_LEAK none
- NO_EFFECT incomplete_delete
- RESOURCE_LEAK fds_handles
- STACK_USE none
- TAINTED_SCALAR allocation
- VIRTUAL_DTOR empty_dtor
- VIRTUAL_DTOR none
|
- CTOR_DTOR_LEAK none
- NO_EFFECT incomplete_delete
- RESOURCE_LEAK fds_handles
- STACK_USE none
- TAINTED_SCALAR allocation
- VIRTUAL_DTOR empty_dtor
- VIRTUAL_DTOR none
|
- XML_EXTERNAL_ENTITY entity_expansion
|
- FB.IL_INFINITE_RECURSIVE_LOOP none
- UNLIMITED_CONCURRENT_SESSIONS unlimited_concurrent_sessions
- XML_EXTERNAL_ENTITY entity_expansion
- XML_EXTERNAL_ENTITY unrestricted_dtds
|
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_fields
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_filesize
- CONFIG.CORDOVA_EXCESSIVE_LOGGING cordova
- CONFIG.SOCKETIO_MAXHTTPBUFFERSIZE_SET_TOO_LARGE socketio_max_buffer_size
- CONFIG.SOCKETIO_ORIGINS_ACCEPT_ALL socketio_all_origins
- EXPRESS_SESSION_UNSAFE_MEMORYSTORE express_session_unsafe_memorystore
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_fields
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_filesize
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_use_temp_files
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_count
- MULTER_MISCONFIGURATION multer_misconfiguration_of_limits
- MULTER_MISCONFIGURATION multer_misconfiguration_of_storage
- XML_EXTERNAL_ENTITY entity_expansion
|
- XML_EXTERNAL_ENTITY entity_expansion
- XML_EXTERNAL_ENTITY unrestricted_dtds
|
- CTOR_DTOR_LEAK none
- NO_EFFECT incomplete_delete
- RESOURCE_LEAK fds_handles
- STACK_USE none
- TAINTED_SCALAR allocation
- VIRTUAL_DTOR empty_dtor
- VIRTUAL_DTOR none
|
|
|
- RAILS_DEFAULT_ROUTES cve_2014_0130_hi
- RAILS_DEFAULT_ROUTES cve_2014_0130_med
- RESOURCE_LEAK unsafe_symbol_creation_low
- RUBY_VULNERABLE_LIBRARY cve_2012_3424_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_3424_low
- RUBY_VULNERABLE_LIBRARY cve_2013_1854_med
- RUBY_VULNERABLE_LIBRARY cve_2013_6414_med
- RUBY_VULNERABLE_LIBRARY cve_2014_0082_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_3227_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7581_med
- RUBY_VULNERABLE_LIBRARY cve_2016_0751_med
|
|
|
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_fields
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_filesize
- CONFIG.CORDOVA_EXCESSIVE_LOGGING cordova
- CONFIG.SOCKETIO_MAXHTTPBUFFERSIZE_SET_TOO_LARGE socketio_max_buffer_size
- CONFIG.SOCKETIO_ORIGINS_ACCEPT_ALL socketio_all_origins
- EXPRESS_SESSION_UNSAFE_MEMORYSTORE express_session_unsafe_memorystore
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_fields
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_filesize
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_use_temp_files
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_count
- MULTER_MISCONFIGURATION multer_misconfiguration_of_limits
- MULTER_MISCONFIGURATION multer_misconfiguration_of_storage
- XML_EXTERNAL_ENTITY entity_expansion
|
- XML_EXTERNAL_ENTITY entity_expansion
- XML_EXTERNAL_ENTITY unrestricted_dtds
|
| 986 SFP Secondary Cluster: Missing Lock |
- BAD_LOCK_OBJECT boxed_lock
- BAD_LOCK_OBJECT interned_string_lock
- BAD_LOCK_OBJECT none
- BAD_LOCK_OBJECT single_thread_lock
- BAD_LOCK_OBJECT unsafe_assign_to_locked_field
- GUARDED_BY_VIOLATION none
- LOCK_EVASION none
- LOCK_INVERSION none
- NON_STATIC_GUARDING_STATIC none
- VOLATILE_ATOMICITY compare
- VOLATILE_ATOMICITY none
- VOLATILE_ATOMICITY semantic
- VOLATILE_ATOMICITY threshold
|
- ATOMICITY none
- LOCK double_lock
- LOCK missing_unlock
- LOCK none
- MISSING_LOCK none
- ORDER_REVERSAL none
- SLEEP none
|
- ATOMICITY none
- LOCK double_lock
- LOCK missing_unlock
- LOCK none
- MISSING_LOCK none
- ORDER_REVERSAL none
- SLEEP none
|
- ATOMICITY none
- GUARDED_BY_VIOLATION none
- LOCK double_lock
- LOCK missing_unlock
- LOCK none
- LOCK_INVERSION none
- SLEEP none
|
- ATOMICITY none
- BAD_LOCK_OBJECT boxed_lock
- BAD_LOCK_OBJECT interned_string_lock
- BAD_LOCK_OBJECT none
- BAD_LOCK_OBJECT single_thread_lock
- BAD_LOCK_OBJECT unsafe_assign_to_locked_field
- DC.DEADLOCK none
- FB.DC_DOUBLECHECK none
- FB.DC_PARTIALLY_CONSTRUCTED none
- FB.IS2_INCONSISTENT_SYNC none
- FB.IS_FIELD_NOT_GUARDED none
- FB.IS_INCONSISTENT_SYNC none
- FB.LI_LAZY_INIT_STATIC none
- FB.LI_LAZY_INIT_UPDATE_STATIC none
- FB.RU_INVOKE_RUN none
- FB.STCAL_INVOKE_ON_STATIC_CALENDAR_INSTANCE none
- FB.STCAL_INVOKE_ON_STATIC_DATE_FORMAT_INSTANCE none
- FB.STCAL_STATIC_CALENDAR_INSTANCE none
- FB.STCAL_STATIC_SIMPLE_DATE_FORMAT_INSTANCE none
- GUARDED_BY_VIOLATION none
- GUARDED_BY_VIOLATION unlocked_read
- GUARDED_BY_VIOLATION unlocked_write
- LOCK_EVASION none
- LOCK_INVERSION none
- NON_STATIC_GUARDING_STATIC none
- SERVLET_ATOMICITY attribute_init_race
- SERVLET_ATOMICITY none
- SERVLET_ATOMICITY violation_on_session_object
- SINGLETON_RACE none
- VOLATILE_ATOMICITY compare
- VOLATILE_ATOMICITY none
- VOLATILE_ATOMICITY semantic
- VOLATILE_ATOMICITY threshold
|
|
|
- ATOMICITY none
- LOCK double_lock
- LOCK missing_unlock
- LOCK none
- MISSING_LOCK none
- ORDER_REVERSAL none
- SLEEP none
|
|
|
|
|
|
|
|
| 987 SFP Secondary Cluster: Multiple Locks/Unlocks |
|
|
|
|
- FB.ESYNC_EMPTY_SYNC none
- FB.NP_SYNC_AND_NULL_CHECK_FIELD none
|
|
|
|
|
|
|
|
|
|
|
| 988 SFP Secondary Cluster: Race Condition Window |
- GUARDED_BY_VIOLATION none
- NON_STATIC_GUARDING_STATIC none
- VOLATILE_ATOMICITY compare
- VOLATILE_ATOMICITY none
- VOLATILE_ATOMICITY semantic
- VOLATILE_ATOMICITY threshold
|
- MISSING_LOCK none
- TOCTOU none
|
- MISSING_LOCK none
- TOCTOU none
|
- GUARDED_BY_VIOLATION none
|
- CONFIG.MISSING_JSF2_SECURITY_CONSTRAINT none
- FB.IS2_INCONSISTENT_SYNC none
- FB.IS_FIELD_NOT_GUARDED none
- FB.IS_INCONSISTENT_SYNC none
- FB.STCAL_INVOKE_ON_STATIC_CALENDAR_INSTANCE none
- FB.STCAL_INVOKE_ON_STATIC_DATE_FORMAT_INSTANCE none
- FB.STCAL_STATIC_CALENDAR_INSTANCE none
- FB.STCAL_STATIC_SIMPLE_DATE_FORMAT_INSTANCE none
- GUARDED_BY_VIOLATION none
- GUARDED_BY_VIOLATION unlocked_read
- GUARDED_BY_VIOLATION unlocked_write
- NON_STATIC_GUARDING_STATIC none
- VOLATILE_ATOMICITY compare
- VOLATILE_ATOMICITY none
- VOLATILE_ATOMICITY semantic
- VOLATILE_ATOMICITY threshold
|
|
|
- MISSING_LOCK none
- TOCTOU none
|
|
|
|
|
|
|
|
| 989 SFP Secondary Cluster: Unrestricted Lock |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 990 SFP Secondary Cluster: Tainted Input to Command |
- HEADER_INJECTION none
- LDAP_INJECTION none
- LDAP_NOT_CONSTANT none
- LOG_INJECTION none
- NOSQL_QUERY_INJECTION none
- OPEN_REDIRECT none
- OS_CMD_INJECTION command_argument
- OS_CMD_INJECTION executable_file
- OS_CMD_INJECTION none
- REGEX_INJECTION none
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
- UNKNOWN_LANGUAGE_INJECTION none
- XML_EXTERNAL_ENTITY external_entities
- XML_EXTERNAL_ENTITY unrestricted_dtds
- XML_INJECTION none
- XPATH_INJECTION none
- XSS none
- XSS stored_xss
|
- BUFFER_SIZE no_null_terminator
- BUFFER_SIZE no_null_terminator_warn
- FORMAT_STRING_INJECTION none
- FORMAT_STRING_INJECTION paranoid
- HEADER_INJECTION none
- NEGATIVE_RETURNS critical_argument
- OS_CMD_INJECTION none
- PW.NON_CONST_PRINTF_FORMAT_STRING none
- READLINK none
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SIZECHECK no_null_terminator
- SQLI none
- STRING_NULL none
- TAINTED_SCALAR allocation
- TAINTED_SCALAR array_index_read
- TAINTED_SCALAR array_index_write
- TAINTED_SCALAR critical_argument
- TAINTED_SCALAR divisor
- TAINTED_SCALAR loop_bound
- TAINTED_SCALAR none
- TAINTED_SCALAR pointer_deref_read
- TAINTED_SCALAR pointer_deref_write
- URL_MANIPULATION none
- XPATH_INJECTION none
|
- BUFFER_SIZE no_null_terminator
- BUFFER_SIZE no_null_terminator_warn
- FORMAT_STRING_INJECTION none
- FORMAT_STRING_INJECTION paranoid
- HEADER_INJECTION none
- NEGATIVE_RETURNS critical_argument
- OS_CMD_INJECTION none
- PW.NON_CONST_PRINTF_FORMAT_STRING none
- READLINK none
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SIZECHECK no_null_terminator
- SQLI none
- STRING_NULL none
- TAINTED_SCALAR allocation
- TAINTED_SCALAR array_index_read
- TAINTED_SCALAR array_index_write
- TAINTED_SCALAR critical_argument
- TAINTED_SCALAR divisor
- TAINTED_SCALAR loop_bound
- TAINTED_SCALAR none
- TAINTED_SCALAR pointer_deref_read
- TAINTED_SCALAR pointer_deref_write
- URL_MANIPULATION none
- XPATH_INJECTION none
|
- HEADER_INJECTION none
- NOSQL_QUERY_INJECTION none
- OPEN_REDIRECT none
- OS_CMD_INJECTION command_as_one_string
- OS_CMD_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SQLI none
- SQLI nosink
- SQLI sink
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
- TEMPLATE_INJECTION none
- URL_MANIPULATION none
- XML_EXTERNAL_ENTITY external_entities
- XSS none
|
- CONFIG.MYBATIS_MAPPER_SQLI none
- CONFIG.SPRING_SECURITY_DEPRECATED_XSS_HEADER deprecated_xss_header
- CONFIG.STRUTS2_CONFIG_BROWSER_PLUGIN none
- CONFIG.STRUTS2_DYNAMIC_METHOD_INVOCATION none
- CONFIG.STRUTS2_ENABLED_DEV_MODE none
- CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
- EL_INJECTION none
- FB.HRS_REQUEST_PARAMETER_TO_COOKIE none
- FB.HRS_REQUEST_PARAMETER_TO_HTTP_HEADER none
- FB.RE_BAD_SYNTAX_FOR_REGULAR_EXPRESSION none
- FB.RE_CANT_USE_FILE_SEPARATOR_AS_REGULAR_EXPRESSION none
- FB.RE_POSSIBLE_UNINTENDED_PATTERN none
- FB.SQL_NONCONSTANT_STRING_PASSED_TO_EXECUTE none
- FB.SQL_PREPARED_STATEMENT_GENERATED_FROM_NONCONSTANT_STRING none
- FB.XSS_REQUEST_PARAMETER_TO_JSP_WRITER none
- FB.XSS_REQUEST_PARAMETER_TO_SEND_ERROR none
- FB.XSS_REQUEST_PARAMETER_TO_SERVLET_WRITER none
- HEADER_INJECTION none
- INSECURE_HTTP_FIREWALL spring_security
- INSECURE_REMEMBER_ME_COOKIE remember_me_cookie
- JAVA_CODE_INJECTION none
- JCR_INJECTION none
- JSP_DYNAMIC_INCLUDE none
- JSP_SQL_INJECTION none
- LDAP_INJECTION none
- LDAP_NOT_CONSTANT none
- LOG_INJECTION none
- MISSING_HEADER_VALIDATION missing_header_validation
- NOSQL_QUERY_INJECTION none
- OGNL_INJECTION none
- OPEN_REDIRECT none
- OS_CMD_INJECTION command_as_array_of_args
- OS_CMD_INJECTION command_as_one_string
- OS_CMD_INJECTION none
- REGEX_CONFUSION none
- REGEX_INJECTION none
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
- UNKNOWN_LANGUAGE_INJECTION none
- URL_MANIPULATION bad_content_uri
- URL_MANIPULATION bad_intent_uri
- URL_MANIPULATION bad_web_uri
- XML_EXTERNAL_ENTITY external_entities
- XML_EXTERNAL_ENTITY unrestricted_dtds
- XML_INJECTION none
- XPATH_INJECTION none
- XSS none
- XSS stored_xss
|
- ANGULAR_BYPASS_SECURITY none
- ANGULAR_ELEMENT_REFERENCE none
- ANGULAR_EXPRESSION_INJECTION none
- ANGULAR_SCE_DISABLED angular_sce_disabled
- CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_intent_whitelist
- CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_navigation_whitelist
- CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_network_request_whitelist
- CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
- CSS_INJECTION none
- DOM_XSS none
- HEADER_INJECTION none
- INSECURE_COOKIE client_sessions_express_session
- INSECURE_COOKIE hapi_server_session
- LOCALSTORAGE_MANIPULATION none
- MULTER_MISCONFIGURATION multer_custom_file_filter
- NOSQL_QUERY_INJECTION none
- OPEN_REDIRECT none
- OS_CMD_INJECTION none
- REACT_DANGEROUS_INNERHTML react_set_unsafe_html
- REGEX_INJECTION none
- REVERSE_TABNABBING react_target_blank
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SESSIONSTORAGE_MANIPULATION none
- SQLI none
- SQLI nosink
- SQLI sink
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
- TEMPLATE_INJECTION none
- URL_MANIPULATION none
- VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
- WEAK_URL_SANITIZATION hostname_regular_expression
- WEAK_URL_SANITIZATION regular_expression_anchor
- XML_EXTERNAL_ENTITY external_entities
- XSS none
|
- HEADER_INJECTION none
- OS_CMD_INJECTION command_as_array_of_args
- OS_CMD_INJECTION command_as_one_string
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SQLI none
- SQLI nosink
- SQLI sink
- URL_MANIPULATION bad_content_uri
- URL_MANIPULATION bad_intent_uri
- URL_MANIPULATION bad_web_uri
- XML_EXTERNAL_ENTITY external_entities
- XML_EXTERNAL_ENTITY unrestricted_dtds
|
- BUFFER_SIZE no_null_terminator
- BUFFER_SIZE no_null_terminator_warn
- FORMAT_STRING_INJECTION none
- FORMAT_STRING_INJECTION paranoid
- HEADER_INJECTION none
- NEGATIVE_RETURNS critical_argument
- OS_CMD_INJECTION none
- READLINK none
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SIZECHECK no_null_terminator
- SQLI none
- STRING_NULL none
- TAINTED_SCALAR allocation
- TAINTED_SCALAR array_index_read
- TAINTED_SCALAR array_index_write
- TAINTED_SCALAR critical_argument
- TAINTED_SCALAR divisor
- TAINTED_SCALAR loop_bound
- TAINTED_SCALAR none
- TAINTED_SCALAR pointer_deref_read
- TAINTED_SCALAR pointer_deref_write
- URL_MANIPULATION none
- XPATH_INJECTION none
|
- HEADER_INJECTION none
- NOSQL_QUERY_INJECTION none
- OPEN_REDIRECT none
- OS_CMD_INJECTION none
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SQLI none
- SQLI nosink
- SQLI sink
- SYMFONY_EL_INJECTION none
- XML_EXTERNAL_ENTITY external_entities
- XSS none
|
- NOSQL_QUERY_INJECTION none
- OPEN_REDIRECT none
- OS_CMD_INJECTION none
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SQLI none
- SQLI nosink
- SQLI sink
- XML_EXTERNAL_ENTITY external_entities
- XSS none
|
- BLACKLIST_FOR_AUTHN auth_blacklist_med
- BLACKLIST_FOR_AUTHN csrf_blacklist_med
- DYNAMIC_OBJECT_ATTRIBUTES cve_2013_0276_hi
- DYNAMIC_OBJECT_ATTRIBUTES dangerous_attr_accessible_hi
- DYNAMIC_OBJECT_ATTRIBUTES dangerous_attr_accessible_low
- DYNAMIC_OBJECT_ATTRIBUTES dangerous_attr_accessible_med
- DYNAMIC_OBJECT_ATTRIBUTES dangerous_permit_key_hi
- DYNAMIC_OBJECT_ATTRIBUTES dangerous_permit_key_med
- OPEN_REDIRECT open_redirect_hi
- OPEN_REDIRECT open_redirect_low
- OS_CMD_INJECTION command_injection_hi
- OS_CMD_INJECTION command_injection_med
- PATH_MANIPULATION dynamic_render_path_rce_hi
- REGEX_INJECTION regex_dos_hi
- REGEX_INJECTION regex_dos_low
- REGEX_INJECTION regex_dos_med
- REGEX_MISSING_ANCHOR validation_regex_hi
- REVERSE_TABNABBING reverse_tabnabbing_low
- RUBY_VULNERABLE_LIBRARY cve_2010_3933_hi
- RUBY_VULNERABLE_LIBRARY cve_2011_2930_med
- RUBY_VULNERABLE_LIBRARY cve_2011_2931_hi
- RUBY_VULNERABLE_LIBRARY cve_2011_2932_hi
- RUBY_VULNERABLE_LIBRARY cve_2011_3186_med
- RUBY_VULNERABLE_LIBRARY cve_2012_2660_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_2661_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_2695_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_3463_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_3465_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_5664_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_0155_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_1855_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_1857_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_4491_med
- RUBY_VULNERABLE_LIBRARY cve_2013_6416_call_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_6416_med
- RUBY_VULNERABLE_LIBRARY cve_2013_6417_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_0080_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_0081_call_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_0081_med
- RUBY_VULNERABLE_LIBRARY cve_2014_3482_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_3483_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_low
- RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_med
- RUBY_VULNERABLE_LIBRARY cve_2014_3514_med
- RUBY_VULNERABLE_LIBRARY cve_2015_3226_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_3226_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7577_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7578_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_7578_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7579_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_7579_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7580_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_7580_med
- RUBY_VULNERABLE_LIBRARY cve_2016_6317_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_3741_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_3741_med
- RUBY_VULNERABLE_LIBRARY cve_2018_8048_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_8048_med
- RUBY_VULNERABLE_LIBRARY safe_buffer_vuln_med
- RUBY_VULNERABLE_LIBRARY select_options_vuln_low
- RUBY_VULNERABLE_LIBRARY select_options_vuln_med
- RUBY_VULNERABLE_LIBRARY translate_vuln_hi
- RUBY_VULNERABLE_LIBRARY translate_vuln_med
- SCRIPT_CODE_INJECTION code_eval_hi
- SCRIPT_CODE_INJECTION code_eval_low
- SQLI sql_injection_calculate_hi
- SQLI sql_injection_calculate_low
- SQLI sql_injection_calculate_med
- SQLI sql_injection_connection_hi
- SQLI sql_injection_connection_low
- SQLI sql_injection_connection_med
- SQLI sql_injection_delete_hi
- SQLI sql_injection_delete_low
- SQLI sql_injection_delete_med
- SQLI sql_injection_dynamic_finder_med
- SQLI sql_injection_exists_hi
- SQLI sql_injection_find_by_hi
- SQLI sql_injection_find_hi
- SQLI sql_injection_find_low
- SQLI sql_injection_find_med
- SQLI sql_injection_from_hi
- SQLI sql_injection_from_low
- SQLI sql_injection_from_med
- SQLI sql_injection_group_low
- SQLI sql_injection_group_med
- SQLI sql_injection_having_low
- SQLI sql_injection_having_med
- SQLI sql_injection_hi
- SQLI sql_injection_interp_hi
- SQLI sql_injection_interp_low
- SQLI sql_injection_interp_med
- SQLI sql_injection_joins_hi
- SQLI sql_injection_joins_low
- SQLI sql_injection_joins_med
- SQLI sql_injection_limit_offset_hi
- SQLI sql_injection_limit_offset_low
- SQLI sql_injection_low
- SQLI sql_injection_med
- SQLI sql_injection_not_low
- SQLI sql_injection_order_hi
- SQLI sql_injection_order_low
- SQLI sql_injection_order_med
- SQLI sql_injection_pluck_hi
- SQLI sql_injection_pluck_low
- SQLI sql_injection_pluck_med
- SQLI sql_injection_reorder_hi
- SQLI sql_injection_reorder_low
- SQLI sql_injection_reorder_med
- SQLI sql_injection_select_hi
- SQLI sql_injection_select_med
- SQLI sql_injection_where_hi
- SQLI sql_injection_where_low
- SQLI sql_injection_where_med
- UNESCAPED_HTML unescaped_output_low
- XSS cross_site_scripting_hi
- XSS cross_site_scripting_inline_hi
- XSS cross_site_scripting_inline_med
- XSS cross_site_scripting_low
- XSS cross_site_scripting_med
- XSS cve_2011_0446_hi
- XSS cve_2012_3464_med
- XSS cve_2016_6316_hi
- XSS cve_2016_6316_med
- XSS unquoted_attribute_hi
- XSS unquoted_attribute_low
- XSS unquoted_attribute_med
- XSS xss_content_tag_hi
- XSS xss_content_tag_med
- XSS xss_link_to_hi
- XSS xss_link_to_href_hi
- XSS xss_link_to_href_low
- XSS xss_link_to_med
- XSS xss_to_json_hi
- XSS xss_to_json_med
|
|
- REGEX_INJECTION none
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SQLI none
- SQLI nosink
- SQLI sink
- XML_EXTERNAL_ENTITY external_entities
- XPATH_INJECTION none
|
- ANGULAR_BYPASS_SECURITY none
- ANGULAR_ELEMENT_REFERENCE none
- ANGULAR_EXPRESSION_INJECTION none
- ANGULAR_SCE_DISABLED angular_sce_disabled
- CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_intent_whitelist
- CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_navigation_whitelist
- CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_network_request_whitelist
- CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
- CSS_INJECTION none
- DOM_XSS none
- HEADER_INJECTION none
- INSECURE_COOKIE client_sessions_express_session
- INSECURE_COOKIE hapi_server_session
- LOCALSTORAGE_MANIPULATION none
- MULTER_MISCONFIGURATION multer_custom_file_filter
- NOSQL_QUERY_INJECTION none
- OPEN_REDIRECT none
- OS_CMD_INJECTION none
- REACT_DANGEROUS_INNERHTML react_set_unsafe_html
- REGEX_INJECTION none
- REVERSE_TABNABBING react_target_blank
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SESSIONSTORAGE_MANIPULATION none
- SQLI none
- SQLI nosink
- SQLI sink
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
- TEMPLATE_INJECTION none
- URL_MANIPULATION none
- VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
- WEAK_URL_SANITIZATION hostname_regular_expression
- WEAK_URL_SANITIZATION regular_expression_anchor
- XML_EXTERNAL_ENTITY external_entities
- XSS none
|
- HEADER_INJECTION none
- LDAP_INJECTION none
- LDAP_NOT_CONSTANT none
- LOG_INJECTION none
- OPEN_REDIRECT none
- OS_CMD_INJECTION command_argument
- OS_CMD_INJECTION executable_file
- OS_CMD_INJECTION none
- REGEX_INJECTION none
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
- XML_EXTERNAL_ENTITY external_entities
- XML_EXTERNAL_ENTITY unrestricted_dtds
- XML_INJECTION none
- XPATH_INJECTION none
- XSS none
- XSS stored_xss
|
| 991 SFP Secondary Cluster: Tainted Input to Environment |
- NOSQL_QUERY_INJECTION none
- REGEX_INJECTION none
- SCRIPT_CODE_INJECTION none
- UNKNOWN_LANGUAGE_INJECTION none
- UNSAFE_NAMED_QUERY none
- XPATH_INJECTION none
|
- WEAK_GUARD ip_address
- WEAK_GUARD ip_address_sensitive_op
- XPATH_INJECTION none
|
- WEAK_GUARD ip_address
- WEAK_GUARD ip_address_sensitive_op
- XPATH_INJECTION none
|
- NOSQL_QUERY_INJECTION none
- TEMPLATE_INJECTION none
|
- JAVA_CODE_INJECTION none
- JCR_INJECTION none
- JSP_DYNAMIC_INCLUDE none
- NOSQL_QUERY_INJECTION none
- OGNL_INJECTION none
- REGEX_INJECTION none
- SCRIPT_CODE_INJECTION none
- UNKNOWN_LANGUAGE_INJECTION none
- UNSAFE_JNI none
- UNSAFE_NAMED_QUERY none
- UNSAFE_REFLECTION none
- WEAK_GUARD ip_address
- WEAK_GUARD ip_address_sensitive_op
- XPATH_INJECTION none
|
- ANGULAR_EXPRESSION_INJECTION none
- NOSQL_QUERY_INJECTION none
- REGEX_INJECTION none
- SCRIPT_CODE_INJECTION none
- TEMPLATE_INJECTION none
|
|
- WEAK_GUARD ip_address
- WEAK_GUARD ip_address_sensitive_op
- XPATH_INJECTION none
|
- NOSQL_QUERY_INJECTION none
- SCRIPT_CODE_INJECTION none
- UNSAFE_REFLECTION none
|
- NOSQL_QUERY_INJECTION none
- SCRIPT_CODE_INJECTION none
|
- PATH_MANIPULATION dynamic_render_path_rce_hi
- REGEX_INJECTION regex_dos_hi
- REGEX_INJECTION regex_dos_low
- REGEX_INJECTION regex_dos_med
- SCRIPT_CODE_INJECTION code_eval_hi
- SCRIPT_CODE_INJECTION code_eval_low
- UNSAFE_REFLECTION dangerous_send_hi
- UNSAFE_REFLECTION unsafe_constantize_hi
- UNSAFE_REFLECTION unsafe_constantize_med
|
|
- REGEX_INJECTION none
- SCRIPT_CODE_INJECTION none
- XPATH_INJECTION none
|
- ANGULAR_EXPRESSION_INJECTION none
- NOSQL_QUERY_INJECTION none
- REGEX_INJECTION none
- SCRIPT_CODE_INJECTION none
- TEMPLATE_INJECTION none
|
- REGEX_INJECTION none
- SCRIPT_CODE_INJECTION none
- UNSAFE_NAMED_QUERY none
- XPATH_INJECTION none
|
| 992 SFP Secondary Cluster: Faulty Input Transformation |
- HEADER_INJECTION none
- LDAP_INJECTION none
- LDAP_NOT_CONSTANT none
- LOG_INJECTION none
- NOSQL_QUERY_INJECTION none
- OS_CMD_INJECTION command_argument
- OS_CMD_INJECTION executable_file
- OS_CMD_INJECTION none
- REGEX_INJECTION none
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
- UNKNOWN_LANGUAGE_INJECTION none
- XML_INJECTION none
- XPATH_INJECTION none
- XSS none
- XSS stored_xss
|
- BUFFER_SIZE no_null_terminator
- BUFFER_SIZE no_null_terminator_warn
- FORMAT_STRING_INJECTION none
- FORMAT_STRING_INJECTION paranoid
- HEADER_INJECTION none
- OS_CMD_INJECTION none
- PW.NON_CONST_PRINTF_FORMAT_STRING none
- READLINK none
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SIZECHECK no_null_terminator
- SQLI none
- STRING_NULL none
- URL_MANIPULATION none
- XPATH_INJECTION none
|
- BUFFER_SIZE no_null_terminator
- BUFFER_SIZE no_null_terminator_warn
- FORMAT_STRING_INJECTION none
- FORMAT_STRING_INJECTION paranoid
- HEADER_INJECTION none
- OS_CMD_INJECTION none
- PW.NON_CONST_PRINTF_FORMAT_STRING none
- READLINK none
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SIZECHECK no_null_terminator
- SQLI none
- STRING_NULL none
- URL_MANIPULATION none
- XPATH_INJECTION none
|
- HEADER_INJECTION none
- NOSQL_QUERY_INJECTION none
- OS_CMD_INJECTION command_as_one_string
- OS_CMD_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SQLI none
- SQLI nosink
- SQLI sink
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
- TEMPLATE_INJECTION none
- URL_MANIPULATION none
- XSS none
|
- CONFIG.MYBATIS_MAPPER_SQLI none
- CONFIG.SPRING_SECURITY_DEPRECATED_XSS_HEADER deprecated_xss_header
- EL_INJECTION none
- FB.HRS_REQUEST_PARAMETER_TO_COOKIE none
- FB.HRS_REQUEST_PARAMETER_TO_HTTP_HEADER none
- FB.SQL_NONCONSTANT_STRING_PASSED_TO_EXECUTE none
- FB.SQL_PREPARED_STATEMENT_GENERATED_FROM_NONCONSTANT_STRING none
- FB.XSS_REQUEST_PARAMETER_TO_JSP_WRITER none
- FB.XSS_REQUEST_PARAMETER_TO_SEND_ERROR none
- FB.XSS_REQUEST_PARAMETER_TO_SERVLET_WRITER none
- HEADER_INJECTION none
- JAVA_CODE_INJECTION none
- JCR_INJECTION none
- JSP_DYNAMIC_INCLUDE none
- JSP_SQL_INJECTION none
- LDAP_INJECTION none
- LDAP_NOT_CONSTANT none
- LOG_INJECTION none
- MISSING_HEADER_VALIDATION missing_header_validation
- NOSQL_QUERY_INJECTION none
- OGNL_INJECTION none
- OS_CMD_INJECTION command_as_array_of_args
- OS_CMD_INJECTION command_as_one_string
- OS_CMD_INJECTION none
- REGEX_INJECTION none
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
- UNKNOWN_LANGUAGE_INJECTION none
- URL_MANIPULATION bad_content_uri
- URL_MANIPULATION bad_intent_uri
- URL_MANIPULATION bad_web_uri
- XML_INJECTION none
- XPATH_INJECTION none
- XSS none
- XSS stored_xss
|
- ANGULAR_BYPASS_SECURITY none
- ANGULAR_ELEMENT_REFERENCE none
- ANGULAR_EXPRESSION_INJECTION none
- ANGULAR_SCE_DISABLED angular_sce_disabled
- CSS_INJECTION none
- DOM_XSS none
- HEADER_INJECTION none
- LOCALSTORAGE_MANIPULATION none
- NOSQL_QUERY_INJECTION none
- OS_CMD_INJECTION none
- REACT_DANGEROUS_INNERHTML react_set_unsafe_html
- REGEX_INJECTION none
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SESSIONSTORAGE_MANIPULATION none
- SQLI none
- SQLI nosink
- SQLI sink
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
- TEMPLATE_INJECTION none
- URL_MANIPULATION none
- VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
- XSS none
|
- HEADER_INJECTION none
- OS_CMD_INJECTION command_as_array_of_args
- OS_CMD_INJECTION command_as_one_string
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SQLI none
- SQLI nosink
- SQLI sink
- URL_MANIPULATION bad_content_uri
- URL_MANIPULATION bad_intent_uri
- URL_MANIPULATION bad_web_uri
|
- BUFFER_SIZE no_null_terminator
- BUFFER_SIZE no_null_terminator_warn
- FORMAT_STRING_INJECTION none
- FORMAT_STRING_INJECTION paranoid
- HEADER_INJECTION none
- OS_CMD_INJECTION none
- READLINK none
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SIZECHECK no_null_terminator
- SQLI none
- STRING_NULL none
- URL_MANIPULATION none
- XPATH_INJECTION none
|
- HEADER_INJECTION none
- NOSQL_QUERY_INJECTION none
- OS_CMD_INJECTION none
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SQLI none
- SQLI nosink
- SQLI sink
- SYMFONY_EL_INJECTION none
- XSS none
|
- NOSQL_QUERY_INJECTION none
- OS_CMD_INJECTION none
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SQLI none
- SQLI nosink
- SQLI sink
- XSS none
|
- DYNAMIC_OBJECT_ATTRIBUTES cve_2013_0276_hi
- OS_CMD_INJECTION command_injection_hi
- OS_CMD_INJECTION command_injection_med
- PATH_MANIPULATION dynamic_render_path_rce_hi
- REGEX_INJECTION regex_dos_hi
- REGEX_INJECTION regex_dos_low
- REGEX_INJECTION regex_dos_med
- RUBY_VULNERABLE_LIBRARY cve_2010_3933_hi
- RUBY_VULNERABLE_LIBRARY cve_2011_2930_med
- RUBY_VULNERABLE_LIBRARY cve_2011_2931_hi
- RUBY_VULNERABLE_LIBRARY cve_2011_2932_hi
- RUBY_VULNERABLE_LIBRARY cve_2011_3186_med
- RUBY_VULNERABLE_LIBRARY cve_2012_2660_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_2661_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_2695_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_3463_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_3465_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_5664_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_0155_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_1855_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_1857_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_4491_med
- RUBY_VULNERABLE_LIBRARY cve_2013_6416_call_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_6416_med
- RUBY_VULNERABLE_LIBRARY cve_2013_6417_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_0080_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_0081_call_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_0081_med
- RUBY_VULNERABLE_LIBRARY cve_2014_3482_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_3483_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_low
- RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_med
- RUBY_VULNERABLE_LIBRARY cve_2014_3514_med
- RUBY_VULNERABLE_LIBRARY cve_2015_3226_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_3226_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7577_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7578_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_7578_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7579_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_7579_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7580_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_7580_med
- RUBY_VULNERABLE_LIBRARY cve_2016_6317_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_3741_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_3741_med
- RUBY_VULNERABLE_LIBRARY cve_2018_8048_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_8048_med
- RUBY_VULNERABLE_LIBRARY safe_buffer_vuln_med
- RUBY_VULNERABLE_LIBRARY select_options_vuln_low
- RUBY_VULNERABLE_LIBRARY select_options_vuln_med
- RUBY_VULNERABLE_LIBRARY translate_vuln_hi
- RUBY_VULNERABLE_LIBRARY translate_vuln_med
- SCRIPT_CODE_INJECTION code_eval_hi
- SCRIPT_CODE_INJECTION code_eval_low
- SQLI sql_injection_calculate_hi
- SQLI sql_injection_calculate_low
- SQLI sql_injection_calculate_med
- SQLI sql_injection_connection_hi
- SQLI sql_injection_connection_low
- SQLI sql_injection_connection_med
- SQLI sql_injection_delete_hi
- SQLI sql_injection_delete_low
- SQLI sql_injection_delete_med
- SQLI sql_injection_dynamic_finder_med
- SQLI sql_injection_exists_hi
- SQLI sql_injection_find_by_hi
- SQLI sql_injection_find_hi
- SQLI sql_injection_find_low
- SQLI sql_injection_find_med
- SQLI sql_injection_from_hi
- SQLI sql_injection_from_low
- SQLI sql_injection_from_med
- SQLI sql_injection_group_low
- SQLI sql_injection_group_med
- SQLI sql_injection_having_low
- SQLI sql_injection_having_med
- SQLI sql_injection_hi
- SQLI sql_injection_interp_hi
- SQLI sql_injection_interp_low
- SQLI sql_injection_interp_med
- SQLI sql_injection_joins_hi
- SQLI sql_injection_joins_low
- SQLI sql_injection_joins_med
- SQLI sql_injection_limit_offset_hi
- SQLI sql_injection_limit_offset_low
- SQLI sql_injection_low
- SQLI sql_injection_med
- SQLI sql_injection_not_low
- SQLI sql_injection_order_hi
- SQLI sql_injection_order_low
- SQLI sql_injection_order_med
- SQLI sql_injection_pluck_hi
- SQLI sql_injection_pluck_low
- SQLI sql_injection_pluck_med
- SQLI sql_injection_reorder_hi
- SQLI sql_injection_reorder_low
- SQLI sql_injection_reorder_med
- SQLI sql_injection_select_hi
- SQLI sql_injection_select_med
- SQLI sql_injection_where_hi
- SQLI sql_injection_where_low
- SQLI sql_injection_where_med
- UNESCAPED_HTML unescaped_output_low
- XSS cross_site_scripting_hi
- XSS cross_site_scripting_inline_hi
- XSS cross_site_scripting_inline_med
- XSS cross_site_scripting_low
- XSS cross_site_scripting_med
- XSS cve_2011_0446_hi
- XSS cve_2012_3464_med
- XSS cve_2016_6316_hi
- XSS cve_2016_6316_med
- XSS unquoted_attribute_hi
- XSS unquoted_attribute_low
- XSS unquoted_attribute_med
- XSS xss_content_tag_hi
- XSS xss_content_tag_med
- XSS xss_link_to_hi
- XSS xss_link_to_href_hi
- XSS xss_link_to_href_low
- XSS xss_link_to_med
- XSS xss_to_json_hi
- XSS xss_to_json_med
|
|
- REGEX_INJECTION none
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SQLI none
- SQLI nosink
- SQLI sink
- XPATH_INJECTION none
|
- ANGULAR_BYPASS_SECURITY none
- ANGULAR_ELEMENT_REFERENCE none
- ANGULAR_EXPRESSION_INJECTION none
- ANGULAR_SCE_DISABLED angular_sce_disabled
- CSS_INJECTION none
- DOM_XSS none
- HEADER_INJECTION none
- LOCALSTORAGE_MANIPULATION none
- NOSQL_QUERY_INJECTION none
- OS_CMD_INJECTION none
- REACT_DANGEROUS_INNERHTML react_set_unsafe_html
- REGEX_INJECTION none
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SESSIONSTORAGE_MANIPULATION none
- SQLI none
- SQLI nosink
- SQLI sink
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
- TEMPLATE_INJECTION none
- URL_MANIPULATION none
- VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
- XSS none
|
- HEADER_INJECTION none
- LDAP_INJECTION none
- LDAP_NOT_CONSTANT none
- LOG_INJECTION none
- OS_CMD_INJECTION command_argument
- OS_CMD_INJECTION executable_file
- OS_CMD_INJECTION none
- REGEX_INJECTION none
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
- XML_INJECTION none
- XPATH_INJECTION none
- XSS none
- XSS stored_xss
|
| 993 SFP Secondary Cluster: Incorrect Input Handling |
|
- TAINTED_SCALAR allocation
- TAINTED_SCALAR array_index_read
- TAINTED_SCALAR array_index_write
- TAINTED_SCALAR critical_argument
- TAINTED_SCALAR divisor
- TAINTED_SCALAR loop_bound
- TAINTED_SCALAR none
- TAINTED_SCALAR pointer_deref_read
- TAINTED_SCALAR pointer_deref_write
|
- TAINTED_SCALAR allocation
- TAINTED_SCALAR array_index_read
- TAINTED_SCALAR array_index_write
- TAINTED_SCALAR critical_argument
- TAINTED_SCALAR divisor
- TAINTED_SCALAR loop_bound
- TAINTED_SCALAR none
- TAINTED_SCALAR pointer_deref_read
- TAINTED_SCALAR pointer_deref_write
|
|
|
|
|
- TAINTED_SCALAR allocation
- TAINTED_SCALAR array_index_read
- TAINTED_SCALAR array_index_write
- TAINTED_SCALAR critical_argument
- TAINTED_SCALAR divisor
- TAINTED_SCALAR loop_bound
- TAINTED_SCALAR none
- TAINTED_SCALAR pointer_deref_read
- TAINTED_SCALAR pointer_deref_write
|
|
|
|
|
|
|
|
| 994 SFP Secondary Cluster: Tainted Input to Variable |
- HEADER_INJECTION none
- LDAP_INJECTION none
- LDAP_NOT_CONSTANT none
- LOG_INJECTION none
- NOSQL_QUERY_INJECTION none
- OPEN_REDIRECT none
- OS_CMD_INJECTION command_argument
- OS_CMD_INJECTION executable_file
- OS_CMD_INJECTION none
- OVERFLOW_BEFORE_WIDEN none
- PATH_MANIPULATION none
- REGEX_INJECTION none
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
- UNKNOWN_LANGUAGE_INJECTION none
- UNRESTRICTED_DISPATCH none
- UNSAFE_DESERIALIZATION none
- UNSAFE_NAMED_QUERY none
- XML_INJECTION none
- XPATH_INJECTION none
- XSS none
- XSS stored_xss
|
- ARRAY_VS_SINGLETON none
- BAD_ALLOC_ARITHMETIC none
- BUFFER_SIZE fixed_size_dest
- BUFFER_SIZE likely_overflow
- BUFFER_SIZE no_null_terminator
- BUFFER_SIZE no_null_terminator_warn
- BUFFER_SIZE none
- BUFFER_SIZE overflow
- BUFFER_SIZE overlapping_buffer
- COM.BAD_FREE none
- COM.BSTR.ALLOC double_free
- COM.BSTR.ALLOC free_uninit
- COM.BSTR.ALLOC none
- COM.BSTR.ALLOC use_after_free
- COM.BSTR.ALLOC use_uninit
- COM.BSTR.CONV none
- FORMAT_STRING_INJECTION none
- FORMAT_STRING_INJECTION paranoid
- HEADER_INJECTION none
- INCOMPATIBLE_CAST overrun
- INTEGER_OVERFLOW array_index_read
- INTEGER_OVERFLOW array_index_write
- INTEGER_OVERFLOW const_overflow
- INTEGER_OVERFLOW critical_argument
- INTEGER_OVERFLOW none
- INTEGER_OVERFLOW pointer_deref_read
- INTEGER_OVERFLOW pointer_deref_write
- INTEGER_OVERFLOW return_value_error
- INVALIDATE_ITERATOR none
- MISMATCHED_ITERATOR none
- MISMATCHED_ITERATOR splice_iterator_mismatch
- MISSING_ASSIGN none
- MISSING_ASSIGN uncalled
- MISSING_COPY none
- MISSING_COPY uncalled
- NEGATIVE_RETURNS array_index_read
- NEGATIVE_RETURNS array_index_write
- NEGATIVE_RETURNS loop_bound
- OS_CMD_INJECTION none
- OVERFLOW_BEFORE_WIDEN none
- OVERRUN illegal_address
- OVERRUN none
- OVERRUN read
- OVERRUN strlen
- OVERRUN write
- PATH_MANIPULATION none
- PW.INTEGER_OVERFLOW none
- PW.INTEGER_TOO_LARGE none
- PW.NON_CONST_PRINTF_FORMAT_STRING none
- PW.SHIFT_COUNT_TOO_LARGE none
- READLINK none
- REVERSE_NEGATIVE array_index_read
- REVERSE_NEGATIVE array_index_write
- REVERSE_NEGATIVE critical_argument
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SIZECHECK likely_overflow
- SIZECHECK no_null_terminator
- SQLI none
- STRING_NULL none
- STRING_OVERFLOW fixed_size_dest
- STRING_OVERFLOW likely_overflow
- STRING_OVERFLOW none
- STRING_SIZE none
- TAINTED_SCALAR allocation
- TAINTED_SCALAR array_index_read
- TAINTED_SCALAR array_index_write
- TAINTED_SCALAR critical_argument
- TAINTED_SCALAR divisor
- TAINTED_SCALAR loop_bound
- TAINTED_SCALAR none
- TAINTED_SCALAR pointer_deref_read
- TAINTED_SCALAR pointer_deref_write
- TAINTED_STRING none
- URL_MANIPULATION none
- USER_POINTER none
- USE_AFTER_FREE deref_read_after_free
- USE_AFTER_FREE deref_write_after_free
- USE_AFTER_FREE double_free
- USE_AFTER_FREE none
- WRAPPER_ESCAPE COM_deref_read_after_free
- WRAPPER_ESCAPE COM_deref_write_after_free
- WRAPPER_ESCAPE COM_use_after_free
- WRAPPER_ESCAPE deref_read_after_free
- WRAPPER_ESCAPE deref_write_after_free
- WRAPPER_ESCAPE none
- XPATH_INJECTION none
|
- ARRAY_VS_SINGLETON none
- BAD_ALLOC_ARITHMETIC none
- BUFFER_SIZE fixed_size_dest
- BUFFER_SIZE likely_overflow
- BUFFER_SIZE no_null_terminator
- BUFFER_SIZE no_null_terminator_warn
- BUFFER_SIZE none
- BUFFER_SIZE overflow
- BUFFER_SIZE overlapping_buffer
- FORMAT_STRING_INJECTION none
- FORMAT_STRING_INJECTION paranoid
- HEADER_INJECTION none
- INCOMPATIBLE_CAST overrun
- INTEGER_OVERFLOW array_index_read
- INTEGER_OVERFLOW array_index_write
- INTEGER_OVERFLOW const_overflow
- INTEGER_OVERFLOW critical_argument
- INTEGER_OVERFLOW none
- INTEGER_OVERFLOW pointer_deref_read
- INTEGER_OVERFLOW pointer_deref_write
- INTEGER_OVERFLOW return_value_error
- INVALIDATE_ITERATOR none
- MISMATCHED_ITERATOR none
- MISMATCHED_ITERATOR splice_iterator_mismatch
- MISSING_ASSIGN none
- MISSING_ASSIGN uncalled
- MISSING_COPY none
- MISSING_COPY uncalled
- NEGATIVE_RETURNS array_index_read
- NEGATIVE_RETURNS array_index_write
- NEGATIVE_RETURNS loop_bound
- OS_CMD_INJECTION none
- OVERFLOW_BEFORE_WIDEN none
- OVERRUN illegal_address
- OVERRUN none
- OVERRUN read
- OVERRUN strlen
- OVERRUN write
- PATH_MANIPULATION none
- PW.INTEGER_OVERFLOW none
- PW.INTEGER_TOO_LARGE none
- PW.NON_CONST_PRINTF_FORMAT_STRING none
- PW.SHIFT_COUNT_TOO_LARGE none
- READLINK none
- REVERSE_NEGATIVE array_index_read
- REVERSE_NEGATIVE array_index_write
- REVERSE_NEGATIVE critical_argument
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SIZECHECK likely_overflow
- SIZECHECK no_null_terminator
- SQLI none
- STRING_NULL none
- STRING_OVERFLOW fixed_size_dest
- STRING_OVERFLOW likely_overflow
- STRING_OVERFLOW none
- STRING_SIZE none
- TAINTED_SCALAR allocation
- TAINTED_SCALAR array_index_read
- TAINTED_SCALAR array_index_write
- TAINTED_SCALAR critical_argument
- TAINTED_SCALAR divisor
- TAINTED_SCALAR loop_bound
- TAINTED_SCALAR none
- TAINTED_SCALAR pointer_deref_read
- TAINTED_SCALAR pointer_deref_write
- TAINTED_STRING none
- URL_MANIPULATION none
- USER_POINTER none
- USE_AFTER_FREE deref_read_after_free
- USE_AFTER_FREE deref_write_after_free
- USE_AFTER_FREE double_free
- USE_AFTER_FREE none
- WRAPPER_ESCAPE COM_deref_read_after_free
- WRAPPER_ESCAPE COM_deref_write_after_free
- WRAPPER_ESCAPE COM_use_after_free
- WRAPPER_ESCAPE deref_read_after_free
- WRAPPER_ESCAPE deref_write_after_free
- WRAPPER_ESCAPE none
- XPATH_INJECTION none
|
- DISTRUSTED_DATA_DESERIALIZATION none
- HEADER_INJECTION none
- NOSQL_QUERY_INJECTION none
- OPEN_REDIRECT none
- OS_CMD_INJECTION command_as_one_string
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SQLI none
- SQLI nosink
- SQLI sink
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
- TEMPLATE_INJECTION none
- URL_MANIPULATION none
- XSS none
|
- CONFIG.MYBATIS_MAPPER_SQLI none
- CONFIG.SPRING_SECURITY_DEPRECATED_XSS_HEADER deprecated_xss_header
- CONFIG.STRUTS2_CONFIG_BROWSER_PLUGIN none
- CONFIG.STRUTS2_DYNAMIC_METHOD_INVOCATION none
- CONFIG.STRUTS2_ENABLED_DEV_MODE none
- EL_INJECTION none
- FB.HRS_REQUEST_PARAMETER_TO_COOKIE none
- FB.HRS_REQUEST_PARAMETER_TO_HTTP_HEADER none
- FB.PT_ABSOLUTE_PATH_TRAVERSAL none
- FB.PT_RELATIVE_PATH_TRAVERSAL none
- FB.SQL_NONCONSTANT_STRING_PASSED_TO_EXECUTE none
- FB.SQL_PREPARED_STATEMENT_GENERATED_FROM_NONCONSTANT_STRING none
- FB.XSS_REQUEST_PARAMETER_TO_JSP_WRITER none
- FB.XSS_REQUEST_PARAMETER_TO_SEND_ERROR none
- FB.XSS_REQUEST_PARAMETER_TO_SERVLET_WRITER none
- HEADER_INJECTION none
- INVALIDATE_ITERATOR map_put
- INVALIDATE_ITERATOR none
- JAVA_CODE_INJECTION none
- JCR_INJECTION none
- JSP_DYNAMIC_INCLUDE none
- JSP_SQL_INJECTION none
- LDAP_INJECTION none
- LDAP_NOT_CONSTANT none
- LOG_INJECTION none
- MISSING_HEADER_VALIDATION missing_header_validation
- NOSQL_QUERY_INJECTION none
- OGNL_INJECTION none
- OPEN_REDIRECT none
- OS_CMD_INJECTION command_as_array_of_args
- OS_CMD_INJECTION command_as_one_string
- OS_CMD_INJECTION none
- OVERFLOW_BEFORE_WIDEN none
- PATH_MANIPULATION none
- REGEX_INJECTION none
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
- UNKNOWN_LANGUAGE_INJECTION none
- UNRESTRICTED_DISPATCH none
- UNSAFE_DESERIALIZATION none
- UNSAFE_JNI none
- UNSAFE_NAMED_QUERY none
- UNSAFE_REFLECTION none
- URL_MANIPULATION bad_content_uri
- URL_MANIPULATION bad_intent_uri
- URL_MANIPULATION bad_web_uri
- XML_INJECTION none
- XPATH_INJECTION none
- XSS none
- XSS stored_xss
|
- ANGULAR_BYPASS_SECURITY none
- ANGULAR_ELEMENT_REFERENCE none
- ANGULAR_EXPRESSION_INJECTION none
- ANGULAR_SCE_DISABLED angular_sce_disabled
- AWS_VALIDATION_DISABLED aws_parameters_validation
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
- COOKIE_INJECTION none
- CSS_INJECTION none
- DOM_XSS none
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
- HEADER_INJECTION none
- LOCALSTORAGE_MANIPULATION none
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
- NOSQL_QUERY_INJECTION none
- OPEN_REDIRECT none
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- REACT_DANGEROUS_INNERHTML react_set_unsafe_html
- REGEX_INJECTION none
- REVERSE_TABNABBING react_target_blank
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SESSIONSTORAGE_MANIPULATION none
- SQLI none
- SQLI nosink
- SQLI sink
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
- TEMPLATE_INJECTION none
- UNSAFE_DESERIALIZATION none
- URL_MANIPULATION none
- VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
- WEAK_URL_SANITIZATION url_substring
- XSS none
|
- HEADER_INJECTION none
- OS_CMD_INJECTION command_as_array_of_args
- OS_CMD_INJECTION command_as_one_string
- PATH_MANIPULATION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SQLI none
- SQLI nosink
- SQLI sink
- UNSAFE_DESERIALIZATION none
- URL_MANIPULATION bad_content_uri
- URL_MANIPULATION bad_intent_uri
- URL_MANIPULATION bad_web_uri
|
- ARRAY_VS_SINGLETON none
- BAD_ALLOC_ARITHMETIC none
- BUFFER_SIZE fixed_size_dest
- BUFFER_SIZE likely_overflow
- BUFFER_SIZE no_null_terminator
- BUFFER_SIZE no_null_terminator_warn
- BUFFER_SIZE none
- BUFFER_SIZE overflow
- BUFFER_SIZE overlapping_buffer
- FORMAT_STRING_INJECTION none
- FORMAT_STRING_INJECTION paranoid
- HEADER_INJECTION none
- INCOMPATIBLE_CAST overrun
- INTEGER_OVERFLOW array_index_read
- INTEGER_OVERFLOW array_index_write
- INTEGER_OVERFLOW const_overflow
- INTEGER_OVERFLOW critical_argument
- INTEGER_OVERFLOW none
- INTEGER_OVERFLOW pointer_deref_read
- INTEGER_OVERFLOW pointer_deref_write
- INTEGER_OVERFLOW return_value_error
- INVALIDATE_ITERATOR none
- MISMATCHED_ITERATOR none
- MISMATCHED_ITERATOR splice_iterator_mismatch
- MISSING_ASSIGN none
- MISSING_ASSIGN uncalled
- MISSING_COPY none
- MISSING_COPY uncalled
- NEGATIVE_RETURNS array_index_read
- NEGATIVE_RETURNS array_index_write
- NEGATIVE_RETURNS loop_bound
- OS_CMD_INJECTION none
- OVERFLOW_BEFORE_WIDEN none
- OVERRUN illegal_address
- OVERRUN none
- OVERRUN read
- OVERRUN strlen
- OVERRUN write
- PATH_MANIPULATION none
- READLINK none
- REVERSE_NEGATIVE array_index_read
- REVERSE_NEGATIVE array_index_write
- REVERSE_NEGATIVE critical_argument
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SIZECHECK likely_overflow
- SIZECHECK no_null_terminator
- SQLI none
- STRING_NULL none
- STRING_OVERFLOW fixed_size_dest
- STRING_OVERFLOW likely_overflow
- STRING_OVERFLOW none
- STRING_SIZE none
- TAINTED_SCALAR allocation
- TAINTED_SCALAR array_index_read
- TAINTED_SCALAR array_index_write
- TAINTED_SCALAR critical_argument
- TAINTED_SCALAR divisor
- TAINTED_SCALAR loop_bound
- TAINTED_SCALAR none
- TAINTED_SCALAR pointer_deref_read
- TAINTED_SCALAR pointer_deref_write
- TAINTED_STRING none
- URL_MANIPULATION none
- USER_POINTER none
- USE_AFTER_FREE deref_read_after_free
- USE_AFTER_FREE deref_write_after_free
- USE_AFTER_FREE double_free
- USE_AFTER_FREE none
- WRAPPER_ESCAPE COM_deref_read_after_free
- WRAPPER_ESCAPE COM_deref_write_after_free
- WRAPPER_ESCAPE COM_use_after_free
- WRAPPER_ESCAPE deref_read_after_free
- WRAPPER_ESCAPE deref_write_after_free
- WRAPPER_ESCAPE none
- XPATH_INJECTION none
|
- HEADER_INJECTION none
- NOSQL_QUERY_INJECTION none
- OPEN_REDIRECT none
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SQLI none
- SQLI nosink
- SQLI sink
- SYMFONY_EL_INJECTION none
- UNSAFE_DESERIALIZATION none
- UNSAFE_REFLECTION none
- XSS none
|
- NOSQL_QUERY_INJECTION none
- OPEN_REDIRECT none
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SQLI none
- SQLI nosink
- SQLI sink
- UNSAFE_DESERIALIZATION none
- XSS none
|
- COOKIE_SERIALIZER_CONFIG unsafe_cookie_serialization_med
- DYNAMIC_OBJECT_ATTRIBUTES cve_2013_0276_hi
- OPEN_REDIRECT open_redirect_hi
- OPEN_REDIRECT open_redirect_low
- OS_CMD_INJECTION command_injection_hi
- OS_CMD_INJECTION command_injection_med
- PATH_MANIPULATION dynamic_render_path_hi
- PATH_MANIPULATION dynamic_render_path_low
- PATH_MANIPULATION dynamic_render_path_med
- PATH_MANIPULATION dynamic_render_path_rce_hi
- PATH_MANIPULATION file_access_hi
- PATH_MANIPULATION file_access_low
- PATH_MANIPULATION file_access_med
- REGEX_INJECTION regex_dos_hi
- REGEX_INJECTION regex_dos_low
- REGEX_INJECTION regex_dos_med
- REVERSE_TABNABBING reverse_tabnabbing_low
- RUBY_VULNERABLE_LIBRARY cve_2010_3933_hi
- RUBY_VULNERABLE_LIBRARY cve_2011_2929_hi
- RUBY_VULNERABLE_LIBRARY cve_2011_2930_med
- RUBY_VULNERABLE_LIBRARY cve_2011_2931_hi
- RUBY_VULNERABLE_LIBRARY cve_2011_2932_hi
- RUBY_VULNERABLE_LIBRARY cve_2011_3186_med
- RUBY_VULNERABLE_LIBRARY cve_2012_2660_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_2661_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_2695_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_3463_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_3465_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_5664_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_0155_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_0156_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_0269_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_0269_low
- RUBY_VULNERABLE_LIBRARY cve_2013_0269_med
- RUBY_VULNERABLE_LIBRARY cve_2013_0277_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_0277_med
- RUBY_VULNERABLE_LIBRARY cve_2013_0333_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_1855_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_1857_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_4491_med
- RUBY_VULNERABLE_LIBRARY cve_2013_6416_call_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_6416_med
- RUBY_VULNERABLE_LIBRARY cve_2013_6417_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_0080_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_0081_call_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_0081_med
- RUBY_VULNERABLE_LIBRARY cve_2014_3482_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_3483_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_low
- RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_med
- RUBY_VULNERABLE_LIBRARY cve_2014_3514_med
- RUBY_VULNERABLE_LIBRARY cve_2014_7829_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_3226_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_3226_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7577_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7578_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_7578_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7579_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_7579_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7580_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_7580_med
- RUBY_VULNERABLE_LIBRARY cve_2016_6317_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_3741_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_3741_med
- RUBY_VULNERABLE_LIBRARY cve_2018_3760_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_3760_low
- RUBY_VULNERABLE_LIBRARY cve_2018_8048_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_8048_med
- RUBY_VULNERABLE_LIBRARY safe_buffer_vuln_med
- RUBY_VULNERABLE_LIBRARY select_options_vuln_low
- RUBY_VULNERABLE_LIBRARY select_options_vuln_med
- RUBY_VULNERABLE_LIBRARY translate_vuln_hi
- RUBY_VULNERABLE_LIBRARY translate_vuln_med
- SCRIPT_CODE_INJECTION code_eval_hi
- SCRIPT_CODE_INJECTION code_eval_low
- SQLI sql_injection_calculate_hi
- SQLI sql_injection_calculate_low
- SQLI sql_injection_calculate_med
- SQLI sql_injection_connection_hi
- SQLI sql_injection_connection_low
- SQLI sql_injection_connection_med
- SQLI sql_injection_delete_hi
- SQLI sql_injection_delete_low
- SQLI sql_injection_delete_med
- SQLI sql_injection_dynamic_finder_med
- SQLI sql_injection_exists_hi
- SQLI sql_injection_find_by_hi
- SQLI sql_injection_find_hi
- SQLI sql_injection_find_low
- SQLI sql_injection_find_med
- SQLI sql_injection_from_hi
- SQLI sql_injection_from_low
- SQLI sql_injection_from_med
- SQLI sql_injection_group_low
- SQLI sql_injection_group_med
- SQLI sql_injection_having_low
- SQLI sql_injection_having_med
- SQLI sql_injection_hi
- SQLI sql_injection_interp_hi
- SQLI sql_injection_interp_low
- SQLI sql_injection_interp_med
- SQLI sql_injection_joins_hi
- SQLI sql_injection_joins_low
- SQLI sql_injection_joins_med
- SQLI sql_injection_limit_offset_hi
- SQLI sql_injection_limit_offset_low
- SQLI sql_injection_low
- SQLI sql_injection_med
- SQLI sql_injection_not_low
- SQLI sql_injection_order_hi
- SQLI sql_injection_order_low
- SQLI sql_injection_order_med
- SQLI sql_injection_pluck_hi
- SQLI sql_injection_pluck_low
- SQLI sql_injection_pluck_med
- SQLI sql_injection_reorder_hi
- SQLI sql_injection_reorder_low
- SQLI sql_injection_reorder_med
- SQLI sql_injection_select_hi
- SQLI sql_injection_select_med
- SQLI sql_injection_where_hi
- SQLI sql_injection_where_low
- SQLI sql_injection_where_med
- UNESCAPED_HTML unescaped_output_low
- UNSAFE_DESERIALIZATION unsafe_deserialize_hi
- UNSAFE_DESERIALIZATION unsafe_deserialize_med
- UNSAFE_REFLECTION dangerous_send_hi
- UNSAFE_REFLECTION unsafe_constantize_hi
- UNSAFE_REFLECTION unsafe_constantize_med
- XSS cross_site_scripting_hi
- XSS cross_site_scripting_inline_hi
- XSS cross_site_scripting_inline_med
- XSS cross_site_scripting_low
- XSS cross_site_scripting_med
- XSS cve_2011_0446_hi
- XSS cve_2012_3464_med
- XSS cve_2016_6316_hi
- XSS cve_2016_6316_med
- XSS unquoted_attribute_hi
- XSS unquoted_attribute_low
- XSS unquoted_attribute_med
- XSS xss_content_tag_hi
- XSS xss_content_tag_med
- XSS xss_link_to_hi
- XSS xss_link_to_href_hi
- XSS xss_link_to_href_low
- XSS xss_link_to_med
- XSS xss_to_json_hi
- XSS xss_to_json_med
|
- OVERFLOW_BEFORE_WIDEN none
|
- PATH_MANIPULATION none
- REGEX_INJECTION none
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SQLI none
- SQLI nosink
- SQLI sink
- XPATH_INJECTION none
|
- ANGULAR_BYPASS_SECURITY none
- ANGULAR_ELEMENT_REFERENCE none
- ANGULAR_EXPRESSION_INJECTION none
- ANGULAR_SCE_DISABLED angular_sce_disabled
- AWS_VALIDATION_DISABLED aws_parameters_validation
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
- COOKIE_INJECTION none
- CSS_INJECTION none
- DOM_XSS none
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
- HEADER_INJECTION none
- LOCALSTORAGE_MANIPULATION none
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
- NOSQL_QUERY_INJECTION none
- OPEN_REDIRECT none
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- REACT_DANGEROUS_INNERHTML react_set_unsafe_html
- REGEX_INJECTION none
- REVERSE_TABNABBING react_target_blank
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SESSIONSTORAGE_MANIPULATION none
- SQLI none
- SQLI nosink
- SQLI sink
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
- TEMPLATE_INJECTION none
- UNSAFE_DESERIALIZATION none
- URL_MANIPULATION none
- VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
- WEAK_URL_SANITIZATION url_substring
- XSS none
|
- HEADER_INJECTION none
- LDAP_INJECTION none
- LDAP_NOT_CONSTANT none
- LOG_INJECTION none
- OPEN_REDIRECT none
- OS_CMD_INJECTION command_argument
- OS_CMD_INJECTION executable_file
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- REGEX_INJECTION none
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
- UNRESTRICTED_DISPATCH none
- UNSAFE_DESERIALIZATION none
- UNSAFE_NAMED_QUERY none
- XML_INJECTION none
- XPATH_INJECTION none
- XSS none
- XSS stored_xss
|
| 995 SFP Secondary Cluster: Feature |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 996 SFP Secondary Cluster: Security |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 997 SFP Secondary Cluster: Information Loss |
- UNLOGGED_SECURITY_EXCEPTION unlogged_security_exception
|
|
|
- INSUFFICIENT_LOGGING logging_obligation
|
- FB.REC_CATCH_EXCEPTION none
- UNLOGGED_SECURITY_EXCEPTION unlogged_security_exception
|
- INSUFFICIENT_LOGGING logging_obligation
|
|
|
|
|
|
|
|
- INSUFFICIENT_LOGGING logging_obligation
|
- UNLOGGED_SECURITY_EXCEPTION unlogged_security_exception
|
| 998 SFP Secondary Cluster: Glitch in Computation |
- BAD_EQ_TYPES none
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- DIVIDE_BY_ZERO float_divisor
- DIVIDE_BY_ZERO none
- OVERFLOW_BEFORE_WIDEN none
- SWAPPED_ARGUMENTS none
|
- BAD_COMPARE none
- BAD_COMPARE string_lit_comparison
- CHAR_IO none
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- DIVIDE_BY_ZERO float_divisor
- DIVIDE_BY_ZERO none
- INCOMPATIBLE_CAST float_vs_integral
- INCOMPATIBLE_CAST none
- INTEGER_OVERFLOW array_index_read
- INTEGER_OVERFLOW array_index_write
- INTEGER_OVERFLOW const_overflow
- INTEGER_OVERFLOW critical_argument
- INTEGER_OVERFLOW none
- INTEGER_OVERFLOW pointer_deref_read
- INTEGER_OVERFLOW pointer_deref_write
- INTEGER_OVERFLOW return_value_error
- MISRA_CAST bitwise_op_bad_cast
- MISRA_CAST bitwise_op_no_cast
- MISRA_CAST float_complex_conversion
- MISRA_CAST float_narrowing_conversion
- MISRA_CAST float_non_constant_arg_conversion
- MISRA_CAST float_non_constant_conversion
- MISRA_CAST float_non_constant_rtn_conversion
- MISRA_CAST float_to_integer_cast
- MISRA_CAST float_to_integer_conversion
- MISRA_CAST float_widening_cast
- MISRA_CAST integer_complex_conversion
- MISRA_CAST integer_narrowing_conversion
- MISRA_CAST integer_non_constant_arg_conversion
- MISRA_CAST integer_non_constant_conversion
- MISRA_CAST integer_non_constant_rtn_conversion
- MISRA_CAST integer_signedness_changing_cast
- MISRA_CAST integer_signedness_changing_conversion
- MISRA_CAST integer_to_float_cast
- MISRA_CAST integer_to_float_conversion
- MISRA_CAST integer_widening_cast
- MISRA_CAST none
- NEGATIVE_RETURNS critical_argument
- NO_EFFECT bad_memset_truncated_fill
- NO_EFFECT bad_memset_zero_size
- NO_EFFECT extra_comma
- NO_EFFECT no_effect_test
- NO_EFFECT unsigned_compare
- NO_EFFECT unsigned_compare_macros
- NO_EFFECT unsigned_enums
- OVERFLOW_BEFORE_WIDEN none
- PRINTF_ARGS extra_printf_arg
- PRINTF_ARGS invalid_printf_format_string
- PRINTF_ARGS invalid_type_printf_arg
- PRINTF_ARGS missing_printf_arg
- PW.ASSIGN_WHERE_COMPARE_MEANT none
- PW.BAD_CAST none
- PW.BAD_PRINTF_FORMAT_STRING none
- PW.BRANCH_PAST_INITIALIZATION none
- PW.CONVERSION_TO_POINTER_LOSES_BITS none
- PW.DIVIDE_BY_ZERO none
- PW.INTEGER_OVERFLOW none
- PW.INTEGER_TOO_LARGE none
- PW.RETURN_PTR_TO_LOCAL_TEMP none
- PW.SHIFT_COUNT_TOO_LARGE none
- PW.TOO_FEW_PRINTF_ARGS none
- PW.TOO_MANY_PRINTF_ARGS none
- PW.UNSIGNED_COMPARE_WITH_NEGATIVE none
- RETURN_LOCAL escape_local_addr_to_fields_or_globals
- RETURN_LOCAL none
- SIGN_EXTENSION none
- SWAPPED_ARGUMENTS none
- TAINTED_SCALAR divisor
- UNINIT array_index_read
- UNINIT array_index_write
- UNINIT none
- UNINIT pointer_deref_read
- UNINIT pointer_deref_write
- UNINIT_CTOR none
- UNINIT_CTOR pointer
- Y2K38_SAFETY declaration_with_small_time_t
- Y2K38_SAFETY truncation_of_time_t
|
- BAD_COMPARE none
- BAD_COMPARE string_lit_comparison
- CHAR_IO none
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- DIVIDE_BY_ZERO float_divisor
- DIVIDE_BY_ZERO none
- INCOMPATIBLE_CAST float_vs_integral
- INCOMPATIBLE_CAST none
- INTEGER_OVERFLOW array_index_read
- INTEGER_OVERFLOW array_index_write
- INTEGER_OVERFLOW const_overflow
- INTEGER_OVERFLOW critical_argument
- INTEGER_OVERFLOW none
- INTEGER_OVERFLOW pointer_deref_read
- INTEGER_OVERFLOW pointer_deref_write
- INTEGER_OVERFLOW return_value_error
- MISRA_CAST bitwise_op_bad_cast
- MISRA_CAST bitwise_op_no_cast
- MISRA_CAST float_complex_conversion
- MISRA_CAST float_narrowing_conversion
- MISRA_CAST float_non_constant_arg_conversion
- MISRA_CAST float_non_constant_conversion
- MISRA_CAST float_non_constant_rtn_conversion
- MISRA_CAST float_to_integer_cast
- MISRA_CAST float_to_integer_conversion
- MISRA_CAST float_widening_cast
- MISRA_CAST integer_complex_conversion
- MISRA_CAST integer_narrowing_conversion
- MISRA_CAST integer_non_constant_arg_conversion
- MISRA_CAST integer_non_constant_conversion
- MISRA_CAST integer_non_constant_rtn_conversion
- MISRA_CAST integer_signedness_changing_cast
- MISRA_CAST integer_signedness_changing_conversion
- MISRA_CAST integer_to_float_cast
- MISRA_CAST integer_to_float_conversion
- MISRA_CAST integer_widening_cast
- MISRA_CAST none
- NEGATIVE_RETURNS critical_argument
- NO_EFFECT bad_memset_truncated_fill
- NO_EFFECT bad_memset_zero_size
- NO_EFFECT extra_comma
- NO_EFFECT no_effect_test
- NO_EFFECT unsigned_compare
- NO_EFFECT unsigned_compare_macros
- NO_EFFECT unsigned_enums
- OVERFLOW_BEFORE_WIDEN none
- PRINTF_ARGS extra_printf_arg
- PRINTF_ARGS invalid_printf_format_string
- PRINTF_ARGS invalid_type_printf_arg
- PRINTF_ARGS missing_printf_arg
- PW.ASSIGN_WHERE_COMPARE_MEANT none
- PW.BAD_CAST none
- PW.BAD_PRINTF_FORMAT_STRING none
- PW.BRANCH_PAST_INITIALIZATION none
- PW.CONVERSION_TO_POINTER_LOSES_BITS none
- PW.DIVIDE_BY_ZERO none
- PW.INTEGER_OVERFLOW none
- PW.INTEGER_TOO_LARGE none
- PW.RETURN_PTR_TO_LOCAL_TEMP none
- PW.SHIFT_COUNT_TOO_LARGE none
- PW.TOO_FEW_PRINTF_ARGS none
- PW.TOO_MANY_PRINTF_ARGS none
- PW.UNSIGNED_COMPARE_WITH_NEGATIVE none
- RETURN_LOCAL escape_local_addr_to_fields_or_globals
- RETURN_LOCAL none
- SIGN_EXTENSION none
- SWAPPED_ARGUMENTS none
- TAINTED_SCALAR divisor
- UNINIT array_index_read
- UNINIT array_index_write
- UNINIT none
- UNINIT pointer_deref_read
- UNINIT pointer_deref_write
- UNINIT_CTOR none
- UNINIT_CTOR pointer
|
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- DIVIDE_BY_ZERO float_divisor
- DIVIDE_BY_ZERO none
|
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- DIVIDE_BY_ZERO float_divisor
- DIVIDE_BY_ZERO none
- FB.BC_IMPOSSIBLE_CAST none
- FB.BC_IMPOSSIBLE_DOWNCAST none
- FB.BC_IMPOSSIBLE_DOWNCAST_OF_TOARRAY none
- FB.BC_IMPOSSIBLE_INSTANCEOF none
- FB.BC_VACUOUS_INSTANCEOF none
- FB.BX_BOXING_IMMEDIATELY_UNBOXED_TO_PERFORM_COERCION none
- FB.ES_COMPARING_PARAMETER_STRING_WITH_EQ none
- FB.ES_COMPARING_STRINGS_WITH_EQ none
- FB.ICAST_BAD_SHIFT_AMOUNT none
- FB.ICAST_IDIV_CAST_TO_DOUBLE none
- FB.ICAST_INTEGER_MULTIPLY_CAST_TO_LONG none
- FB.ICAST_INT_2_LONG_AS_INSTANT none
- FB.ICAST_INT_CAST_TO_DOUBLE_PASSED_TO_CEIL none
- FB.ICAST_INT_CAST_TO_FLOAT_PASSED_TO_ROUND none
- FB.ICAST_QUESTIONABLE_UNSIGNED_RIGHT_SHIFT none
- FB.J2EE_STORE_OF_NON_SERIALIZABLE_OBJECT_INTO_SESSION none
- FB.QBA_QUESTIONABLE_BOOLEAN_ASSIGNMENT none
- OVERFLOW_BEFORE_WIDEN none
- SWAPPED_ARGUMENTS none
|
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- EXPLICIT_THIS_EXPECTED none
- IDENTIFIER_TYPO none
|
|
- BAD_COMPARE none
- BAD_COMPARE string_lit_comparison
- CHAR_IO none
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- DIVIDE_BY_ZERO float_divisor
- DIVIDE_BY_ZERO none
- INCOMPATIBLE_CAST float_vs_integral
- INCOMPATIBLE_CAST none
- INTEGER_OVERFLOW array_index_read
- INTEGER_OVERFLOW array_index_write
- INTEGER_OVERFLOW const_overflow
- INTEGER_OVERFLOW critical_argument
- INTEGER_OVERFLOW none
- INTEGER_OVERFLOW pointer_deref_read
- INTEGER_OVERFLOW pointer_deref_write
- INTEGER_OVERFLOW return_value_error
- MISRA_CAST bitwise_op_bad_cast
- MISRA_CAST bitwise_op_no_cast
- MISRA_CAST float_complex_conversion
- MISRA_CAST float_narrowing_conversion
- MISRA_CAST float_non_constant_arg_conversion
- MISRA_CAST float_non_constant_conversion
- MISRA_CAST float_non_constant_rtn_conversion
- MISRA_CAST float_to_integer_cast
- MISRA_CAST float_to_integer_conversion
- MISRA_CAST float_widening_cast
- MISRA_CAST integer_complex_conversion
- MISRA_CAST integer_narrowing_conversion
- MISRA_CAST integer_non_constant_arg_conversion
- MISRA_CAST integer_non_constant_conversion
- MISRA_CAST integer_non_constant_rtn_conversion
- MISRA_CAST integer_signedness_changing_cast
- MISRA_CAST integer_signedness_changing_conversion
- MISRA_CAST integer_to_float_cast
- MISRA_CAST integer_to_float_conversion
- MISRA_CAST integer_widening_cast
- MISRA_CAST none
- NEGATIVE_RETURNS critical_argument
- NO_EFFECT bad_memset_truncated_fill
- NO_EFFECT bad_memset_zero_size
- NO_EFFECT extra_comma
- NO_EFFECT no_effect_test
- NO_EFFECT unsigned_compare
- NO_EFFECT unsigned_compare_macros
- NO_EFFECT unsigned_enums
- OVERFLOW_BEFORE_WIDEN none
- PRINTF_ARGS extra_printf_arg
- PRINTF_ARGS invalid_printf_format_string
- PRINTF_ARGS invalid_type_printf_arg
- PRINTF_ARGS missing_printf_arg
- RETURN_LOCAL escape_local_addr_to_fields_or_globals
- RETURN_LOCAL none
- SIGN_EXTENSION none
- SWAPPED_ARGUMENTS none
- TAINTED_SCALAR divisor
- UNINIT array_index_read
- UNINIT array_index_write
- UNINIT none
- UNINIT pointer_deref_read
- UNINIT pointer_deref_write
- UNINIT_CTOR none
- UNINIT_CTOR pointer
|
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- IDENTIFIER_TYPO none
|
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- IDENTIFIER_TYPO none
|
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- DIVIDE_BY_ZERO divide_by_zero_low
- DIVIDE_BY_ZERO divide_by_zero_med
- IDENTIFIER_TYPO none
- SQLI sql_injection_dynamic_finder_med
|
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- OVERFLOW_BEFORE_WIDEN none
|
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
|
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- EXPLICIT_THIS_EXPECTED none
- IDENTIFIER_TYPO none
|
- DIVIDE_BY_ZERO float_divisor
- DIVIDE_BY_ZERO none
- SWAPPED_ARGUMENTS none
|
| 999 Weaknesses without Software Fault Patterns |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1000 Research Concepts |
- ASPNET_MVC_VERSION_HEADER none
- BAD_EQ referential
- BAD_EQ_TYPES none
- BAD_LOCK_OBJECT boxed_lock
- BAD_LOCK_OBJECT interned_string_lock
- BAD_LOCK_OBJECT none
- BAD_LOCK_OBJECT single_thread_lock
- BAD_LOCK_OBJECT unsafe_assign_to_locked_field
- CALL_SUPER none
- CONFIG.ASPNET_VERSION_HEADER none
- CONFIG.CONNECTION_STRING_PASSWORD none
- CONFIG.COOKIES_MISSING_HTTPONLY none
- CONFIG.DEAD_AUTHORIZATION_RULE dead_allow_rule
- CONFIG.DEAD_AUTHORIZATION_RULE dead_deny_rule
- CONFIG.DYNAMIC_DATA_HTML_COMMENT none
- CONFIG.ENABLED_DEBUG_MODE none
- CONFIG.ENABLED_TRACE_MODE none
- CONFIG.MISSING_CUSTOM_ERROR_PAGE none
- CONSTANT_EXPRESSION_RESULT bit_and_with_zero
- CONSTANT_EXPRESSION_RESULT extra_high_bits
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT missing_parentheses
- CONSTANT_EXPRESSION_RESULT none
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT result_independent_of_operands
- CONSTANT_EXPRESSION_RESULT same_on_both_sides
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- COPY_PASTE_ERROR none
- CSRF database_update
- CSRF filesystem_modification
- CSRF none
- DEADCODE dead_case_in_switch
- DEADCODE dead_default_in_switch
- DEADCODE effectively_constant
- DEADCODE none
- DEADCODE redundant_test
- DIVIDE_BY_ZERO float_divisor
- DIVIDE_BY_ZERO none
- FORWARD_NULL deref_constant_null
- FORWARD_NULL deref_constant_zero
- FORWARD_NULL dynamic_cast
- FORWARD_NULL none
- FORWARD_NULL null_from_as
- FORWARD_NULL throws_on_null
- GUARDED_BY_VIOLATION none
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HEADER_INJECTION none
- IDENTICAL_BRANCHES case
- IDENTICAL_BRANCHES chain
- IDENTICAL_BRANCHES if
- IDENTICAL_BRANCHES ternary
- INFINITE_LOOP no_escape
- INFINITE_LOOP none
- INSECURE_COOKIE dotnet
- INSECURE_RANDOM insecure_random_used
- INSECURE_RANDOM insecure_random_value
- LDAP_INJECTION none
- LDAP_NOT_CONSTANT none
- LOCK_EVASION none
- LOCK_INVERSION none
- LOG_INJECTION none
- MISSING_AUTHZ none
- MISSING_RESTORE likely
- MISSING_RESTORE none
- MISSING_RESTORE possible
- MISSING_THROW none
- NESTING_INDENT_MISMATCH bad_indentation
- NESTING_INDENT_MISMATCH none
- NON_STATIC_GUARDING_STATIC none
- NOSQL_QUERY_INJECTION none
- NULL_RETURNS none
- NULL_RETURNS unimpl
- OPEN_REDIRECT none
- OS_CMD_INJECTION command_argument
- OS_CMD_INJECTION executable_file
- OS_CMD_INJECTION none
- OVERFLOW_BEFORE_WIDEN none
- PATH_MANIPULATION none
- PROPERTY_MIXUP none
- REGEX_INJECTION none
- RESOURCE_LEAK channel
- RESOURCE_LEAK database
- RESOURCE_LEAK exceptional_path
- RESOURCE_LEAK none
- RESOURCE_LEAK socket
- RESOURCE_LEAK stream
- REVERSE_INULL none
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
- STRAY_SEMICOLON none
- SWAPPED_ARGUMENTS none
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- UNEXPECTED_CONTROL_FLOW continue_in_do_while_false
- UNKNOWN_LANGUAGE_INJECTION none
- UNLOGGED_SECURITY_EXCEPTION unlogged_security_exception
- UNREACHABLE none
- UNRESTRICTED_DISPATCH none
- UNSAFE_DESERIALIZATION none
- UNSAFE_NAMED_QUERY none
- UNUSED_VALUE adjacent
- UNUSED_VALUE none
- VOLATILE_ATOMICITY compare
- VOLATILE_ATOMICITY none
- VOLATILE_ATOMICITY semantic
- VOLATILE_ATOMICITY threshold
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
- XML_EXTERNAL_ENTITY entity_expansion
- XML_EXTERNAL_ENTITY external_entities
- XML_EXTERNAL_ENTITY unrestricted_dtds
- XML_INJECTION none
- XPATH_INJECTION none
- XSS none
- XSS stored_xss
|
- ALLOC_FREE_MISMATCH none
- ARRAY_VS_SINGLETON none
- ASSIGN_NOT_RETURNING_STAR_THIS indirect
- ASSIGN_NOT_RETURNING_STAR_THIS none
- ASSIGN_NOT_RETURNING_STAR_THIS usable_for_chained_assignment
- ATOMICITY none
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK nested_memory_access
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK sensitive_data_comparison
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_execution_data_leak
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_uninitialized_use
- AUTOSAR C++14 A15-3-3 none
- BAD_ALLOC_ARITHMETIC none
- BAD_ALLOC_STRLEN none
- BAD_COMPARE comparator_misuse
- BAD_COMPARE misuse_of_not
- BAD_COMPARE none
- BAD_COMPARE string_lit_comparison
- BAD_FREE address
- BAD_FREE alloca
- BAD_FREE array
- BAD_FREE first_field_address
- BAD_FREE function_pointer
- BAD_FREE none
- BAD_OVERRIDE none
- BAD_SIZEOF none
- BAD_SIZEOF sizeof_ptr_expr
- BUFFER_SIZE fixed_size_dest
- BUFFER_SIZE likely_overflow
- BUFFER_SIZE no_null_terminator
- BUFFER_SIZE no_null_terminator_warn
- BUFFER_SIZE none
- BUFFER_SIZE overflow
- BUFFER_SIZE overlapping_buffer
- CHAR_IO none
- CHECKED_RETURN library_function
- CHECKED_RETURN none
- CHECKED_RETURN returns_error_info
- CHECKED_RETURN short_read
- CHECKED_RETURN unchecked_arg
- CHECKED_RETURN user_required
- CHROOT none
- COM.ADDROF_LEAK none
- COM.BAD_FREE none
- COM.BSTR.ALLOC double_free
- COM.BSTR.ALLOC free_uninit
- COM.BSTR.ALLOC leak
- COM.BSTR.ALLOC none
- COM.BSTR.ALLOC use_after_free
- COM.BSTR.ALLOC use_uninit
- COM.BSTR.CONV none
- CONSTANT_EXPRESSION_RESULT bit_and_with_zero
- CONSTANT_EXPRESSION_RESULT extra_high_bits
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT missing_parentheses
- CONSTANT_EXPRESSION_RESULT none
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT pointless_string_compare
- CONSTANT_EXPRESSION_RESULT result_independent_of_operands
- CONSTANT_EXPRESSION_RESULT same_on_both_sides
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- COPY_PASTE_ERROR none
- CTOR_DTOR_LEAK none
- DC.PREDICTABLE_KEY_PASSWORD none
- DC.STREAM_BUFFER none
- DC.STRING_BUFFER none
- DC.WEAK_CRYPTO none
- DEADCODE dead_case_in_switch
- DEADCODE dead_default_in_switch
- DEADCODE effectively_constant
- DEADCODE none
- DEADCODE redundant_test
- DELETE_ARRAY non_array_delete
- DELETE_ARRAY none
- DELETE_ARRAY object
- DELETE_ARRAY scalar
- DELETE_VOID none
- DIVIDE_BY_ZERO float_divisor
- DIVIDE_BY_ZERO none
- ENUM_AS_BOOLEAN none
- EVALUATION_ORDER none
- FORMAT_STRING_INJECTION none
- FORMAT_STRING_INJECTION paranoid
- FORWARD_NULL deref_constant_null
- FORWARD_NULL dynamic_cast
- FORWARD_NULL none
- FORWARD_NULL throws_on_null
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HEADER_INJECTION none
- HFA none
- IDENTICAL_BRANCHES case
- IDENTICAL_BRANCHES chain
- IDENTICAL_BRANCHES if
- IDENTICAL_BRANCHES ternary
- INCOMPATIBLE_CAST endianness
- INCOMPATIBLE_CAST float_vs_integral
- INCOMPATIBLE_CAST none
- INCOMPATIBLE_CAST overrun
- INFINITE_LOOP no_escape
- INFINITE_LOOP none
- INTEGER_OVERFLOW array_index_read
- INTEGER_OVERFLOW array_index_write
- INTEGER_OVERFLOW const_overflow
- INTEGER_OVERFLOW critical_argument
- INTEGER_OVERFLOW none
- INTEGER_OVERFLOW pointer_deref_read
- INTEGER_OVERFLOW pointer_deref_write
- INTEGER_OVERFLOW return_value_error
- INVALIDATE_ITERATOR none
- LOCK double_lock
- LOCK lock_assert
- LOCK missing_unlock
- LOCK none
- MISMATCHED_ITERATOR mismatched_comparison
- MISMATCHED_ITERATOR none
- MISMATCHED_ITERATOR splice_iterator_mismatch
- MISRA C++-2008 Rule 15-3-2 none
- MISRA_CAST bitwise_op_bad_cast
- MISRA_CAST bitwise_op_no_cast
- MISRA_CAST float_complex_conversion
- MISRA_CAST float_narrowing_conversion
- MISRA_CAST float_non_constant_arg_conversion
- MISRA_CAST float_non_constant_conversion
- MISRA_CAST float_non_constant_rtn_conversion
- MISRA_CAST float_to_integer_cast
- MISRA_CAST float_to_integer_conversion
- MISRA_CAST float_widening_cast
- MISRA_CAST integer_complex_conversion
- MISRA_CAST integer_narrowing_conversion
- MISRA_CAST integer_non_constant_arg_conversion
- MISRA_CAST integer_non_constant_conversion
- MISRA_CAST integer_non_constant_rtn_conversion
- MISRA_CAST integer_signedness_changing_cast
- MISRA_CAST integer_signedness_changing_conversion
- MISRA_CAST integer_to_float_cast
- MISRA_CAST integer_to_float_conversion
- MISRA_CAST integer_widening_cast
- MISRA_CAST none
- MISSING_ASSIGN none
- MISSING_ASSIGN uncalled
- MISSING_BREAK none
- MISSING_COPY none
- MISSING_COPY uncalled
- MISSING_LOCK none
- MISSING_RESTORE likely
- MISSING_RESTORE none
- MISSING_RESTORE possible
- MISSING_RETURN multiple_returns
- MISSING_RETURN none
- MIXED_ENUMS inferred
- MIXED_ENUMS none
- NEGATIVE_RETURNS array_index_read
- NEGATIVE_RETURNS array_index_write
- NEGATIVE_RETURNS critical_argument
- NEGATIVE_RETURNS loop_bound
- NEGATIVE_RETURNS none
- NESTING_INDENT_MISMATCH bad_indentation
- NESTING_INDENT_MISMATCH none
- NO_EFFECT array_null
- NO_EFFECT bad_memset_fill_value
- NO_EFFECT bad_memset_truncated_fill
- NO_EFFECT bad_memset_zero_size
- NO_EFFECT extra_comma
- NO_EFFECT incomplete_delete
- NO_EFFECT no_effect_deref
- NO_EFFECT no_effect_test
- NO_EFFECT self_assign
- NO_EFFECT static_through_instance
- NO_EFFECT unsigned_compare
- NO_EFFECT unsigned_compare_macros
- NO_EFFECT unsigned_enums
- NO_EFFECT useless_continue
- NULL_RETURNS none
- NULL_RETURNS unimpl
- OPEN_ARGS none
- ORDER_REVERSAL none
- OS_CMD_INJECTION none
- OVERFLOW_BEFORE_WIDEN none
- OVERRUN illegal_address
- OVERRUN none
- OVERRUN read
- OVERRUN strlen
- OVERRUN write
- PASS_BY_VALUE none
- PATH_MANIPULATION none
- PRINTF_ARGS extra_printf_arg
- PRINTF_ARGS invalid_printf_format_string
- PRINTF_ARGS invalid_type_printf_arg
- PRINTF_ARGS missing_printf_arg
- PW.* none
- PW.ASSIGN_WHERE_COMPARE_MEANT none
- PW.BAD_CAST none
- PW.BAD_PRINTF_FORMAT_STRING none
- PW.BRANCH_PAST_INITIALIZATION none
- PW.CONVERSION_TO_POINTER_LOSES_BITS none
- PW.DIVIDE_BY_ZERO none
- PW.INTEGER_OVERFLOW none
- PW.INTEGER_TOO_LARGE none
- PW.NON_CONST_PRINTF_FORMAT_STRING none
- PW.RETURN_PTR_TO_LOCAL_TEMP none
- PW.SHIFT_COUNT_TOO_LARGE none
- PW.TOO_FEW_PRINTF_ARGS none
- PW.TOO_MANY_PRINTF_ARGS none
- PW.UNSIGNED_COMPARE_WITH_NEGATIVE none
- READLINK none
- RESOURCE_LEAK exceptional_path
- RESOURCE_LEAK fds_handles
- RESOURCE_LEAK none
- RETURN_LOCAL escape_local_addr_to_fields_or_globals
- RETURN_LOCAL none
- REVERSE_INULL none
- REVERSE_NEGATIVE array_index_read
- REVERSE_NEGATIVE array_index_write
- REVERSE_NEGATIVE critical_argument
- REVERSE_NEGATIVE none
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SECURE_CODING none
- SECURE_TEMP none
- SELF_ASSIGN none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SIGN_EXTENSION none
- SIZECHECK ampersand_in_size
- SIZECHECK improper_new
- SIZECHECK incorrect_multiplication
- SIZECHECK likely_overflow
- SIZECHECK no_null_terminator
- SIZECHECK none
- SIZEOF_MISMATCH extra_sizeof
- SIZEOF_MISMATCH missing_parentheses
- SIZEOF_MISMATCH none
- SIZEOF_MISMATCH sizeof_punning
- SIZEOF_MISMATCH wrong_size_value
- SIZEOF_MISMATCH wrong_sizeof
- SLEEP none
- SQLI none
- STACK_USE none
- STRAY_SEMICOLON none
- STRING_NULL none
- STRING_OVERFLOW fixed_size_dest
- STRING_OVERFLOW likely_overflow
- STRING_OVERFLOW none
- STRING_SIZE none
- SWAPPED_ARGUMENTS none
- TAINTED_SCALAR allocation
- TAINTED_SCALAR array_index_read
- TAINTED_SCALAR array_index_write
- TAINTED_SCALAR critical_argument
- TAINTED_SCALAR divisor
- TAINTED_SCALAR loop_bound
- TAINTED_SCALAR none
- TAINTED_SCALAR pointer_deref_read
- TAINTED_SCALAR pointer_deref_write
- TAINTED_STRING none
- TOCTOU none
- UNCAUGHT_EXCEPT none
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- UNEXPECTED_CONTROL_FLOW continue_in_do_while_false
- UNINIT array_index_read
- UNINIT array_index_write
- UNINIT none
- UNINIT pointer_deref_read
- UNINIT pointer_deref_write
- UNINIT_CTOR none
- UNINIT_CTOR pointer
- UNREACHABLE none
- UNUSED_VALUE adjacent
- UNUSED_VALUE none
- URL_MANIPULATION none
- USER_POINTER none
- USE_AFTER_FREE deref_read_after_free
- USE_AFTER_FREE deref_write_after_free
- USE_AFTER_FREE double_close
- USE_AFTER_FREE double_free
- USE_AFTER_FREE none
- USE_AFTER_FREE use_after_close
- VARARGS none
- VIRTUAL_DTOR empty_dtor
- VIRTUAL_DTOR none
- WEAK_GUARD dns
- WEAK_GUARD dns_sensitive_op
- WEAK_GUARD http_referer
- WEAK_GUARD http_referer_sensitive_op
- WEAK_GUARD ip_address
- WEAK_GUARD ip_address_sensitive_op
- WEAK_GUARD none
- WEAK_GUARD os_login
- WEAK_GUARD os_login_sensitive_op
- WEAK_GUARD principal_name
- WEAK_GUARD principal_name_sensitive_op
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
- WRAPPER_ESCAPE COM_deref_read_after_free
- WRAPPER_ESCAPE COM_deref_write_after_free
- WRAPPER_ESCAPE COM_use_after_free
- WRAPPER_ESCAPE deref_read_after_free
- WRAPPER_ESCAPE deref_write_after_free
- WRAPPER_ESCAPE none
- XPATH_INJECTION none
- Y2K38_SAFETY declaration_with_small_time_t
- Y2K38_SAFETY truncation_of_time_t
|
- ALLOC_FREE_MISMATCH none
- ARRAY_VS_SINGLETON none
- ASSIGN_NOT_RETURNING_STAR_THIS indirect
- ASSIGN_NOT_RETURNING_STAR_THIS none
- ASSIGN_NOT_RETURNING_STAR_THIS usable_for_chained_assignment
- ATOMICITY none
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK nested_memory_access
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK sensitive_data_comparison
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_execution_data_leak
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_uninitialized_use
- AUTOSAR C++14 A15-3-3 none
- BAD_ALLOC_ARITHMETIC none
- BAD_ALLOC_STRLEN none
- BAD_COMPARE comparator_misuse
- BAD_COMPARE misuse_of_not
- BAD_COMPARE none
- BAD_COMPARE string_lit_comparison
- BAD_FREE address
- BAD_FREE alloca
- BAD_FREE array
- BAD_FREE first_field_address
- BAD_FREE function_pointer
- BAD_FREE none
- BAD_OVERRIDE none
- BAD_SIZEOF none
- BAD_SIZEOF sizeof_ptr_expr
- BUFFER_SIZE fixed_size_dest
- BUFFER_SIZE likely_overflow
- BUFFER_SIZE no_null_terminator
- BUFFER_SIZE no_null_terminator_warn
- BUFFER_SIZE none
- BUFFER_SIZE overflow
- BUFFER_SIZE overlapping_buffer
- CHAR_IO none
- CHECKED_RETURN library_function
- CHECKED_RETURN none
- CHECKED_RETURN returns_error_info
- CHECKED_RETURN short_read
- CHECKED_RETURN unchecked_arg
- CHECKED_RETURN user_required
- CHROOT none
- CONSTANT_EXPRESSION_RESULT bit_and_with_zero
- CONSTANT_EXPRESSION_RESULT extra_high_bits
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT missing_parentheses
- CONSTANT_EXPRESSION_RESULT none
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT pointless_string_compare
- CONSTANT_EXPRESSION_RESULT result_independent_of_operands
- CONSTANT_EXPRESSION_RESULT same_on_both_sides
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- COPY_PASTE_ERROR none
- CTOR_DTOR_LEAK none
- DC.PREDICTABLE_KEY_PASSWORD none
- DC.STREAM_BUFFER none
- DC.STRING_BUFFER none
- DC.WEAK_CRYPTO none
- DEADCODE dead_case_in_switch
- DEADCODE dead_default_in_switch
- DEADCODE effectively_constant
- DEADCODE none
- DEADCODE redundant_test
- DELETE_ARRAY non_array_delete
- DELETE_ARRAY none
- DELETE_ARRAY object
- DELETE_ARRAY scalar
- DELETE_VOID none
- DIVIDE_BY_ZERO float_divisor
- DIVIDE_BY_ZERO none
- ENUM_AS_BOOLEAN none
- EVALUATION_ORDER none
- FORMAT_STRING_INJECTION none
- FORMAT_STRING_INJECTION paranoid
- FORWARD_NULL deref_constant_null
- FORWARD_NULL dynamic_cast
- FORWARD_NULL none
- FORWARD_NULL throws_on_null
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HEADER_INJECTION none
- IDENTICAL_BRANCHES case
- IDENTICAL_BRANCHES chain
- IDENTICAL_BRANCHES if
- IDENTICAL_BRANCHES ternary
- INCOMPATIBLE_CAST endianness
- INCOMPATIBLE_CAST float_vs_integral
- INCOMPATIBLE_CAST none
- INCOMPATIBLE_CAST overrun
- INFINITE_LOOP no_escape
- INFINITE_LOOP none
- INTEGER_OVERFLOW array_index_read
- INTEGER_OVERFLOW array_index_write
- INTEGER_OVERFLOW const_overflow
- INTEGER_OVERFLOW critical_argument
- INTEGER_OVERFLOW none
- INTEGER_OVERFLOW pointer_deref_read
- INTEGER_OVERFLOW pointer_deref_write
- INTEGER_OVERFLOW return_value_error
- INVALIDATE_ITERATOR none
- LOCK double_lock
- LOCK lock_assert
- LOCK missing_unlock
- LOCK none
- MISMATCHED_ITERATOR mismatched_comparison
- MISMATCHED_ITERATOR none
- MISMATCHED_ITERATOR splice_iterator_mismatch
- MISRA C++-2008 Rule 15-3-2 none
- MISRA_CAST bitwise_op_bad_cast
- MISRA_CAST bitwise_op_no_cast
- MISRA_CAST float_complex_conversion
- MISRA_CAST float_narrowing_conversion
- MISRA_CAST float_non_constant_arg_conversion
- MISRA_CAST float_non_constant_conversion
- MISRA_CAST float_non_constant_rtn_conversion
- MISRA_CAST float_to_integer_cast
- MISRA_CAST float_to_integer_conversion
- MISRA_CAST float_widening_cast
- MISRA_CAST integer_complex_conversion
- MISRA_CAST integer_narrowing_conversion
- MISRA_CAST integer_non_constant_arg_conversion
- MISRA_CAST integer_non_constant_conversion
- MISRA_CAST integer_non_constant_rtn_conversion
- MISRA_CAST integer_signedness_changing_cast
- MISRA_CAST integer_signedness_changing_conversion
- MISRA_CAST integer_to_float_cast
- MISRA_CAST integer_to_float_conversion
- MISRA_CAST integer_widening_cast
- MISRA_CAST none
- MISSING_ASSIGN none
- MISSING_ASSIGN uncalled
- MISSING_BREAK none
- MISSING_COPY none
- MISSING_COPY uncalled
- MISSING_LOCK none
- MISSING_RESTORE likely
- MISSING_RESTORE none
- MISSING_RESTORE possible
- MISSING_RETURN multiple_returns
- MISSING_RETURN none
- MIXED_ENUMS inferred
- MIXED_ENUMS none
- NEGATIVE_RETURNS array_index_read
- NEGATIVE_RETURNS array_index_write
- NEGATIVE_RETURNS critical_argument
- NEGATIVE_RETURNS loop_bound
- NEGATIVE_RETURNS none
- NESTING_INDENT_MISMATCH bad_indentation
- NESTING_INDENT_MISMATCH none
- NO_EFFECT array_null
- NO_EFFECT bad_memset_fill_value
- NO_EFFECT bad_memset_truncated_fill
- NO_EFFECT bad_memset_zero_size
- NO_EFFECT extra_comma
- NO_EFFECT incomplete_delete
- NO_EFFECT no_effect_deref
- NO_EFFECT no_effect_test
- NO_EFFECT self_assign
- NO_EFFECT static_through_instance
- NO_EFFECT unsigned_compare
- NO_EFFECT unsigned_compare_macros
- NO_EFFECT unsigned_enums
- NO_EFFECT useless_continue
- NULL_RETURNS none
- NULL_RETURNS unimpl
- OPEN_ARGS none
- ORDER_REVERSAL none
- OS_CMD_INJECTION none
- OVERFLOW_BEFORE_WIDEN none
- OVERRUN illegal_address
- OVERRUN none
- OVERRUN read
- OVERRUN strlen
- OVERRUN write
- PASS_BY_VALUE none
- PATH_MANIPULATION none
- PRINTF_ARGS extra_printf_arg
- PRINTF_ARGS invalid_printf_format_string
- PRINTF_ARGS invalid_type_printf_arg
- PRINTF_ARGS missing_printf_arg
- PW.* none
- PW.ASSIGN_WHERE_COMPARE_MEANT none
- PW.BAD_CAST none
- PW.BAD_PRINTF_FORMAT_STRING none
- PW.BRANCH_PAST_INITIALIZATION none
- PW.CONVERSION_TO_POINTER_LOSES_BITS none
- PW.DIVIDE_BY_ZERO none
- PW.INTEGER_OVERFLOW none
- PW.INTEGER_TOO_LARGE none
- PW.NON_CONST_PRINTF_FORMAT_STRING none
- PW.RETURN_PTR_TO_LOCAL_TEMP none
- PW.SHIFT_COUNT_TOO_LARGE none
- PW.TOO_FEW_PRINTF_ARGS none
- PW.TOO_MANY_PRINTF_ARGS none
- PW.UNSIGNED_COMPARE_WITH_NEGATIVE none
- READLINK none
- RESOURCE_LEAK exceptional_path
- RESOURCE_LEAK fds_handles
- RESOURCE_LEAK none
- RETURN_LOCAL escape_local_addr_to_fields_or_globals
- RETURN_LOCAL none
- REVERSE_INULL none
- REVERSE_NEGATIVE array_index_read
- REVERSE_NEGATIVE array_index_write
- REVERSE_NEGATIVE critical_argument
- REVERSE_NEGATIVE none
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SECURE_CODING none
- SECURE_TEMP none
- SELF_ASSIGN none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SIGN_EXTENSION none
- SIZECHECK ampersand_in_size
- SIZECHECK improper_new
- SIZECHECK incorrect_multiplication
- SIZECHECK likely_overflow
- SIZECHECK no_null_terminator
- SIZECHECK none
- SIZEOF_MISMATCH extra_sizeof
- SIZEOF_MISMATCH missing_parentheses
- SIZEOF_MISMATCH none
- SIZEOF_MISMATCH sizeof_punning
- SIZEOF_MISMATCH wrong_size_value
- SIZEOF_MISMATCH wrong_sizeof
- SLEEP none
- SQLI none
- STACK_USE none
- STRAY_SEMICOLON none
- STRING_NULL none
- STRING_OVERFLOW fixed_size_dest
- STRING_OVERFLOW likely_overflow
- STRING_OVERFLOW none
- STRING_SIZE none
- SWAPPED_ARGUMENTS none
- TAINTED_SCALAR allocation
- TAINTED_SCALAR array_index_read
- TAINTED_SCALAR array_index_write
- TAINTED_SCALAR critical_argument
- TAINTED_SCALAR divisor
- TAINTED_SCALAR loop_bound
- TAINTED_SCALAR none
- TAINTED_SCALAR pointer_deref_read
- TAINTED_SCALAR pointer_deref_write
- TAINTED_STRING none
- TOCTOU none
- UNCAUGHT_EXCEPT none
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- UNEXPECTED_CONTROL_FLOW continue_in_do_while_false
- UNINIT array_index_read
- UNINIT array_index_write
- UNINIT none
- UNINIT pointer_deref_read
- UNINIT pointer_deref_write
- UNINIT_CTOR none
- UNINIT_CTOR pointer
- UNREACHABLE none
- UNUSED_VALUE adjacent
- UNUSED_VALUE none
- URL_MANIPULATION none
- USER_POINTER none
- USE_AFTER_FREE deref_read_after_free
- USE_AFTER_FREE deref_write_after_free
- USE_AFTER_FREE double_close
- USE_AFTER_FREE double_free
- USE_AFTER_FREE none
- USE_AFTER_FREE use_after_close
- VARARGS none
- VIRTUAL_DTOR empty_dtor
- VIRTUAL_DTOR none
- WEAK_GUARD dns
- WEAK_GUARD dns_sensitive_op
- WEAK_GUARD http_referer
- WEAK_GUARD http_referer_sensitive_op
- WEAK_GUARD ip_address
- WEAK_GUARD ip_address_sensitive_op
- WEAK_GUARD none
- WEAK_GUARD os_login
- WEAK_GUARD os_login_sensitive_op
- WEAK_GUARD principal_name
- WEAK_GUARD principal_name_sensitive_op
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
- WRAPPER_ESCAPE COM_deref_read_after_free
- WRAPPER_ESCAPE COM_deref_write_after_free
- WRAPPER_ESCAPE COM_use_after_free
- WRAPPER_ESCAPE deref_read_after_free
- WRAPPER_ESCAPE deref_write_after_free
- WRAPPER_ESCAPE none
- XPATH_INJECTION none
|
- ATOMICITY none
- CHECKED_RETURN none
- CHECKED_RETURN unchecked_arg
- CONSTANT_EXPRESSION_RESULT bit_and_with_zero
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT missing_parentheses
- CONSTANT_EXPRESSION_RESULT none
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT result_independent_of_operands
- CONSTANT_EXPRESSION_RESULT same_on_both_sides
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- COPY_PASTE_ERROR none
- DEADCODE dead_case_in_switch
- DEADCODE dead_default_in_switch
- DEADCODE effectively_constant
- DEADCODE none
- DEADCODE redundant_test
- DISTRUSTED_DATA_DESERIALIZATION none
- DIVIDE_BY_ZERO float_divisor
- DIVIDE_BY_ZERO none
- FORWARD_NULL deref_constant_null
- FORWARD_NULL none
- GUARDED_BY_VIOLATION none
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HEADER_INJECTION none
- IDENTICAL_BRANCHES case
- IDENTICAL_BRANCHES chain
- IDENTICAL_BRANCHES if
- IDENTICAL_BRANCHES ternary
- INFINITE_LOOP no_escape
- INFINITE_LOOP none
- INSUFFICIENT_LOGGING logging_obligation
- LOCK double_lock
- LOCK lock_assert
- LOCK missing_unlock
- LOCK none
- LOCK_INVERSION none
- NOSQL_QUERY_INJECTION none
- NULL_RETURNS none
- NULL_RETURNS unimpl
- OPEN_REDIRECT none
- OS_CMD_INJECTION command_as_one_string
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- REVERSE_INULL none
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SLEEP none
- SQLI none
- SQLI nosink
- SQLI sink
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
- TEMPLATE_INJECTION none
- UNUSED_VALUE adjacent
- UNUSED_VALUE none
- URL_MANIPULATION none
- XML_EXTERNAL_ENTITY entity_expansion
- XML_EXTERNAL_ENTITY external_entities
- XSS none
|
- ANDROID_CAPABILITY_LEAK none
- ANDROID_DEBUG_MODE none
- ANDROID_WEBVIEW_FILEACCESS android_webview_file_access
- ATOMICITY none
- ATTRIBUTE_NAME_CONFLICT jsp_tag
- BAD_CERT_VERIFICATION bad_hostname_verifier
- BAD_CERT_VERIFICATION bad_revocation_check
- BAD_CERT_VERIFICATION bad_ssl_session
- BAD_CERT_VERIFICATION bad_trust_manager
- BAD_LOCK_OBJECT boxed_lock
- BAD_LOCK_OBJECT interned_string_lock
- BAD_LOCK_OBJECT none
- BAD_LOCK_OBJECT single_thread_lock
- BAD_LOCK_OBJECT unsafe_assign_to_locked_field
- CALL_SUPER clone
- CALL_SUPER finalize
- CALL_SUPER none
- CHECKED_RETURN library_function
- CHECKED_RETURN none
- CHECKED_RETURN short_read
- CHECKED_RETURN user_required
- CONFIG.ANDROID_BACKUPS_ALLOWED android
- CONFIG.DWR_DEBUG_MODE none
- CONFIG.DYNAMIC_DATA_HTML_COMMENT none
- CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
- CONFIG.HTTP_VERB_TAMPERING none
- CONFIG.JAVAEE_MISSING_HTTPONLY none
- CONFIG.JAVAEE_MISSING_SERVLET_MAPPING javaee
- CONFIG.MISSING_GLOBAL_EXCEPTION_HANDLER none
- CONFIG.MISSING_JSF2_SECURITY_CONSTRAINT none
- CONFIG.MYBATIS_MAPPER_SQLI none
- CONFIG.SPRING_BOOT_SENSITIVE_LOGGING spring_boot_logging
- CONFIG.SPRING_BOOT_SSL_DISABLED spring_boot_certificate_validation_skipped
- CONFIG.SPRING_BOOT_SSL_DISABLED spring_boot_ssl_disabled
- CONFIG.SPRING_SECURITY_CSRF_PROTECTION_DISABLED spring_security
- CONFIG.SPRING_SECURITY_DEBUG_MODE spring_debug_mode_enabled
- CONFIG.SPRING_SECURITY_DEPRECATED_XSS_HEADER deprecated_xss_header
- CONFIG.SPRING_SECURITY_DISABLE_AUTH_TAGS none
- CONFIG.SPRING_SECURITY_EXPOSED_SESSIONID session_id_in_url
- CONFIG.SPRING_SECURITY_HARDCODED_CREDENTIALS none
- CONFIG.SPRING_SECURITY_LOGIN_OVER_HTTP spring_security_login_over_http
- CONFIG.SPRING_SECURITY_REMEMBER_ME_HARDCODED_KEY none
- CONFIG.SPRING_SECURITY_SESSION_FIXATION none
- CONFIG.SPRING_SECURITY_SESSION_FIXATION spring_security_source_code
- CONFIG.SPRING_SECURITY_UNSAFE_AUTHENTICATION_FILTER authentication_filter
- CONFIG.SPRING_SECURITY_WEAK_PASSWORD_HASH weak_encoding_for_password
- CONFIG.STRUTS2_CONFIG_BROWSER_PLUGIN none
- CONFIG.STRUTS2_DYNAMIC_METHOD_INVOCATION none
- CONFIG.STRUTS2_ENABLED_DEV_MODE none
- CONFIG.UNSAFE_SESSION_TIMEOUT none
- CONSTANT_EXPRESSION_RESULT bit_and_with_zero
- CONSTANT_EXPRESSION_RESULT extra_high_bits
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT missing_parentheses
- CONSTANT_EXPRESSION_RESULT none
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT result_independent_of_operands
- CONSTANT_EXPRESSION_RESULT same_on_both_sides
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- COPY_PASTE_ERROR none
- CORS_MISCONFIGURATION cors_with_credentials_http_origin
- CORS_MISCONFIGURATION cors_with_credentials_null_origin
- CORS_MISCONFIGURATION_AUDIT cors_expose_sensitive_header
- CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
- CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
- CSRF database_update
- CSRF filesystem_modification
- CSRF none
- DC.DANGEROUS none
- DC.DEADLOCK none
- DEADCODE dead_case_in_switch
- DEADCODE dead_default_in_switch
- DEADCODE effectively_constant
- DEADCODE none
- DEADCODE redundant_test
- DISABLED_ENCRYPTION text_encryptor
- DIVIDE_BY_ZERO float_divisor
- DIVIDE_BY_ZERO none
- EL_INJECTION none
- EXPOSED_PREFERENCES none
- FB.AM_CREATES_EMPTY_JAR_FILE_ENTRY none
- FB.AM_CREATES_EMPTY_ZIP_FILE_ENTRY none
- FB.BC_IMPOSSIBLE_CAST none
- FB.BC_IMPOSSIBLE_DOWNCAST none
- FB.BC_IMPOSSIBLE_DOWNCAST_OF_TOARRAY none
- FB.BC_IMPOSSIBLE_INSTANCEOF none
- FB.BC_NULL_INSTANCEOF none
- FB.BC_VACUOUS_INSTANCEOF none
- FB.BX_BOXING_IMMEDIATELY_UNBOXED_TO_PERFORM_COERCION none
- FB.CN_IDIOM none
- FB.CN_IDIOM_NO_SUPER_CALL none
- FB.CN_IMPLEMENTS_CLONE_BUT_NOT_CLONEABLE none
- FB.DC_DOUBLECHECK none
- FB.DC_PARTIALLY_CONSTRUCTED none
- FB.DE_MIGHT_DROP none
- FB.DE_MIGHT_IGNORE none
- FB.DLS_DEAD_LOCAL_INCREMENT_IN_RETURN none
- FB.DLS_DEAD_LOCAL_STORE none
- FB.DLS_DEAD_LOCAL_STORE_IN_RETURN none
- FB.DLS_DEAD_LOCAL_STORE_OF_NULL none
- FB.DLS_DEAD_LOCAL_STORE_SHADOWS_FIELD none
- FB.DLS_DEAD_STORE_OF_CLASS_LITERAL none
- FB.DLS_OVERWRITTEN_INCREMENT none
- FB.DMI_ANNOTATION_IS_NOT_VISIBLE_TO_REFLECTION none
- FB.DMI_ARGUMENTS_WRONG_ORDER none
- FB.DMI_BAD_MONTH none
- FB.DMI_BIGDECIMAL_CONSTRUCTED_FROM_DOUBLE none
- FB.DMI_BLOCKING_METHODS_ON_URL none
- FB.DMI_CALLING_NEXT_FROM_HASNEXT none
- FB.DMI_COLLECTIONS_SHOULD_NOT_CONTAIN_THEMSELVES none
- FB.DMI_COLLECTION_OF_URLS none
- FB.DMI_CONSTANT_DB_PASSWORD none
- FB.DMI_DOH none
- FB.DMI_EMPTY_DB_PASSWORD none
- FB.DMI_ENTRY_SETS_MAY_REUSE_ENTRY_OBJECTS none
- FB.DMI_FUTILE_ATTEMPT_TO_CHANGE_MAXPOOL_SIZE_OF_SCHEDULED_THREAD none
- FB.DMI_HARDCODED_ABSOLUTE_FILENAME none
- FB.DMI_INVOKING_HASHCODE_ON_ARRAY none
- FB.DMI_INVOKING_TOSTRING_ON_ANONYMOUS_ARRAY none
- FB.DMI_INVOKING_TOSTRING_ON_ARRAY none
- FB.DMI_LONG_BITS_TO_DOUBLE_INVOKED_ON_INT none
- FB.DMI_NONSERIALIZABLE_OBJECT_WRITTEN none
- FB.DMI_RANDOM_USED_ONLY_ONCE none
- FB.DMI_SCHEDULED_THREAD_POOL_EXECUTOR_WITH_ZERO_CORE_THREADS none
- FB.DMI_THREAD_PASSED_WHERE_RUNNABLE_EXPECTED none
- FB.DMI_UNSUPPORTED_METHOD none
- FB.DMI_USELESS_SUBSTRING none
- FB.DMI_USING_REMOVEALL_TO_CLEAR_COLLECTION none
- FB.DMI_VACUOUS_CALL_TO_EASYMOCK_METHOD none
- FB.DMI_VACUOUS_SELF_COLLECTION_CALL none
- FB.DM_EXIT none
- FB.EI_EXPOSE_REP none
- FB.EI_EXPOSE_REP2 none
- FB.EQ_ABSTRACT_SELF none
- FB.EQ_ALWAYS_FALSE none
- FB.EQ_ALWAYS_TRUE none
- FB.EQ_CHECK_FOR_OPERAND_NOT_COMPATIBLE_WITH_THIS none
- FB.EQ_COMPARETO_USE_OBJECT_EQUALS none
- FB.EQ_COMPARING_CLASS_NAMES none
- FB.EQ_DOESNT_OVERRIDE_EQUALS none
- FB.EQ_DONT_DEFINE_EQUALS_FOR_ENUM none
- FB.EQ_GETCLASS_AND_CLASS_CONSTANT none
- FB.EQ_OTHER_NO_OBJECT none
- FB.EQ_OTHER_USE_OBJECT none
- FB.EQ_OVERRIDING_EQUALS_NOT_SYMMETRIC none
- FB.EQ_SELF_NO_OBJECT none
- FB.EQ_SELF_USE_OBJECT none
- FB.EQ_UNUSUAL none
- FB.ESYNC_EMPTY_SYNC none
- FB.ES_COMPARING_PARAMETER_STRING_WITH_EQ none
- FB.ES_COMPARING_STRINGS_WITH_EQ none
- FB.FI_EMPTY none
- FB.FI_EXPLICIT_INVOCATION none
- FB.FI_FINALIZER_NULLS_FIELDS none
- FB.FI_FINALIZER_ONLY_NULLS_FIELDS none
- FB.FI_MISSING_SUPER_CALL none
- FB.FI_NULLIFY_SUPER none
- FB.FI_PUBLIC_SHOULD_BE_PROTECTED none
- FB.FI_USELESS none
- FB.HRS_REQUEST_PARAMETER_TO_COOKIE none
- FB.HRS_REQUEST_PARAMETER_TO_HTTP_HEADER none
- FB.ICAST_BAD_SHIFT_AMOUNT none
- FB.ICAST_IDIV_CAST_TO_DOUBLE none
- FB.ICAST_INTEGER_MULTIPLY_CAST_TO_LONG none
- FB.ICAST_INT_2_LONG_AS_INSTANT none
- FB.ICAST_INT_CAST_TO_DOUBLE_PASSED_TO_CEIL none
- FB.ICAST_INT_CAST_TO_FLOAT_PASSED_TO_ROUND none
- FB.ICAST_QUESTIONABLE_UNSIGNED_RIGHT_SHIFT none
- FB.IL_INFINITE_RECURSIVE_LOOP none
- FB.IP_PARAMETER_IS_DEAD_BUT_OVERWRITTEN none
- FB.IS2_INCONSISTENT_SYNC none
- FB.IS_FIELD_NOT_GUARDED none
- FB.IS_INCONSISTENT_SYNC none
- FB.J2EE_STORE_OF_NON_SERIALIZABLE_OBJECT_INTO_SESSION none
- FB.LI_LAZY_INIT_STATIC none
- FB.LI_LAZY_INIT_UPDATE_STATIC none
- FB.MS_CANNOT_BE_FINAL none
- FB.NP_ALWAYS_NULL none
- FB.NP_ALWAYS_NULL_EXCEPTION none
- FB.NP_ARGUMENT_MIGHT_BE_NULL none
- FB.NP_BOOLEAN_RETURN_NULL none
- FB.NP_CLONE_COULD_RETURN_NULL none
- FB.NP_CLOSING_NULL none
- FB.NP_DEREFERENCE_OF_READLINE_VALUE none
- FB.NP_DOES_NOT_HANDLE_NULL none
- FB.NP_EQUALS_SHOULD_HANDLE_NULL_ARGUMENT none
- FB.NP_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR none
- FB.NP_GUARANTEED_DEREF none
- FB.NP_GUARANTEED_DEREF_ON_EXCEPTION_PATH none
- FB.NP_IMMEDIATE_DEREFERENCE_OF_READLINE none
- FB.NP_LOAD_OF_KNOWN_NULL_VALUE none
- FB.NP_METHOD_PARAMETER_RELAXING_ANNOTATION none
- FB.NP_METHOD_PARAMETER_TIGHTENS_ANNOTATION none
- FB.NP_METHOD_RETURN_RELAXING_ANNOTATION none
- FB.NP_NONNULL_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR none
- FB.NP_NONNULL_PARAM_VIOLATION none
- FB.NP_NONNULL_RETURN_VIOLATION none
- FB.NP_NULL_INSTANCEOF none
- FB.NP_NULL_ON_SOME_PATH none
- FB.NP_NULL_ON_SOME_PATH_EXCEPTION none
- FB.NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE none
- FB.NP_NULL_ON_SOME_PATH_MIGHT_BE_INFEASIBLE none
- FB.NP_NULL_PARAM_DEREF none
- FB.NP_NULL_PARAM_DEREF_ALL_TARGETS_DANGEROUS none
- FB.NP_NULL_PARAM_DEREF_NONVIRTUAL none
- FB.NP_OPTIONAL_RETURN_NULL none
- FB.NP_PARAMETER_MUST_BE_NONNULL_BUT_MARKED_AS_NULLABLE none
- FB.NP_STORE_INTO_NONNULL_FIELD none
- FB.NP_SYNC_AND_NULL_CHECK_FIELD none
- FB.NP_TOSTRING_COULD_RETURN_NULL none
- FB.NP_UNWRITTEN_FIELD none
- FB.NP_UNWRITTEN_PUBLIC_OR_PROTECTED_FIELD none
- FB.PT_ABSOLUTE_PATH_TRAVERSAL none
- FB.PT_RELATIVE_PATH_TRAVERSAL none
- FB.QBA_QUESTIONABLE_BOOLEAN_ASSIGNMENT none
- FB.RCN_REDUNDANT_COMPARISON_OF_NULL_AND_NONNULL_VALUE none
- FB.RCN_REDUNDANT_COMPARISON_TWO_NULL_VALUES none
- FB.RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE none
- FB.RCN_REDUNDANT_NULLCHECK_OF_NULL_VALUE none
- FB.RCN_REDUNDANT_NULLCHECK_WOULD_HAVE_BEEN_A_NPE none
- FB.REC_CATCH_EXCEPTION none
- FB.RE_BAD_SYNTAX_FOR_REGULAR_EXPRESSION none
- FB.RE_CANT_USE_FILE_SEPARATOR_AS_REGULAR_EXPRESSION none
- FB.RE_POSSIBLE_UNINTENDED_PATTERN none
- FB.RU_INVOKE_RUN none
- FB.RV_01_TO_INT none
- FB.RV_ABSOLUTE_VALUE_OF_HASHCODE none
- FB.RV_ABSOLUTE_VALUE_OF_RANDOM_INT none
- FB.RV_CHECK_COMPARETO_FOR_SPECIFIC_RETURN_VALUE none
- FB.RV_CHECK_FOR_POSITIVE_INDEXOF none
- FB.RV_DONT_JUST_NULL_CHECK_READLINE none
- FB.RV_EXCEPTION_NOT_THROWN none
- FB.RV_NEGATING_RESULT_OF_COMPARETO none
- FB.RV_REM_OF_HASHCODE none
- FB.RV_REM_OF_RANDOM_INT none
- FB.RV_RETURN_VALUE_IGNORED none
- FB.RV_RETURN_VALUE_IGNORED2 none
- FB.RV_RETURN_VALUE_IGNORED_BAD_PRACTICE none
- FB.RV_RETURN_VALUE_IGNORED_INFERRED none
- FB.RV_RETURN_VALUE_IGNORED_NO_SIDE_EFFECT none
- FB.RV_RETURN_VALUE_OF_PUTIFABSENT_IGNORED none
- FB.SF_DEAD_STORE_DUE_TO_SWITCH_FALLTHROUGH none
- FB.SF_DEAD_STORE_DUE_TO_SWITCH_FALLTHROUGH_TO_THROW none
- FB.SF_SWITCH_FALLTHROUGH none
- FB.SQL_NONCONSTANT_STRING_PASSED_TO_EXECUTE none
- FB.SQL_PREPARED_STATEMENT_GENERATED_FROM_NONCONSTANT_STRING none
- FB.STCAL_INVOKE_ON_STATIC_CALENDAR_INSTANCE none
- FB.STCAL_INVOKE_ON_STATIC_DATE_FORMAT_INSTANCE none
- FB.STCAL_STATIC_CALENDAR_INSTANCE none
- FB.STCAL_STATIC_SIMPLE_DATE_FORMAT_INSTANCE none
- FB.XSS_REQUEST_PARAMETER_TO_JSP_WRITER none
- FB.XSS_REQUEST_PARAMETER_TO_SEND_ERROR none
- FB.XSS_REQUEST_PARAMETER_TO_SERVLET_WRITER none
- FORWARD_NULL deref_constant_null
- FORWARD_NULL deref_constant_zero
- FORWARD_NULL needs_null_check
- FORWARD_NULL none
- GUARDED_BY_VIOLATION none
- GUARDED_BY_VIOLATION unlocked_read
- GUARDED_BY_VIOLATION unlocked_write
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HEADER_INJECTION none
- HIBERNATE_BAD_HASHCODE bad_equals
- IDENTICAL_BRANCHES case
- IDENTICAL_BRANCHES chain
- IDENTICAL_BRANCHES if
- IDENTICAL_BRANCHES ternary
- IMPLICIT_INTENT none
- INFINITE_LOOP no_escape
- INFINITE_LOOP none
- INSECURE_COMMUNICATION insecure_communication
- INSECURE_COMMUNICATION none
- INSECURE_COMMUNICATION unencrypted_connection
- INSECURE_COOKIE java
- INSECURE_HTTP_FIREWALL spring_security
- INSECURE_RANDOM insecure_random_used
- INSECURE_RANDOM insecure_random_value
- INSECURE_REMEMBER_ME_COOKIE remember_me_cookie
- INVALIDATE_ITERATOR map_put
- INVALIDATE_ITERATOR none
- JAVA_CODE_INJECTION none
- JCR_INJECTION none
- JSP_DYNAMIC_INCLUDE none
- JSP_SQL_INJECTION none
- LDAP_INJECTION none
- LDAP_NOT_CONSTANT none
- LOCK_EVASION none
- LOCK_INVERSION none
- LOG_INJECTION none
- MISSING_AUTHZ none
- MISSING_BREAK none
- MISSING_HEADER_VALIDATION missing_header_validation
- MISSING_PERMISSION_FOR_BROADCAST none
- MISSING_PERMISSION_ON_EXPORTED_COMPONENT none
- MISSING_RESTORE likely
- MISSING_RESTORE none
- MISSING_RESTORE possible
- MISSING_THROW none
- MOBILE_ID_MISUSE none
- NESTING_INDENT_MISMATCH bad_indentation
- NESTING_INDENT_MISMATCH none
- NON_STATIC_GUARDING_STATIC none
- NOSQL_QUERY_INJECTION none
- NULL_RETURNS none
- NULL_RETURNS unimpl
- OGNL_INJECTION none
- OPEN_REDIRECT none
- ORM_LOAD_NULL_CHECK none
- OS_CMD_INJECTION command_as_array_of_args
- OS_CMD_INJECTION command_as_one_string
- OS_CMD_INJECTION none
- OVERFLOW_BEFORE_WIDEN none
- PATH_MANIPULATION none
- PREDICTABLE_RANDOM_SEED random_seed
- PREDICTABLE_RANDOM_SEED secure_random_seed_const
- PREDICTABLE_RANDOM_SEED secure_random_seed_sys_time
- PROPERTY_MIXUP none
- REGEX_CONFUSION none
- REGEX_INJECTION none
- RESOURCE_LEAK exceptional_path
- RESOURCE_LEAK none
- RESOURCE_LEAK socket
- RESOURCE_LEAK stream
- REVERSE_INULL none
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_clipboard
- SENSITIVE_DATA_LEAK cleartext_storage_in_content_provider
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_intent
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SERVLET_ATOMICITY attribute_init_race
- SERVLET_ATOMICITY none
- SERVLET_ATOMICITY violation_on_session_object
- SESSION_FIXATION none
- SINGLETON_RACE none
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
- STRAY_SEMICOLON none
- SWAPPED_ARGUMENTS none
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
- TRUST_BOUNDARY_VIOLATION none
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- UNEXPECTED_CONTROL_FLOW continue_in_do_while_false
- UNKNOWN_LANGUAGE_INJECTION none
- UNLIMITED_CONCURRENT_SESSIONS unlimited_concurrent_sessions
- UNLOGGED_SECURITY_EXCEPTION unlogged_security_exception
- UNREACHABLE none
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_access
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_read
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_write
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_access
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_read
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_write
- UNRESTRICTED_DISPATCH none
- UNSAFE_DESERIALIZATION none
- UNSAFE_JNI none
- UNSAFE_NAMED_QUERY none
- UNSAFE_REFLECTION none
- UNUSED_VALUE adjacent
- UNUSED_VALUE none
- URL_MANIPULATION bad_content_uri
- URL_MANIPULATION bad_intent_uri
- URL_MANIPULATION bad_web_uri
- USE_AFTER_FREE none
- VERBOSE_ERROR_REPORTING exception_information
- VERBOSE_ERROR_REPORTING stack_trace
- VOLATILE_ATOMICITY compare
- VOLATILE_ATOMICITY none
- VOLATILE_ATOMICITY semantic
- VOLATILE_ATOMICITY threshold
- WEAK_GUARD dns
- WEAK_GUARD dns_sensitive_op
- WEAK_GUARD http_referer
- WEAK_GUARD http_referer_sensitive_op
- WEAK_GUARD ip_address
- WEAK_GUARD ip_address_sensitive_op
- WEAK_GUARD none
- WEAK_GUARD os_login
- WEAK_GUARD os_login_sensitive_op
- WEAK_GUARD principal_name
- WEAK_GUARD principal_name_sensitive_op
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
- XML_EXTERNAL_ENTITY entity_expansion
- XML_EXTERNAL_ENTITY external_entities
- XML_EXTERNAL_ENTITY unrestricted_dtds
- XML_INJECTION none
- XPATH_INJECTION none
- XSS none
- XSS stored_xss
|
- ANGULAR_BYPASS_SECURITY none
- ANGULAR_ELEMENT_REFERENCE none
- ANGULAR_EXPRESSION_INJECTION none
- ANGULAR_SCE_DISABLED angular_sce_disabled
- AWS_SSL_DISABLED aws_ssl_disabled
- AWS_VALIDATION_DISABLED aws_credentials_validation
- AWS_VALIDATION_DISABLED aws_parameters_validation
- BAD_CERT_VERIFICATION bad_cert_verification
- BAD_CERT_VERIFICATION certificate_validation_disabled
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_fields
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_filesize
- CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
- CONFIG.CORDOVA_EXCESSIVE_LOGGING cordova
- CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_intent_whitelist
- CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_navigation_whitelist
- CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_network_request_whitelist
- CONFIG.CSURF_IGNORE_METHODS csurf_ignore_methods
- CONFIG.ENABLED_DEBUG_MODE debug_mode_enabled
- CONFIG.HANA_XS_PREVENT_XSRF_DISABLED none
- CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
- CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
- CONFIG.JSONWEBTOKEN_NON_EXPIRING_TOKEN jwt_non_expiring_token
- CONFIG.MISSING_GLOBAL_EXCEPTION_HANDLER winston_exception_handling
- CONFIG.MYSQL_SSL_VERIFY_DISABLED mysql_ssl_verify_disabled
- CONFIG.REQUEST_STRICTSSL_DISABLED request_strictssl_disabled
- CONFIG.SEQUELIZE_ENABLED_LOGGING sequelize_logging_enabled
- CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
- CONFIG.SOCKETIO_MAXHTTPBUFFERSIZE_SET_TOO_LARGE socketio_max_buffer_size
- CONFIG.SOCKETIO_ORIGINS_ACCEPT_ALL socketio_all_origins
- CONFIG.UNSAFE_SESSION_TIMEOUT client_sessions_unsafe_session_timeout
- CONFIG.UNSAFE_SESSION_TIMEOUT connect_mongo_session_timeout_too_long
- CONFIG.UNSAFE_SESSION_TIMEOUT connect_redis_session_timeout_too_long
- CONFIG.UNSAFE_SESSION_TIMEOUT google_cloud_connect_datastore_unsafe_session_timeout
- CONFIG.VUE_ROUTER_PARAMS_EXPOSED_TO_PROPS vuerouter_exposed_params
- CONSTANT_EXPRESSION_RESULT bit_and_with_zero
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT missing_parentheses
- CONSTANT_EXPRESSION_RESULT none
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT result_independent_of_operands
- CONSTANT_EXPRESSION_RESULT same_on_both_sides
- CONSTANT_EXPRESSION_RESULT typeof_misuse
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- COOKIE_INJECTION none
- COPY_PASTE_ERROR none
- CORS_MISCONFIGURATION cors_configured_globally
- CORS_MISCONFIGURATION cors_origin_string
- CORS_MISCONFIGURATION cors_with_credentials_all_origin
- CORS_MISCONFIGURATION cors_with_credentials_http_origin
- CORS_MISCONFIGURATION cors_with_credentials_null_origin
- CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
- CORS_MISCONFIGURATION_AUDIT cors_expose_sensitive_header
- CORS_MISCONFIGURATION_AUDIT cors_headers_allowed
- CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
- CORS_MISCONFIGURATION_AUDIT cors_origin_string
- CORS_MISCONFIGURATION_AUDIT cors_preflight_age_too_long
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_all_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_http_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_null_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
- CSRF database_update
- CSRF filesystem_modification
- CSRF none
- CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_cookie_name
- CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_no_validation
- CSRF_MISCONFIGURATION_HAPI_CRUMB insecure_cookie
- CSRF_MISCONFIGURATION_HAPI_CRUMB insufficient_token_entropy
- CSS_INJECTION none
- DEADCODE none
- DEADCODE redundant_test
- DNS_PREFETCHING helmet_dns_prefetching
- DOM_XSS none
- EXPLICIT_THIS_EXPECTED none
- EXPRESS_SESSION_UNSAFE_MEMORYSTORE express_session_unsafe_memorystore
- EXPRESS_WINSTON_SENSITIVE_LOGGING error_logger
- EXPRESS_WINSTON_SENSITIVE_LOGGING meta_data
- EXPRESS_WINSTON_SENSITIVE_LOGGING request_logger
- EXPRESS_X_POWERED_BY_ENABLED x_powered_by_http_header
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_fields
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_filesize
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_use_temp_files
- FORWARD_NULL bad_null_value_use
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HEADER_INJECTION none
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_max_age
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_report_uri
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_set_if
- IDENTICAL_BRANCHES case
- IDENTICAL_BRANCHES chain
- IDENTICAL_BRANCHES if
- IDENTICAL_BRANCHES ternary
- IDENTIFIER_TYPO none
- INSECURE_ACL insecure_acl
- INSECURE_COMMUNICATION insecure_connection
- INSECURE_COOKIE client_sessions_express_session
- INSECURE_COOKIE hapi_server_session
- INSECURE_RANDOM insecure_random_used
- INSECURE_RANDOM insecure_random_value
- INSECURE_REFERRER_POLICY insecure_referrer_policy
- INSECURE_SALT hardcoded
- INSUFFICIENT_LOGGING logging_obligation
- INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_aws
- INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_google
- JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_exipration
- JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_not_before
- JSONWEBTOKEN_UNTRUSTED_DECODE jwt_untrusted_decode
- LOCALSTORAGE_MANIPULATION none
- LOCALSTORAGE_WRITE none
- MISSING_AUTHZ none
- MISSING_BREAK none
- MISSING_IFRAME_SANDBOX none
- MULTER_MISCONFIGURATION multer_applied_globally
- MULTER_MISCONFIGURATION multer_custom_file_filter
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_count
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
- MULTER_MISCONFIGURATION multer_misconfiguration_of_limits
- MULTER_MISCONFIGURATION multer_misconfiguration_of_storage
- NESTING_INDENT_MISMATCH bad_indentation
- NESTING_INDENT_MISMATCH none
- NOSQL_QUERY_INJECTION none
- NO_EFFECT none
- NO_EFFECT self_assign
- NULL_RETURNS none
- OPEN_REDIRECT none
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- REACT_DANGEROUS_INNERHTML react_set_unsafe_html
- REGEX_INJECTION none
- REVERSE_INULL none
- REVERSE_TABNABBING react_target_blank
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO insecure_cipher
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SA.RISKY_CRYPTO ssl_protocol
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SESSIONSTORAGE_MANIPULATION none
- SQLI none
- SQLI nosink
- SQLI sink
- STRAY_SEMICOLON none
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
- TEMPLATE_INJECTION none
- TEMPORARY_CREDENTIALS_DURATION temporary_credentials_duration
- UNCHECKED_ORIGIN none
- UNEXPECTED_CONTROL_FLOW continue_in_do_while_false
- UNLESS_CASE_SENSITIVE_ROUTE_MATCHING express_unless_case_sensitive_route_matching
- UNREACHABLE none
- UNRESTRICTED_MESSAGE_TARGET none
- UNSAFE_BUFFER_METHOD unsafe_buffer_method
- UNSAFE_DESERIALIZATION none
- URL_MANIPULATION none
- VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
- WEAK_URL_SANITIZATION hostname_regular_expression
- WEAK_URL_SANITIZATION regular_expression_anchor
- WEAK_URL_SANITIZATION url_substring
- XML_EXTERNAL_ENTITY entity_expansion
- XML_EXTERNAL_ENTITY external_entities
- XSS none
|
- ANDROID_CAPABILITY_LEAK none
- ANDROID_DEBUG_MODE none
- BAD_CERT_VERIFICATION bad_hostname_verifier
- BAD_CERT_VERIFICATION bad_revocation_check
- BAD_CERT_VERIFICATION bad_ssl_session
- BAD_CERT_VERIFICATION bad_trust_manager
- CONFIG.ANDROID_BACKUPS_ALLOWED android
- EXPOSED_PREFERENCES none
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HEADER_INJECTION none
- IMPLICIT_INTENT none
- INSECURE_COMMUNICATION none
- INSECURE_RANDOM insecure_random_used
- INSECURE_RANDOM insecure_random_value
- MISSING_PERMISSION_FOR_BROADCAST none
- MOBILE_ID_MISUSE none
- OS_CMD_INJECTION command_as_array_of_args
- OS_CMD_INJECTION command_as_one_string
- PATH_MANIPULATION none
- PREDICTABLE_RANDOM_SEED random_seed
- PREDICTABLE_RANDOM_SEED secure_random_seed_const
- PREDICTABLE_RANDOM_SEED secure_random_seed_sys_time
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_clipboard
- SENSITIVE_DATA_LEAK cleartext_storage_in_content_provider
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_intent
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_access
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_read
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_write
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_access
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_read
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_write
- UNSAFE_DESERIALIZATION none
- URL_MANIPULATION bad_content_uri
- URL_MANIPULATION bad_intent_uri
- URL_MANIPULATION bad_web_uri
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
- XML_EXTERNAL_ENTITY entity_expansion
- XML_EXTERNAL_ENTITY external_entities
- XML_EXTERNAL_ENTITY unrestricted_dtds
|
- ALLOC_FREE_MISMATCH none
- ARRAY_VS_SINGLETON none
- ASSIGN_NOT_RETURNING_STAR_THIS indirect
- ASSIGN_NOT_RETURNING_STAR_THIS none
- ASSIGN_NOT_RETURNING_STAR_THIS usable_for_chained_assignment
- ATOMICITY none
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK nested_memory_access
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK sensitive_data_comparison
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_execution_data_leak
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_uninitialized_use
- BAD_ALLOC_ARITHMETIC none
- BAD_ALLOC_STRLEN none
- BAD_COMPARE comparator_misuse
- BAD_COMPARE misuse_of_not
- BAD_COMPARE none
- BAD_COMPARE string_lit_comparison
- BAD_FREE address
- BAD_FREE alloca
- BAD_FREE array
- BAD_FREE first_field_address
- BAD_FREE function_pointer
- BAD_FREE none
- BAD_OVERRIDE none
- BAD_SIZEOF none
- BAD_SIZEOF sizeof_ptr_expr
- BUFFER_SIZE fixed_size_dest
- BUFFER_SIZE likely_overflow
- BUFFER_SIZE no_null_terminator
- BUFFER_SIZE no_null_terminator_warn
- BUFFER_SIZE none
- BUFFER_SIZE overflow
- BUFFER_SIZE overlapping_buffer
- CHAR_IO none
- CHECKED_RETURN library_function
- CHECKED_RETURN none
- CHECKED_RETURN short_read
- CHECKED_RETURN unchecked_arg
- CHECKED_RETURN user_required
- CHROOT none
- CONSTANT_EXPRESSION_RESULT bit_and_with_zero
- CONSTANT_EXPRESSION_RESULT extra_high_bits
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT missing_parentheses
- CONSTANT_EXPRESSION_RESULT none
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT pointless_string_compare
- CONSTANT_EXPRESSION_RESULT result_independent_of_operands
- CONSTANT_EXPRESSION_RESULT same_on_both_sides
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- COPY_PASTE_ERROR none
- CTOR_DTOR_LEAK none
- DC.PREDICTABLE_KEY_PASSWORD none
- DC.STREAM_BUFFER none
- DC.STRING_BUFFER none
- DC.WEAK_CRYPTO none
- DEADCODE dead_case_in_switch
- DEADCODE dead_default_in_switch
- DEADCODE effectively_constant
- DEADCODE none
- DEADCODE redundant_test
- DELETE_ARRAY non_array_delete
- DELETE_ARRAY none
- DELETE_ARRAY object
- DELETE_ARRAY scalar
- DELETE_VOID none
- DIVIDE_BY_ZERO float_divisor
- DIVIDE_BY_ZERO none
- ENUM_AS_BOOLEAN none
- EVALUATION_ORDER none
- FORMAT_STRING_INJECTION none
- FORMAT_STRING_INJECTION paranoid
- FORWARD_NULL deref_constant_null
- FORWARD_NULL dynamic_cast
- FORWARD_NULL none
- FORWARD_NULL throws_on_null
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HEADER_INJECTION none
- IDENTICAL_BRANCHES case
- IDENTICAL_BRANCHES chain
- IDENTICAL_BRANCHES if
- IDENTICAL_BRANCHES ternary
- INCOMPATIBLE_CAST endianness
- INCOMPATIBLE_CAST float_vs_integral
- INCOMPATIBLE_CAST none
- INCOMPATIBLE_CAST overrun
- INFINITE_LOOP no_escape
- INFINITE_LOOP none
- INTEGER_OVERFLOW array_index_read
- INTEGER_OVERFLOW array_index_write
- INTEGER_OVERFLOW const_overflow
- INTEGER_OVERFLOW critical_argument
- INTEGER_OVERFLOW none
- INTEGER_OVERFLOW pointer_deref_read
- INTEGER_OVERFLOW pointer_deref_write
- INTEGER_OVERFLOW return_value_error
- INVALIDATE_ITERATOR none
- LOCK double_lock
- LOCK lock_assert
- LOCK missing_unlock
- LOCK none
- MISMATCHED_ITERATOR mismatched_comparison
- MISMATCHED_ITERATOR none
- MISMATCHED_ITERATOR splice_iterator_mismatch
- MISRA_CAST bitwise_op_bad_cast
- MISRA_CAST bitwise_op_no_cast
- MISRA_CAST float_complex_conversion
- MISRA_CAST float_narrowing_conversion
- MISRA_CAST float_non_constant_arg_conversion
- MISRA_CAST float_non_constant_conversion
- MISRA_CAST float_non_constant_rtn_conversion
- MISRA_CAST float_to_integer_cast
- MISRA_CAST float_to_integer_conversion
- MISRA_CAST float_widening_cast
- MISRA_CAST integer_complex_conversion
- MISRA_CAST integer_narrowing_conversion
- MISRA_CAST integer_non_constant_arg_conversion
- MISRA_CAST integer_non_constant_conversion
- MISRA_CAST integer_non_constant_rtn_conversion
- MISRA_CAST integer_signedness_changing_cast
- MISRA_CAST integer_signedness_changing_conversion
- MISRA_CAST integer_to_float_cast
- MISRA_CAST integer_to_float_conversion
- MISRA_CAST integer_widening_cast
- MISRA_CAST none
- MISSING_ASSIGN none
- MISSING_ASSIGN uncalled
- MISSING_BREAK none
- MISSING_COPY none
- MISSING_COPY uncalled
- MISSING_LOCK none
- MISSING_RESTORE likely
- MISSING_RESTORE none
- MISSING_RESTORE possible
- MISSING_RETURN multiple_returns
- MISSING_RETURN none
- MIXED_ENUMS inferred
- MIXED_ENUMS none
- NEGATIVE_RETURNS array_index_read
- NEGATIVE_RETURNS array_index_write
- NEGATIVE_RETURNS critical_argument
- NEGATIVE_RETURNS loop_bound
- NEGATIVE_RETURNS none
- NESTING_INDENT_MISMATCH bad_indentation
- NESTING_INDENT_MISMATCH none
- NO_EFFECT array_null
- NO_EFFECT bad_memset_fill_value
- NO_EFFECT bad_memset_truncated_fill
- NO_EFFECT bad_memset_zero_size
- NO_EFFECT extra_comma
- NO_EFFECT incomplete_delete
- NO_EFFECT no_effect_deref
- NO_EFFECT no_effect_test
- NO_EFFECT self_assign
- NO_EFFECT static_through_instance
- NO_EFFECT unsigned_compare
- NO_EFFECT unsigned_compare_macros
- NO_EFFECT unsigned_enums
- NO_EFFECT useless_continue
- NULL_RETURNS none
- NULL_RETURNS unimpl
- OPEN_ARGS none
- ORDER_REVERSAL none
- OS_CMD_INJECTION none
- OVERFLOW_BEFORE_WIDEN none
- OVERRUN illegal_address
- OVERRUN none
- OVERRUN read
- OVERRUN strlen
- OVERRUN write
- PASS_BY_VALUE none
- PATH_MANIPULATION none
- PRINTF_ARGS extra_printf_arg
- PRINTF_ARGS invalid_printf_format_string
- PRINTF_ARGS invalid_type_printf_arg
- PRINTF_ARGS missing_printf_arg
- READLINK none
- RESOURCE_LEAK exceptional_path
- RESOURCE_LEAK fds_handles
- RESOURCE_LEAK none
- RETURN_LOCAL escape_local_addr_to_fields_or_globals
- RETURN_LOCAL none
- REVERSE_INULL none
- REVERSE_NEGATIVE array_index_read
- REVERSE_NEGATIVE array_index_write
- REVERSE_NEGATIVE critical_argument
- REVERSE_NEGATIVE none
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SECURE_CODING none
- SELF_ASSIGN none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SIGN_EXTENSION none
- SIZECHECK ampersand_in_size
- SIZECHECK improper_new
- SIZECHECK incorrect_multiplication
- SIZECHECK likely_overflow
- SIZECHECK no_null_terminator
- SIZECHECK none
- SIZEOF_MISMATCH extra_sizeof
- SIZEOF_MISMATCH missing_parentheses
- SIZEOF_MISMATCH none
- SIZEOF_MISMATCH sizeof_punning
- SIZEOF_MISMATCH wrong_size_value
- SIZEOF_MISMATCH wrong_sizeof
- SLEEP none
- SQLI none
- STACK_USE none
- STRAY_SEMICOLON none
- STRING_NULL none
- STRING_OVERFLOW fixed_size_dest
- STRING_OVERFLOW likely_overflow
- STRING_OVERFLOW none
- STRING_SIZE none
- SWAPPED_ARGUMENTS none
- TAINTED_SCALAR allocation
- TAINTED_SCALAR array_index_read
- TAINTED_SCALAR array_index_write
- TAINTED_SCALAR critical_argument
- TAINTED_SCALAR divisor
- TAINTED_SCALAR loop_bound
- TAINTED_SCALAR none
- TAINTED_SCALAR pointer_deref_read
- TAINTED_SCALAR pointer_deref_write
- TAINTED_STRING none
- TOCTOU none
- UNCAUGHT_EXCEPT none
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- UNEXPECTED_CONTROL_FLOW continue_in_do_while_false
- UNINIT array_index_read
- UNINIT array_index_write
- UNINIT none
- UNINIT pointer_deref_read
- UNINIT pointer_deref_write
- UNINIT_CTOR none
- UNINIT_CTOR pointer
- UNREACHABLE none
- UNUSED_VALUE adjacent
- UNUSED_VALUE none
- URL_MANIPULATION none
- USER_POINTER none
- USE_AFTER_FREE deref_read_after_free
- USE_AFTER_FREE deref_write_after_free
- USE_AFTER_FREE double_close
- USE_AFTER_FREE double_free
- USE_AFTER_FREE none
- USE_AFTER_FREE use_after_close
- VARARGS none
- VIRTUAL_DTOR empty_dtor
- VIRTUAL_DTOR none
- WEAK_GUARD dns
- WEAK_GUARD dns_sensitive_op
- WEAK_GUARD http_referer
- WEAK_GUARD http_referer_sensitive_op
- WEAK_GUARD ip_address
- WEAK_GUARD ip_address_sensitive_op
- WEAK_GUARD none
- WEAK_GUARD os_login
- WEAK_GUARD os_login_sensitive_op
- WEAK_GUARD principal_name
- WEAK_GUARD principal_name_sensitive_op
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
- WRAPPER_ESCAPE COM_deref_read_after_free
- WRAPPER_ESCAPE COM_deref_write_after_free
- WRAPPER_ESCAPE COM_use_after_free
- WRAPPER_ESCAPE deref_read_after_free
- WRAPPER_ESCAPE deref_write_after_free
- WRAPPER_ESCAPE none
- XPATH_INJECTION none
|
- CONFIG.SYMFONY_CSRF_PROTECTION_DISABLED none
- CONSTANT_EXPRESSION_RESULT bit_and_with_zero
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT missing_parentheses
- CONSTANT_EXPRESSION_RESULT none
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT result_independent_of_operands
- CONSTANT_EXPRESSION_RESULT same_on_both_sides
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- COPY_PASTE_ERROR none
- DEADCODE none
- DEADCODE redundant_test
- FORWARD_NULL bad_null_value_use
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HEADER_INJECTION none
- IDENTICAL_BRANCHES case
- IDENTICAL_BRANCHES chain
- IDENTICAL_BRANCHES if
- IDENTICAL_BRANCHES ternary
- IDENTIFIER_TYPO none
- MISSING_AUTHZ none
- MISSING_BREAK none
- NESTING_INDENT_MISMATCH bad_indentation
- NESTING_INDENT_MISMATCH none
- NOSQL_QUERY_INJECTION none
- NO_EFFECT none
- NO_EFFECT self_assign
- OPEN_REDIRECT none
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- STRAY_SEMICOLON none
- SYMFONY_EL_INJECTION none
- UNEXPECTED_CONTROL_FLOW continue_in_do_while_false
- UNREACHABLE none
- UNSAFE_DESERIALIZATION none
- UNSAFE_REFLECTION none
- XML_EXTERNAL_ENTITY external_entities
- XSS none
|
- CONSTANT_EXPRESSION_RESULT bit_and_with_zero
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT missing_parentheses
- CONSTANT_EXPRESSION_RESULT none
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT result_independent_of_operands
- CONSTANT_EXPRESSION_RESULT same_on_both_sides
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- COPY_PASTE_ERROR none
- CSRF database_update
- CSRF none
- DEADCODE none
- DEADCODE redundant_test
- FORWARD_NULL bad_null_value_use
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- IDENTICAL_BRANCHES chain
- IDENTICAL_BRANCHES if
- IDENTICAL_BRANCHES ternary
- IDENTIFIER_TYPO none
- MISSING_AUTHZ none
- NOSQL_QUERY_INJECTION none
- OPEN_REDIRECT none
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- REVERSE_INULL none
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- UNREACHABLE none
- UNSAFE_DESERIALIZATION none
- XML_EXTERNAL_ENTITY external_entities
- XSS none
|
- BAD_CERT_VERIFICATION ssl_verification_bypass_hi
- BLACKLIST_FOR_AUTHN auth_blacklist_med
- BLACKLIST_FOR_AUTHN csrf_blacklist_med
- CONSTANT_EXPRESSION_RESULT bit_and_with_zero
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT missing_parentheses
- CONSTANT_EXPRESSION_RESULT none
- CONSTANT_EXPRESSION_RESULT number_as_truth_value
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT result_independent_of_operands
- CONSTANT_EXPRESSION_RESULT same_on_both_sides
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- COOKIE_SERIALIZER_CONFIG unsafe_cookie_serialization_med
- COPY_PASTE_ERROR none
- CSRF csrf_not_protected_by_raising_exception_med
- CSRF csrf_protection_disabled_hi
- CSRF csrf_protection_missing_hi
- CSRF cve_2011_0447_hi
- DEADCODE none
- DEADCODE redundant_test
- DIVIDE_BY_ZERO divide_by_zero_low
- DIVIDE_BY_ZERO divide_by_zero_med
- DYNAMIC_OBJECT_ATTRIBUTES attr_protected_used_med
- DYNAMIC_OBJECT_ATTRIBUTES cve_2013_0276_hi
- DYNAMIC_OBJECT_ATTRIBUTES dangerous_attr_accessible_hi
- DYNAMIC_OBJECT_ATTRIBUTES dangerous_attr_accessible_low
- DYNAMIC_OBJECT_ATTRIBUTES dangerous_attr_accessible_med
- DYNAMIC_OBJECT_ATTRIBUTES dangerous_permit_key_hi
- DYNAMIC_OBJECT_ATTRIBUTES dangerous_permit_key_med
- DYNAMIC_OBJECT_ATTRIBUTES mass_assign_call_hi
- DYNAMIC_OBJECT_ATTRIBUTES mass_assign_call_low
- DYNAMIC_OBJECT_ATTRIBUTES mass_assign_call_med
- DYNAMIC_OBJECT_ATTRIBUTES mass_assign_permit_all_hi
- DYNAMIC_OBJECT_ATTRIBUTES mass_assign_permit_all_med
- DYNAMIC_OBJECT_ATTRIBUTES mass_assign_without_protection_hi
- DYNAMIC_OBJECT_ATTRIBUTES mass_assign_without_protection_med
- DYNAMIC_OBJECT_ATTRIBUTES no_attr_accessible_hi
- FORWARD_NULL bad_null_value_use
- HARDCODED_CREDENTIALS secret_in_source_med
- IDENTICAL_BRANCHES chain
- IDENTICAL_BRANCHES if
- IDENTICAL_BRANCHES ternary
- IDENTIFIER_TYPO none
- INSECURE_COOKIE cookie_missing_secure_flag_low
- INSECURE_COOKIE missing_httponly_low
- INSECURE_DIRECT_OBJECT_REFERENCE unscoped_find_low
- NO_EFFECT none
- NO_EFFECT self_assign
- OPEN_REDIRECT open_redirect_hi
- OPEN_REDIRECT open_redirect_low
- OS_CMD_INJECTION command_injection_hi
- OS_CMD_INJECTION command_injection_med
- PARSE_ERROR none
- PATH_MANIPULATION dynamic_render_path_hi
- PATH_MANIPULATION dynamic_render_path_low
- PATH_MANIPULATION dynamic_render_path_med
- PATH_MANIPULATION dynamic_render_path_rce_hi
- PATH_MANIPULATION file_access_hi
- PATH_MANIPULATION file_access_low
- PATH_MANIPULATION file_access_med
- RAILS_DEFAULT_ROUTES all_default_routes_hi
- RAILS_DEFAULT_ROUTES controller_default_routes_med
- RAILS_DEFAULT_ROUTES cve_2014_0130_hi
- RAILS_DEFAULT_ROUTES cve_2014_0130_med
- RAILS_DEVISE_CONFIG devise_encryptor_hi
- RAILS_DEVISE_CONFIG devise_lock_strategy_low
- RAILS_DEVISE_CONFIG devise_password_length_max_low
- RAILS_DEVISE_CONFIG devise_password_length_max_med
- RAILS_DEVISE_CONFIG devise_password_length_min_low
- RAILS_DEVISE_CONFIG devise_password_length_min_med
- RAILS_DEVISE_CONFIG devise_reset_timeout_hi
- RAILS_MISSING_FILTER_ACTION missing_action_filter_low
- REGEX_INJECTION regex_dos_hi
- REGEX_INJECTION regex_dos_low
- REGEX_INJECTION regex_dos_med
- REGEX_MISSING_ANCHOR validation_regex_hi
- RESOURCE_LEAK unsafe_symbol_creation_low
- REVERSE_INULL none
- REVERSE_TABNABBING reverse_tabnabbing_low
- RUBY_VULNERABLE_LIBRARY cve_2010_3933_hi
- RUBY_VULNERABLE_LIBRARY cve_2011_2929_hi
- RUBY_VULNERABLE_LIBRARY cve_2011_2930_med
- RUBY_VULNERABLE_LIBRARY cve_2011_2931_hi
- RUBY_VULNERABLE_LIBRARY cve_2011_2932_hi
- RUBY_VULNERABLE_LIBRARY cve_2011_3186_med
- RUBY_VULNERABLE_LIBRARY cve_2012_2660_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_2661_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_2695_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_3424_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_3424_low
- RUBY_VULNERABLE_LIBRARY cve_2012_3463_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_3465_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_5664_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_0155_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_0156_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_0269_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_0269_low
- RUBY_VULNERABLE_LIBRARY cve_2013_0269_med
- RUBY_VULNERABLE_LIBRARY cve_2013_0277_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_0277_med
- RUBY_VULNERABLE_LIBRARY cve_2013_0333_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_1854_med
- RUBY_VULNERABLE_LIBRARY cve_2013_1855_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_1857_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_4491_med
- RUBY_VULNERABLE_LIBRARY cve_2013_6414_med
- RUBY_VULNERABLE_LIBRARY cve_2013_6416_call_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_6416_med
- RUBY_VULNERABLE_LIBRARY cve_2013_6417_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_0080_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_0081_call_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_0081_med
- RUBY_VULNERABLE_LIBRARY cve_2014_0082_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_3482_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_3483_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_low
- RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_med
- RUBY_VULNERABLE_LIBRARY cve_2014_3514_med
- RUBY_VULNERABLE_LIBRARY cve_2014_7829_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_3226_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_3226_med
- RUBY_VULNERABLE_LIBRARY cve_2015_3227_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7576_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_7577_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7578_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_7578_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7579_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_7579_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7580_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_7580_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7581_med
- RUBY_VULNERABLE_LIBRARY cve_2016_0751_med
- RUBY_VULNERABLE_LIBRARY cve_2016_6317_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_3741_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_3741_med
- RUBY_VULNERABLE_LIBRARY cve_2018_3760_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_3760_low
- RUBY_VULNERABLE_LIBRARY cve_2018_8048_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_8048_med
- RUBY_VULNERABLE_LIBRARY safe_buffer_vuln_med
- RUBY_VULNERABLE_LIBRARY select_options_vuln_low
- RUBY_VULNERABLE_LIBRARY select_options_vuln_med
- RUBY_VULNERABLE_LIBRARY translate_vuln_hi
- RUBY_VULNERABLE_LIBRARY translate_vuln_med
- SCRIPT_CODE_INJECTION code_eval_hi
- SCRIPT_CODE_INJECTION code_eval_low
- SENSITIVE_DATA_LEAK detailed_exceptions_hi
- SENSITIVE_DATA_LEAK detailed_exceptions_med
- SENSITIVE_DATA_LEAK local_request_config_hi
- SESSION_MANIPULATION session_key_manipulation_hi
- SESSION_MANIPULATION session_key_manipulation_med
- SQLI sql_injection_calculate_hi
- SQLI sql_injection_calculate_low
- SQLI sql_injection_calculate_med
- SQLI sql_injection_connection_hi
- SQLI sql_injection_connection_low
- SQLI sql_injection_connection_med
- SQLI sql_injection_delete_hi
- SQLI sql_injection_delete_low
- SQLI sql_injection_delete_med
- SQLI sql_injection_dynamic_finder_med
- SQLI sql_injection_exists_hi
- SQLI sql_injection_find_by_hi
- SQLI sql_injection_find_hi
- SQLI sql_injection_find_low
- SQLI sql_injection_find_med
- SQLI sql_injection_from_hi
- SQLI sql_injection_from_low
- SQLI sql_injection_from_med
- SQLI sql_injection_group_low
- SQLI sql_injection_group_med
- SQLI sql_injection_having_low
- SQLI sql_injection_having_med
- SQLI sql_injection_hi
- SQLI sql_injection_interp_hi
- SQLI sql_injection_interp_low
- SQLI sql_injection_interp_med
- SQLI sql_injection_joins_hi
- SQLI sql_injection_joins_low
- SQLI sql_injection_joins_med
- SQLI sql_injection_limit_offset_hi
- SQLI sql_injection_limit_offset_low
- SQLI sql_injection_low
- SQLI sql_injection_med
- SQLI sql_injection_not_low
- SQLI sql_injection_order_hi
- SQLI sql_injection_order_low
- SQLI sql_injection_order_med
- SQLI sql_injection_pluck_hi
- SQLI sql_injection_pluck_low
- SQLI sql_injection_pluck_med
- SQLI sql_injection_reorder_hi
- SQLI sql_injection_reorder_low
- SQLI sql_injection_reorder_med
- SQLI sql_injection_select_hi
- SQLI sql_injection_select_med
- SQLI sql_injection_where_hi
- SQLI sql_injection_where_low
- SQLI sql_injection_where_med
- STRICT_TRANSPORT_SECURITY force_ssl_disabled_med
- UNESCAPED_HTML unescaped_output_low
- UNEXPECTED_CONTROL_FLOW continue_in_do_while_false
- UNREACHABLE none
- UNSAFE_BASIC_AUTH basic_auth_password_hi
- UNSAFE_BASIC_AUTH basic_auth_timing_attack_low
- UNSAFE_BASIC_AUTH basic_auth_usage_low
- UNSAFE_DESERIALIZATION unsafe_deserialize_hi
- UNSAFE_DESERIALIZATION unsafe_deserialize_med
- UNSAFE_REFLECTION dangerous_send_hi
- UNSAFE_REFLECTION unsafe_constantize_hi
- UNSAFE_REFLECTION unsafe_constantize_med
- UNSAFE_SESSION_SETTING http_cookies_hi
- UNSAFE_SESSION_SETTING secure_cookies_hi
- UNSAFE_SESSION_SETTING session_secret_hi
- WEAK_PASSWORD_HASH weak_hash_digest_hi
- WEAK_PASSWORD_HASH weak_hash_digest_med
- WEAK_PASSWORD_HASH weak_hash_hmac_med
- XSS cross_site_scripting_hi
- XSS cross_site_scripting_inline_hi
- XSS cross_site_scripting_inline_med
- XSS cross_site_scripting_low
- XSS cross_site_scripting_med
- XSS cve_2011_0446_hi
- XSS cve_2012_3464_med
- XSS cve_2016_6316_hi
- XSS cve_2016_6316_med
- XSS unquoted_attribute_hi
- XSS unquoted_attribute_low
- XSS unquoted_attribute_med
- XSS xss_content_tag_hi
- XSS xss_content_tag_med
- XSS xss_link_to_hi
- XSS xss_link_to_href_hi
- XSS xss_link_to_href_low
- XSS xss_link_to_med
- XSS xss_to_json_hi
- XSS xss_to_json_med
|
- CONSTANT_EXPRESSION_RESULT bit_and_with_zero
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT missing_parentheses
- CONSTANT_EXPRESSION_RESULT none
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT result_independent_of_operands
- CONSTANT_EXPRESSION_RESULT same_on_both_sides
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- COPY_PASTE_ERROR none
- DEADCODE dead_case_in_switch
- DEADCODE dead_default_in_switch
- DEADCODE effectively_constant
- DEADCODE none
- DEADCODE redundant_test
- FORWARD_NULL deref_constant_null
- FORWARD_NULL none
- IDENTICAL_BRANCHES case
- IDENTICAL_BRANCHES chain
- IDENTICAL_BRANCHES if
- IDENTICAL_BRANCHES ternary
- NESTING_INDENT_MISMATCH bad_indentation
- NESTING_INDENT_MISMATCH none
- NO_EFFECT none
- NO_EFFECT self_assign
- OVERFLOW_BEFORE_WIDEN none
- REVERSE_INULL none
- UNREACHABLE none
|
- BAD_CERT_VERIFICATION bad_trust_manager
- BAD_CERT_VERIFICATION none
- CONFIG.ATS_INSECURE none
- CONSTANT_EXPRESSION_RESULT bit_and_with_zero
- CONSTANT_EXPRESSION_RESULT none
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT result_independent_of_operands
- CONSTANT_EXPRESSION_RESULT same_on_both_sides
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- COPY_PASTE_ERROR none
- CUSTOM_KEYBOARD_DATA_LEAK none
- DEADCODE dead_case_in_switch
- DEADCODE dead_default_in_switch
- DEADCODE effectively_constant
- DEADCODE none
- DEADCODE redundant_test
- FORWARD_NULL deref_constant_null
- FORWARD_NULL none
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- IDENTICAL_BRANCHES case
- IDENTICAL_BRANCHES chain
- IDENTICAL_BRANCHES if
- IDENTICAL_BRANCHES ternary
- INSECURE_COMMUNICATION none
- INSECURE_MULTIPEER_CONNECTION none
- PATH_MANIPULATION none
- PROPERTY_MIXUP none
- PW.* none
- REGEX_INJECTION none
- REVERSE_INULL none
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- UNEXPECTED_CONTROL_FLOW continue_in_do_while_false
- UNEXPECTED_CONTROL_FLOW ignored_exception_to_optional
- UNEXPECTED_CONTROL_FLOW useless_defer
- WEAK_BIOMETRIC_AUTH none
- XML_EXTERNAL_ENTITY external_entities
- XPATH_INJECTION none
|
- ANGULAR_BYPASS_SECURITY none
- ANGULAR_ELEMENT_REFERENCE none
- ANGULAR_EXPRESSION_INJECTION none
- ANGULAR_SCE_DISABLED angular_sce_disabled
- AWS_SSL_DISABLED aws_ssl_disabled
- AWS_VALIDATION_DISABLED aws_credentials_validation
- AWS_VALIDATION_DISABLED aws_parameters_validation
- BAD_CERT_VERIFICATION bad_cert_verification
- BAD_CERT_VERIFICATION certificate_validation_disabled
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_fields
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_filesize
- CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
- CONFIG.CORDOVA_EXCESSIVE_LOGGING cordova
- CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_intent_whitelist
- CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_navigation_whitelist
- CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_network_request_whitelist
- CONFIG.CSURF_IGNORE_METHODS csurf_ignore_methods
- CONFIG.ENABLED_DEBUG_MODE debug_mode_enabled
- CONFIG.HANA_XS_PREVENT_XSRF_DISABLED none
- CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
- CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
- CONFIG.JSONWEBTOKEN_NON_EXPIRING_TOKEN jwt_non_expiring_token
- CONFIG.MISSING_GLOBAL_EXCEPTION_HANDLER winston_exception_handling
- CONFIG.MYSQL_SSL_VERIFY_DISABLED mysql_ssl_verify_disabled
- CONFIG.REQUEST_STRICTSSL_DISABLED request_strictssl_disabled
- CONFIG.SEQUELIZE_ENABLED_LOGGING sequelize_logging_enabled
- CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
- CONFIG.SOCKETIO_MAXHTTPBUFFERSIZE_SET_TOO_LARGE socketio_max_buffer_size
- CONFIG.SOCKETIO_ORIGINS_ACCEPT_ALL socketio_all_origins
- CONFIG.UNSAFE_SESSION_TIMEOUT client_sessions_unsafe_session_timeout
- CONFIG.UNSAFE_SESSION_TIMEOUT connect_mongo_session_timeout_too_long
- CONFIG.UNSAFE_SESSION_TIMEOUT connect_redis_session_timeout_too_long
- CONFIG.UNSAFE_SESSION_TIMEOUT google_cloud_connect_datastore_unsafe_session_timeout
- CONFIG.VUE_ROUTER_PARAMS_EXPOSED_TO_PROPS vuerouter_exposed_params
- CONSTANT_EXPRESSION_RESULT bit_and_with_zero
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT missing_parentheses
- CONSTANT_EXPRESSION_RESULT none
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT result_independent_of_operands
- CONSTANT_EXPRESSION_RESULT same_on_both_sides
- CONSTANT_EXPRESSION_RESULT typeof_misuse
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- COOKIE_INJECTION none
- COPY_PASTE_ERROR none
- CORS_MISCONFIGURATION cors_configured_globally
- CORS_MISCONFIGURATION cors_origin_string
- CORS_MISCONFIGURATION cors_with_credentials_all_origin
- CORS_MISCONFIGURATION cors_with_credentials_http_origin
- CORS_MISCONFIGURATION cors_with_credentials_null_origin
- CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
- CORS_MISCONFIGURATION_AUDIT cors_expose_sensitive_header
- CORS_MISCONFIGURATION_AUDIT cors_headers_allowed
- CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
- CORS_MISCONFIGURATION_AUDIT cors_origin_string
- CORS_MISCONFIGURATION_AUDIT cors_preflight_age_too_long
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_all_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_http_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_null_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
- CSRF database_update
- CSRF filesystem_modification
- CSRF none
- CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_cookie_name
- CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_no_validation
- CSRF_MISCONFIGURATION_HAPI_CRUMB insecure_cookie
- CSRF_MISCONFIGURATION_HAPI_CRUMB insufficient_token_entropy
- CSS_INJECTION none
- DEADCODE none
- DEADCODE redundant_test
- DNS_PREFETCHING helmet_dns_prefetching
- DOM_XSS none
- EXPLICIT_THIS_EXPECTED none
- EXPRESS_SESSION_UNSAFE_MEMORYSTORE express_session_unsafe_memorystore
- EXPRESS_WINSTON_SENSITIVE_LOGGING error_logger
- EXPRESS_WINSTON_SENSITIVE_LOGGING meta_data
- EXPRESS_WINSTON_SENSITIVE_LOGGING request_logger
- EXPRESS_X_POWERED_BY_ENABLED x_powered_by_http_header
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_fields
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_filesize
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_use_temp_files
- FORWARD_NULL bad_null_value_use
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HEADER_INJECTION none
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_max_age
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_report_uri
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_set_if
- IDENTICAL_BRANCHES case
- IDENTICAL_BRANCHES chain
- IDENTICAL_BRANCHES if
- IDENTICAL_BRANCHES ternary
- IDENTIFIER_TYPO none
- INSECURE_ACL insecure_acl
- INSECURE_COMMUNICATION insecure_connection
- INSECURE_COOKIE client_sessions_express_session
- INSECURE_COOKIE hapi_server_session
- INSECURE_RANDOM insecure_random_used
- INSECURE_RANDOM insecure_random_value
- INSECURE_REFERRER_POLICY insecure_referrer_policy
- INSECURE_SALT hardcoded
- INSUFFICIENT_LOGGING logging_obligation
- INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_aws
- INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_google
- JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_exipration
- JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_not_before
- JSONWEBTOKEN_UNTRUSTED_DECODE jwt_untrusted_decode
- LOCALSTORAGE_MANIPULATION none
- LOCALSTORAGE_WRITE none
- MISSING_AUTHZ none
- MISSING_BREAK none
- MISSING_IFRAME_SANDBOX none
- MULTER_MISCONFIGURATION multer_applied_globally
- MULTER_MISCONFIGURATION multer_custom_file_filter
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_count
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
- MULTER_MISCONFIGURATION multer_misconfiguration_of_limits
- MULTER_MISCONFIGURATION multer_misconfiguration_of_storage
- NESTING_INDENT_MISMATCH bad_indentation
- NESTING_INDENT_MISMATCH none
- NOSQL_QUERY_INJECTION none
- NO_EFFECT none
- NO_EFFECT self_assign
- NULL_RETURNS none
- OPEN_REDIRECT none
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- REACT_DANGEROUS_INNERHTML react_set_unsafe_html
- REGEX_INJECTION none
- REVERSE_INULL none
- REVERSE_TABNABBING react_target_blank
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO insecure_cipher
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SA.RISKY_CRYPTO ssl_protocol
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SESSIONSTORAGE_MANIPULATION none
- SQLI none
- SQLI nosink
- SQLI sink
- STRAY_SEMICOLON none
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
- TEMPLATE_INJECTION none
- TEMPORARY_CREDENTIALS_DURATION temporary_credentials_duration
- UNCHECKED_ORIGIN none
- UNEXPECTED_CONTROL_FLOW continue_in_do_while_false
- UNLESS_CASE_SENSITIVE_ROUTE_MATCHING express_unless_case_sensitive_route_matching
- UNREACHABLE none
- UNRESTRICTED_MESSAGE_TARGET none
- UNSAFE_BUFFER_METHOD unsafe_buffer_method
- UNSAFE_DESERIALIZATION none
- URL_MANIPULATION none
- VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
- WEAK_URL_SANITIZATION hostname_regular_expression
- WEAK_URL_SANITIZATION regular_expression_anchor
- WEAK_URL_SANITIZATION url_substring
- XML_EXTERNAL_ENTITY entity_expansion
- XML_EXTERNAL_ENTITY external_entities
- XSS none
|
- ASPNET_MVC_VERSION_HEADER none
- CALL_SUPER none
- CONFIG.DYNAMIC_DATA_HTML_COMMENT none
- CONFIG.MISSING_CUSTOM_ERROR_PAGE none
- COPY_PASTE_ERROR none
- CSRF database_update
- CSRF filesystem_modification
- CSRF none
- DEADCODE dead_case_in_switch
- DEADCODE dead_default_in_switch
- DEADCODE effectively_constant
- DEADCODE none
- DEADCODE redundant_test
- DIVIDE_BY_ZERO float_divisor
- DIVIDE_BY_ZERO none
- FORWARD_NULL deref_constant_null
- FORWARD_NULL deref_constant_zero
- FORWARD_NULL dynamic_cast
- FORWARD_NULL none
- FORWARD_NULL null_from_as
- FORWARD_NULL throws_on_null
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HEADER_INJECTION none
- IDENTICAL_BRANCHES case
- IDENTICAL_BRANCHES chain
- IDENTICAL_BRANCHES if
- IDENTICAL_BRANCHES ternary
- INFINITE_LOOP no_escape
- INFINITE_LOOP none
- INSECURE_RANDOM insecure_random_used
- INSECURE_RANDOM insecure_random_value
- LDAP_INJECTION none
- LDAP_NOT_CONSTANT none
- LOCK_EVASION none
- LOG_INJECTION none
- MISSING_AUTHZ none
- NULL_RETURNS none
- OPEN_REDIRECT none
- OS_CMD_INJECTION command_argument
- OS_CMD_INJECTION executable_file
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- PROPERTY_MIXUP none
- REGEX_INJECTION none
- RESOURCE_LEAK channel
- RESOURCE_LEAK database
- RESOURCE_LEAK exceptional_path
- RESOURCE_LEAK none
- RESOURCE_LEAK socket
- RESOURCE_LEAK stream
- REVERSE_INULL none
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
- SWAPPED_ARGUMENTS none
- UNEXPECTED_CONTROL_FLOW continue_in_do_while_false
- UNLOGGED_SECURITY_EXCEPTION unlogged_security_exception
- UNREACHABLE none
- UNRESTRICTED_DISPATCH none
- UNSAFE_DESERIALIZATION none
- UNSAFE_NAMED_QUERY none
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
- XML_EXTERNAL_ENTITY entity_expansion
- XML_EXTERNAL_ENTITY external_entities
- XML_EXTERNAL_ENTITY unrestricted_dtds
- XML_INJECTION none
- XPATH_INJECTION none
- XSS none
- XSS stored_xss
|
| 1001 SFP Secondary Cluster: Use of an Improper API |
- CALL_SUPER none
- MISSING_RESTORE likely
- MISSING_RESTORE none
- MISSING_RESTORE possible
- SWAPPED_ARGUMENTS none
|
- BAD_COMPARE comparator_misuse
- BAD_COMPARE none
- CHECKED_RETURN library_function
- CHECKED_RETURN none
- CHECKED_RETURN returns_error_info
- CHECKED_RETURN short_read
- CHECKED_RETURN unchecked_arg
- CHECKED_RETURN user_required
- CHROOT none
- COM.BSTR.ALLOC double_free
- DC.PREDICTABLE_KEY_PASSWORD none
- DC.STREAM_BUFFER none
- DC.STRING_BUFFER none
- DC.WEAK_CRYPTO none
- DELETE_VOID none
- EVALUATION_ORDER none
- INCOMPATIBLE_CAST endianness
- INVALIDATE_ITERATOR none
- LOCK double_lock
- LOCK lock_assert
- MISSING_RESTORE likely
- MISSING_RESTORE none
- MISSING_RESTORE possible
- NEGATIVE_RETURNS critical_argument
- OPEN_ARGS none
- PRINTF_ARGS extra_printf_arg
- PRINTF_ARGS invalid_printf_format_string
- PRINTF_ARGS invalid_type_printf_arg
- PRINTF_ARGS missing_printf_arg
- PW.BAD_PRINTF_FORMAT_STRING none
- PW.TOO_FEW_PRINTF_ARGS none
- PW.TOO_MANY_PRINTF_ARGS none
- SECURE_CODING none
- SWAPPED_ARGUMENTS none
- UNCAUGHT_EXCEPT none
- USE_AFTER_FREE double_free
- VARARGS none
- WEAK_GUARD dns
- WEAK_GUARD dns_sensitive_op
|
- BAD_COMPARE comparator_misuse
- BAD_COMPARE none
- CHECKED_RETURN library_function
- CHECKED_RETURN none
- CHECKED_RETURN returns_error_info
- CHECKED_RETURN short_read
- CHECKED_RETURN unchecked_arg
- CHECKED_RETURN user_required
- CHROOT none
- DC.PREDICTABLE_KEY_PASSWORD none
- DC.STREAM_BUFFER none
- DC.STRING_BUFFER none
- DC.WEAK_CRYPTO none
- DELETE_VOID none
- EVALUATION_ORDER none
- INCOMPATIBLE_CAST endianness
- INVALIDATE_ITERATOR none
- LOCK double_lock
- LOCK lock_assert
- MISSING_RESTORE likely
- MISSING_RESTORE none
- MISSING_RESTORE possible
- NEGATIVE_RETURNS critical_argument
- OPEN_ARGS none
- PRINTF_ARGS extra_printf_arg
- PRINTF_ARGS invalid_printf_format_string
- PRINTF_ARGS invalid_type_printf_arg
- PRINTF_ARGS missing_printf_arg
- PW.BAD_PRINTF_FORMAT_STRING none
- PW.TOO_FEW_PRINTF_ARGS none
- PW.TOO_MANY_PRINTF_ARGS none
- SECURE_CODING none
- SWAPPED_ARGUMENTS none
- UNCAUGHT_EXCEPT none
- USE_AFTER_FREE double_free
- VARARGS none
- WEAK_GUARD dns
- WEAK_GUARD dns_sensitive_op
|
- CHECKED_RETURN none
- CHECKED_RETURN unchecked_arg
- LOCK double_lock
- LOCK lock_assert
|
- ATTRIBUTE_NAME_CONFLICT jsp_tag
- BAD_CERT_VERIFICATION bad_trust_manager
- CALL_SUPER clone
- CALL_SUPER finalize
- CALL_SUPER none
- CHECKED_RETURN library_function
- CHECKED_RETURN none
- CHECKED_RETURN short_read
- CHECKED_RETURN user_required
- CONFIG.HTTP_VERB_TAMPERING none
- DC.DANGEROUS none
- FB.AM_CREATES_EMPTY_JAR_FILE_ENTRY none
- FB.AM_CREATES_EMPTY_ZIP_FILE_ENTRY none
- FB.CN_IDIOM none
- FB.CN_IDIOM_NO_SUPER_CALL none
- FB.CN_IMPLEMENTS_CLONE_BUT_NOT_CLONEABLE none
- FB.DMI_ANNOTATION_IS_NOT_VISIBLE_TO_REFLECTION none
- FB.DMI_ARGUMENTS_WRONG_ORDER none
- FB.DMI_BAD_MONTH none
- FB.DMI_BIGDECIMAL_CONSTRUCTED_FROM_DOUBLE none
- FB.DMI_BLOCKING_METHODS_ON_URL none
- FB.DMI_CALLING_NEXT_FROM_HASNEXT none
- FB.DMI_COLLECTIONS_SHOULD_NOT_CONTAIN_THEMSELVES none
- FB.DMI_COLLECTION_OF_URLS none
- FB.DMI_DOH none
- FB.DMI_ENTRY_SETS_MAY_REUSE_ENTRY_OBJECTS none
- FB.DMI_FUTILE_ATTEMPT_TO_CHANGE_MAXPOOL_SIZE_OF_SCHEDULED_THREAD none
- FB.DMI_HARDCODED_ABSOLUTE_FILENAME none
- FB.DMI_INVOKING_HASHCODE_ON_ARRAY none
- FB.DMI_INVOKING_TOSTRING_ON_ANONYMOUS_ARRAY none
- FB.DMI_INVOKING_TOSTRING_ON_ARRAY none
- FB.DMI_LONG_BITS_TO_DOUBLE_INVOKED_ON_INT none
- FB.DMI_NONSERIALIZABLE_OBJECT_WRITTEN none
- FB.DMI_RANDOM_USED_ONLY_ONCE none
- FB.DMI_SCHEDULED_THREAD_POOL_EXECUTOR_WITH_ZERO_CORE_THREADS none
- FB.DMI_THREAD_PASSED_WHERE_RUNNABLE_EXPECTED none
- FB.DMI_UNSUPPORTED_METHOD none
- FB.DMI_USELESS_SUBSTRING none
- FB.DMI_USING_REMOVEALL_TO_CLEAR_COLLECTION none
- FB.DMI_VACUOUS_CALL_TO_EASYMOCK_METHOD none
- FB.DMI_VACUOUS_SELF_COLLECTION_CALL none
- FB.DM_EXIT none
- FB.FI_EMPTY none
- FB.FI_EXPLICIT_INVOCATION none
- FB.FI_FINALIZER_NULLS_FIELDS none
- FB.FI_FINALIZER_ONLY_NULLS_FIELDS none
- FB.FI_MISSING_SUPER_CALL none
- FB.FI_NULLIFY_SUPER none
- FB.FI_USELESS none
- FB.J2EE_STORE_OF_NON_SERIALIZABLE_OBJECT_INTO_SESSION none
- FB.RU_INVOKE_RUN none
- FB.RV_01_TO_INT none
- FB.RV_ABSOLUTE_VALUE_OF_HASHCODE none
- FB.RV_ABSOLUTE_VALUE_OF_RANDOM_INT none
- FB.RV_CHECK_COMPARETO_FOR_SPECIFIC_RETURN_VALUE none
- FB.RV_CHECK_FOR_POSITIVE_INDEXOF none
- FB.RV_DONT_JUST_NULL_CHECK_READLINE none
- FB.RV_EXCEPTION_NOT_THROWN none
- FB.RV_NEGATING_RESULT_OF_COMPARETO none
- FB.RV_REM_OF_HASHCODE none
- FB.RV_REM_OF_RANDOM_INT none
- FB.RV_RETURN_VALUE_IGNORED none
- FB.RV_RETURN_VALUE_IGNORED2 none
- FB.RV_RETURN_VALUE_IGNORED_BAD_PRACTICE none
- FB.RV_RETURN_VALUE_IGNORED_INFERRED none
- FB.RV_RETURN_VALUE_IGNORED_NO_SIDE_EFFECT none
- FB.RV_RETURN_VALUE_OF_PUTIFABSENT_IGNORED none
- INSECURE_HTTP_FIREWALL spring_security
- INVALIDATE_ITERATOR map_put
- INVALIDATE_ITERATOR none
- MISSING_RESTORE likely
- MISSING_RESTORE none
- MISSING_RESTORE possible
- ORM_LOAD_NULL_CHECK none
- SWAPPED_ARGUMENTS none
- WEAK_GUARD dns
- WEAK_GUARD dns_sensitive_op
|
- EXPLICIT_THIS_EXPECTED none
- IDENTIFIER_TYPO none
|
- BAD_CERT_VERIFICATION bad_trust_manager
|
- BAD_COMPARE comparator_misuse
- BAD_COMPARE none
- CHECKED_RETURN library_function
- CHECKED_RETURN none
- CHECKED_RETURN short_read
- CHECKED_RETURN unchecked_arg
- CHECKED_RETURN user_required
- CHROOT none
- DC.PREDICTABLE_KEY_PASSWORD none
- DC.STREAM_BUFFER none
- DC.STRING_BUFFER none
- DC.WEAK_CRYPTO none
- DELETE_VOID none
- EVALUATION_ORDER none
- INCOMPATIBLE_CAST endianness
- INVALIDATE_ITERATOR none
- LOCK double_lock
- LOCK lock_assert
- MISSING_RESTORE likely
- MISSING_RESTORE none
- MISSING_RESTORE possible
- NEGATIVE_RETURNS critical_argument
- OPEN_ARGS none
- PRINTF_ARGS extra_printf_arg
- PRINTF_ARGS invalid_printf_format_string
- PRINTF_ARGS invalid_type_printf_arg
- PRINTF_ARGS missing_printf_arg
- SECURE_CODING none
- SWAPPED_ARGUMENTS none
- UNCAUGHT_EXCEPT none
- USE_AFTER_FREE double_free
- VARARGS none
- WEAK_GUARD dns
- WEAK_GUARD dns_sensitive_op
|
|
|
|
|
- BAD_CERT_VERIFICATION bad_trust_manager
|
- EXPLICIT_THIS_EXPECTED none
- IDENTIFIER_TYPO none
|
- CALL_SUPER none
- SWAPPED_ARGUMENTS none
|
| 1002 SFP Secondary Cluster: Unexpected Entry Points |
|
|
|
|
- CALL_SUPER clone
- CALL_SUPER finalize
- CONFIG.SPRING_SECURITY_DEBUG_MODE spring_debug_mode_enabled
- FB.CN_IDIOM none
- FB.CN_IDIOM_NO_SUPER_CALL none
- FB.CN_IMPLEMENTS_CLONE_BUT_NOT_CLONEABLE none
- FB.FI_PUBLIC_SHOULD_BE_PROTECTED none
- FB.MS_CANNOT_BE_FINAL none
|
- CONFIG.ENABLED_DEBUG_MODE debug_mode_enabled
|
|
|
|
|
|
|
|
- CONFIG.ENABLED_DEBUG_MODE debug_mode_enabled
|
|
| 1003 Weaknesses for Simplified Mapping of Published Vulnerabilities |
- ASPNET_MVC_VERSION_HEADER none
- BAD_EQ referential
- BAD_EQ_TYPES none
- BAD_LOCK_OBJECT boxed_lock
- BAD_LOCK_OBJECT interned_string_lock
- BAD_LOCK_OBJECT none
- BAD_LOCK_OBJECT single_thread_lock
- BAD_LOCK_OBJECT unsafe_assign_to_locked_field
- CONFIG.ASPNET_VERSION_HEADER none
- CONFIG.ASP_VIEWSTATE_MAC none
- CONFIG.CONNECTION_STRING_PASSWORD none
- CONFIG.COOKIES_MISSING_HTTPONLY none
- CONFIG.DEAD_AUTHORIZATION_RULE dead_allow_rule
- CONFIG.DEAD_AUTHORIZATION_RULE dead_deny_rule
- CONFIG.DYNAMIC_DATA_HTML_COMMENT none
- CONFIG.ENABLED_DEBUG_MODE none
- CONFIG.ENABLED_TRACE_MODE none
- CONFIG.MISSING_CUSTOM_ERROR_PAGE none
- CONSTANT_EXPRESSION_RESULT bit_and_with_zero
- CONSTANT_EXPRESSION_RESULT extra_high_bits
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT missing_parentheses
- CONSTANT_EXPRESSION_RESULT none
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT result_independent_of_operands
- CONSTANT_EXPRESSION_RESULT same_on_both_sides
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- COPY_PASTE_ERROR none
- CSRF database_update
- CSRF filesystem_modification
- CSRF none
- DEADCODE dead_case_in_switch
- DEADCODE dead_default_in_switch
- DEADCODE effectively_constant
- DEADCODE none
- DEADCODE redundant_test
- DIVIDE_BY_ZERO float_divisor
- DIVIDE_BY_ZERO none
- FORWARD_NULL deref_constant_null
- FORWARD_NULL deref_constant_zero
- FORWARD_NULL dynamic_cast
- FORWARD_NULL none
- FORWARD_NULL null_from_as
- FORWARD_NULL throws_on_null
- GUARDED_BY_VIOLATION none
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HEADER_INJECTION none
- IDENTICAL_BRANCHES case
- IDENTICAL_BRANCHES chain
- IDENTICAL_BRANCHES if
- IDENTICAL_BRANCHES ternary
- INFINITE_LOOP no_escape
- INFINITE_LOOP none
- INSECURE_COOKIE dotnet
- INSECURE_RANDOM insecure_random_used
- INSECURE_RANDOM insecure_random_value
- LDAP_INJECTION none
- LDAP_NOT_CONSTANT none
- LOCK_EVASION none
- LOCK_INVERSION none
- LOG_INJECTION none
- MISSING_AUTHZ none
- MISSING_THROW none
- NESTING_INDENT_MISMATCH bad_indentation
- NESTING_INDENT_MISMATCH none
- NON_STATIC_GUARDING_STATIC none
- NOSQL_QUERY_INJECTION none
- NULL_RETURNS none
- NULL_RETURNS unimpl
- OPEN_REDIRECT none
- OS_CMD_INJECTION command_argument
- OS_CMD_INJECTION executable_file
- OS_CMD_INJECTION none
- OVERFLOW_BEFORE_WIDEN none
- PATH_MANIPULATION none
- PROPERTY_MIXUP none
- REGEX_INJECTION none
- RESOURCE_LEAK channel
- RESOURCE_LEAK database
- RESOURCE_LEAK exceptional_path
- RESOURCE_LEAK none
- RESOURCE_LEAK socket
- RESOURCE_LEAK stream
- REVERSE_INULL none
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
- STRAY_SEMICOLON none
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- UNEXPECTED_CONTROL_FLOW continue_in_do_while_false
- UNKNOWN_LANGUAGE_INJECTION none
- UNLOGGED_SECURITY_EXCEPTION unlogged_security_exception
- UNREACHABLE none
- UNRESTRICTED_DISPATCH none
- UNSAFE_DESERIALIZATION none
- UNSAFE_NAMED_QUERY none
- UNUSED_VALUE adjacent
- UNUSED_VALUE none
- VOLATILE_ATOMICITY compare
- VOLATILE_ATOMICITY none
- VOLATILE_ATOMICITY semantic
- VOLATILE_ATOMICITY threshold
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
- XML_EXTERNAL_ENTITY entity_expansion
- XML_EXTERNAL_ENTITY external_entities
- XML_EXTERNAL_ENTITY unrestricted_dtds
- XML_INJECTION none
- XPATH_INJECTION none
- XSS none
- XSS stored_xss
|
- ALLOC_FREE_MISMATCH none
- ARRAY_VS_SINGLETON none
- ATOMICITY none
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK nested_memory_access
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK sensitive_data_comparison
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_execution_data_leak
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_uninitialized_use
- AUTOSAR C++14 A15-3-3 none
- BAD_ALLOC_ARITHMETIC none
- BAD_ALLOC_STRLEN none
- BAD_COMPARE comparator_misuse
- BAD_COMPARE misuse_of_not
- BAD_COMPARE string_lit_comparison
- BAD_FREE address
- BAD_FREE alloca
- BAD_FREE array
- BAD_FREE first_field_address
- BAD_FREE function_pointer
- BAD_FREE none
- BAD_SIZEOF none
- BAD_SIZEOF sizeof_ptr_expr
- BUFFER_SIZE fixed_size_dest
- BUFFER_SIZE likely_overflow
- BUFFER_SIZE no_null_terminator
- BUFFER_SIZE no_null_terminator_warn
- BUFFER_SIZE none
- BUFFER_SIZE overflow
- BUFFER_SIZE overlapping_buffer
- CHAR_IO none
- CHECKED_RETURN library_function
- CHECKED_RETURN none
- CHECKED_RETURN returns_error_info
- CHECKED_RETURN short_read
- CHECKED_RETURN unchecked_arg
- CHECKED_RETURN user_required
- CHROOT none
- COM.ADDROF_LEAK none
- COM.BAD_FREE none
- COM.BSTR.ALLOC double_free
- COM.BSTR.ALLOC free_uninit
- COM.BSTR.ALLOC leak
- COM.BSTR.ALLOC none
- COM.BSTR.ALLOC use_after_free
- COM.BSTR.ALLOC use_uninit
- COM.BSTR.CONV none
- CONSTANT_EXPRESSION_RESULT bit_and_with_zero
- CONSTANT_EXPRESSION_RESULT extra_high_bits
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT missing_parentheses
- CONSTANT_EXPRESSION_RESULT none
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT pointless_string_compare
- CONSTANT_EXPRESSION_RESULT result_independent_of_operands
- CONSTANT_EXPRESSION_RESULT same_on_both_sides
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- COPY_PASTE_ERROR none
- CTOR_DTOR_LEAK none
- DC.PREDICTABLE_KEY_PASSWORD none
- DC.STREAM_BUFFER none
- DC.STRING_BUFFER none
- DC.WEAK_CRYPTO none
- DEADCODE dead_case_in_switch
- DEADCODE dead_default_in_switch
- DEADCODE effectively_constant
- DEADCODE none
- DEADCODE redundant_test
- DELETE_ARRAY non_array_delete
- DELETE_ARRAY none
- DELETE_ARRAY object
- DELETE_ARRAY scalar
- DIVIDE_BY_ZERO float_divisor
- DIVIDE_BY_ZERO none
- ENUM_AS_BOOLEAN none
- FLOATING_POINT_EQUALITY none
- FORMAT_STRING_INJECTION none
- FORMAT_STRING_INJECTION paranoid
- FORWARD_NULL deref_constant_null
- FORWARD_NULL dynamic_cast
- FORWARD_NULL none
- FORWARD_NULL throws_on_null
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HEADER_INJECTION none
- IDENTICAL_BRANCHES case
- IDENTICAL_BRANCHES chain
- IDENTICAL_BRANCHES if
- IDENTICAL_BRANCHES ternary
- INCOMPATIBLE_CAST endianness
- INCOMPATIBLE_CAST float_vs_integral
- INCOMPATIBLE_CAST none
- INCOMPATIBLE_CAST overrun
- INFINITE_LOOP no_escape
- INFINITE_LOOP none
- INTEGER_OVERFLOW array_index_read
- INTEGER_OVERFLOW array_index_write
- INTEGER_OVERFLOW const_overflow
- INTEGER_OVERFLOW critical_argument
- INTEGER_OVERFLOW none
- INTEGER_OVERFLOW pointer_deref_read
- INTEGER_OVERFLOW pointer_deref_write
- INTEGER_OVERFLOW return_value_error
- INVALIDATE_ITERATOR none
- LOCK double_lock
- LOCK lock_assert
- LOCK missing_unlock
- LOCK none
- MISMATCHED_ITERATOR mismatched_comparison
- MISMATCHED_ITERATOR none
- MISMATCHED_ITERATOR splice_iterator_mismatch
- MISRA C++-2008 Rule 15-3-2 none
- MISRA_CAST bitwise_op_bad_cast
- MISRA_CAST bitwise_op_no_cast
- MISRA_CAST float_complex_conversion
- MISRA_CAST float_narrowing_conversion
- MISRA_CAST float_non_constant_arg_conversion
- MISRA_CAST float_non_constant_conversion
- MISRA_CAST float_non_constant_rtn_conversion
- MISRA_CAST float_to_integer_cast
- MISRA_CAST float_to_integer_conversion
- MISRA_CAST float_widening_cast
- MISRA_CAST integer_complex_conversion
- MISRA_CAST integer_narrowing_conversion
- MISRA_CAST integer_non_constant_arg_conversion
- MISRA_CAST integer_non_constant_conversion
- MISRA_CAST integer_non_constant_rtn_conversion
- MISRA_CAST integer_signedness_changing_cast
- MISRA_CAST integer_signedness_changing_conversion
- MISRA_CAST integer_to_float_cast
- MISRA_CAST integer_to_float_conversion
- MISRA_CAST integer_widening_cast
- MISRA_CAST none
- MISSING_ASSIGN none
- MISSING_ASSIGN uncalled
- MISSING_BREAK none
- MISSING_COPY none
- MISSING_COPY uncalled
- MISSING_LOCK none
- MIXED_ENUMS inferred
- MIXED_ENUMS none
- NEGATIVE_RETURNS array_index_read
- NEGATIVE_RETURNS array_index_write
- NEGATIVE_RETURNS loop_bound
- NEGATIVE_RETURNS none
- NESTING_INDENT_MISMATCH bad_indentation
- NESTING_INDENT_MISMATCH none
- NO_EFFECT array_null
- NO_EFFECT bad_memset_fill_value
- NO_EFFECT bad_memset_truncated_fill
- NO_EFFECT bad_memset_zero_size
- NO_EFFECT extra_comma
- NO_EFFECT incomplete_delete
- NO_EFFECT no_effect_deref
- NO_EFFECT no_effect_test
- NO_EFFECT self_assign
- NO_EFFECT static_through_instance
- NO_EFFECT unsigned_compare
- NO_EFFECT unsigned_compare_macros
- NO_EFFECT unsigned_enums
- NO_EFFECT useless_continue
- NULL_RETURNS none
- NULL_RETURNS unimpl
- ORDER_REVERSAL none
- OS_CMD_INJECTION none
- OVERFLOW_BEFORE_WIDEN none
- OVERRUN illegal_address
- OVERRUN none
- OVERRUN read
- OVERRUN strlen
- OVERRUN write
- PASS_BY_VALUE none
- PATH_MANIPULATION none
- PRINTF_ARGS invalid_printf_format_string
- PW.* none
- PW.ASSIGN_WHERE_COMPARE_MEANT none
- PW.BAD_CAST none
- PW.BRANCH_PAST_INITIALIZATION none
- PW.CONVERSION_TO_POINTER_LOSES_BITS none
- PW.DIVIDE_BY_ZERO none
- PW.INTEGER_OVERFLOW none
- PW.INTEGER_TOO_LARGE none
- PW.NON_CONST_PRINTF_FORMAT_STRING none
- PW.RETURN_PTR_TO_LOCAL_TEMP none
- PW.SHIFT_COUNT_TOO_LARGE none
- PW.UNSIGNED_COMPARE_WITH_NEGATIVE none
- READLINK none
- RESOURCE_LEAK exceptional_path
- RESOURCE_LEAK fds_handles
- RESOURCE_LEAK none
- RETURN_LOCAL escape_local_addr_to_fields_or_globals
- RETURN_LOCAL none
- REVERSE_INULL none
- REVERSE_NEGATIVE array_index_read
- REVERSE_NEGATIVE array_index_write
- REVERSE_NEGATIVE critical_argument
- REVERSE_NEGATIVE none
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SECURE_CODING none
- SECURE_TEMP none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SIGN_EXTENSION none
- SIZECHECK ampersand_in_size
- SIZECHECK improper_new
- SIZECHECK incorrect_multiplication
- SIZECHECK likely_overflow
- SIZECHECK no_null_terminator
- SIZECHECK none
- SIZEOF_MISMATCH extra_sizeof
- SIZEOF_MISMATCH missing_parentheses
- SIZEOF_MISMATCH none
- SIZEOF_MISMATCH sizeof_punning
- SIZEOF_MISMATCH wrong_size_value
- SIZEOF_MISMATCH wrong_sizeof
- SLEEP none
- SQLI none
- STACK_USE none
- STRAY_SEMICOLON none
- STRING_NULL none
- STRING_OVERFLOW fixed_size_dest
- STRING_OVERFLOW likely_overflow
- STRING_OVERFLOW none
- STRING_SIZE none
- TAINTED_SCALAR allocation
- TAINTED_SCALAR array_index_read
- TAINTED_SCALAR array_index_write
- TAINTED_SCALAR critical_argument
- TAINTED_SCALAR divisor
- TAINTED_SCALAR loop_bound
- TAINTED_SCALAR none
- TAINTED_SCALAR pointer_deref_read
- TAINTED_SCALAR pointer_deref_write
- TAINTED_STRING none
- TOCTOU none
- UNCAUGHT_EXCEPT none
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- UNEXPECTED_CONTROL_FLOW continue_in_do_while_false
- UNINIT array_index_read
- UNINIT array_index_write
- UNINIT none
- UNINIT pointer_deref_read
- UNINIT pointer_deref_write
- UNINIT_CTOR none
- UNINIT_CTOR pointer
- UNREACHABLE none
- UNUSED_VALUE adjacent
- UNUSED_VALUE none
- URL_MANIPULATION none
- USER_POINTER none
- USE_AFTER_FREE deref_read_after_free
- USE_AFTER_FREE deref_write_after_free
- USE_AFTER_FREE double_close
- USE_AFTER_FREE double_free
- USE_AFTER_FREE none
- USE_AFTER_FREE use_after_close
- VIRTUAL_DTOR empty_dtor
- VIRTUAL_DTOR none
- WEAK_GUARD dns
- WEAK_GUARD dns_sensitive_op
- WEAK_GUARD http_referer
- WEAK_GUARD http_referer_sensitive_op
- WEAK_GUARD ip_address
- WEAK_GUARD ip_address_sensitive_op
- WEAK_GUARD none
- WEAK_GUARD os_login
- WEAK_GUARD os_login_sensitive_op
- WEAK_GUARD principal_name
- WEAK_GUARD principal_name_sensitive_op
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
- WRAPPER_ESCAPE COM_deref_read_after_free
- WRAPPER_ESCAPE COM_deref_write_after_free
- WRAPPER_ESCAPE COM_use_after_free
- WRAPPER_ESCAPE deref_read_after_free
- WRAPPER_ESCAPE deref_write_after_free
- WRAPPER_ESCAPE none
- XPATH_INJECTION none
- Y2K38_SAFETY declaration_with_small_time_t
- Y2K38_SAFETY truncation_of_time_t
|
- ALLOC_FREE_MISMATCH none
- ARRAY_VS_SINGLETON none
- ATOMICITY none
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK nested_memory_access
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK sensitive_data_comparison
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_execution_data_leak
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_uninitialized_use
- AUTOSAR C++14 A15-3-3 none
- BAD_ALLOC_ARITHMETIC none
- BAD_ALLOC_STRLEN none
- BAD_COMPARE comparator_misuse
- BAD_COMPARE misuse_of_not
- BAD_COMPARE string_lit_comparison
- BAD_FREE address
- BAD_FREE alloca
- BAD_FREE array
- BAD_FREE first_field_address
- BAD_FREE function_pointer
- BAD_FREE none
- BAD_SIZEOF none
- BAD_SIZEOF sizeof_ptr_expr
- BUFFER_SIZE fixed_size_dest
- BUFFER_SIZE likely_overflow
- BUFFER_SIZE no_null_terminator
- BUFFER_SIZE no_null_terminator_warn
- BUFFER_SIZE none
- BUFFER_SIZE overflow
- BUFFER_SIZE overlapping_buffer
- CHAR_IO none
- CHECKED_RETURN library_function
- CHECKED_RETURN none
- CHECKED_RETURN returns_error_info
- CHECKED_RETURN short_read
- CHECKED_RETURN unchecked_arg
- CHECKED_RETURN user_required
- CHROOT none
- CONSTANT_EXPRESSION_RESULT bit_and_with_zero
- CONSTANT_EXPRESSION_RESULT extra_high_bits
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT missing_parentheses
- CONSTANT_EXPRESSION_RESULT none
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT pointless_string_compare
- CONSTANT_EXPRESSION_RESULT result_independent_of_operands
- CONSTANT_EXPRESSION_RESULT same_on_both_sides
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- COPY_PASTE_ERROR none
- CTOR_DTOR_LEAK none
- DC.PREDICTABLE_KEY_PASSWORD none
- DC.STREAM_BUFFER none
- DC.STRING_BUFFER none
- DC.WEAK_CRYPTO none
- DEADCODE dead_case_in_switch
- DEADCODE dead_default_in_switch
- DEADCODE effectively_constant
- DEADCODE none
- DEADCODE redundant_test
- DELETE_ARRAY non_array_delete
- DELETE_ARRAY none
- DELETE_ARRAY object
- DELETE_ARRAY scalar
- DIVIDE_BY_ZERO float_divisor
- DIVIDE_BY_ZERO none
- ENUM_AS_BOOLEAN none
- FORMAT_STRING_INJECTION none
- FORMAT_STRING_INJECTION paranoid
- FORWARD_NULL deref_constant_null
- FORWARD_NULL dynamic_cast
- FORWARD_NULL none
- FORWARD_NULL throws_on_null
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HEADER_INJECTION none
- IDENTICAL_BRANCHES case
- IDENTICAL_BRANCHES chain
- IDENTICAL_BRANCHES if
- IDENTICAL_BRANCHES ternary
- INCOMPATIBLE_CAST endianness
- INCOMPATIBLE_CAST float_vs_integral
- INCOMPATIBLE_CAST none
- INCOMPATIBLE_CAST overrun
- INFINITE_LOOP no_escape
- INFINITE_LOOP none
- INTEGER_OVERFLOW array_index_read
- INTEGER_OVERFLOW array_index_write
- INTEGER_OVERFLOW const_overflow
- INTEGER_OVERFLOW critical_argument
- INTEGER_OVERFLOW none
- INTEGER_OVERFLOW pointer_deref_read
- INTEGER_OVERFLOW pointer_deref_write
- INTEGER_OVERFLOW return_value_error
- INVALIDATE_ITERATOR none
- LOCK double_lock
- LOCK lock_assert
- LOCK missing_unlock
- LOCK none
- MISMATCHED_ITERATOR mismatched_comparison
- MISMATCHED_ITERATOR none
- MISMATCHED_ITERATOR splice_iterator_mismatch
- MISRA C++-2008 Rule 15-3-2 none
- MISRA_CAST bitwise_op_bad_cast
- MISRA_CAST bitwise_op_no_cast
- MISRA_CAST float_complex_conversion
- MISRA_CAST float_narrowing_conversion
- MISRA_CAST float_non_constant_arg_conversion
- MISRA_CAST float_non_constant_conversion
- MISRA_CAST float_non_constant_rtn_conversion
- MISRA_CAST float_to_integer_cast
- MISRA_CAST float_to_integer_conversion
- MISRA_CAST float_widening_cast
- MISRA_CAST integer_complex_conversion
- MISRA_CAST integer_narrowing_conversion
- MISRA_CAST integer_non_constant_arg_conversion
- MISRA_CAST integer_non_constant_conversion
- MISRA_CAST integer_non_constant_rtn_conversion
- MISRA_CAST integer_signedness_changing_cast
- MISRA_CAST integer_signedness_changing_conversion
- MISRA_CAST integer_to_float_cast
- MISRA_CAST integer_to_float_conversion
- MISRA_CAST integer_widening_cast
- MISRA_CAST none
- MISSING_ASSIGN none
- MISSING_ASSIGN uncalled
- MISSING_BREAK none
- MISSING_COPY none
- MISSING_COPY uncalled
- MISSING_LOCK none
- MIXED_ENUMS inferred
- MIXED_ENUMS none
- NEGATIVE_RETURNS array_index_read
- NEGATIVE_RETURNS array_index_write
- NEGATIVE_RETURNS loop_bound
- NEGATIVE_RETURNS none
- NESTING_INDENT_MISMATCH bad_indentation
- NESTING_INDENT_MISMATCH none
- NO_EFFECT array_null
- NO_EFFECT bad_memset_fill_value
- NO_EFFECT bad_memset_truncated_fill
- NO_EFFECT bad_memset_zero_size
- NO_EFFECT extra_comma
- NO_EFFECT incomplete_delete
- NO_EFFECT no_effect_deref
- NO_EFFECT no_effect_test
- NO_EFFECT self_assign
- NO_EFFECT static_through_instance
- NO_EFFECT unsigned_compare
- NO_EFFECT unsigned_compare_macros
- NO_EFFECT unsigned_enums
- NO_EFFECT useless_continue
- NULL_RETURNS none
- NULL_RETURNS unimpl
- ORDER_REVERSAL none
- OS_CMD_INJECTION none
- OVERFLOW_BEFORE_WIDEN none
- OVERRUN illegal_address
- OVERRUN none
- OVERRUN read
- OVERRUN strlen
- OVERRUN write
- PASS_BY_VALUE none
- PATH_MANIPULATION none
- PRINTF_ARGS invalid_printf_format_string
- PW.* none
- PW.ASSIGN_WHERE_COMPARE_MEANT none
- PW.BAD_CAST none
- PW.BRANCH_PAST_INITIALIZATION none
- PW.CONVERSION_TO_POINTER_LOSES_BITS none
- PW.DIVIDE_BY_ZERO none
- PW.INTEGER_OVERFLOW none
- PW.INTEGER_TOO_LARGE none
- PW.NON_CONST_PRINTF_FORMAT_STRING none
- PW.RETURN_PTR_TO_LOCAL_TEMP none
- PW.SHIFT_COUNT_TOO_LARGE none
- PW.UNSIGNED_COMPARE_WITH_NEGATIVE none
- READLINK none
- RESOURCE_LEAK exceptional_path
- RESOURCE_LEAK fds_handles
- RESOURCE_LEAK none
- RETURN_LOCAL escape_local_addr_to_fields_or_globals
- RETURN_LOCAL none
- REVERSE_INULL none
- REVERSE_NEGATIVE array_index_read
- REVERSE_NEGATIVE array_index_write
- REVERSE_NEGATIVE critical_argument
- REVERSE_NEGATIVE none
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SECURE_CODING none
- SECURE_TEMP none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SIGN_EXTENSION none
- SIZECHECK ampersand_in_size
- SIZECHECK improper_new
- SIZECHECK incorrect_multiplication
- SIZECHECK likely_overflow
- SIZECHECK no_null_terminator
- SIZECHECK none
- SIZEOF_MISMATCH extra_sizeof
- SIZEOF_MISMATCH missing_parentheses
- SIZEOF_MISMATCH none
- SIZEOF_MISMATCH sizeof_punning
- SIZEOF_MISMATCH wrong_size_value
- SIZEOF_MISMATCH wrong_sizeof
- SLEEP none
- SQLI none
- STACK_USE none
- STRAY_SEMICOLON none
- STRING_NULL none
- STRING_OVERFLOW fixed_size_dest
- STRING_OVERFLOW likely_overflow
- STRING_OVERFLOW none
- STRING_SIZE none
- TAINTED_SCALAR allocation
- TAINTED_SCALAR array_index_read
- TAINTED_SCALAR array_index_write
- TAINTED_SCALAR critical_argument
- TAINTED_SCALAR divisor
- TAINTED_SCALAR loop_bound
- TAINTED_SCALAR none
- TAINTED_SCALAR pointer_deref_read
- TAINTED_SCALAR pointer_deref_write
- TAINTED_STRING none
- TOCTOU none
- UNCAUGHT_EXCEPT none
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- UNEXPECTED_CONTROL_FLOW continue_in_do_while_false
- UNINIT array_index_read
- UNINIT array_index_write
- UNINIT none
- UNINIT pointer_deref_read
- UNINIT pointer_deref_write
- UNINIT_CTOR none
- UNINIT_CTOR pointer
- UNREACHABLE none
- UNUSED_VALUE adjacent
- UNUSED_VALUE none
- URL_MANIPULATION none
- USER_POINTER none
- USE_AFTER_FREE deref_read_after_free
- USE_AFTER_FREE deref_write_after_free
- USE_AFTER_FREE double_close
- USE_AFTER_FREE double_free
- USE_AFTER_FREE none
- USE_AFTER_FREE use_after_close
- VIRTUAL_DTOR empty_dtor
- VIRTUAL_DTOR none
- WEAK_GUARD dns
- WEAK_GUARD dns_sensitive_op
- WEAK_GUARD http_referer
- WEAK_GUARD http_referer_sensitive_op
- WEAK_GUARD ip_address
- WEAK_GUARD ip_address_sensitive_op
- WEAK_GUARD none
- WEAK_GUARD os_login
- WEAK_GUARD os_login_sensitive_op
- WEAK_GUARD principal_name
- WEAK_GUARD principal_name_sensitive_op
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
- WRAPPER_ESCAPE COM_deref_read_after_free
- WRAPPER_ESCAPE COM_deref_write_after_free
- WRAPPER_ESCAPE COM_use_after_free
- WRAPPER_ESCAPE deref_read_after_free
- WRAPPER_ESCAPE deref_write_after_free
- WRAPPER_ESCAPE none
- XPATH_INJECTION none
|
- ATOMICITY none
- CHECKED_RETURN none
- CHECKED_RETURN unchecked_arg
- CONSTANT_EXPRESSION_RESULT bit_and_with_zero
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT missing_parentheses
- CONSTANT_EXPRESSION_RESULT none
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT result_independent_of_operands
- CONSTANT_EXPRESSION_RESULT same_on_both_sides
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- COPY_PASTE_ERROR none
- DEADCODE dead_case_in_switch
- DEADCODE dead_default_in_switch
- DEADCODE effectively_constant
- DEADCODE none
- DEADCODE redundant_test
- DISTRUSTED_DATA_DESERIALIZATION none
- DIVIDE_BY_ZERO float_divisor
- DIVIDE_BY_ZERO none
- FORWARD_NULL deref_constant_null
- FORWARD_NULL none
- GUARDED_BY_VIOLATION none
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HEADER_INJECTION none
- IDENTICAL_BRANCHES case
- IDENTICAL_BRANCHES chain
- IDENTICAL_BRANCHES if
- IDENTICAL_BRANCHES ternary
- INFINITE_LOOP no_escape
- INFINITE_LOOP none
- INSUFFICIENT_LOGGING logging_obligation
- LOCK double_lock
- LOCK lock_assert
- LOCK missing_unlock
- LOCK none
- LOCK_INVERSION none
- NOSQL_QUERY_INJECTION none
- NULL_RETURNS none
- NULL_RETURNS unimpl
- OPEN_REDIRECT none
- OS_CMD_INJECTION command_as_one_string
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- REVERSE_INULL none
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SLEEP none
- SQLI none
- SQLI nosink
- SQLI sink
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
- TEMPLATE_INJECTION none
- UNUSED_VALUE adjacent
- UNUSED_VALUE none
- URL_MANIPULATION none
- XML_EXTERNAL_ENTITY entity_expansion
- XML_EXTERNAL_ENTITY external_entities
- XSS none
|
- ANDROID_CAPABILITY_LEAK none
- ANDROID_DEBUG_MODE none
- ANDROID_WEBVIEW_FILEACCESS android_webview_file_access
- ATOMICITY none
- BAD_CERT_VERIFICATION bad_hostname_verifier
- BAD_CERT_VERIFICATION bad_revocation_check
- BAD_CERT_VERIFICATION bad_ssl_session
- BAD_CERT_VERIFICATION bad_trust_manager
- BAD_LOCK_OBJECT boxed_lock
- BAD_LOCK_OBJECT interned_string_lock
- BAD_LOCK_OBJECT none
- BAD_LOCK_OBJECT single_thread_lock
- BAD_LOCK_OBJECT unsafe_assign_to_locked_field
- CALL_SUPER clone
- CALL_SUPER finalize
- CHECKED_RETURN library_function
- CHECKED_RETURN none
- CHECKED_RETURN short_read
- CHECKED_RETURN user_required
- CONFIG.ANDROID_BACKUPS_ALLOWED android
- CONFIG.DUPLICATE_SERVLET_DEFINITION none
- CONFIG.DWR_DEBUG_MODE none
- CONFIG.DYNAMIC_DATA_HTML_COMMENT none
- CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
- CONFIG.HTTP_VERB_TAMPERING none
- CONFIG.JAVAEE_MISSING_HTTPONLY none
- CONFIG.JAVAEE_MISSING_SERVLET_MAPPING javaee
- CONFIG.MISSING_GLOBAL_EXCEPTION_HANDLER none
- CONFIG.MISSING_JSF2_SECURITY_CONSTRAINT none
- CONFIG.MYBATIS_MAPPER_SQLI none
- CONFIG.SPRING_BOOT_SENSITIVE_LOGGING spring_boot_logging
- CONFIG.SPRING_BOOT_SSL_DISABLED spring_boot_certificate_validation_skipped
- CONFIG.SPRING_BOOT_SSL_DISABLED spring_boot_ssl_disabled
- CONFIG.SPRING_SECURITY_CSRF_PROTECTION_DISABLED spring_security
- CONFIG.SPRING_SECURITY_DEBUG_MODE spring_debug_mode_enabled
- CONFIG.SPRING_SECURITY_DEPRECATED_XSS_HEADER deprecated_xss_header
- CONFIG.SPRING_SECURITY_DISABLE_AUTH_TAGS none
- CONFIG.SPRING_SECURITY_EXPOSED_SESSIONID session_id_in_url
- CONFIG.SPRING_SECURITY_HARDCODED_CREDENTIALS none
- CONFIG.SPRING_SECURITY_LOGIN_OVER_HTTP spring_security_login_over_http
- CONFIG.SPRING_SECURITY_REMEMBER_ME_HARDCODED_KEY none
- CONFIG.SPRING_SECURITY_SESSION_FIXATION none
- CONFIG.SPRING_SECURITY_SESSION_FIXATION spring_security_source_code
- CONFIG.SPRING_SECURITY_UNSAFE_AUTHENTICATION_FILTER authentication_filter
- CONFIG.SPRING_SECURITY_WEAK_PASSWORD_HASH weak_encoding_for_password
- CONFIG.STRUTS2_CONFIG_BROWSER_PLUGIN none
- CONFIG.STRUTS2_DYNAMIC_METHOD_INVOCATION none
- CONFIG.STRUTS2_ENABLED_DEV_MODE none
- CONFIG.UNSAFE_SESSION_TIMEOUT none
- CONSTANT_EXPRESSION_RESULT bit_and_with_zero
- CONSTANT_EXPRESSION_RESULT extra_high_bits
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT missing_parentheses
- CONSTANT_EXPRESSION_RESULT none
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT result_independent_of_operands
- CONSTANT_EXPRESSION_RESULT same_on_both_sides
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- COPY_PASTE_ERROR none
- CORS_MISCONFIGURATION cors_with_credentials_http_origin
- CORS_MISCONFIGURATION cors_with_credentials_null_origin
- CORS_MISCONFIGURATION_AUDIT cors_expose_sensitive_header
- CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
- CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
- CSRF database_update
- CSRF filesystem_modification
- CSRF none
- DC.DANGEROUS none
- DC.DEADLOCK none
- DEADCODE dead_case_in_switch
- DEADCODE dead_default_in_switch
- DEADCODE effectively_constant
- DEADCODE none
- DEADCODE redundant_test
- DISABLED_ENCRYPTION text_encryptor
- DIVIDE_BY_ZERO float_divisor
- DIVIDE_BY_ZERO none
- EL_INJECTION none
- EXPOSED_PREFERENCES none
- FB.BC_IMPOSSIBLE_CAST none
- FB.BC_IMPOSSIBLE_DOWNCAST none
- FB.BC_IMPOSSIBLE_DOWNCAST_OF_TOARRAY none
- FB.BC_IMPOSSIBLE_INSTANCEOF none
- FB.BC_NULL_INSTANCEOF none
- FB.BC_VACUOUS_INSTANCEOF none
- FB.BX_BOXING_IMMEDIATELY_UNBOXED_TO_PERFORM_COERCION none
- FB.CN_IDIOM none
- FB.CN_IDIOM_NO_SUPER_CALL none
- FB.CN_IMPLEMENTS_CLONE_BUT_NOT_CLONEABLE none
- FB.DC_DOUBLECHECK none
- FB.DC_PARTIALLY_CONSTRUCTED none
- FB.DE_MIGHT_DROP none
- FB.DE_MIGHT_IGNORE none
- FB.DLS_DEAD_LOCAL_INCREMENT_IN_RETURN none
- FB.DLS_DEAD_LOCAL_STORE none
- FB.DLS_DEAD_LOCAL_STORE_IN_RETURN none
- FB.DLS_DEAD_LOCAL_STORE_OF_NULL none
- FB.DLS_DEAD_LOCAL_STORE_SHADOWS_FIELD none
- FB.DLS_DEAD_STORE_OF_CLASS_LITERAL none
- FB.DLS_OVERWRITTEN_INCREMENT none
- FB.DMI_CONSTANT_DB_PASSWORD none
- FB.DMI_EMPTY_DB_PASSWORD none
- FB.DM_EXIT none
- FB.EI_EXPOSE_REP none
- FB.EI_EXPOSE_REP2 none
- FB.EQ_ABSTRACT_SELF none
- FB.EQ_ALWAYS_FALSE none
- FB.EQ_ALWAYS_TRUE none
- FB.EQ_CHECK_FOR_OPERAND_NOT_COMPATIBLE_WITH_THIS none
- FB.EQ_COMPARETO_USE_OBJECT_EQUALS none
- FB.EQ_COMPARING_CLASS_NAMES none
- FB.EQ_DOESNT_OVERRIDE_EQUALS none
- FB.EQ_DONT_DEFINE_EQUALS_FOR_ENUM none
- FB.EQ_GETCLASS_AND_CLASS_CONSTANT none
- FB.EQ_OTHER_NO_OBJECT none
- FB.EQ_OTHER_USE_OBJECT none
- FB.EQ_OVERRIDING_EQUALS_NOT_SYMMETRIC none
- FB.EQ_SELF_NO_OBJECT none
- FB.EQ_SELF_USE_OBJECT none
- FB.EQ_UNUSUAL none
- FB.ESYNC_EMPTY_SYNC none
- FB.ES_COMPARING_PARAMETER_STRING_WITH_EQ none
- FB.ES_COMPARING_STRINGS_WITH_EQ none
- FB.FI_EMPTY none
- FB.FI_EXPLICIT_INVOCATION none
- FB.FI_FINALIZER_NULLS_FIELDS none
- FB.FI_FINALIZER_ONLY_NULLS_FIELDS none
- FB.FI_MISSING_SUPER_CALL none
- FB.FI_NULLIFY_SUPER none
- FB.FI_PUBLIC_SHOULD_BE_PROTECTED none
- FB.FI_USELESS none
- FB.HRS_REQUEST_PARAMETER_TO_COOKIE none
- FB.HRS_REQUEST_PARAMETER_TO_HTTP_HEADER none
- FB.ICAST_BAD_SHIFT_AMOUNT none
- FB.ICAST_IDIV_CAST_TO_DOUBLE none
- FB.ICAST_INTEGER_MULTIPLY_CAST_TO_LONG none
- FB.ICAST_INT_2_LONG_AS_INSTANT none
- FB.ICAST_INT_CAST_TO_DOUBLE_PASSED_TO_CEIL none
- FB.ICAST_INT_CAST_TO_FLOAT_PASSED_TO_ROUND none
- FB.ICAST_QUESTIONABLE_UNSIGNED_RIGHT_SHIFT none
- FB.IL_INFINITE_RECURSIVE_LOOP none
- FB.IP_PARAMETER_IS_DEAD_BUT_OVERWRITTEN none
- FB.IS2_INCONSISTENT_SYNC none
- FB.IS_FIELD_NOT_GUARDED none
- FB.IS_INCONSISTENT_SYNC none
- FB.LI_LAZY_INIT_STATIC none
- FB.LI_LAZY_INIT_UPDATE_STATIC none
- FB.MS_CANNOT_BE_FINAL none
- FB.NP_ALWAYS_NULL none
- FB.NP_ALWAYS_NULL_EXCEPTION none
- FB.NP_ARGUMENT_MIGHT_BE_NULL none
- FB.NP_BOOLEAN_RETURN_NULL none
- FB.NP_CLONE_COULD_RETURN_NULL none
- FB.NP_CLOSING_NULL none
- FB.NP_DEREFERENCE_OF_READLINE_VALUE none
- FB.NP_DOES_NOT_HANDLE_NULL none
- FB.NP_EQUALS_SHOULD_HANDLE_NULL_ARGUMENT none
- FB.NP_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR none
- FB.NP_GUARANTEED_DEREF none
- FB.NP_GUARANTEED_DEREF_ON_EXCEPTION_PATH none
- FB.NP_IMMEDIATE_DEREFERENCE_OF_READLINE none
- FB.NP_LOAD_OF_KNOWN_NULL_VALUE none
- FB.NP_METHOD_PARAMETER_RELAXING_ANNOTATION none
- FB.NP_METHOD_PARAMETER_TIGHTENS_ANNOTATION none
- FB.NP_METHOD_RETURN_RELAXING_ANNOTATION none
- FB.NP_NONNULL_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR none
- FB.NP_NONNULL_PARAM_VIOLATION none
- FB.NP_NONNULL_RETURN_VIOLATION none
- FB.NP_NULL_INSTANCEOF none
- FB.NP_NULL_ON_SOME_PATH none
- FB.NP_NULL_ON_SOME_PATH_EXCEPTION none
- FB.NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE none
- FB.NP_NULL_ON_SOME_PATH_MIGHT_BE_INFEASIBLE none
- FB.NP_NULL_PARAM_DEREF none
- FB.NP_NULL_PARAM_DEREF_ALL_TARGETS_DANGEROUS none
- FB.NP_NULL_PARAM_DEREF_NONVIRTUAL none
- FB.NP_OPTIONAL_RETURN_NULL none
- FB.NP_PARAMETER_MUST_BE_NONNULL_BUT_MARKED_AS_NULLABLE none
- FB.NP_STORE_INTO_NONNULL_FIELD none
- FB.NP_SYNC_AND_NULL_CHECK_FIELD none
- FB.NP_TOSTRING_COULD_RETURN_NULL none
- FB.NP_UNWRITTEN_FIELD none
- FB.NP_UNWRITTEN_PUBLIC_OR_PROTECTED_FIELD none
- FB.PT_ABSOLUTE_PATH_TRAVERSAL none
- FB.PT_RELATIVE_PATH_TRAVERSAL none
- FB.QBA_QUESTIONABLE_BOOLEAN_ASSIGNMENT none
- FB.RCN_REDUNDANT_COMPARISON_OF_NULL_AND_NONNULL_VALUE none
- FB.RCN_REDUNDANT_COMPARISON_TWO_NULL_VALUES none
- FB.RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE none
- FB.RCN_REDUNDANT_NULLCHECK_OF_NULL_VALUE none
- FB.RCN_REDUNDANT_NULLCHECK_WOULD_HAVE_BEEN_A_NPE none
- FB.REC_CATCH_EXCEPTION none
- FB.RE_BAD_SYNTAX_FOR_REGULAR_EXPRESSION none
- FB.RE_CANT_USE_FILE_SEPARATOR_AS_REGULAR_EXPRESSION none
- FB.RE_POSSIBLE_UNINTENDED_PATTERN none
- FB.RU_INVOKE_RUN none
- FB.RV_RETURN_VALUE_IGNORED_BAD_PRACTICE none
- FB.SF_DEAD_STORE_DUE_TO_SWITCH_FALLTHROUGH none
- FB.SF_DEAD_STORE_DUE_TO_SWITCH_FALLTHROUGH_TO_THROW none
- FB.SF_SWITCH_FALLTHROUGH none
- FB.SQL_NONCONSTANT_STRING_PASSED_TO_EXECUTE none
- FB.SQL_PREPARED_STATEMENT_GENERATED_FROM_NONCONSTANT_STRING none
- FB.STCAL_INVOKE_ON_STATIC_CALENDAR_INSTANCE none
- FB.STCAL_INVOKE_ON_STATIC_DATE_FORMAT_INSTANCE none
- FB.STCAL_STATIC_CALENDAR_INSTANCE none
- FB.STCAL_STATIC_SIMPLE_DATE_FORMAT_INSTANCE none
- FB.XSS_REQUEST_PARAMETER_TO_JSP_WRITER none
- FB.XSS_REQUEST_PARAMETER_TO_SEND_ERROR none
- FB.XSS_REQUEST_PARAMETER_TO_SERVLET_WRITER none
- FORWARD_NULL deref_constant_null
- FORWARD_NULL deref_constant_zero
- FORWARD_NULL needs_null_check
- FORWARD_NULL none
- GUARDED_BY_VIOLATION none
- GUARDED_BY_VIOLATION unlocked_read
- GUARDED_BY_VIOLATION unlocked_write
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HEADER_INJECTION none
- HIBERNATE_BAD_HASHCODE bad_equals
- IDENTICAL_BRANCHES case
- IDENTICAL_BRANCHES chain
- IDENTICAL_BRANCHES if
- IDENTICAL_BRANCHES ternary
- IMPLICIT_INTENT none
- INFINITE_LOOP no_escape
- INFINITE_LOOP none
- INSECURE_COMMUNICATION insecure_communication
- INSECURE_COMMUNICATION none
- INSECURE_COMMUNICATION unencrypted_connection
- INSECURE_COOKIE java
- INSECURE_HTTP_FIREWALL spring_security
- INSECURE_RANDOM insecure_random_used
- INSECURE_RANDOM insecure_random_value
- INSECURE_REMEMBER_ME_COOKIE remember_me_cookie
- INVALIDATE_ITERATOR map_put
- INVALIDATE_ITERATOR none
- JAVA_CODE_INJECTION none
- JCR_INJECTION none
- JSP_DYNAMIC_INCLUDE none
- JSP_SQL_INJECTION none
- LDAP_INJECTION none
- LDAP_NOT_CONSTANT none
- LOCK_EVASION none
- LOCK_INVERSION none
- LOG_INJECTION none
- MISSING_AUTHZ none
- MISSING_BREAK none
- MISSING_HEADER_VALIDATION missing_header_validation
- MISSING_PERMISSION_FOR_BROADCAST none
- MISSING_PERMISSION_ON_EXPORTED_COMPONENT none
- MISSING_THROW none
- MOBILE_ID_MISUSE none
- NESTING_INDENT_MISMATCH bad_indentation
- NESTING_INDENT_MISMATCH none
- NON_STATIC_GUARDING_STATIC none
- NOSQL_QUERY_INJECTION none
- NULL_RETURNS none
- NULL_RETURNS unimpl
- OGNL_INJECTION none
- OPEN_REDIRECT none
- ORM_LOAD_NULL_CHECK none
- OS_CMD_INJECTION command_as_array_of_args
- OS_CMD_INJECTION command_as_one_string
- OS_CMD_INJECTION none
- OVERFLOW_BEFORE_WIDEN none
- PATH_MANIPULATION none
- PREDICTABLE_RANDOM_SEED random_seed
- PREDICTABLE_RANDOM_SEED secure_random_seed_const
- PREDICTABLE_RANDOM_SEED secure_random_seed_sys_time
- PROPERTY_MIXUP none
- REGEX_CONFUSION none
- REGEX_INJECTION none
- RESOURCE_LEAK exceptional_path
- RESOURCE_LEAK none
- RESOURCE_LEAK socket
- RESOURCE_LEAK stream
- REVERSE_INULL none
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_clipboard
- SENSITIVE_DATA_LEAK cleartext_storage_in_content_provider
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_intent
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SERVLET_ATOMICITY attribute_init_race
- SERVLET_ATOMICITY none
- SERVLET_ATOMICITY violation_on_session_object
- SESSION_FIXATION none
- SINGLETON_RACE none
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
- STRAY_SEMICOLON none
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
- TRUST_BOUNDARY_VIOLATION none
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- UNEXPECTED_CONTROL_FLOW continue_in_do_while_false
- UNKNOWN_LANGUAGE_INJECTION none
- UNLIMITED_CONCURRENT_SESSIONS unlimited_concurrent_sessions
- UNLOGGED_SECURITY_EXCEPTION unlogged_security_exception
- UNREACHABLE none
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_access
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_read
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_write
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_access
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_read
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_write
- UNRESTRICTED_DISPATCH none
- UNSAFE_DESERIALIZATION none
- UNSAFE_JNI none
- UNSAFE_NAMED_QUERY none
- UNSAFE_REFLECTION none
- UNUSED_VALUE adjacent
- UNUSED_VALUE none
- URL_MANIPULATION bad_content_uri
- URL_MANIPULATION bad_intent_uri
- URL_MANIPULATION bad_web_uri
- USE_AFTER_FREE none
- VERBOSE_ERROR_REPORTING exception_information
- VERBOSE_ERROR_REPORTING stack_trace
- VOLATILE_ATOMICITY compare
- VOLATILE_ATOMICITY none
- VOLATILE_ATOMICITY semantic
- VOLATILE_ATOMICITY threshold
- WEAK_GUARD dns
- WEAK_GUARD dns_sensitive_op
- WEAK_GUARD http_referer
- WEAK_GUARD http_referer_sensitive_op
- WEAK_GUARD ip_address
- WEAK_GUARD ip_address_sensitive_op
- WEAK_GUARD none
- WEAK_GUARD os_login
- WEAK_GUARD os_login_sensitive_op
- WEAK_GUARD principal_name
- WEAK_GUARD principal_name_sensitive_op
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
- XML_EXTERNAL_ENTITY entity_expansion
- XML_EXTERNAL_ENTITY external_entities
- XML_EXTERNAL_ENTITY unrestricted_dtds
- XML_INJECTION none
- XPATH_INJECTION none
- XSS none
- XSS stored_xss
|
- ANGULAR_BYPASS_SECURITY none
- ANGULAR_ELEMENT_REFERENCE none
- ANGULAR_EXPRESSION_INJECTION none
- ANGULAR_SCE_DISABLED angular_sce_disabled
- AWS_SSL_DISABLED aws_ssl_disabled
- AWS_VALIDATION_DISABLED aws_credentials_validation
- AWS_VALIDATION_DISABLED aws_parameters_validation
- BAD_CERT_VERIFICATION bad_cert_verification
- BAD_CERT_VERIFICATION certificate_validation_disabled
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_fields
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_filesize
- CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
- CONFIG.CORDOVA_EXCESSIVE_LOGGING cordova
- CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_intent_whitelist
- CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_navigation_whitelist
- CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_network_request_whitelist
- CONFIG.CSURF_IGNORE_METHODS csurf_ignore_methods
- CONFIG.ENABLED_DEBUG_MODE debug_mode_enabled
- CONFIG.HANA_XS_PREVENT_XSRF_DISABLED none
- CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
- CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
- CONFIG.JSONWEBTOKEN_NON_EXPIRING_TOKEN jwt_non_expiring_token
- CONFIG.MISSING_GLOBAL_EXCEPTION_HANDLER winston_exception_handling
- CONFIG.MYSQL_SSL_VERIFY_DISABLED mysql_ssl_verify_disabled
- CONFIG.REQUEST_STRICTSSL_DISABLED request_strictssl_disabled
- CONFIG.SEQUELIZE_ENABLED_LOGGING sequelize_logging_enabled
- CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
- CONFIG.SOCKETIO_MAXHTTPBUFFERSIZE_SET_TOO_LARGE socketio_max_buffer_size
- CONFIG.SOCKETIO_ORIGINS_ACCEPT_ALL socketio_all_origins
- CONFIG.UNSAFE_SESSION_TIMEOUT client_sessions_unsafe_session_timeout
- CONFIG.UNSAFE_SESSION_TIMEOUT connect_mongo_session_timeout_too_long
- CONFIG.UNSAFE_SESSION_TIMEOUT connect_redis_session_timeout_too_long
- CONFIG.UNSAFE_SESSION_TIMEOUT google_cloud_connect_datastore_unsafe_session_timeout
- CONFIG.VUE_ROUTER_PARAMS_EXPOSED_TO_PROPS vuerouter_exposed_params
- CONSTANT_EXPRESSION_RESULT bit_and_with_zero
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT missing_parentheses
- CONSTANT_EXPRESSION_RESULT none
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT result_independent_of_operands
- CONSTANT_EXPRESSION_RESULT same_on_both_sides
- CONSTANT_EXPRESSION_RESULT typeof_misuse
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- COOKIE_INJECTION none
- COPY_PASTE_ERROR none
- CORS_MISCONFIGURATION cors_configured_globally
- CORS_MISCONFIGURATION cors_origin_string
- CORS_MISCONFIGURATION cors_with_credentials_all_origin
- CORS_MISCONFIGURATION cors_with_credentials_http_origin
- CORS_MISCONFIGURATION cors_with_credentials_null_origin
- CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
- CORS_MISCONFIGURATION_AUDIT cors_expose_sensitive_header
- CORS_MISCONFIGURATION_AUDIT cors_headers_allowed
- CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
- CORS_MISCONFIGURATION_AUDIT cors_origin_string
- CORS_MISCONFIGURATION_AUDIT cors_preflight_age_too_long
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_all_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_http_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_null_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
- CSRF database_update
- CSRF filesystem_modification
- CSRF none
- CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_cookie_name
- CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_no_validation
- CSRF_MISCONFIGURATION_HAPI_CRUMB insecure_cookie
- CSRF_MISCONFIGURATION_HAPI_CRUMB insufficient_token_entropy
- CSS_INJECTION none
- DEADCODE none
- DEADCODE redundant_test
- DNS_PREFETCHING helmet_dns_prefetching
- DOM_XSS none
- EXPRESS_SESSION_UNSAFE_MEMORYSTORE express_session_unsafe_memorystore
- EXPRESS_WINSTON_SENSITIVE_LOGGING error_logger
- EXPRESS_WINSTON_SENSITIVE_LOGGING meta_data
- EXPRESS_WINSTON_SENSITIVE_LOGGING request_logger
- EXPRESS_X_POWERED_BY_ENABLED x_powered_by_http_header
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_fields
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_filesize
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_use_temp_files
- FORWARD_NULL bad_null_value_use
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HEADER_INJECTION none
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_max_age
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_report_uri
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_set_if
- IDENTICAL_BRANCHES case
- IDENTICAL_BRANCHES chain
- IDENTICAL_BRANCHES if
- IDENTICAL_BRANCHES ternary
- INSECURE_ACL insecure_acl
- INSECURE_COMMUNICATION insecure_connection
- INSECURE_COOKIE client_sessions_express_session
- INSECURE_COOKIE hapi_server_session
- INSECURE_RANDOM insecure_random_used
- INSECURE_RANDOM insecure_random_value
- INSECURE_REFERRER_POLICY insecure_referrer_policy
- INSECURE_SALT hardcoded
- INSUFFICIENT_LOGGING logging_obligation
- INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_aws
- INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_google
- JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_exipration
- JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_not_before
- JSONWEBTOKEN_UNTRUSTED_DECODE jwt_untrusted_decode
- LOCALSTORAGE_MANIPULATION none
- LOCALSTORAGE_WRITE none
- MISSING_AUTHZ none
- MISSING_BREAK none
- MISSING_IFRAME_SANDBOX none
- MULTER_MISCONFIGURATION multer_applied_globally
- MULTER_MISCONFIGURATION multer_custom_file_filter
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_count
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
- MULTER_MISCONFIGURATION multer_misconfiguration_of_limits
- MULTER_MISCONFIGURATION multer_misconfiguration_of_storage
- NESTING_INDENT_MISMATCH bad_indentation
- NESTING_INDENT_MISMATCH none
- NOSQL_QUERY_INJECTION none
- NO_EFFECT none
- NO_EFFECT self_assign
- NULL_RETURNS none
- OPEN_REDIRECT none
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- REACT_DANGEROUS_INNERHTML react_set_unsafe_html
- REGEX_INJECTION none
- REVERSE_INULL none
- REVERSE_TABNABBING react_target_blank
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO insecure_cipher
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SA.RISKY_CRYPTO ssl_protocol
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SESSIONSTORAGE_MANIPULATION none
- SQLI none
- SQLI nosink
- SQLI sink
- STRAY_SEMICOLON none
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
- TEMPLATE_INJECTION none
- TEMPORARY_CREDENTIALS_DURATION temporary_credentials_duration
- UNCHECKED_ORIGIN none
- UNEXPECTED_CONTROL_FLOW continue_in_do_while_false
- UNLESS_CASE_SENSITIVE_ROUTE_MATCHING express_unless_case_sensitive_route_matching
- UNREACHABLE none
- UNRESTRICTED_MESSAGE_TARGET none
- UNSAFE_BUFFER_METHOD unsafe_buffer_method
- UNSAFE_DESERIALIZATION none
- URL_MANIPULATION none
- VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
- WEAK_URL_SANITIZATION hostname_regular_expression
- WEAK_URL_SANITIZATION regular_expression_anchor
- WEAK_URL_SANITIZATION url_substring
- XML_EXTERNAL_ENTITY entity_expansion
- XML_EXTERNAL_ENTITY external_entities
- XSS none
|
- ANDROID_CAPABILITY_LEAK none
- ANDROID_DEBUG_MODE none
- BAD_CERT_VERIFICATION bad_hostname_verifier
- BAD_CERT_VERIFICATION bad_revocation_check
- BAD_CERT_VERIFICATION bad_ssl_session
- BAD_CERT_VERIFICATION bad_trust_manager
- CONFIG.ANDROID_BACKUPS_ALLOWED android
- EXPOSED_PREFERENCES none
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HEADER_INJECTION none
- IMPLICIT_INTENT none
- INSECURE_COMMUNICATION none
- INSECURE_RANDOM insecure_random_used
- INSECURE_RANDOM insecure_random_value
- MISSING_PERMISSION_FOR_BROADCAST none
- MOBILE_ID_MISUSE none
- OS_CMD_INJECTION command_as_array_of_args
- OS_CMD_INJECTION command_as_one_string
- PATH_MANIPULATION none
- PREDICTABLE_RANDOM_SEED random_seed
- PREDICTABLE_RANDOM_SEED secure_random_seed_const
- PREDICTABLE_RANDOM_SEED secure_random_seed_sys_time
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_clipboard
- SENSITIVE_DATA_LEAK cleartext_storage_in_content_provider
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_intent
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_access
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_read
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_write
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_access
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_read
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_write
- UNSAFE_DESERIALIZATION none
- URL_MANIPULATION bad_content_uri
- URL_MANIPULATION bad_intent_uri
- URL_MANIPULATION bad_web_uri
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
- XML_EXTERNAL_ENTITY entity_expansion
- XML_EXTERNAL_ENTITY external_entities
- XML_EXTERNAL_ENTITY unrestricted_dtds
|
- ALLOC_FREE_MISMATCH none
- ARRAY_VS_SINGLETON none
- ATOMICITY none
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK nested_memory_access
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK sensitive_data_comparison
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_execution_data_leak
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_uninitialized_use
- BAD_ALLOC_ARITHMETIC none
- BAD_ALLOC_STRLEN none
- BAD_COMPARE comparator_misuse
- BAD_COMPARE misuse_of_not
- BAD_COMPARE string_lit_comparison
- BAD_FREE address
- BAD_FREE alloca
- BAD_FREE array
- BAD_FREE first_field_address
- BAD_FREE function_pointer
- BAD_FREE none
- BAD_SIZEOF none
- BAD_SIZEOF sizeof_ptr_expr
- BUFFER_SIZE fixed_size_dest
- BUFFER_SIZE likely_overflow
- BUFFER_SIZE no_null_terminator
- BUFFER_SIZE no_null_terminator_warn
- BUFFER_SIZE none
- BUFFER_SIZE overflow
- BUFFER_SIZE overlapping_buffer
- CHAR_IO none
- CHECKED_RETURN library_function
- CHECKED_RETURN none
- CHECKED_RETURN short_read
- CHECKED_RETURN unchecked_arg
- CHECKED_RETURN user_required
- CHROOT none
- CONSTANT_EXPRESSION_RESULT bit_and_with_zero
- CONSTANT_EXPRESSION_RESULT extra_high_bits
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT missing_parentheses
- CONSTANT_EXPRESSION_RESULT none
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT pointless_string_compare
- CONSTANT_EXPRESSION_RESULT result_independent_of_operands
- CONSTANT_EXPRESSION_RESULT same_on_both_sides
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- COPY_PASTE_ERROR none
- CTOR_DTOR_LEAK none
- DC.PREDICTABLE_KEY_PASSWORD none
- DC.STREAM_BUFFER none
- DC.STRING_BUFFER none
- DC.WEAK_CRYPTO none
- DEADCODE dead_case_in_switch
- DEADCODE dead_default_in_switch
- DEADCODE effectively_constant
- DEADCODE none
- DEADCODE redundant_test
- DELETE_ARRAY non_array_delete
- DELETE_ARRAY none
- DELETE_ARRAY object
- DELETE_ARRAY scalar
- DIVIDE_BY_ZERO float_divisor
- DIVIDE_BY_ZERO none
- ENUM_AS_BOOLEAN none
- FORMAT_STRING_INJECTION none
- FORMAT_STRING_INJECTION paranoid
- FORWARD_NULL deref_constant_null
- FORWARD_NULL dynamic_cast
- FORWARD_NULL none
- FORWARD_NULL throws_on_null
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HEADER_INJECTION none
- IDENTICAL_BRANCHES case
- IDENTICAL_BRANCHES chain
- IDENTICAL_BRANCHES if
- IDENTICAL_BRANCHES ternary
- INCOMPATIBLE_CAST endianness
- INCOMPATIBLE_CAST float_vs_integral
- INCOMPATIBLE_CAST none
- INCOMPATIBLE_CAST overrun
- INFINITE_LOOP no_escape
- INFINITE_LOOP none
- INTEGER_OVERFLOW array_index_read
- INTEGER_OVERFLOW array_index_write
- INTEGER_OVERFLOW const_overflow
- INTEGER_OVERFLOW critical_argument
- INTEGER_OVERFLOW none
- INTEGER_OVERFLOW pointer_deref_read
- INTEGER_OVERFLOW pointer_deref_write
- INTEGER_OVERFLOW return_value_error
- INVALIDATE_ITERATOR none
- LOCK double_lock
- LOCK lock_assert
- LOCK missing_unlock
- LOCK none
- MISMATCHED_ITERATOR mismatched_comparison
- MISMATCHED_ITERATOR none
- MISMATCHED_ITERATOR splice_iterator_mismatch
- MISRA_CAST bitwise_op_bad_cast
- MISRA_CAST bitwise_op_no_cast
- MISRA_CAST float_complex_conversion
- MISRA_CAST float_narrowing_conversion
- MISRA_CAST float_non_constant_arg_conversion
- MISRA_CAST float_non_constant_conversion
- MISRA_CAST float_non_constant_rtn_conversion
- MISRA_CAST float_to_integer_cast
- MISRA_CAST float_to_integer_conversion
- MISRA_CAST float_widening_cast
- MISRA_CAST integer_complex_conversion
- MISRA_CAST integer_narrowing_conversion
- MISRA_CAST integer_non_constant_arg_conversion
- MISRA_CAST integer_non_constant_conversion
- MISRA_CAST integer_non_constant_rtn_conversion
- MISRA_CAST integer_signedness_changing_cast
- MISRA_CAST integer_signedness_changing_conversion
- MISRA_CAST integer_to_float_cast
- MISRA_CAST integer_to_float_conversion
- MISRA_CAST integer_widening_cast
- MISRA_CAST none
- MISSING_ASSIGN none
- MISSING_ASSIGN uncalled
- MISSING_BREAK none
- MISSING_COPY none
- MISSING_COPY uncalled
- MISSING_LOCK none
- MIXED_ENUMS inferred
- MIXED_ENUMS none
- NEGATIVE_RETURNS array_index_read
- NEGATIVE_RETURNS array_index_write
- NEGATIVE_RETURNS loop_bound
- NEGATIVE_RETURNS none
- NESTING_INDENT_MISMATCH bad_indentation
- NESTING_INDENT_MISMATCH none
- NO_EFFECT array_null
- NO_EFFECT bad_memset_fill_value
- NO_EFFECT bad_memset_truncated_fill
- NO_EFFECT bad_memset_zero_size
- NO_EFFECT extra_comma
- NO_EFFECT incomplete_delete
- NO_EFFECT no_effect_deref
- NO_EFFECT no_effect_test
- NO_EFFECT self_assign
- NO_EFFECT static_through_instance
- NO_EFFECT unsigned_compare
- NO_EFFECT unsigned_compare_macros
- NO_EFFECT unsigned_enums
- NO_EFFECT useless_continue
- NULL_RETURNS none
- NULL_RETURNS unimpl
- ORDER_REVERSAL none
- OS_CMD_INJECTION none
- OVERFLOW_BEFORE_WIDEN none
- OVERRUN illegal_address
- OVERRUN none
- OVERRUN read
- OVERRUN strlen
- OVERRUN write
- PASS_BY_VALUE none
- PATH_MANIPULATION none
- PRINTF_ARGS invalid_printf_format_string
- READLINK none
- RESOURCE_LEAK exceptional_path
- RESOURCE_LEAK fds_handles
- RESOURCE_LEAK none
- RETURN_LOCAL escape_local_addr_to_fields_or_globals
- RETURN_LOCAL none
- REVERSE_INULL none
- REVERSE_NEGATIVE array_index_read
- REVERSE_NEGATIVE array_index_write
- REVERSE_NEGATIVE critical_argument
- REVERSE_NEGATIVE none
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SECURE_CODING none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SIGN_EXTENSION none
- SIZECHECK ampersand_in_size
- SIZECHECK improper_new
- SIZECHECK incorrect_multiplication
- SIZECHECK likely_overflow
- SIZECHECK no_null_terminator
- SIZECHECK none
- SIZEOF_MISMATCH extra_sizeof
- SIZEOF_MISMATCH missing_parentheses
- SIZEOF_MISMATCH none
- SIZEOF_MISMATCH sizeof_punning
- SIZEOF_MISMATCH wrong_size_value
- SIZEOF_MISMATCH wrong_sizeof
- SLEEP none
- SQLI none
- STACK_USE none
- STRAY_SEMICOLON none
- STRING_NULL none
- STRING_OVERFLOW fixed_size_dest
- STRING_OVERFLOW likely_overflow
- STRING_OVERFLOW none
- STRING_SIZE none
- TAINTED_SCALAR allocation
- TAINTED_SCALAR array_index_read
- TAINTED_SCALAR array_index_write
- TAINTED_SCALAR critical_argument
- TAINTED_SCALAR divisor
- TAINTED_SCALAR loop_bound
- TAINTED_SCALAR none
- TAINTED_SCALAR pointer_deref_read
- TAINTED_SCALAR pointer_deref_write
- TAINTED_STRING none
- TOCTOU none
- UNCAUGHT_EXCEPT none
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- UNEXPECTED_CONTROL_FLOW continue_in_do_while_false
- UNINIT array_index_read
- UNINIT array_index_write
- UNINIT none
- UNINIT pointer_deref_read
- UNINIT pointer_deref_write
- UNINIT_CTOR none
- UNINIT_CTOR pointer
- UNREACHABLE none
- UNUSED_VALUE adjacent
- UNUSED_VALUE none
- URL_MANIPULATION none
- USER_POINTER none
- USE_AFTER_FREE deref_read_after_free
- USE_AFTER_FREE deref_write_after_free
- USE_AFTER_FREE double_close
- USE_AFTER_FREE double_free
- USE_AFTER_FREE none
- USE_AFTER_FREE use_after_close
- VIRTUAL_DTOR empty_dtor
- VIRTUAL_DTOR none
- WEAK_GUARD dns
- WEAK_GUARD dns_sensitive_op
- WEAK_GUARD http_referer
- WEAK_GUARD http_referer_sensitive_op
- WEAK_GUARD ip_address
- WEAK_GUARD ip_address_sensitive_op
- WEAK_GUARD none
- WEAK_GUARD os_login
- WEAK_GUARD os_login_sensitive_op
- WEAK_GUARD principal_name
- WEAK_GUARD principal_name_sensitive_op
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
- WRAPPER_ESCAPE COM_deref_read_after_free
- WRAPPER_ESCAPE COM_deref_write_after_free
- WRAPPER_ESCAPE COM_use_after_free
- WRAPPER_ESCAPE deref_read_after_free
- WRAPPER_ESCAPE deref_write_after_free
- WRAPPER_ESCAPE none
- XPATH_INJECTION none
|
- CONFIG.SYMFONY_CSRF_PROTECTION_DISABLED none
- CONSTANT_EXPRESSION_RESULT bit_and_with_zero
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT missing_parentheses
- CONSTANT_EXPRESSION_RESULT none
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT result_independent_of_operands
- CONSTANT_EXPRESSION_RESULT same_on_both_sides
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- COPY_PASTE_ERROR none
- DEADCODE none
- DEADCODE redundant_test
- FORWARD_NULL bad_null_value_use
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HEADER_INJECTION none
- IDENTICAL_BRANCHES case
- IDENTICAL_BRANCHES chain
- IDENTICAL_BRANCHES if
- IDENTICAL_BRANCHES ternary
- MISSING_AUTHZ none
- MISSING_BREAK none
- NESTING_INDENT_MISMATCH bad_indentation
- NESTING_INDENT_MISMATCH none
- NOSQL_QUERY_INJECTION none
- NO_EFFECT none
- NO_EFFECT self_assign
- OPEN_REDIRECT none
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- STRAY_SEMICOLON none
- SYMFONY_EL_INJECTION none
- UNEXPECTED_CONTROL_FLOW continue_in_do_while_false
- UNREACHABLE none
- UNSAFE_DESERIALIZATION none
- UNSAFE_REFLECTION none
- XML_EXTERNAL_ENTITY external_entities
- XSS none
|
- CONSTANT_EXPRESSION_RESULT bit_and_with_zero
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT missing_parentheses
- CONSTANT_EXPRESSION_RESULT none
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT result_independent_of_operands
- CONSTANT_EXPRESSION_RESULT same_on_both_sides
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- COPY_PASTE_ERROR none
- CSRF database_update
- CSRF none
- DEADCODE none
- DEADCODE redundant_test
- FORWARD_NULL bad_null_value_use
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- IDENTICAL_BRANCHES chain
- IDENTICAL_BRANCHES if
- IDENTICAL_BRANCHES ternary
- MISSING_AUTHZ none
- NOSQL_QUERY_INJECTION none
- OPEN_REDIRECT none
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- REVERSE_INULL none
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- UNREACHABLE none
- UNSAFE_DESERIALIZATION none
- XML_EXTERNAL_ENTITY external_entities
- XSS none
|
- BAD_CERT_VERIFICATION ssl_verification_bypass_hi
- BLACKLIST_FOR_AUTHN auth_blacklist_med
- BLACKLIST_FOR_AUTHN csrf_blacklist_med
- CONSTANT_EXPRESSION_RESULT bit_and_with_zero
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT missing_parentheses
- CONSTANT_EXPRESSION_RESULT none
- CONSTANT_EXPRESSION_RESULT number_as_truth_value
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT result_independent_of_operands
- CONSTANT_EXPRESSION_RESULT same_on_both_sides
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- COOKIE_SERIALIZER_CONFIG unsafe_cookie_serialization_med
- COPY_PASTE_ERROR none
- CSRF csrf_not_protected_by_raising_exception_med
- CSRF csrf_protection_disabled_hi
- CSRF csrf_protection_missing_hi
- CSRF cve_2011_0447_hi
- DEADCODE none
- DEADCODE redundant_test
- DIVIDE_BY_ZERO divide_by_zero_low
- DIVIDE_BY_ZERO divide_by_zero_med
- DYNAMIC_OBJECT_ATTRIBUTES attr_protected_used_med
- DYNAMIC_OBJECT_ATTRIBUTES cve_2013_0276_hi
- DYNAMIC_OBJECT_ATTRIBUTES dangerous_attr_accessible_hi
- DYNAMIC_OBJECT_ATTRIBUTES dangerous_attr_accessible_low
- DYNAMIC_OBJECT_ATTRIBUTES dangerous_attr_accessible_med
- DYNAMIC_OBJECT_ATTRIBUTES dangerous_permit_key_hi
- DYNAMIC_OBJECT_ATTRIBUTES dangerous_permit_key_med
- DYNAMIC_OBJECT_ATTRIBUTES mass_assign_call_hi
- DYNAMIC_OBJECT_ATTRIBUTES mass_assign_call_low
- DYNAMIC_OBJECT_ATTRIBUTES mass_assign_call_med
- DYNAMIC_OBJECT_ATTRIBUTES mass_assign_permit_all_hi
- DYNAMIC_OBJECT_ATTRIBUTES mass_assign_permit_all_med
- DYNAMIC_OBJECT_ATTRIBUTES mass_assign_without_protection_hi
- DYNAMIC_OBJECT_ATTRIBUTES mass_assign_without_protection_med
- DYNAMIC_OBJECT_ATTRIBUTES no_attr_accessible_hi
- FORWARD_NULL bad_null_value_use
- HARDCODED_CREDENTIALS secret_in_source_med
- IDENTICAL_BRANCHES chain
- IDENTICAL_BRANCHES if
- IDENTICAL_BRANCHES ternary
- INSECURE_COOKIE cookie_missing_secure_flag_low
- INSECURE_COOKIE missing_httponly_low
- INSECURE_DIRECT_OBJECT_REFERENCE unscoped_find_low
- NO_EFFECT none
- NO_EFFECT self_assign
- OPEN_REDIRECT open_redirect_hi
- OPEN_REDIRECT open_redirect_low
- OS_CMD_INJECTION command_injection_hi
- OS_CMD_INJECTION command_injection_med
- PARSE_ERROR none
- PATH_MANIPULATION dynamic_render_path_hi
- PATH_MANIPULATION dynamic_render_path_low
- PATH_MANIPULATION dynamic_render_path_med
- PATH_MANIPULATION dynamic_render_path_rce_hi
- PATH_MANIPULATION file_access_hi
- PATH_MANIPULATION file_access_low
- PATH_MANIPULATION file_access_med
- RAILS_DEFAULT_ROUTES all_default_routes_hi
- RAILS_DEFAULT_ROUTES controller_default_routes_med
- RAILS_DEFAULT_ROUTES cve_2014_0130_hi
- RAILS_DEFAULT_ROUTES cve_2014_0130_med
- RAILS_DEVISE_CONFIG devise_encryptor_hi
- RAILS_DEVISE_CONFIG devise_lock_strategy_low
- RAILS_DEVISE_CONFIG devise_password_length_max_low
- RAILS_DEVISE_CONFIG devise_password_length_max_med
- RAILS_DEVISE_CONFIG devise_password_length_min_low
- RAILS_DEVISE_CONFIG devise_password_length_min_med
- RAILS_DEVISE_CONFIG devise_reset_timeout_hi
- RAILS_MISSING_FILTER_ACTION missing_action_filter_low
- REGEX_INJECTION regex_dos_hi
- REGEX_INJECTION regex_dos_low
- REGEX_INJECTION regex_dos_med
- REGEX_MISSING_ANCHOR validation_regex_hi
- RESOURCE_LEAK unsafe_symbol_creation_low
- REVERSE_INULL none
- REVERSE_TABNABBING reverse_tabnabbing_low
- RUBY_VULNERABLE_LIBRARY cve_2010_3933_hi
- RUBY_VULNERABLE_LIBRARY cve_2011_2929_hi
- RUBY_VULNERABLE_LIBRARY cve_2011_2930_med
- RUBY_VULNERABLE_LIBRARY cve_2011_2931_hi
- RUBY_VULNERABLE_LIBRARY cve_2011_2932_hi
- RUBY_VULNERABLE_LIBRARY cve_2011_3186_med
- RUBY_VULNERABLE_LIBRARY cve_2012_2660_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_2661_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_2695_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_3424_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_3424_low
- RUBY_VULNERABLE_LIBRARY cve_2012_3463_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_3465_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_5664_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_0155_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_0156_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_0269_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_0269_low
- RUBY_VULNERABLE_LIBRARY cve_2013_0269_med
- RUBY_VULNERABLE_LIBRARY cve_2013_0277_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_0277_med
- RUBY_VULNERABLE_LIBRARY cve_2013_0333_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_1854_med
- RUBY_VULNERABLE_LIBRARY cve_2013_1855_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_1857_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_4491_med
- RUBY_VULNERABLE_LIBRARY cve_2013_6414_med
- RUBY_VULNERABLE_LIBRARY cve_2013_6416_call_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_6416_med
- RUBY_VULNERABLE_LIBRARY cve_2013_6417_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_0080_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_0081_call_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_0081_med
- RUBY_VULNERABLE_LIBRARY cve_2014_0082_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_3482_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_3483_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_low
- RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_med
- RUBY_VULNERABLE_LIBRARY cve_2014_3514_med
- RUBY_VULNERABLE_LIBRARY cve_2014_7829_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_3226_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_3226_med
- RUBY_VULNERABLE_LIBRARY cve_2015_3227_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7576_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_7577_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7578_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_7578_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7579_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_7579_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7580_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_7580_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7581_med
- RUBY_VULNERABLE_LIBRARY cve_2016_0751_med
- RUBY_VULNERABLE_LIBRARY cve_2016_6317_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_3741_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_3741_med
- RUBY_VULNERABLE_LIBRARY cve_2018_3760_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_3760_low
- RUBY_VULNERABLE_LIBRARY cve_2018_8048_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_8048_med
- RUBY_VULNERABLE_LIBRARY safe_buffer_vuln_med
- RUBY_VULNERABLE_LIBRARY select_options_vuln_low
- RUBY_VULNERABLE_LIBRARY select_options_vuln_med
- RUBY_VULNERABLE_LIBRARY translate_vuln_hi
- RUBY_VULNERABLE_LIBRARY translate_vuln_med
- SCRIPT_CODE_INJECTION code_eval_hi
- SCRIPT_CODE_INJECTION code_eval_low
- SENSITIVE_DATA_LEAK detailed_exceptions_hi
- SENSITIVE_DATA_LEAK detailed_exceptions_med
- SENSITIVE_DATA_LEAK local_request_config_hi
- SESSION_MANIPULATION session_key_manipulation_hi
- SESSION_MANIPULATION session_key_manipulation_med
- SQLI sql_injection_calculate_hi
- SQLI sql_injection_calculate_low
- SQLI sql_injection_calculate_med
- SQLI sql_injection_connection_hi
- SQLI sql_injection_connection_low
- SQLI sql_injection_connection_med
- SQLI sql_injection_delete_hi
- SQLI sql_injection_delete_low
- SQLI sql_injection_delete_med
- SQLI sql_injection_dynamic_finder_med
- SQLI sql_injection_exists_hi
- SQLI sql_injection_find_by_hi
- SQLI sql_injection_find_hi
- SQLI sql_injection_find_low
- SQLI sql_injection_find_med
- SQLI sql_injection_from_hi
- SQLI sql_injection_from_low
- SQLI sql_injection_from_med
- SQLI sql_injection_group_low
- SQLI sql_injection_group_med
- SQLI sql_injection_having_low
- SQLI sql_injection_having_med
- SQLI sql_injection_hi
- SQLI sql_injection_interp_hi
- SQLI sql_injection_interp_low
- SQLI sql_injection_interp_med
- SQLI sql_injection_joins_hi
- SQLI sql_injection_joins_low
- SQLI sql_injection_joins_med
- SQLI sql_injection_limit_offset_hi
- SQLI sql_injection_limit_offset_low
- SQLI sql_injection_low
- SQLI sql_injection_med
- SQLI sql_injection_not_low
- SQLI sql_injection_order_hi
- SQLI sql_injection_order_low
- SQLI sql_injection_order_med
- SQLI sql_injection_pluck_hi
- SQLI sql_injection_pluck_low
- SQLI sql_injection_pluck_med
- SQLI sql_injection_reorder_hi
- SQLI sql_injection_reorder_low
- SQLI sql_injection_reorder_med
- SQLI sql_injection_select_hi
- SQLI sql_injection_select_med
- SQLI sql_injection_where_hi
- SQLI sql_injection_where_low
- SQLI sql_injection_where_med
- STRICT_TRANSPORT_SECURITY force_ssl_disabled_med
- UNESCAPED_HTML unescaped_output_low
- UNEXPECTED_CONTROL_FLOW continue_in_do_while_false
- UNREACHABLE none
- UNSAFE_BASIC_AUTH basic_auth_password_hi
- UNSAFE_BASIC_AUTH basic_auth_timing_attack_low
- UNSAFE_BASIC_AUTH basic_auth_usage_low
- UNSAFE_DESERIALIZATION unsafe_deserialize_hi
- UNSAFE_DESERIALIZATION unsafe_deserialize_med
- UNSAFE_REFLECTION dangerous_send_hi
- UNSAFE_REFLECTION unsafe_constantize_hi
- UNSAFE_REFLECTION unsafe_constantize_med
- UNSAFE_SESSION_SETTING http_cookies_hi
- UNSAFE_SESSION_SETTING secure_cookies_hi
- UNSAFE_SESSION_SETTING session_secret_hi
- WEAK_PASSWORD_HASH weak_hash_digest_hi
- WEAK_PASSWORD_HASH weak_hash_digest_med
- WEAK_PASSWORD_HASH weak_hash_hmac_med
- XSS cross_site_scripting_hi
- XSS cross_site_scripting_inline_hi
- XSS cross_site_scripting_inline_med
- XSS cross_site_scripting_low
- XSS cross_site_scripting_med
- XSS cve_2011_0446_hi
- XSS cve_2012_3464_med
- XSS cve_2016_6316_hi
- XSS cve_2016_6316_med
- XSS unquoted_attribute_hi
- XSS unquoted_attribute_low
- XSS unquoted_attribute_med
- XSS xss_content_tag_hi
- XSS xss_content_tag_med
- XSS xss_link_to_hi
- XSS xss_link_to_href_hi
- XSS xss_link_to_href_low
- XSS xss_link_to_med
- XSS xss_to_json_hi
- XSS xss_to_json_med
|
- CONSTANT_EXPRESSION_RESULT bit_and_with_zero
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT missing_parentheses
- CONSTANT_EXPRESSION_RESULT none
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT result_independent_of_operands
- CONSTANT_EXPRESSION_RESULT same_on_both_sides
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- COPY_PASTE_ERROR none
- DEADCODE dead_case_in_switch
- DEADCODE dead_default_in_switch
- DEADCODE effectively_constant
- DEADCODE none
- DEADCODE redundant_test
- FORWARD_NULL deref_constant_null
- FORWARD_NULL none
- IDENTICAL_BRANCHES case
- IDENTICAL_BRANCHES chain
- IDENTICAL_BRANCHES if
- IDENTICAL_BRANCHES ternary
- NESTING_INDENT_MISMATCH bad_indentation
- NESTING_INDENT_MISMATCH none
- NO_EFFECT none
- NO_EFFECT self_assign
- OVERFLOW_BEFORE_WIDEN none
- REVERSE_INULL none
- UNREACHABLE none
|
- BAD_CERT_VERIFICATION bad_trust_manager
- BAD_CERT_VERIFICATION none
- CONFIG.ATS_INSECURE none
- CONSTANT_EXPRESSION_RESULT bit_and_with_zero
- CONSTANT_EXPRESSION_RESULT none
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT result_independent_of_operands
- CONSTANT_EXPRESSION_RESULT same_on_both_sides
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- COPY_PASTE_ERROR none
- CUSTOM_KEYBOARD_DATA_LEAK none
- DEADCODE dead_case_in_switch
- DEADCODE dead_default_in_switch
- DEADCODE effectively_constant
- DEADCODE none
- DEADCODE redundant_test
- FORWARD_NULL deref_constant_null
- FORWARD_NULL none
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- IDENTICAL_BRANCHES case
- IDENTICAL_BRANCHES chain
- IDENTICAL_BRANCHES if
- IDENTICAL_BRANCHES ternary
- INSECURE_COMMUNICATION none
- INSECURE_MULTIPEER_CONNECTION none
- PATH_MANIPULATION none
- PROPERTY_MIXUP none
- PW.* none
- REGEX_INJECTION none
- REVERSE_INULL none
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- UNEXPECTED_CONTROL_FLOW continue_in_do_while_false
- UNEXPECTED_CONTROL_FLOW ignored_exception_to_optional
- UNEXPECTED_CONTROL_FLOW useless_defer
- WEAK_BIOMETRIC_AUTH none
- XML_EXTERNAL_ENTITY external_entities
- XPATH_INJECTION none
|
- ANGULAR_BYPASS_SECURITY none
- ANGULAR_ELEMENT_REFERENCE none
- ANGULAR_EXPRESSION_INJECTION none
- ANGULAR_SCE_DISABLED angular_sce_disabled
- AWS_SSL_DISABLED aws_ssl_disabled
- AWS_VALIDATION_DISABLED aws_credentials_validation
- AWS_VALIDATION_DISABLED aws_parameters_validation
- BAD_CERT_VERIFICATION bad_cert_verification
- BAD_CERT_VERIFICATION certificate_validation_disabled
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_fields
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_filesize
- CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
- CONFIG.CORDOVA_EXCESSIVE_LOGGING cordova
- CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_intent_whitelist
- CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_navigation_whitelist
- CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_network_request_whitelist
- CONFIG.CSURF_IGNORE_METHODS csurf_ignore_methods
- CONFIG.ENABLED_DEBUG_MODE debug_mode_enabled
- CONFIG.HANA_XS_PREVENT_XSRF_DISABLED none
- CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
- CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
- CONFIG.JSONWEBTOKEN_NON_EXPIRING_TOKEN jwt_non_expiring_token
- CONFIG.MISSING_GLOBAL_EXCEPTION_HANDLER winston_exception_handling
- CONFIG.MYSQL_SSL_VERIFY_DISABLED mysql_ssl_verify_disabled
- CONFIG.REQUEST_STRICTSSL_DISABLED request_strictssl_disabled
- CONFIG.SEQUELIZE_ENABLED_LOGGING sequelize_logging_enabled
- CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
- CONFIG.SOCKETIO_MAXHTTPBUFFERSIZE_SET_TOO_LARGE socketio_max_buffer_size
- CONFIG.SOCKETIO_ORIGINS_ACCEPT_ALL socketio_all_origins
- CONFIG.UNSAFE_SESSION_TIMEOUT client_sessions_unsafe_session_timeout
- CONFIG.UNSAFE_SESSION_TIMEOUT connect_mongo_session_timeout_too_long
- CONFIG.UNSAFE_SESSION_TIMEOUT connect_redis_session_timeout_too_long
- CONFIG.UNSAFE_SESSION_TIMEOUT google_cloud_connect_datastore_unsafe_session_timeout
- CONFIG.VUE_ROUTER_PARAMS_EXPOSED_TO_PROPS vuerouter_exposed_params
- CONSTANT_EXPRESSION_RESULT bit_and_with_zero
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT missing_parentheses
- CONSTANT_EXPRESSION_RESULT none
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT result_independent_of_operands
- CONSTANT_EXPRESSION_RESULT same_on_both_sides
- CONSTANT_EXPRESSION_RESULT typeof_misuse
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- COOKIE_INJECTION none
- COPY_PASTE_ERROR none
- CORS_MISCONFIGURATION cors_configured_globally
- CORS_MISCONFIGURATION cors_origin_string
- CORS_MISCONFIGURATION cors_with_credentials_all_origin
- CORS_MISCONFIGURATION cors_with_credentials_http_origin
- CORS_MISCONFIGURATION cors_with_credentials_null_origin
- CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
- CORS_MISCONFIGURATION_AUDIT cors_expose_sensitive_header
- CORS_MISCONFIGURATION_AUDIT cors_headers_allowed
- CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
- CORS_MISCONFIGURATION_AUDIT cors_origin_string
- CORS_MISCONFIGURATION_AUDIT cors_preflight_age_too_long
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_all_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_http_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_null_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
- CSRF database_update
- CSRF filesystem_modification
- CSRF none
- CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_cookie_name
- CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_no_validation
- CSRF_MISCONFIGURATION_HAPI_CRUMB insecure_cookie
- CSRF_MISCONFIGURATION_HAPI_CRUMB insufficient_token_entropy
- CSS_INJECTION none
- DEADCODE none
- DEADCODE redundant_test
- DNS_PREFETCHING helmet_dns_prefetching
- DOM_XSS none
- EXPRESS_SESSION_UNSAFE_MEMORYSTORE express_session_unsafe_memorystore
- EXPRESS_WINSTON_SENSITIVE_LOGGING error_logger
- EXPRESS_WINSTON_SENSITIVE_LOGGING meta_data
- EXPRESS_WINSTON_SENSITIVE_LOGGING request_logger
- EXPRESS_X_POWERED_BY_ENABLED x_powered_by_http_header
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_fields
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_filesize
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_use_temp_files
- FORWARD_NULL bad_null_value_use
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HEADER_INJECTION none
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_max_age
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_report_uri
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_set_if
- IDENTICAL_BRANCHES case
- IDENTICAL_BRANCHES chain
- IDENTICAL_BRANCHES if
- IDENTICAL_BRANCHES ternary
- INSECURE_ACL insecure_acl
- INSECURE_COMMUNICATION insecure_connection
- INSECURE_COOKIE client_sessions_express_session
- INSECURE_COOKIE hapi_server_session
- INSECURE_RANDOM insecure_random_used
- INSECURE_RANDOM insecure_random_value
- INSECURE_REFERRER_POLICY insecure_referrer_policy
- INSECURE_SALT hardcoded
- INSUFFICIENT_LOGGING logging_obligation
- INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_aws
- INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_google
- JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_exipration
- JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_not_before
- JSONWEBTOKEN_UNTRUSTED_DECODE jwt_untrusted_decode
- LOCALSTORAGE_MANIPULATION none
- LOCALSTORAGE_WRITE none
- MISSING_AUTHZ none
- MISSING_BREAK none
- MISSING_IFRAME_SANDBOX none
- MULTER_MISCONFIGURATION multer_applied_globally
- MULTER_MISCONFIGURATION multer_custom_file_filter
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_count
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
- MULTER_MISCONFIGURATION multer_misconfiguration_of_limits
- MULTER_MISCONFIGURATION multer_misconfiguration_of_storage
- NESTING_INDENT_MISMATCH bad_indentation
- NESTING_INDENT_MISMATCH none
- NOSQL_QUERY_INJECTION none
- NO_EFFECT none
- NO_EFFECT self_assign
- NULL_RETURNS none
- OPEN_REDIRECT none
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- REACT_DANGEROUS_INNERHTML react_set_unsafe_html
- REGEX_INJECTION none
- REVERSE_INULL none
- REVERSE_TABNABBING react_target_blank
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO insecure_cipher
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SA.RISKY_CRYPTO ssl_protocol
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SESSIONSTORAGE_MANIPULATION none
- SQLI none
- SQLI nosink
- SQLI sink
- STRAY_SEMICOLON none
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
- TEMPLATE_INJECTION none
- TEMPORARY_CREDENTIALS_DURATION temporary_credentials_duration
- UNCHECKED_ORIGIN none
- UNEXPECTED_CONTROL_FLOW continue_in_do_while_false
- UNLESS_CASE_SENSITIVE_ROUTE_MATCHING express_unless_case_sensitive_route_matching
- UNREACHABLE none
- UNRESTRICTED_MESSAGE_TARGET none
- UNSAFE_BUFFER_METHOD unsafe_buffer_method
- UNSAFE_DESERIALIZATION none
- URL_MANIPULATION none
- VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
- WEAK_URL_SANITIZATION hostname_regular_expression
- WEAK_URL_SANITIZATION regular_expression_anchor
- WEAK_URL_SANITIZATION url_substring
- XML_EXTERNAL_ENTITY entity_expansion
- XML_EXTERNAL_ENTITY external_entities
- XSS none
|
- ASPNET_MVC_VERSION_HEADER none
- CONFIG.DYNAMIC_DATA_HTML_COMMENT none
- CONFIG.MISSING_CUSTOM_ERROR_PAGE none
- COPY_PASTE_ERROR none
- CSRF database_update
- CSRF filesystem_modification
- CSRF none
- DEADCODE dead_case_in_switch
- DEADCODE dead_default_in_switch
- DEADCODE effectively_constant
- DEADCODE none
- DEADCODE redundant_test
- DIVIDE_BY_ZERO float_divisor
- DIVIDE_BY_ZERO none
- FORWARD_NULL deref_constant_null
- FORWARD_NULL deref_constant_zero
- FORWARD_NULL dynamic_cast
- FORWARD_NULL none
- FORWARD_NULL null_from_as
- FORWARD_NULL throws_on_null
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HEADER_INJECTION none
- IDENTICAL_BRANCHES case
- IDENTICAL_BRANCHES chain
- IDENTICAL_BRANCHES if
- IDENTICAL_BRANCHES ternary
- INFINITE_LOOP no_escape
- INFINITE_LOOP none
- INSECURE_RANDOM insecure_random_used
- INSECURE_RANDOM insecure_random_value
- LDAP_INJECTION none
- LDAP_NOT_CONSTANT none
- LOCK_EVASION none
- LOG_INJECTION none
- MISSING_AUTHZ none
- NULL_RETURNS none
- OPEN_REDIRECT none
- OS_CMD_INJECTION command_argument
- OS_CMD_INJECTION executable_file
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- PROPERTY_MIXUP none
- REGEX_INJECTION none
- RESOURCE_LEAK channel
- RESOURCE_LEAK database
- RESOURCE_LEAK exceptional_path
- RESOURCE_LEAK none
- RESOURCE_LEAK socket
- RESOURCE_LEAK stream
- REVERSE_INULL none
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
- UNEXPECTED_CONTROL_FLOW continue_in_do_while_false
- UNLOGGED_SECURITY_EXCEPTION unlogged_security_exception
- UNREACHABLE none
- UNRESTRICTED_DISPATCH none
- UNSAFE_DESERIALIZATION none
- UNSAFE_NAMED_QUERY none
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
- XML_EXTERNAL_ENTITY entity_expansion
- XML_EXTERNAL_ENTITY external_entities
- XML_EXTERNAL_ENTITY unrestricted_dtds
- XML_INJECTION none
- XPATH_INJECTION none
- XSS none
- XSS stored_xss
|
| 1004 Sensitive Cookie Without 'HttpOnly' Flag |
|
|
|
|
|
- INSECURE_COOKIE client_sessions_express_session
- INSECURE_COOKIE hapi_server_session
|
|
|
|
|
- INSECURE_COOKIE missing_httponly_low
- UNSAFE_SESSION_SETTING http_cookies_hi
|
|
|
- INSECURE_COOKIE client_sessions_express_session
- INSECURE_COOKIE hapi_server_session
|
|
| 1005 7PK - Input Validation and Representation |
- HEADER_INJECTION none
- LDAP_INJECTION none
- LDAP_NOT_CONSTANT none
- LOG_INJECTION none
- NOSQL_QUERY_INJECTION none
- OPEN_REDIRECT none
- OS_CMD_INJECTION command_argument
- OS_CMD_INJECTION executable_file
- OS_CMD_INJECTION none
- OVERFLOW_BEFORE_WIDEN none
- PATH_MANIPULATION none
- REGEX_INJECTION none
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
- UNKNOWN_LANGUAGE_INJECTION none
- UNRESTRICTED_DISPATCH none
- UNSAFE_NAMED_QUERY none
- XML_INJECTION none
- XPATH_INJECTION none
- XSS none
- XSS stored_xss
|
- ARRAY_VS_SINGLETON none
- BAD_ALLOC_ARITHMETIC none
- BUFFER_SIZE fixed_size_dest
- BUFFER_SIZE likely_overflow
- BUFFER_SIZE no_null_terminator
- BUFFER_SIZE no_null_terminator_warn
- BUFFER_SIZE none
- BUFFER_SIZE overflow
- BUFFER_SIZE overlapping_buffer
- COM.BAD_FREE none
- COM.BSTR.ALLOC double_free
- COM.BSTR.ALLOC free_uninit
- COM.BSTR.ALLOC none
- COM.BSTR.ALLOC use_after_free
- COM.BSTR.ALLOC use_uninit
- COM.BSTR.CONV none
- FORMAT_STRING_INJECTION none
- FORMAT_STRING_INJECTION paranoid
- HEADER_INJECTION none
- INCOMPATIBLE_CAST overrun
- INTEGER_OVERFLOW array_index_read
- INTEGER_OVERFLOW array_index_write
- INTEGER_OVERFLOW const_overflow
- INTEGER_OVERFLOW critical_argument
- INTEGER_OVERFLOW none
- INTEGER_OVERFLOW pointer_deref_read
- INTEGER_OVERFLOW pointer_deref_write
- INTEGER_OVERFLOW return_value_error
- INVALIDATE_ITERATOR none
- MISMATCHED_ITERATOR none
- MISMATCHED_ITERATOR splice_iterator_mismatch
- MISSING_ASSIGN none
- MISSING_ASSIGN uncalled
- MISSING_COPY none
- MISSING_COPY uncalled
- NEGATIVE_RETURNS array_index_read
- NEGATIVE_RETURNS array_index_write
- NEGATIVE_RETURNS loop_bound
- OS_CMD_INJECTION none
- OVERFLOW_BEFORE_WIDEN none
- OVERRUN illegal_address
- OVERRUN none
- OVERRUN read
- OVERRUN strlen
- OVERRUN write
- PATH_MANIPULATION none
- PW.INTEGER_OVERFLOW none
- PW.INTEGER_TOO_LARGE none
- PW.NON_CONST_PRINTF_FORMAT_STRING none
- PW.SHIFT_COUNT_TOO_LARGE none
- READLINK none
- REVERSE_NEGATIVE array_index_read
- REVERSE_NEGATIVE array_index_write
- REVERSE_NEGATIVE critical_argument
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SIZECHECK likely_overflow
- SIZECHECK no_null_terminator
- SQLI none
- STRING_NULL none
- STRING_OVERFLOW fixed_size_dest
- STRING_OVERFLOW likely_overflow
- STRING_OVERFLOW none
- STRING_SIZE none
- TAINTED_SCALAR allocation
- TAINTED_SCALAR array_index_read
- TAINTED_SCALAR array_index_write
- TAINTED_SCALAR critical_argument
- TAINTED_SCALAR divisor
- TAINTED_SCALAR loop_bound
- TAINTED_SCALAR none
- TAINTED_SCALAR pointer_deref_read
- TAINTED_SCALAR pointer_deref_write
- TAINTED_STRING none
- URL_MANIPULATION none
- USER_POINTER none
- USE_AFTER_FREE deref_read_after_free
- USE_AFTER_FREE deref_write_after_free
- USE_AFTER_FREE double_free
- USE_AFTER_FREE none
- WRAPPER_ESCAPE COM_deref_read_after_free
- WRAPPER_ESCAPE COM_deref_write_after_free
- WRAPPER_ESCAPE COM_use_after_free
- WRAPPER_ESCAPE deref_read_after_free
- WRAPPER_ESCAPE deref_write_after_free
- WRAPPER_ESCAPE none
- XPATH_INJECTION none
|
- ARRAY_VS_SINGLETON none
- BAD_ALLOC_ARITHMETIC none
- BUFFER_SIZE fixed_size_dest
- BUFFER_SIZE likely_overflow
- BUFFER_SIZE no_null_terminator
- BUFFER_SIZE no_null_terminator_warn
- BUFFER_SIZE none
- BUFFER_SIZE overflow
- BUFFER_SIZE overlapping_buffer
- FORMAT_STRING_INJECTION none
- FORMAT_STRING_INJECTION paranoid
- HEADER_INJECTION none
- INCOMPATIBLE_CAST overrun
- INTEGER_OVERFLOW array_index_read
- INTEGER_OVERFLOW array_index_write
- INTEGER_OVERFLOW const_overflow
- INTEGER_OVERFLOW critical_argument
- INTEGER_OVERFLOW none
- INTEGER_OVERFLOW pointer_deref_read
- INTEGER_OVERFLOW pointer_deref_write
- INTEGER_OVERFLOW return_value_error
- INVALIDATE_ITERATOR none
- MISMATCHED_ITERATOR none
- MISMATCHED_ITERATOR splice_iterator_mismatch
- MISSING_ASSIGN none
- MISSING_ASSIGN uncalled
- MISSING_COPY none
- MISSING_COPY uncalled
- NEGATIVE_RETURNS array_index_read
- NEGATIVE_RETURNS array_index_write
- NEGATIVE_RETURNS loop_bound
- OS_CMD_INJECTION none
- OVERFLOW_BEFORE_WIDEN none
- OVERRUN illegal_address
- OVERRUN none
- OVERRUN read
- OVERRUN strlen
- OVERRUN write
- PATH_MANIPULATION none
- PW.INTEGER_OVERFLOW none
- PW.INTEGER_TOO_LARGE none
- PW.NON_CONST_PRINTF_FORMAT_STRING none
- PW.SHIFT_COUNT_TOO_LARGE none
- READLINK none
- REVERSE_NEGATIVE array_index_read
- REVERSE_NEGATIVE array_index_write
- REVERSE_NEGATIVE critical_argument
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SIZECHECK likely_overflow
- SIZECHECK no_null_terminator
- SQLI none
- STRING_NULL none
- STRING_OVERFLOW fixed_size_dest
- STRING_OVERFLOW likely_overflow
- STRING_OVERFLOW none
- STRING_SIZE none
- TAINTED_SCALAR allocation
- TAINTED_SCALAR array_index_read
- TAINTED_SCALAR array_index_write
- TAINTED_SCALAR critical_argument
- TAINTED_SCALAR divisor
- TAINTED_SCALAR loop_bound
- TAINTED_SCALAR none
- TAINTED_SCALAR pointer_deref_read
- TAINTED_SCALAR pointer_deref_write
- TAINTED_STRING none
- URL_MANIPULATION none
- USER_POINTER none
- USE_AFTER_FREE deref_read_after_free
- USE_AFTER_FREE deref_write_after_free
- USE_AFTER_FREE double_free
- USE_AFTER_FREE none
- WRAPPER_ESCAPE COM_deref_read_after_free
- WRAPPER_ESCAPE COM_deref_write_after_free
- WRAPPER_ESCAPE COM_use_after_free
- WRAPPER_ESCAPE deref_read_after_free
- WRAPPER_ESCAPE deref_write_after_free
- WRAPPER_ESCAPE none
- XPATH_INJECTION none
|
- HEADER_INJECTION none
- NOSQL_QUERY_INJECTION none
- OPEN_REDIRECT none
- OS_CMD_INJECTION command_as_one_string
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SQLI none
- SQLI nosink
- SQLI sink
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
- TEMPLATE_INJECTION none
- URL_MANIPULATION none
- XSS none
|
- CONFIG.MYBATIS_MAPPER_SQLI none
- CONFIG.SPRING_SECURITY_DEPRECATED_XSS_HEADER deprecated_xss_header
- CONFIG.STRUTS2_CONFIG_BROWSER_PLUGIN none
- CONFIG.STRUTS2_DYNAMIC_METHOD_INVOCATION none
- CONFIG.STRUTS2_ENABLED_DEV_MODE none
- EL_INJECTION none
- FB.HRS_REQUEST_PARAMETER_TO_COOKIE none
- FB.HRS_REQUEST_PARAMETER_TO_HTTP_HEADER none
- FB.PT_ABSOLUTE_PATH_TRAVERSAL none
- FB.PT_RELATIVE_PATH_TRAVERSAL none
- FB.SQL_NONCONSTANT_STRING_PASSED_TO_EXECUTE none
- FB.SQL_PREPARED_STATEMENT_GENERATED_FROM_NONCONSTANT_STRING none
- FB.XSS_REQUEST_PARAMETER_TO_JSP_WRITER none
- FB.XSS_REQUEST_PARAMETER_TO_SEND_ERROR none
- FB.XSS_REQUEST_PARAMETER_TO_SERVLET_WRITER none
- HEADER_INJECTION none
- INVALIDATE_ITERATOR map_put
- INVALIDATE_ITERATOR none
- JAVA_CODE_INJECTION none
- JCR_INJECTION none
- JSP_DYNAMIC_INCLUDE none
- JSP_SQL_INJECTION none
- LDAP_INJECTION none
- LDAP_NOT_CONSTANT none
- LOG_INJECTION none
- MISSING_HEADER_VALIDATION missing_header_validation
- NOSQL_QUERY_INJECTION none
- OGNL_INJECTION none
- OPEN_REDIRECT none
- OS_CMD_INJECTION command_as_array_of_args
- OS_CMD_INJECTION command_as_one_string
- OS_CMD_INJECTION none
- OVERFLOW_BEFORE_WIDEN none
- PATH_MANIPULATION none
- REGEX_INJECTION none
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
- UNKNOWN_LANGUAGE_INJECTION none
- UNRESTRICTED_DISPATCH none
- UNSAFE_JNI none
- UNSAFE_NAMED_QUERY none
- UNSAFE_REFLECTION none
- URL_MANIPULATION bad_content_uri
- URL_MANIPULATION bad_intent_uri
- URL_MANIPULATION bad_web_uri
- XML_INJECTION none
- XPATH_INJECTION none
- XSS none
- XSS stored_xss
|
- ANGULAR_BYPASS_SECURITY none
- ANGULAR_ELEMENT_REFERENCE none
- ANGULAR_EXPRESSION_INJECTION none
- ANGULAR_SCE_DISABLED angular_sce_disabled
- AWS_VALIDATION_DISABLED aws_parameters_validation
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
- COOKIE_INJECTION none
- CSS_INJECTION none
- DOM_XSS none
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
- HEADER_INJECTION none
- LOCALSTORAGE_MANIPULATION none
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
- NOSQL_QUERY_INJECTION none
- OPEN_REDIRECT none
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- REACT_DANGEROUS_INNERHTML react_set_unsafe_html
- REGEX_INJECTION none
- REVERSE_TABNABBING react_target_blank
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SESSIONSTORAGE_MANIPULATION none
- SQLI none
- SQLI nosink
- SQLI sink
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
- TEMPLATE_INJECTION none
- URL_MANIPULATION none
- VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
- WEAK_URL_SANITIZATION url_substring
- XSS none
|
- HEADER_INJECTION none
- OS_CMD_INJECTION command_as_array_of_args
- OS_CMD_INJECTION command_as_one_string
- PATH_MANIPULATION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SQLI none
- SQLI nosink
- SQLI sink
- URL_MANIPULATION bad_content_uri
- URL_MANIPULATION bad_intent_uri
- URL_MANIPULATION bad_web_uri
|
- ARRAY_VS_SINGLETON none
- BAD_ALLOC_ARITHMETIC none
- BUFFER_SIZE fixed_size_dest
- BUFFER_SIZE likely_overflow
- BUFFER_SIZE no_null_terminator
- BUFFER_SIZE no_null_terminator_warn
- BUFFER_SIZE none
- BUFFER_SIZE overflow
- BUFFER_SIZE overlapping_buffer
- FORMAT_STRING_INJECTION none
- FORMAT_STRING_INJECTION paranoid
- HEADER_INJECTION none
- INCOMPATIBLE_CAST overrun
- INTEGER_OVERFLOW array_index_read
- INTEGER_OVERFLOW array_index_write
- INTEGER_OVERFLOW const_overflow
- INTEGER_OVERFLOW critical_argument
- INTEGER_OVERFLOW none
- INTEGER_OVERFLOW pointer_deref_read
- INTEGER_OVERFLOW pointer_deref_write
- INTEGER_OVERFLOW return_value_error
- INVALIDATE_ITERATOR none
- MISMATCHED_ITERATOR none
- MISMATCHED_ITERATOR splice_iterator_mismatch
- MISSING_ASSIGN none
- MISSING_ASSIGN uncalled
- MISSING_COPY none
- MISSING_COPY uncalled
- NEGATIVE_RETURNS array_index_read
- NEGATIVE_RETURNS array_index_write
- NEGATIVE_RETURNS loop_bound
- OS_CMD_INJECTION none
- OVERFLOW_BEFORE_WIDEN none
- OVERRUN illegal_address
- OVERRUN none
- OVERRUN read
- OVERRUN strlen
- OVERRUN write
- PATH_MANIPULATION none
- READLINK none
- REVERSE_NEGATIVE array_index_read
- REVERSE_NEGATIVE array_index_write
- REVERSE_NEGATIVE critical_argument
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SIZECHECK likely_overflow
- SIZECHECK no_null_terminator
- SQLI none
- STRING_NULL none
- STRING_OVERFLOW fixed_size_dest
- STRING_OVERFLOW likely_overflow
- STRING_OVERFLOW none
- STRING_SIZE none
- TAINTED_SCALAR allocation
- TAINTED_SCALAR array_index_read
- TAINTED_SCALAR array_index_write
- TAINTED_SCALAR critical_argument
- TAINTED_SCALAR divisor
- TAINTED_SCALAR loop_bound
- TAINTED_SCALAR none
- TAINTED_SCALAR pointer_deref_read
- TAINTED_SCALAR pointer_deref_write
- TAINTED_STRING none
- URL_MANIPULATION none
- USER_POINTER none
- USE_AFTER_FREE deref_read_after_free
- USE_AFTER_FREE deref_write_after_free
- USE_AFTER_FREE double_free
- USE_AFTER_FREE none
- WRAPPER_ESCAPE COM_deref_read_after_free
- WRAPPER_ESCAPE COM_deref_write_after_free
- WRAPPER_ESCAPE COM_use_after_free
- WRAPPER_ESCAPE deref_read_after_free
- WRAPPER_ESCAPE deref_write_after_free
- WRAPPER_ESCAPE none
- XPATH_INJECTION none
|
- HEADER_INJECTION none
- NOSQL_QUERY_INJECTION none
- OPEN_REDIRECT none
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SQLI none
- SQLI nosink
- SQLI sink
- SYMFONY_EL_INJECTION none
- UNSAFE_REFLECTION none
- XSS none
|
- NOSQL_QUERY_INJECTION none
- OPEN_REDIRECT none
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SQLI none
- SQLI nosink
- SQLI sink
- XSS none
|
- DYNAMIC_OBJECT_ATTRIBUTES cve_2013_0276_hi
- OPEN_REDIRECT open_redirect_hi
- OPEN_REDIRECT open_redirect_low
- OS_CMD_INJECTION command_injection_hi
- OS_CMD_INJECTION command_injection_med
- PATH_MANIPULATION dynamic_render_path_hi
- PATH_MANIPULATION dynamic_render_path_low
- PATH_MANIPULATION dynamic_render_path_med
- PATH_MANIPULATION dynamic_render_path_rce_hi
- PATH_MANIPULATION file_access_hi
- PATH_MANIPULATION file_access_low
- PATH_MANIPULATION file_access_med
- REGEX_INJECTION regex_dos_hi
- REGEX_INJECTION regex_dos_low
- REGEX_INJECTION regex_dos_med
- REVERSE_TABNABBING reverse_tabnabbing_low
- RUBY_VULNERABLE_LIBRARY cve_2010_3933_hi
- RUBY_VULNERABLE_LIBRARY cve_2011_2929_hi
- RUBY_VULNERABLE_LIBRARY cve_2011_2930_med
- RUBY_VULNERABLE_LIBRARY cve_2011_2931_hi
- RUBY_VULNERABLE_LIBRARY cve_2011_2932_hi
- RUBY_VULNERABLE_LIBRARY cve_2011_3186_med
- RUBY_VULNERABLE_LIBRARY cve_2012_2660_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_2661_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_2695_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_3463_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_3465_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_5664_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_0155_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_1855_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_1857_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_4491_med
- RUBY_VULNERABLE_LIBRARY cve_2013_6416_call_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_6416_med
- RUBY_VULNERABLE_LIBRARY cve_2013_6417_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_0080_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_0081_call_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_0081_med
- RUBY_VULNERABLE_LIBRARY cve_2014_3482_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_3483_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_low
- RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_med
- RUBY_VULNERABLE_LIBRARY cve_2014_3514_med
- RUBY_VULNERABLE_LIBRARY cve_2014_7829_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_3226_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_3226_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7577_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7578_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_7578_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7579_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_7579_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7580_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_7580_med
- RUBY_VULNERABLE_LIBRARY cve_2016_6317_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_3741_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_3741_med
- RUBY_VULNERABLE_LIBRARY cve_2018_3760_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_3760_low
- RUBY_VULNERABLE_LIBRARY cve_2018_8048_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_8048_med
- RUBY_VULNERABLE_LIBRARY safe_buffer_vuln_med
- RUBY_VULNERABLE_LIBRARY select_options_vuln_low
- RUBY_VULNERABLE_LIBRARY select_options_vuln_med
- RUBY_VULNERABLE_LIBRARY translate_vuln_hi
- RUBY_VULNERABLE_LIBRARY translate_vuln_med
- SCRIPT_CODE_INJECTION code_eval_hi
- SCRIPT_CODE_INJECTION code_eval_low
- SQLI sql_injection_calculate_hi
- SQLI sql_injection_calculate_low
- SQLI sql_injection_calculate_med
- SQLI sql_injection_connection_hi
- SQLI sql_injection_connection_low
- SQLI sql_injection_connection_med
- SQLI sql_injection_delete_hi
- SQLI sql_injection_delete_low
- SQLI sql_injection_delete_med
- SQLI sql_injection_dynamic_finder_med
- SQLI sql_injection_exists_hi
- SQLI sql_injection_find_by_hi
- SQLI sql_injection_find_hi
- SQLI sql_injection_find_low
- SQLI sql_injection_find_med
- SQLI sql_injection_from_hi
- SQLI sql_injection_from_low
- SQLI sql_injection_from_med
- SQLI sql_injection_group_low
- SQLI sql_injection_group_med
- SQLI sql_injection_having_low
- SQLI sql_injection_having_med
- SQLI sql_injection_hi
- SQLI sql_injection_interp_hi
- SQLI sql_injection_interp_low
- SQLI sql_injection_interp_med
- SQLI sql_injection_joins_hi
- SQLI sql_injection_joins_low
- SQLI sql_injection_joins_med
- SQLI sql_injection_limit_offset_hi
- SQLI sql_injection_limit_offset_low
- SQLI sql_injection_low
- SQLI sql_injection_med
- SQLI sql_injection_not_low
- SQLI sql_injection_order_hi
- SQLI sql_injection_order_low
- SQLI sql_injection_order_med
- SQLI sql_injection_pluck_hi
- SQLI sql_injection_pluck_low
- SQLI sql_injection_pluck_med
- SQLI sql_injection_reorder_hi
- SQLI sql_injection_reorder_low
- SQLI sql_injection_reorder_med
- SQLI sql_injection_select_hi
- SQLI sql_injection_select_med
- SQLI sql_injection_where_hi
- SQLI sql_injection_where_low
- SQLI sql_injection_where_med
- UNESCAPED_HTML unescaped_output_low
- UNSAFE_REFLECTION dangerous_send_hi
- UNSAFE_REFLECTION unsafe_constantize_hi
- UNSAFE_REFLECTION unsafe_constantize_med
- XSS cross_site_scripting_hi
- XSS cross_site_scripting_inline_hi
- XSS cross_site_scripting_inline_med
- XSS cross_site_scripting_low
- XSS cross_site_scripting_med
- XSS cve_2011_0446_hi
- XSS cve_2012_3464_med
- XSS cve_2016_6316_hi
- XSS cve_2016_6316_med
- XSS unquoted_attribute_hi
- XSS unquoted_attribute_low
- XSS unquoted_attribute_med
- XSS xss_content_tag_hi
- XSS xss_content_tag_med
- XSS xss_link_to_hi
- XSS xss_link_to_href_hi
- XSS xss_link_to_href_low
- XSS xss_link_to_med
- XSS xss_to_json_hi
- XSS xss_to_json_med
|
- OVERFLOW_BEFORE_WIDEN none
|
- PATH_MANIPULATION none
- REGEX_INJECTION none
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SQLI none
- SQLI nosink
- SQLI sink
- XPATH_INJECTION none
|
- ANGULAR_BYPASS_SECURITY none
- ANGULAR_ELEMENT_REFERENCE none
- ANGULAR_EXPRESSION_INJECTION none
- ANGULAR_SCE_DISABLED angular_sce_disabled
- AWS_VALIDATION_DISABLED aws_parameters_validation
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
- COOKIE_INJECTION none
- CSS_INJECTION none
- DOM_XSS none
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
- HEADER_INJECTION none
- LOCALSTORAGE_MANIPULATION none
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
- NOSQL_QUERY_INJECTION none
- OPEN_REDIRECT none
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- REACT_DANGEROUS_INNERHTML react_set_unsafe_html
- REGEX_INJECTION none
- REVERSE_TABNABBING react_target_blank
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SESSIONSTORAGE_MANIPULATION none
- SQLI none
- SQLI nosink
- SQLI sink
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
- TEMPLATE_INJECTION none
- URL_MANIPULATION none
- VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
- WEAK_URL_SANITIZATION url_substring
- XSS none
|
- HEADER_INJECTION none
- LDAP_INJECTION none
- LDAP_NOT_CONSTANT none
- LOG_INJECTION none
- OPEN_REDIRECT none
- OS_CMD_INJECTION command_argument
- OS_CMD_INJECTION executable_file
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- REGEX_INJECTION none
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
- UNRESTRICTED_DISPATCH none
- UNSAFE_NAMED_QUERY none
- XML_INJECTION none
- XPATH_INJECTION none
- XSS none
- XSS stored_xss
|
| 1006 Bad Coding Practices |
- BAD_EQ_TYPES none
- CALL_SUPER none
- CONFIG.DEAD_AUTHORIZATION_RULE dead_allow_rule
- CONFIG.DEAD_AUTHORIZATION_RULE dead_deny_rule
- DEADCODE dead_case_in_switch
- DEADCODE dead_default_in_switch
- DEADCODE effectively_constant
- DEADCODE none
- DEADCODE redundant_test
- IDENTICAL_BRANCHES case
- IDENTICAL_BRANCHES chain
- IDENTICAL_BRANCHES if
- IDENTICAL_BRANCHES ternary
- MISSING_RESTORE likely
- MISSING_RESTORE none
- MISSING_RESTORE possible
- NESTING_INDENT_MISMATCH bad_indentation
- NESTING_INDENT_MISMATCH none
- SWAPPED_ARGUMENTS none
- UNREACHABLE none
- UNUSED_VALUE adjacent
- UNUSED_VALUE none
- USELESS_CALL none
|
- AUTOSAR C++14 M0-1-1 none
- BAD_COMPARE comparator_misuse
- BAD_COMPARE none
- CHECKED_RETURN library_function
- CHECKED_RETURN none
- CHECKED_RETURN returns_error_info
- CHECKED_RETURN short_read
- CHECKED_RETURN unchecked_arg
- CHECKED_RETURN user_required
- CHROOT none
- COM.BSTR.ALLOC double_free
- DC.PREDICTABLE_KEY_PASSWORD none
- DC.STREAM_BUFFER none
- DC.STRING_BUFFER none
- DC.WEAK_CRYPTO none
- DEADCODE dead_case_in_switch
- DEADCODE dead_default_in_switch
- DEADCODE effectively_constant
- DEADCODE none
- DEADCODE redundant_test
- DELETE_VOID none
- EVALUATION_ORDER none
- IDENTICAL_BRANCHES case
- IDENTICAL_BRANCHES chain
- IDENTICAL_BRANCHES if
- IDENTICAL_BRANCHES ternary
- INCOMPATIBLE_CAST endianness
- INVALIDATE_ITERATOR none
- LOCK double_lock
- LOCK lock_assert
- MISRA C++-2008 Rule 0-1-1 none
- MISRA C-2004 Rule 8.7 none
- MISSING_BREAK none
- MISSING_RESTORE likely
- MISSING_RESTORE none
- MISSING_RESTORE possible
- NEGATIVE_RETURNS critical_argument
- NESTING_INDENT_MISMATCH bad_indentation
- NESTING_INDENT_MISMATCH none
- NO_EFFECT unsigned_compare
- NO_EFFECT unsigned_compare_macros
- NO_EFFECT unsigned_enums
- OPEN_ARGS none
- PRINTF_ARGS extra_printf_arg
- PRINTF_ARGS invalid_printf_format_string
- PRINTF_ARGS invalid_type_printf_arg
- PRINTF_ARGS missing_printf_arg
- PW.BAD_PRINTF_FORMAT_STRING none
- PW.RETURN_PTR_TO_LOCAL_TEMP none
- PW.TOO_FEW_PRINTF_ARGS none
- PW.TOO_MANY_PRINTF_ARGS none
- PW.UNSIGNED_COMPARE_WITH_NEGATIVE none
- RETURN_LOCAL escape_local_addr_to_fields_or_globals
- RETURN_LOCAL none
- SECURE_CODING none
- SWAPPED_ARGUMENTS none
- UNREACHABLE none
- UNUSED_VALUE adjacent
- UNUSED_VALUE none
- USELESS_CALL none
- USE_AFTER_FREE double_free
- VARARGS none
- VIRTUAL_DTOR empty_dtor
- VIRTUAL_DTOR none
|
- AUTOSAR C++14 M0-1-1 none
- BAD_COMPARE comparator_misuse
- BAD_COMPARE none
- CHECKED_RETURN library_function
- CHECKED_RETURN none
- CHECKED_RETURN returns_error_info
- CHECKED_RETURN short_read
- CHECKED_RETURN unchecked_arg
- CHECKED_RETURN user_required
- CHROOT none
- DC.PREDICTABLE_KEY_PASSWORD none
- DC.STREAM_BUFFER none
- DC.STRING_BUFFER none
- DC.WEAK_CRYPTO none
- DEADCODE dead_case_in_switch
- DEADCODE dead_default_in_switch
- DEADCODE effectively_constant
- DEADCODE none
- DEADCODE redundant_test
- DELETE_VOID none
- EVALUATION_ORDER none
- IDENTICAL_BRANCHES case
- IDENTICAL_BRANCHES chain
- IDENTICAL_BRANCHES if
- IDENTICAL_BRANCHES ternary
- INCOMPATIBLE_CAST endianness
- INVALIDATE_ITERATOR none
- LOCK double_lock
- LOCK lock_assert
- MISRA C++-2008 Rule 0-1-1 none
- MISRA C-2004 Rule 8.7 none
- MISSING_BREAK none
- MISSING_RESTORE likely
- MISSING_RESTORE none
- MISSING_RESTORE possible
- NEGATIVE_RETURNS critical_argument
- NESTING_INDENT_MISMATCH bad_indentation
- NESTING_INDENT_MISMATCH none
- NO_EFFECT unsigned_compare
- NO_EFFECT unsigned_compare_macros
- NO_EFFECT unsigned_enums
- OPEN_ARGS none
- PRINTF_ARGS extra_printf_arg
- PRINTF_ARGS invalid_printf_format_string
- PRINTF_ARGS invalid_type_printf_arg
- PRINTF_ARGS missing_printf_arg
- PW.BAD_PRINTF_FORMAT_STRING none
- PW.RETURN_PTR_TO_LOCAL_TEMP none
- PW.TOO_FEW_PRINTF_ARGS none
- PW.TOO_MANY_PRINTF_ARGS none
- PW.UNSIGNED_COMPARE_WITH_NEGATIVE none
- RETURN_LOCAL escape_local_addr_to_fields_or_globals
- RETURN_LOCAL none
- SECURE_CODING none
- SWAPPED_ARGUMENTS none
- UNREACHABLE none
- UNUSED_VALUE adjacent
- UNUSED_VALUE none
- USELESS_CALL none
- USE_AFTER_FREE double_free
- VARARGS none
- VIRTUAL_DTOR empty_dtor
- VIRTUAL_DTOR none
|
- CHECKED_RETURN none
- CHECKED_RETURN unchecked_arg
- DEADCODE dead_case_in_switch
- DEADCODE dead_default_in_switch
- DEADCODE effectively_constant
- DEADCODE none
- DEADCODE redundant_test
- IDENTICAL_BRANCHES case
- IDENTICAL_BRANCHES chain
- IDENTICAL_BRANCHES if
- IDENTICAL_BRANCHES ternary
- LOCK double_lock
- LOCK lock_assert
- UNUSED_VALUE adjacent
- UNUSED_VALUE none
|
- ATTRIBUTE_NAME_CONFLICT jsp_tag
- BAD_CERT_VERIFICATION bad_trust_manager
- CALL_SUPER clone
- CALL_SUPER finalize
- CALL_SUPER none
- CHECKED_RETURN library_function
- CHECKED_RETURN none
- CHECKED_RETURN short_read
- CHECKED_RETURN user_required
- CONFIG.SPRING_SECURITY_DEBUG_MODE spring_debug_mode_enabled
- DC.DANGEROUS none
- DEADCODE dead_case_in_switch
- DEADCODE dead_default_in_switch
- DEADCODE effectively_constant
- DEADCODE none
- DEADCODE redundant_test
- FB.BC_IMPOSSIBLE_CAST none
- FB.BC_IMPOSSIBLE_DOWNCAST none
- FB.BC_IMPOSSIBLE_DOWNCAST_OF_TOARRAY none
- FB.BC_IMPOSSIBLE_INSTANCEOF none
- FB.BC_VACUOUS_INSTANCEOF none
- FB.CN_IDIOM none
- FB.CN_IDIOM_NO_SUPER_CALL none
- FB.CN_IMPLEMENTS_CLONE_BUT_NOT_CLONEABLE none
- FB.DLS_DEAD_LOCAL_INCREMENT_IN_RETURN none
- FB.DLS_DEAD_LOCAL_STORE none
- FB.DLS_DEAD_LOCAL_STORE_IN_RETURN none
- FB.DLS_DEAD_LOCAL_STORE_OF_NULL none
- FB.DLS_DEAD_LOCAL_STORE_SHADOWS_FIELD none
- FB.DLS_DEAD_STORE_OF_CLASS_LITERAL none
- FB.DLS_OVERWRITTEN_INCREMENT none
- FB.DMI_ANNOTATION_IS_NOT_VISIBLE_TO_REFLECTION none
- FB.DMI_ARGUMENTS_WRONG_ORDER none
- FB.DMI_BAD_MONTH none
- FB.DMI_BIGDECIMAL_CONSTRUCTED_FROM_DOUBLE none
- FB.DMI_BLOCKING_METHODS_ON_URL none
- FB.DMI_CALLING_NEXT_FROM_HASNEXT none
- FB.DMI_COLLECTIONS_SHOULD_NOT_CONTAIN_THEMSELVES none
- FB.DMI_COLLECTION_OF_URLS none
- FB.DMI_DOH none
- FB.DMI_ENTRY_SETS_MAY_REUSE_ENTRY_OBJECTS none
- FB.DMI_FUTILE_ATTEMPT_TO_CHANGE_MAXPOOL_SIZE_OF_SCHEDULED_THREAD none
- FB.DMI_HARDCODED_ABSOLUTE_FILENAME none
- FB.DMI_INVOKING_HASHCODE_ON_ARRAY none
- FB.DMI_INVOKING_TOSTRING_ON_ANONYMOUS_ARRAY none
- FB.DMI_INVOKING_TOSTRING_ON_ARRAY none
- FB.DMI_LONG_BITS_TO_DOUBLE_INVOKED_ON_INT none
- FB.DMI_NONSERIALIZABLE_OBJECT_WRITTEN none
- FB.DMI_RANDOM_USED_ONLY_ONCE none
- FB.DMI_SCHEDULED_THREAD_POOL_EXECUTOR_WITH_ZERO_CORE_THREADS none
- FB.DMI_THREAD_PASSED_WHERE_RUNNABLE_EXPECTED none
- FB.DMI_UNSUPPORTED_METHOD none
- FB.DMI_USELESS_SUBSTRING none
- FB.DMI_USING_REMOVEALL_TO_CLEAR_COLLECTION none
- FB.DMI_VACUOUS_CALL_TO_EASYMOCK_METHOD none
- FB.DMI_VACUOUS_SELF_COLLECTION_CALL none
- FB.ESYNC_EMPTY_SYNC none
- FB.FI_EMPTY none
- FB.FI_EXPLICIT_INVOCATION none
- FB.FI_FINALIZER_NULLS_FIELDS none
- FB.FI_FINALIZER_ONLY_NULLS_FIELDS none
- FB.FI_MISSING_SUPER_CALL none
- FB.FI_NULLIFY_SUPER none
- FB.FI_USELESS none
- FB.IP_PARAMETER_IS_DEAD_BUT_OVERWRITTEN none
- FB.J2EE_STORE_OF_NON_SERIALIZABLE_OBJECT_INTO_SESSION none
- FB.NP_SYNC_AND_NULL_CHECK_FIELD none
- FB.RV_01_TO_INT none
- FB.RV_ABSOLUTE_VALUE_OF_HASHCODE none
- FB.RV_ABSOLUTE_VALUE_OF_RANDOM_INT none
- FB.RV_CHECK_COMPARETO_FOR_SPECIFIC_RETURN_VALUE none
- FB.RV_CHECK_FOR_POSITIVE_INDEXOF none
- FB.RV_DONT_JUST_NULL_CHECK_READLINE none
- FB.RV_EXCEPTION_NOT_THROWN none
- FB.RV_NEGATING_RESULT_OF_COMPARETO none
- FB.RV_REM_OF_HASHCODE none
- FB.RV_REM_OF_RANDOM_INT none
- FB.RV_RETURN_VALUE_IGNORED none
- FB.RV_RETURN_VALUE_IGNORED2 none
- FB.RV_RETURN_VALUE_IGNORED_BAD_PRACTICE none
- FB.RV_RETURN_VALUE_IGNORED_INFERRED none
- FB.RV_RETURN_VALUE_IGNORED_NO_SIDE_EFFECT none
- FB.RV_RETURN_VALUE_OF_PUTIFABSENT_IGNORED none
- FB.SF_DEAD_STORE_DUE_TO_SWITCH_FALLTHROUGH none
- FB.SF_DEAD_STORE_DUE_TO_SWITCH_FALLTHROUGH_TO_THROW none
- FB.SF_SWITCH_FALLTHROUGH none
- IDENTICAL_BRANCHES case
- IDENTICAL_BRANCHES chain
- IDENTICAL_BRANCHES if
- IDENTICAL_BRANCHES ternary
- INVALIDATE_ITERATOR map_put
- INVALIDATE_ITERATOR none
- MISSING_BREAK none
- MISSING_RESTORE likely
- MISSING_RESTORE none
- MISSING_RESTORE possible
- NESTING_INDENT_MISMATCH bad_indentation
- NESTING_INDENT_MISMATCH none
- ORM_LOAD_NULL_CHECK none
- SWAPPED_ARGUMENTS none
- UNREACHABLE none
- UNUSED_VALUE adjacent
- UNUSED_VALUE none
- USELESS_CALL none
|
- CONFIG.ENABLED_DEBUG_MODE debug_mode_enabled
- DEADCODE none
- DEADCODE redundant_test
- EXPLICIT_THIS_EXPECTED none
- IDENTICAL_BRANCHES case
- IDENTICAL_BRANCHES chain
- IDENTICAL_BRANCHES if
- IDENTICAL_BRANCHES ternary
- IDENTIFIER_TYPO none
- MISSING_BREAK none
- NESTING_INDENT_MISMATCH bad_indentation
- NESTING_INDENT_MISMATCH none
- UNREACHABLE none
|
- BAD_CERT_VERIFICATION bad_trust_manager
|
- BAD_COMPARE comparator_misuse
- BAD_COMPARE none
- CHECKED_RETURN library_function
- CHECKED_RETURN none
- CHECKED_RETURN short_read
- CHECKED_RETURN unchecked_arg
- CHECKED_RETURN user_required
- CHROOT none
- DC.PREDICTABLE_KEY_PASSWORD none
- DC.STREAM_BUFFER none
- DC.STRING_BUFFER none
- DC.WEAK_CRYPTO none
- DEADCODE dead_case_in_switch
- DEADCODE dead_default_in_switch
- DEADCODE effectively_constant
- DEADCODE none
- DEADCODE redundant_test
- DELETE_VOID none
- EVALUATION_ORDER none
- IDENTICAL_BRANCHES case
- IDENTICAL_BRANCHES chain
- IDENTICAL_BRANCHES if
- IDENTICAL_BRANCHES ternary
- INCOMPATIBLE_CAST endianness
- INVALIDATE_ITERATOR none
- LOCK double_lock
- LOCK lock_assert
- MISSING_BREAK none
- MISSING_RESTORE likely
- MISSING_RESTORE none
- MISSING_RESTORE possible
- NEGATIVE_RETURNS critical_argument
- NESTING_INDENT_MISMATCH bad_indentation
- NESTING_INDENT_MISMATCH none
- NO_EFFECT unsigned_compare
- NO_EFFECT unsigned_compare_macros
- NO_EFFECT unsigned_enums
- OPEN_ARGS none
- PRINTF_ARGS extra_printf_arg
- PRINTF_ARGS invalid_printf_format_string
- PRINTF_ARGS invalid_type_printf_arg
- PRINTF_ARGS missing_printf_arg
- RETURN_LOCAL escape_local_addr_to_fields_or_globals
- RETURN_LOCAL none
- SECURE_CODING none
- SWAPPED_ARGUMENTS none
- UNREACHABLE none
- UNUSED_VALUE adjacent
- UNUSED_VALUE none
- USELESS_CALL none
- USE_AFTER_FREE double_free
- VARARGS none
- VIRTUAL_DTOR empty_dtor
- VIRTUAL_DTOR none
|
- DEADCODE none
- DEADCODE redundant_test
- IDENTICAL_BRANCHES case
- IDENTICAL_BRANCHES chain
- IDENTICAL_BRANCHES if
- IDENTICAL_BRANCHES ternary
- IDENTIFIER_TYPO none
- MISSING_BREAK none
- NESTING_INDENT_MISMATCH bad_indentation
- NESTING_INDENT_MISMATCH none
- UNREACHABLE none
|
- DEADCODE none
- DEADCODE redundant_test
- IDENTICAL_BRANCHES chain
- IDENTICAL_BRANCHES if
- IDENTICAL_BRANCHES ternary
- IDENTIFIER_TYPO none
- UNREACHABLE none
|
- DEADCODE none
- DEADCODE redundant_test
- IDENTICAL_BRANCHES chain
- IDENTICAL_BRANCHES if
- IDENTICAL_BRANCHES ternary
- IDENTIFIER_TYPO none
- UNREACHABLE none
|
- DEADCODE dead_case_in_switch
- DEADCODE dead_default_in_switch
- DEADCODE effectively_constant
- DEADCODE none
- DEADCODE redundant_test
- IDENTICAL_BRANCHES case
- IDENTICAL_BRANCHES chain
- IDENTICAL_BRANCHES if
- IDENTICAL_BRANCHES ternary
- NESTING_INDENT_MISMATCH bad_indentation
- NESTING_INDENT_MISMATCH none
- UNREACHABLE none
|
- BAD_CERT_VERIFICATION bad_trust_manager
- DEADCODE dead_case_in_switch
- DEADCODE dead_default_in_switch
- DEADCODE effectively_constant
- DEADCODE none
- DEADCODE redundant_test
- IDENTICAL_BRANCHES case
- IDENTICAL_BRANCHES chain
- IDENTICAL_BRANCHES if
- IDENTICAL_BRANCHES ternary
|
- CONFIG.ENABLED_DEBUG_MODE debug_mode_enabled
- DEADCODE none
- DEADCODE redundant_test
- EXPLICIT_THIS_EXPECTED none
- IDENTICAL_BRANCHES case
- IDENTICAL_BRANCHES chain
- IDENTICAL_BRANCHES if
- IDENTICAL_BRANCHES ternary
- IDENTIFIER_TYPO none
- MISSING_BREAK none
- NESTING_INDENT_MISMATCH bad_indentation
- NESTING_INDENT_MISMATCH none
- UNREACHABLE none
|
- CALL_SUPER none
- DEADCODE dead_case_in_switch
- DEADCODE dead_default_in_switch
- DEADCODE effectively_constant
- DEADCODE none
- DEADCODE redundant_test
- IDENTICAL_BRANCHES case
- IDENTICAL_BRANCHES chain
- IDENTICAL_BRANCHES if
- IDENTICAL_BRANCHES ternary
- SWAPPED_ARGUMENTS none
- UNREACHABLE none
|
| 1007 Insufficient Visual Distinction of Homoglyphs Presented to User |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1008 Architectural Concepts |
- ASPNET_MVC_VERSION_HEADER none
- CONFIG.ASPNET_VERSION_HEADER none
- CONFIG.CONNECTION_STRING_PASSWORD none
- CONFIG.COOKIES_MISSING_HTTPONLY none
- CONFIG.DEAD_AUTHORIZATION_RULE dead_allow_rule
- CONFIG.DEAD_AUTHORIZATION_RULE dead_deny_rule
- CONFIG.DYNAMIC_DATA_HTML_COMMENT none
- CONFIG.ENABLED_DEBUG_MODE none
- CONFIG.ENABLED_TRACE_MODE none
- CONFIG.MISSING_CUSTOM_ERROR_PAGE none
- CSRF database_update
- CSRF filesystem_modification
- CSRF none
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HEADER_INJECTION none
- INSECURE_COOKIE dotnet
- INSECURE_RANDOM insecure_random_used
- INSECURE_RANDOM insecure_random_value
- LDAP_INJECTION none
- LDAP_NOT_CONSTANT none
- LOG_INJECTION none
- MISSING_AUTHZ none
- MISSING_THROW none
- NOSQL_QUERY_INJECTION none
- OPEN_REDIRECT none
- OS_CMD_INJECTION command_argument
- OS_CMD_INJECTION executable_file
- OS_CMD_INJECTION none
- OVERFLOW_BEFORE_WIDEN none
- PATH_MANIPULATION none
- REGEX_INJECTION none
- RESOURCE_LEAK socket
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- UNKNOWN_LANGUAGE_INJECTION none
- UNLOGGED_SECURITY_EXCEPTION unlogged_security_exception
- UNRESTRICTED_DISPATCH none
- UNSAFE_DESERIALIZATION none
- UNSAFE_NAMED_QUERY none
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
- XML_EXTERNAL_ENTITY external_entities
- XML_EXTERNAL_ENTITY unrestricted_dtds
- XML_INJECTION none
- XPATH_INJECTION none
- XSS none
- XSS stored_xss
|
- ARRAY_VS_SINGLETON none
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK nested_memory_access
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK sensitive_data_comparison
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_execution_data_leak
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_uninitialized_use
- AUTOSAR C++14 A15-3-3 none
- BAD_ALLOC_ARITHMETIC none
- BAD_COMPARE comparator_misuse
- BUFFER_SIZE fixed_size_dest
- BUFFER_SIZE likely_overflow
- BUFFER_SIZE no_null_terminator
- BUFFER_SIZE no_null_terminator_warn
- BUFFER_SIZE none
- BUFFER_SIZE overflow
- BUFFER_SIZE overlapping_buffer
- CHECKED_RETURN library_function
- CHECKED_RETURN none
- CHECKED_RETURN returns_error_info
- CHECKED_RETURN short_read
- CHECKED_RETURN unchecked_arg
- CHECKED_RETURN user_required
- CHROOT none
- COM.BAD_FREE none
- COM.BSTR.ALLOC double_free
- COM.BSTR.ALLOC free_uninit
- COM.BSTR.ALLOC none
- COM.BSTR.ALLOC use_after_free
- COM.BSTR.ALLOC use_uninit
- COM.BSTR.CONV none
- FORMAT_STRING_INJECTION none
- FORMAT_STRING_INJECTION paranoid
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HEADER_INJECTION none
- INCOMPATIBLE_CAST overrun
- INTEGER_OVERFLOW array_index_read
- INTEGER_OVERFLOW array_index_write
- INTEGER_OVERFLOW const_overflow
- INTEGER_OVERFLOW critical_argument
- INTEGER_OVERFLOW none
- INTEGER_OVERFLOW pointer_deref_read
- INTEGER_OVERFLOW pointer_deref_write
- INTEGER_OVERFLOW return_value_error
- INVALIDATE_ITERATOR none
- MISMATCHED_ITERATOR none
- MISMATCHED_ITERATOR splice_iterator_mismatch
- MISRA C++-2008 Rule 15-3-2 none
- MISSING_ASSIGN none
- MISSING_ASSIGN uncalled
- MISSING_COPY none
- MISSING_COPY uncalled
- NEGATIVE_RETURNS array_index_read
- NEGATIVE_RETURNS array_index_write
- NEGATIVE_RETURNS loop_bound
- NEGATIVE_RETURNS none
- OS_CMD_INJECTION none
- OVERFLOW_BEFORE_WIDEN none
- OVERRUN illegal_address
- OVERRUN none
- OVERRUN read
- OVERRUN strlen
- OVERRUN write
- PATH_MANIPULATION none
- PW.INTEGER_OVERFLOW none
- PW.INTEGER_TOO_LARGE none
- PW.NON_CONST_PRINTF_FORMAT_STRING none
- PW.SHIFT_COUNT_TOO_LARGE none
- READLINK none
- REVERSE_NEGATIVE array_index_read
- REVERSE_NEGATIVE array_index_write
- REVERSE_NEGATIVE critical_argument
- REVERSE_NEGATIVE none
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SECURE_TEMP none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SIZECHECK likely_overflow
- SIZECHECK no_null_terminator
- SQLI none
- STRING_NULL none
- STRING_OVERFLOW fixed_size_dest
- STRING_OVERFLOW likely_overflow
- STRING_OVERFLOW none
- STRING_SIZE none
- TAINTED_SCALAR allocation
- TAINTED_SCALAR array_index_read
- TAINTED_SCALAR array_index_write
- TAINTED_SCALAR critical_argument
- TAINTED_SCALAR divisor
- TAINTED_SCALAR loop_bound
- TAINTED_SCALAR none
- TAINTED_SCALAR pointer_deref_read
- TAINTED_SCALAR pointer_deref_write
- TAINTED_STRING none
- UNCAUGHT_EXCEPT none
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- URL_MANIPULATION none
- USER_POINTER none
- USE_AFTER_FREE deref_read_after_free
- USE_AFTER_FREE deref_write_after_free
- USE_AFTER_FREE double_free
- USE_AFTER_FREE none
- WEAK_GUARD dns
- WEAK_GUARD dns_sensitive_op
- WEAK_GUARD http_referer
- WEAK_GUARD http_referer_sensitive_op
- WEAK_GUARD ip_address
- WEAK_GUARD ip_address_sensitive_op
- WEAK_GUARD none
- WEAK_GUARD os_login
- WEAK_GUARD os_login_sensitive_op
- WEAK_GUARD principal_name
- WEAK_GUARD principal_name_sensitive_op
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
- WRAPPER_ESCAPE COM_deref_read_after_free
- WRAPPER_ESCAPE COM_deref_write_after_free
- WRAPPER_ESCAPE COM_use_after_free
- WRAPPER_ESCAPE deref_read_after_free
- WRAPPER_ESCAPE deref_write_after_free
- WRAPPER_ESCAPE none
- XPATH_INJECTION none
|
- ARRAY_VS_SINGLETON none
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK nested_memory_access
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK sensitive_data_comparison
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_execution_data_leak
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_uninitialized_use
- AUTOSAR C++14 A15-3-3 none
- BAD_ALLOC_ARITHMETIC none
- BAD_COMPARE comparator_misuse
- BUFFER_SIZE fixed_size_dest
- BUFFER_SIZE likely_overflow
- BUFFER_SIZE no_null_terminator
- BUFFER_SIZE no_null_terminator_warn
- BUFFER_SIZE none
- BUFFER_SIZE overflow
- BUFFER_SIZE overlapping_buffer
- CHECKED_RETURN library_function
- CHECKED_RETURN none
- CHECKED_RETURN returns_error_info
- CHECKED_RETURN short_read
- CHECKED_RETURN unchecked_arg
- CHECKED_RETURN user_required
- CHROOT none
- FORMAT_STRING_INJECTION none
- FORMAT_STRING_INJECTION paranoid
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HEADER_INJECTION none
- INCOMPATIBLE_CAST overrun
- INTEGER_OVERFLOW array_index_read
- INTEGER_OVERFLOW array_index_write
- INTEGER_OVERFLOW const_overflow
- INTEGER_OVERFLOW critical_argument
- INTEGER_OVERFLOW none
- INTEGER_OVERFLOW pointer_deref_read
- INTEGER_OVERFLOW pointer_deref_write
- INTEGER_OVERFLOW return_value_error
- INVALIDATE_ITERATOR none
- MISMATCHED_ITERATOR none
- MISMATCHED_ITERATOR splice_iterator_mismatch
- MISRA C++-2008 Rule 15-3-2 none
- MISSING_ASSIGN none
- MISSING_ASSIGN uncalled
- MISSING_COPY none
- MISSING_COPY uncalled
- NEGATIVE_RETURNS array_index_read
- NEGATIVE_RETURNS array_index_write
- NEGATIVE_RETURNS loop_bound
- NEGATIVE_RETURNS none
- OS_CMD_INJECTION none
- OVERFLOW_BEFORE_WIDEN none
- OVERRUN illegal_address
- OVERRUN none
- OVERRUN read
- OVERRUN strlen
- OVERRUN write
- PATH_MANIPULATION none
- PW.INTEGER_OVERFLOW none
- PW.INTEGER_TOO_LARGE none
- PW.NON_CONST_PRINTF_FORMAT_STRING none
- PW.SHIFT_COUNT_TOO_LARGE none
- READLINK none
- REVERSE_NEGATIVE array_index_read
- REVERSE_NEGATIVE array_index_write
- REVERSE_NEGATIVE critical_argument
- REVERSE_NEGATIVE none
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SECURE_TEMP none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SIZECHECK likely_overflow
- SIZECHECK no_null_terminator
- SQLI none
- STRING_NULL none
- STRING_OVERFLOW fixed_size_dest
- STRING_OVERFLOW likely_overflow
- STRING_OVERFLOW none
- STRING_SIZE none
- TAINTED_SCALAR allocation
- TAINTED_SCALAR array_index_read
- TAINTED_SCALAR array_index_write
- TAINTED_SCALAR critical_argument
- TAINTED_SCALAR divisor
- TAINTED_SCALAR loop_bound
- TAINTED_SCALAR none
- TAINTED_SCALAR pointer_deref_read
- TAINTED_SCALAR pointer_deref_write
- TAINTED_STRING none
- UNCAUGHT_EXCEPT none
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- URL_MANIPULATION none
- USER_POINTER none
- USE_AFTER_FREE deref_read_after_free
- USE_AFTER_FREE deref_write_after_free
- USE_AFTER_FREE double_free
- USE_AFTER_FREE none
- WEAK_GUARD dns
- WEAK_GUARD dns_sensitive_op
- WEAK_GUARD http_referer
- WEAK_GUARD http_referer_sensitive_op
- WEAK_GUARD ip_address
- WEAK_GUARD ip_address_sensitive_op
- WEAK_GUARD none
- WEAK_GUARD os_login
- WEAK_GUARD os_login_sensitive_op
- WEAK_GUARD principal_name
- WEAK_GUARD principal_name_sensitive_op
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
- WRAPPER_ESCAPE COM_deref_read_after_free
- WRAPPER_ESCAPE COM_deref_write_after_free
- WRAPPER_ESCAPE COM_use_after_free
- WRAPPER_ESCAPE deref_read_after_free
- WRAPPER_ESCAPE deref_write_after_free
- WRAPPER_ESCAPE none
- XPATH_INJECTION none
|
- CHECKED_RETURN none
- CHECKED_RETURN unchecked_arg
- DISTRUSTED_DATA_DESERIALIZATION none
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HEADER_INJECTION none
- INSUFFICIENT_LOGGING logging_obligation
- NOSQL_QUERY_INJECTION none
- OPEN_REDIRECT none
- OS_CMD_INJECTION command_as_one_string
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
- TEMPLATE_INJECTION none
- URL_MANIPULATION none
- XML_EXTERNAL_ENTITY external_entities
- XSS none
|
- ANDROID_CAPABILITY_LEAK none
- ANDROID_DEBUG_MODE none
- ANDROID_WEBVIEW_FILEACCESS android_webview_file_access
- BAD_CERT_VERIFICATION bad_hostname_verifier
- BAD_CERT_VERIFICATION bad_revocation_check
- BAD_CERT_VERIFICATION bad_ssl_session
- BAD_CERT_VERIFICATION bad_trust_manager
- CHECKED_RETURN library_function
- CHECKED_RETURN none
- CHECKED_RETURN short_read
- CHECKED_RETURN user_required
- CONFIG.ANDROID_BACKUPS_ALLOWED android
- CONFIG.DWR_DEBUG_MODE none
- CONFIG.DYNAMIC_DATA_HTML_COMMENT none
- CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
- CONFIG.JAVAEE_MISSING_HTTPONLY none
- CONFIG.JAVAEE_MISSING_SERVLET_MAPPING javaee
- CONFIG.MISSING_GLOBAL_EXCEPTION_HANDLER none
- CONFIG.MISSING_JSF2_SECURITY_CONSTRAINT none
- CONFIG.MYBATIS_MAPPER_SQLI none
- CONFIG.SPRING_BOOT_SENSITIVE_LOGGING spring_boot_logging
- CONFIG.SPRING_BOOT_SSL_DISABLED spring_boot_certificate_validation_skipped
- CONFIG.SPRING_BOOT_SSL_DISABLED spring_boot_ssl_disabled
- CONFIG.SPRING_SECURITY_CSRF_PROTECTION_DISABLED spring_security
- CONFIG.SPRING_SECURITY_DEBUG_MODE spring_debug_mode_enabled
- CONFIG.SPRING_SECURITY_DEPRECATED_XSS_HEADER deprecated_xss_header
- CONFIG.SPRING_SECURITY_DISABLE_AUTH_TAGS none
- CONFIG.SPRING_SECURITY_EXPOSED_SESSIONID session_id_in_url
- CONFIG.SPRING_SECURITY_HARDCODED_CREDENTIALS none
- CONFIG.SPRING_SECURITY_LOGIN_OVER_HTTP spring_security_login_over_http
- CONFIG.SPRING_SECURITY_REMEMBER_ME_HARDCODED_KEY none
- CONFIG.SPRING_SECURITY_SESSION_FIXATION none
- CONFIG.SPRING_SECURITY_SESSION_FIXATION spring_security_source_code
- CONFIG.SPRING_SECURITY_UNSAFE_AUTHENTICATION_FILTER authentication_filter
- CONFIG.SPRING_SECURITY_WEAK_PASSWORD_HASH weak_encoding_for_password
- CONFIG.STRUTS2_CONFIG_BROWSER_PLUGIN none
- CONFIG.STRUTS2_DYNAMIC_METHOD_INVOCATION none
- CONFIG.STRUTS2_ENABLED_DEV_MODE none
- CONFIG.UNSAFE_SESSION_TIMEOUT none
- CORS_MISCONFIGURATION cors_with_credentials_http_origin
- CORS_MISCONFIGURATION cors_with_credentials_null_origin
- CORS_MISCONFIGURATION_AUDIT cors_expose_sensitive_header
- CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
- CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
- CSRF database_update
- CSRF filesystem_modification
- CSRF none
- DISABLED_ENCRYPTION text_encryptor
- EL_INJECTION none
- EXPOSED_PREFERENCES none
- FB.DE_MIGHT_DROP none
- FB.DE_MIGHT_IGNORE none
- FB.DMI_CONSTANT_DB_PASSWORD none
- FB.DMI_EMPTY_DB_PASSWORD none
- FB.EI_EXPOSE_REP none
- FB.EI_EXPOSE_REP2 none
- FB.FI_PUBLIC_SHOULD_BE_PROTECTED none
- FB.HRS_REQUEST_PARAMETER_TO_COOKIE none
- FB.HRS_REQUEST_PARAMETER_TO_HTTP_HEADER none
- FB.J2EE_STORE_OF_NON_SERIALIZABLE_OBJECT_INTO_SESSION none
- FB.MS_CANNOT_BE_FINAL none
- FB.PT_ABSOLUTE_PATH_TRAVERSAL none
- FB.PT_RELATIVE_PATH_TRAVERSAL none
- FB.REC_CATCH_EXCEPTION none
- FB.RV_RETURN_VALUE_IGNORED_BAD_PRACTICE none
- FB.SQL_NONCONSTANT_STRING_PASSED_TO_EXECUTE none
- FB.SQL_PREPARED_STATEMENT_GENERATED_FROM_NONCONSTANT_STRING none
- FB.XSS_REQUEST_PARAMETER_TO_JSP_WRITER none
- FB.XSS_REQUEST_PARAMETER_TO_SEND_ERROR none
- FB.XSS_REQUEST_PARAMETER_TO_SERVLET_WRITER none
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HEADER_INJECTION none
- IMPLICIT_INTENT none
- INSECURE_COMMUNICATION insecure_communication
- INSECURE_COMMUNICATION none
- INSECURE_COMMUNICATION unencrypted_connection
- INSECURE_COOKIE java
- INSECURE_RANDOM insecure_random_used
- INSECURE_RANDOM insecure_random_value
- INSECURE_REMEMBER_ME_COOKIE remember_me_cookie
- INVALIDATE_ITERATOR map_put
- INVALIDATE_ITERATOR none
- JAVA_CODE_INJECTION none
- JCR_INJECTION none
- JSP_DYNAMIC_INCLUDE none
- JSP_SQL_INJECTION none
- LDAP_INJECTION none
- LDAP_NOT_CONSTANT none
- LOG_INJECTION none
- MISSING_AUTHZ none
- MISSING_HEADER_VALIDATION missing_header_validation
- MISSING_PERMISSION_FOR_BROADCAST none
- MISSING_PERMISSION_ON_EXPORTED_COMPONENT none
- MISSING_THROW none
- MOBILE_ID_MISUSE none
- NOSQL_QUERY_INJECTION none
- OGNL_INJECTION none
- OPEN_REDIRECT none
- ORM_LOAD_NULL_CHECK none
- OS_CMD_INJECTION command_as_array_of_args
- OS_CMD_INJECTION command_as_one_string
- OS_CMD_INJECTION none
- OVERFLOW_BEFORE_WIDEN none
- PATH_MANIPULATION none
- PREDICTABLE_RANDOM_SEED random_seed
- PREDICTABLE_RANDOM_SEED secure_random_seed_const
- PREDICTABLE_RANDOM_SEED secure_random_seed_sys_time
- REGEX_INJECTION none
- RESOURCE_LEAK socket
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_clipboard
- SENSITIVE_DATA_LEAK cleartext_storage_in_content_provider
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_intent
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SESSION_FIXATION none
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- UNKNOWN_LANGUAGE_INJECTION none
- UNLOGGED_SECURITY_EXCEPTION unlogged_security_exception
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_access
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_read
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_write
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_access
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_read
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_write
- UNRESTRICTED_DISPATCH none
- UNSAFE_DESERIALIZATION none
- UNSAFE_JNI none
- UNSAFE_NAMED_QUERY none
- UNSAFE_REFLECTION none
- URL_MANIPULATION bad_content_uri
- URL_MANIPULATION bad_intent_uri
- URL_MANIPULATION bad_web_uri
- VERBOSE_ERROR_REPORTING exception_information
- VERBOSE_ERROR_REPORTING stack_trace
- WEAK_GUARD dns
- WEAK_GUARD dns_sensitive_op
- WEAK_GUARD http_referer
- WEAK_GUARD http_referer_sensitive_op
- WEAK_GUARD ip_address
- WEAK_GUARD ip_address_sensitive_op
- WEAK_GUARD none
- WEAK_GUARD os_login
- WEAK_GUARD os_login_sensitive_op
- WEAK_GUARD principal_name
- WEAK_GUARD principal_name_sensitive_op
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
- XML_EXTERNAL_ENTITY external_entities
- XML_EXTERNAL_ENTITY unrestricted_dtds
- XML_INJECTION none
- XPATH_INJECTION none
- XSS none
- XSS stored_xss
|
- ANGULAR_BYPASS_SECURITY none
- ANGULAR_ELEMENT_REFERENCE none
- ANGULAR_EXPRESSION_INJECTION none
- ANGULAR_SCE_DISABLED angular_sce_disabled
- AWS_SSL_DISABLED aws_ssl_disabled
- AWS_VALIDATION_DISABLED aws_credentials_validation
- AWS_VALIDATION_DISABLED aws_parameters_validation
- BAD_CERT_VERIFICATION bad_cert_verification
- BAD_CERT_VERIFICATION certificate_validation_disabled
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
- CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
- CONFIG.CORDOVA_EXCESSIVE_LOGGING cordova
- CONFIG.CSURF_IGNORE_METHODS csurf_ignore_methods
- CONFIG.ENABLED_DEBUG_MODE debug_mode_enabled
- CONFIG.HANA_XS_PREVENT_XSRF_DISABLED none
- CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
- CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
- CONFIG.JSONWEBTOKEN_NON_EXPIRING_TOKEN jwt_non_expiring_token
- CONFIG.MISSING_GLOBAL_EXCEPTION_HANDLER winston_exception_handling
- CONFIG.MYSQL_SSL_VERIFY_DISABLED mysql_ssl_verify_disabled
- CONFIG.REQUEST_STRICTSSL_DISABLED request_strictssl_disabled
- CONFIG.SEQUELIZE_ENABLED_LOGGING sequelize_logging_enabled
- CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
- CONFIG.UNSAFE_SESSION_TIMEOUT client_sessions_unsafe_session_timeout
- CONFIG.UNSAFE_SESSION_TIMEOUT connect_mongo_session_timeout_too_long
- CONFIG.UNSAFE_SESSION_TIMEOUT connect_redis_session_timeout_too_long
- CONFIG.UNSAFE_SESSION_TIMEOUT google_cloud_connect_datastore_unsafe_session_timeout
- CONFIG.VUE_ROUTER_PARAMS_EXPOSED_TO_PROPS vuerouter_exposed_params
- COOKIE_INJECTION none
- CORS_MISCONFIGURATION cors_configured_globally
- CORS_MISCONFIGURATION cors_origin_string
- CORS_MISCONFIGURATION cors_with_credentials_all_origin
- CORS_MISCONFIGURATION cors_with_credentials_http_origin
- CORS_MISCONFIGURATION cors_with_credentials_null_origin
- CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
- CORS_MISCONFIGURATION_AUDIT cors_expose_sensitive_header
- CORS_MISCONFIGURATION_AUDIT cors_headers_allowed
- CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
- CORS_MISCONFIGURATION_AUDIT cors_origin_string
- CORS_MISCONFIGURATION_AUDIT cors_preflight_age_too_long
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_all_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_http_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_null_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
- CSRF database_update
- CSRF filesystem_modification
- CSRF none
- CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_cookie_name
- CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_no_validation
- CSRF_MISCONFIGURATION_HAPI_CRUMB insecure_cookie
- CSRF_MISCONFIGURATION_HAPI_CRUMB insufficient_token_entropy
- CSS_INJECTION none
- DNS_PREFETCHING helmet_dns_prefetching
- DOM_XSS none
- EXPRESS_SESSION_UNSAFE_MEMORYSTORE express_session_unsafe_memorystore
- EXPRESS_WINSTON_SENSITIVE_LOGGING error_logger
- EXPRESS_WINSTON_SENSITIVE_LOGGING meta_data
- EXPRESS_WINSTON_SENSITIVE_LOGGING request_logger
- EXPRESS_X_POWERED_BY_ENABLED x_powered_by_http_header
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HEADER_INJECTION none
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_max_age
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_report_uri
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_set_if
- INSECURE_ACL insecure_acl
- INSECURE_COMMUNICATION insecure_connection
- INSECURE_COOKIE client_sessions_express_session
- INSECURE_COOKIE hapi_server_session
- INSECURE_RANDOM insecure_random_used
- INSECURE_RANDOM insecure_random_value
- INSECURE_REFERRER_POLICY insecure_referrer_policy
- INSECURE_SALT hardcoded
- INSUFFICIENT_LOGGING logging_obligation
- INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_aws
- INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_google
- JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_exipration
- JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_not_before
- JSONWEBTOKEN_UNTRUSTED_DECODE jwt_untrusted_decode
- LOCALSTORAGE_MANIPULATION none
- LOCALSTORAGE_WRITE none
- MISSING_AUTHZ none
- MISSING_IFRAME_SANDBOX none
- MULTER_MISCONFIGURATION multer_applied_globally
- MULTER_MISCONFIGURATION multer_custom_file_filter
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_count
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
- MULTER_MISCONFIGURATION multer_misconfiguration_of_limits
- NOSQL_QUERY_INJECTION none
- OPEN_REDIRECT none
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- REACT_DANGEROUS_INNERHTML react_set_unsafe_html
- REGEX_INJECTION none
- REVERSE_TABNABBING react_target_blank
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO insecure_cipher
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SA.RISKY_CRYPTO ssl_protocol
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SESSIONSTORAGE_MANIPULATION none
- SQLI none
- SQLI nosink
- SQLI sink
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
- TEMPLATE_INJECTION none
- TEMPORARY_CREDENTIALS_DURATION temporary_credentials_duration
- UNCHECKED_ORIGIN none
- UNLESS_CASE_SENSITIVE_ROUTE_MATCHING express_unless_case_sensitive_route_matching
- UNRESTRICTED_MESSAGE_TARGET none
- UNSAFE_BUFFER_METHOD unsafe_buffer_method
- UNSAFE_DESERIALIZATION none
- URL_MANIPULATION none
- VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
- WEAK_URL_SANITIZATION hostname_regular_expression
- WEAK_URL_SANITIZATION regular_expression_anchor
- WEAK_URL_SANITIZATION url_substring
- XML_EXTERNAL_ENTITY external_entities
- XSS none
|
- ANDROID_CAPABILITY_LEAK none
- ANDROID_DEBUG_MODE none
- BAD_CERT_VERIFICATION bad_hostname_verifier
- BAD_CERT_VERIFICATION bad_revocation_check
- BAD_CERT_VERIFICATION bad_ssl_session
- BAD_CERT_VERIFICATION bad_trust_manager
- CONFIG.ANDROID_BACKUPS_ALLOWED android
- EXPOSED_PREFERENCES none
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HEADER_INJECTION none
- IMPLICIT_INTENT none
- INSECURE_COMMUNICATION none
- INSECURE_RANDOM insecure_random_used
- INSECURE_RANDOM insecure_random_value
- MISSING_PERMISSION_FOR_BROADCAST none
- MOBILE_ID_MISUSE none
- OS_CMD_INJECTION command_as_array_of_args
- OS_CMD_INJECTION command_as_one_string
- PATH_MANIPULATION none
- PREDICTABLE_RANDOM_SEED random_seed
- PREDICTABLE_RANDOM_SEED secure_random_seed_const
- PREDICTABLE_RANDOM_SEED secure_random_seed_sys_time
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_clipboard
- SENSITIVE_DATA_LEAK cleartext_storage_in_content_provider
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_intent
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_access
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_read
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_write
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_access
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_read
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_write
- UNSAFE_DESERIALIZATION none
- URL_MANIPULATION bad_content_uri
- URL_MANIPULATION bad_intent_uri
- URL_MANIPULATION bad_web_uri
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
- XML_EXTERNAL_ENTITY external_entities
- XML_EXTERNAL_ENTITY unrestricted_dtds
|
- ARRAY_VS_SINGLETON none
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK nested_memory_access
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK sensitive_data_comparison
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_execution_data_leak
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_uninitialized_use
- BAD_ALLOC_ARITHMETIC none
- BAD_COMPARE comparator_misuse
- BUFFER_SIZE fixed_size_dest
- BUFFER_SIZE likely_overflow
- BUFFER_SIZE no_null_terminator
- BUFFER_SIZE no_null_terminator_warn
- BUFFER_SIZE none
- BUFFER_SIZE overflow
- BUFFER_SIZE overlapping_buffer
- CHECKED_RETURN library_function
- CHECKED_RETURN none
- CHECKED_RETURN short_read
- CHECKED_RETURN unchecked_arg
- CHECKED_RETURN user_required
- CHROOT none
- FORMAT_STRING_INJECTION none
- FORMAT_STRING_INJECTION paranoid
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HEADER_INJECTION none
- INCOMPATIBLE_CAST overrun
- INTEGER_OVERFLOW array_index_read
- INTEGER_OVERFLOW array_index_write
- INTEGER_OVERFLOW const_overflow
- INTEGER_OVERFLOW critical_argument
- INTEGER_OVERFLOW none
- INTEGER_OVERFLOW pointer_deref_read
- INTEGER_OVERFLOW pointer_deref_write
- INTEGER_OVERFLOW return_value_error
- INVALIDATE_ITERATOR none
- MISMATCHED_ITERATOR none
- MISMATCHED_ITERATOR splice_iterator_mismatch
- MISSING_ASSIGN none
- MISSING_ASSIGN uncalled
- MISSING_COPY none
- MISSING_COPY uncalled
- NEGATIVE_RETURNS array_index_read
- NEGATIVE_RETURNS array_index_write
- NEGATIVE_RETURNS loop_bound
- NEGATIVE_RETURNS none
- OS_CMD_INJECTION none
- OVERFLOW_BEFORE_WIDEN none
- OVERRUN illegal_address
- OVERRUN none
- OVERRUN read
- OVERRUN strlen
- OVERRUN write
- PATH_MANIPULATION none
- READLINK none
- REVERSE_NEGATIVE array_index_read
- REVERSE_NEGATIVE array_index_write
- REVERSE_NEGATIVE critical_argument
- REVERSE_NEGATIVE none
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SIZECHECK likely_overflow
- SIZECHECK no_null_terminator
- SQLI none
- STRING_NULL none
- STRING_OVERFLOW fixed_size_dest
- STRING_OVERFLOW likely_overflow
- STRING_OVERFLOW none
- STRING_SIZE none
- TAINTED_SCALAR allocation
- TAINTED_SCALAR array_index_read
- TAINTED_SCALAR array_index_write
- TAINTED_SCALAR critical_argument
- TAINTED_SCALAR divisor
- TAINTED_SCALAR loop_bound
- TAINTED_SCALAR none
- TAINTED_SCALAR pointer_deref_read
- TAINTED_SCALAR pointer_deref_write
- TAINTED_STRING none
- UNCAUGHT_EXCEPT none
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- URL_MANIPULATION none
- USER_POINTER none
- USE_AFTER_FREE deref_read_after_free
- USE_AFTER_FREE deref_write_after_free
- USE_AFTER_FREE double_free
- USE_AFTER_FREE none
- WEAK_GUARD dns
- WEAK_GUARD dns_sensitive_op
- WEAK_GUARD http_referer
- WEAK_GUARD http_referer_sensitive_op
- WEAK_GUARD ip_address
- WEAK_GUARD ip_address_sensitive_op
- WEAK_GUARD none
- WEAK_GUARD os_login
- WEAK_GUARD os_login_sensitive_op
- WEAK_GUARD principal_name
- WEAK_GUARD principal_name_sensitive_op
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
- WRAPPER_ESCAPE COM_deref_read_after_free
- WRAPPER_ESCAPE COM_deref_write_after_free
- WRAPPER_ESCAPE COM_use_after_free
- WRAPPER_ESCAPE deref_read_after_free
- WRAPPER_ESCAPE deref_write_after_free
- WRAPPER_ESCAPE none
- XPATH_INJECTION none
|
- CONFIG.SYMFONY_CSRF_PROTECTION_DISABLED none
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HEADER_INJECTION none
- MISSING_AUTHZ none
- NOSQL_QUERY_INJECTION none
- OPEN_REDIRECT none
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- SYMFONY_EL_INJECTION none
- UNSAFE_DESERIALIZATION none
- UNSAFE_REFLECTION none
- XML_EXTERNAL_ENTITY external_entities
- XSS none
|
- CSRF database_update
- CSRF none
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- MISSING_AUTHZ none
- NOSQL_QUERY_INJECTION none
- OPEN_REDIRECT none
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- UNSAFE_DESERIALIZATION none
- XML_EXTERNAL_ENTITY external_entities
- XSS none
|
- BAD_CERT_VERIFICATION ssl_verification_bypass_hi
- COOKIE_SERIALIZER_CONFIG unsafe_cookie_serialization_med
- CSRF csrf_not_protected_by_raising_exception_med
- CSRF csrf_protection_disabled_hi
- CSRF csrf_protection_missing_hi
- CSRF cve_2011_0447_hi
- DYNAMIC_OBJECT_ATTRIBUTES cve_2013_0276_hi
- HARDCODED_CREDENTIALS secret_in_source_med
- INSECURE_COOKIE cookie_missing_secure_flag_low
- INSECURE_COOKIE missing_httponly_low
- INSECURE_DIRECT_OBJECT_REFERENCE unscoped_find_low
- OPEN_REDIRECT open_redirect_hi
- OPEN_REDIRECT open_redirect_low
- OS_CMD_INJECTION command_injection_hi
- OS_CMD_INJECTION command_injection_med
- PATH_MANIPULATION dynamic_render_path_hi
- PATH_MANIPULATION dynamic_render_path_low
- PATH_MANIPULATION dynamic_render_path_med
- PATH_MANIPULATION dynamic_render_path_rce_hi
- PATH_MANIPULATION file_access_hi
- PATH_MANIPULATION file_access_low
- PATH_MANIPULATION file_access_med
- RAILS_DEFAULT_ROUTES all_default_routes_hi
- RAILS_DEFAULT_ROUTES controller_default_routes_med
- RAILS_DEVISE_CONFIG devise_encryptor_hi
- RAILS_DEVISE_CONFIG devise_lock_strategy_low
- RAILS_DEVISE_CONFIG devise_password_length_max_low
- RAILS_DEVISE_CONFIG devise_password_length_max_med
- RAILS_DEVISE_CONFIG devise_password_length_min_low
- RAILS_DEVISE_CONFIG devise_password_length_min_med
- RAILS_DEVISE_CONFIG devise_reset_timeout_hi
- RAILS_MISSING_FILTER_ACTION missing_action_filter_low
- REGEX_INJECTION regex_dos_hi
- REGEX_INJECTION regex_dos_low
- REGEX_INJECTION regex_dos_med
- REVERSE_TABNABBING reverse_tabnabbing_low
- RUBY_VULNERABLE_LIBRARY cve_2010_3933_hi
- RUBY_VULNERABLE_LIBRARY cve_2011_2929_hi
- RUBY_VULNERABLE_LIBRARY cve_2011_2930_med
- RUBY_VULNERABLE_LIBRARY cve_2011_2931_hi
- RUBY_VULNERABLE_LIBRARY cve_2011_2932_hi
- RUBY_VULNERABLE_LIBRARY cve_2011_3186_med
- RUBY_VULNERABLE_LIBRARY cve_2012_2660_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_2661_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_2695_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_3463_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_3465_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_5664_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_0155_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_0156_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_0269_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_0269_low
- RUBY_VULNERABLE_LIBRARY cve_2013_0269_med
- RUBY_VULNERABLE_LIBRARY cve_2013_0277_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_0277_med
- RUBY_VULNERABLE_LIBRARY cve_2013_0333_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_1855_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_1857_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_4491_med
- RUBY_VULNERABLE_LIBRARY cve_2013_6416_call_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_6416_med
- RUBY_VULNERABLE_LIBRARY cve_2013_6417_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_0080_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_0081_call_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_0081_med
- RUBY_VULNERABLE_LIBRARY cve_2014_3482_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_3483_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_low
- RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_med
- RUBY_VULNERABLE_LIBRARY cve_2014_3514_med
- RUBY_VULNERABLE_LIBRARY cve_2014_7829_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_3226_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_3226_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7576_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_7577_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7578_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_7578_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7579_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_7579_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7580_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_7580_med
- RUBY_VULNERABLE_LIBRARY cve_2016_6317_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_3741_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_3741_med
- RUBY_VULNERABLE_LIBRARY cve_2018_3760_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_3760_low
- RUBY_VULNERABLE_LIBRARY cve_2018_8048_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_8048_med
- RUBY_VULNERABLE_LIBRARY safe_buffer_vuln_med
- RUBY_VULNERABLE_LIBRARY select_options_vuln_low
- RUBY_VULNERABLE_LIBRARY select_options_vuln_med
- RUBY_VULNERABLE_LIBRARY translate_vuln_hi
- RUBY_VULNERABLE_LIBRARY translate_vuln_med
- SCRIPT_CODE_INJECTION code_eval_hi
- SCRIPT_CODE_INJECTION code_eval_low
- SENSITIVE_DATA_LEAK detailed_exceptions_hi
- SENSITIVE_DATA_LEAK detailed_exceptions_med
- SENSITIVE_DATA_LEAK local_request_config_hi
- SESSION_MANIPULATION session_key_manipulation_hi
- SESSION_MANIPULATION session_key_manipulation_med
- SQLI sql_injection_calculate_hi
- SQLI sql_injection_calculate_low
- SQLI sql_injection_calculate_med
- SQLI sql_injection_connection_hi
- SQLI sql_injection_connection_low
- SQLI sql_injection_connection_med
- SQLI sql_injection_delete_hi
- SQLI sql_injection_delete_low
- SQLI sql_injection_delete_med
- SQLI sql_injection_dynamic_finder_med
- SQLI sql_injection_exists_hi
- SQLI sql_injection_find_by_hi
- SQLI sql_injection_find_hi
- SQLI sql_injection_find_low
- SQLI sql_injection_find_med
- SQLI sql_injection_from_hi
- SQLI sql_injection_from_low
- SQLI sql_injection_from_med
- SQLI sql_injection_group_low
- SQLI sql_injection_group_med
- SQLI sql_injection_having_low
- SQLI sql_injection_having_med
- SQLI sql_injection_hi
- SQLI sql_injection_interp_hi
- SQLI sql_injection_interp_low
- SQLI sql_injection_interp_med
- SQLI sql_injection_joins_hi
- SQLI sql_injection_joins_low
- SQLI sql_injection_joins_med
- SQLI sql_injection_limit_offset_hi
- SQLI sql_injection_limit_offset_low
- SQLI sql_injection_low
- SQLI sql_injection_med
- SQLI sql_injection_not_low
- SQLI sql_injection_order_hi
- SQLI sql_injection_order_low
- SQLI sql_injection_order_med
- SQLI sql_injection_pluck_hi
- SQLI sql_injection_pluck_low
- SQLI sql_injection_pluck_med
- SQLI sql_injection_reorder_hi
- SQLI sql_injection_reorder_low
- SQLI sql_injection_reorder_med
- SQLI sql_injection_select_hi
- SQLI sql_injection_select_med
- SQLI sql_injection_where_hi
- SQLI sql_injection_where_low
- SQLI sql_injection_where_med
- STRICT_TRANSPORT_SECURITY force_ssl_disabled_med
- UNESCAPED_HTML unescaped_output_low
- UNSAFE_BASIC_AUTH basic_auth_password_hi
- UNSAFE_BASIC_AUTH basic_auth_timing_attack_low
- UNSAFE_BASIC_AUTH basic_auth_usage_low
- UNSAFE_DESERIALIZATION unsafe_deserialize_hi
- UNSAFE_DESERIALIZATION unsafe_deserialize_med
- UNSAFE_REFLECTION dangerous_send_hi
- UNSAFE_REFLECTION unsafe_constantize_hi
- UNSAFE_REFLECTION unsafe_constantize_med
- UNSAFE_SESSION_SETTING http_cookies_hi
- UNSAFE_SESSION_SETTING secure_cookies_hi
- UNSAFE_SESSION_SETTING session_secret_hi
- WEAK_PASSWORD_HASH weak_hash_digest_hi
- WEAK_PASSWORD_HASH weak_hash_digest_med
- WEAK_PASSWORD_HASH weak_hash_hmac_med
- XSS cross_site_scripting_hi
- XSS cross_site_scripting_inline_hi
- XSS cross_site_scripting_inline_med
- XSS cross_site_scripting_low
- XSS cross_site_scripting_med
- XSS cve_2011_0446_hi
- XSS cve_2012_3464_med
- XSS cve_2016_6316_hi
- XSS cve_2016_6316_med
- XSS unquoted_attribute_hi
- XSS unquoted_attribute_low
- XSS unquoted_attribute_med
- XSS xss_content_tag_hi
- XSS xss_content_tag_med
- XSS xss_link_to_hi
- XSS xss_link_to_href_hi
- XSS xss_link_to_href_low
- XSS xss_link_to_med
- XSS xss_to_json_hi
- XSS xss_to_json_med
|
- OVERFLOW_BEFORE_WIDEN none
|
- BAD_CERT_VERIFICATION bad_trust_manager
- BAD_CERT_VERIFICATION none
- CONFIG.ATS_INSECURE none
- CUSTOM_KEYBOARD_DATA_LEAK none
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- INSECURE_COMMUNICATION none
- INSECURE_MULTIPEER_CONNECTION none
- PATH_MANIPULATION none
- REGEX_INJECTION none
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- UNEXPECTED_CONTROL_FLOW ignored_exception_to_optional
- WEAK_BIOMETRIC_AUTH none
- XML_EXTERNAL_ENTITY external_entities
- XPATH_INJECTION none
|
- ANGULAR_BYPASS_SECURITY none
- ANGULAR_ELEMENT_REFERENCE none
- ANGULAR_EXPRESSION_INJECTION none
- ANGULAR_SCE_DISABLED angular_sce_disabled
- AWS_SSL_DISABLED aws_ssl_disabled
- AWS_VALIDATION_DISABLED aws_credentials_validation
- AWS_VALIDATION_DISABLED aws_parameters_validation
- BAD_CERT_VERIFICATION bad_cert_verification
- BAD_CERT_VERIFICATION certificate_validation_disabled
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
- CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
- CONFIG.CORDOVA_EXCESSIVE_LOGGING cordova
- CONFIG.CSURF_IGNORE_METHODS csurf_ignore_methods
- CONFIG.ENABLED_DEBUG_MODE debug_mode_enabled
- CONFIG.HANA_XS_PREVENT_XSRF_DISABLED none
- CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
- CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
- CONFIG.JSONWEBTOKEN_NON_EXPIRING_TOKEN jwt_non_expiring_token
- CONFIG.MISSING_GLOBAL_EXCEPTION_HANDLER winston_exception_handling
- CONFIG.MYSQL_SSL_VERIFY_DISABLED mysql_ssl_verify_disabled
- CONFIG.REQUEST_STRICTSSL_DISABLED request_strictssl_disabled
- CONFIG.SEQUELIZE_ENABLED_LOGGING sequelize_logging_enabled
- CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
- CONFIG.UNSAFE_SESSION_TIMEOUT client_sessions_unsafe_session_timeout
- CONFIG.UNSAFE_SESSION_TIMEOUT connect_mongo_session_timeout_too_long
- CONFIG.UNSAFE_SESSION_TIMEOUT connect_redis_session_timeout_too_long
- CONFIG.UNSAFE_SESSION_TIMEOUT google_cloud_connect_datastore_unsafe_session_timeout
- CONFIG.VUE_ROUTER_PARAMS_EXPOSED_TO_PROPS vuerouter_exposed_params
- COOKIE_INJECTION none
- CORS_MISCONFIGURATION cors_configured_globally
- CORS_MISCONFIGURATION cors_origin_string
- CORS_MISCONFIGURATION cors_with_credentials_all_origin
- CORS_MISCONFIGURATION cors_with_credentials_http_origin
- CORS_MISCONFIGURATION cors_with_credentials_null_origin
- CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
- CORS_MISCONFIGURATION_AUDIT cors_expose_sensitive_header
- CORS_MISCONFIGURATION_AUDIT cors_headers_allowed
- CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
- CORS_MISCONFIGURATION_AUDIT cors_origin_string
- CORS_MISCONFIGURATION_AUDIT cors_preflight_age_too_long
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_all_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_http_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_null_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
- CSRF database_update
- CSRF filesystem_modification
- CSRF none
- CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_cookie_name
- CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_no_validation
- CSRF_MISCONFIGURATION_HAPI_CRUMB insecure_cookie
- CSRF_MISCONFIGURATION_HAPI_CRUMB insufficient_token_entropy
- CSS_INJECTION none
- DNS_PREFETCHING helmet_dns_prefetching
- DOM_XSS none
- EXPRESS_SESSION_UNSAFE_MEMORYSTORE express_session_unsafe_memorystore
- EXPRESS_WINSTON_SENSITIVE_LOGGING error_logger
- EXPRESS_WINSTON_SENSITIVE_LOGGING meta_data
- EXPRESS_WINSTON_SENSITIVE_LOGGING request_logger
- EXPRESS_X_POWERED_BY_ENABLED x_powered_by_http_header
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HEADER_INJECTION none
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_max_age
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_report_uri
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_set_if
- INSECURE_ACL insecure_acl
- INSECURE_COMMUNICATION insecure_connection
- INSECURE_COOKIE client_sessions_express_session
- INSECURE_COOKIE hapi_server_session
- INSECURE_RANDOM insecure_random_used
- INSECURE_RANDOM insecure_random_value
- INSECURE_REFERRER_POLICY insecure_referrer_policy
- INSECURE_SALT hardcoded
- INSUFFICIENT_LOGGING logging_obligation
- INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_aws
- INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_google
- JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_exipration
- JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_not_before
- JSONWEBTOKEN_UNTRUSTED_DECODE jwt_untrusted_decode
- LOCALSTORAGE_MANIPULATION none
- LOCALSTORAGE_WRITE none
- MISSING_AUTHZ none
- MISSING_IFRAME_SANDBOX none
- MULTER_MISCONFIGURATION multer_applied_globally
- MULTER_MISCONFIGURATION multer_custom_file_filter
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_count
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
- MULTER_MISCONFIGURATION multer_misconfiguration_of_limits
- NOSQL_QUERY_INJECTION none
- OPEN_REDIRECT none
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- REACT_DANGEROUS_INNERHTML react_set_unsafe_html
- REGEX_INJECTION none
- REVERSE_TABNABBING react_target_blank
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO insecure_cipher
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SA.RISKY_CRYPTO ssl_protocol
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SESSIONSTORAGE_MANIPULATION none
- SQLI none
- SQLI nosink
- SQLI sink
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
- TEMPLATE_INJECTION none
- TEMPORARY_CREDENTIALS_DURATION temporary_credentials_duration
- UNCHECKED_ORIGIN none
- UNLESS_CASE_SENSITIVE_ROUTE_MATCHING express_unless_case_sensitive_route_matching
- UNRESTRICTED_MESSAGE_TARGET none
- UNSAFE_BUFFER_METHOD unsafe_buffer_method
- UNSAFE_DESERIALIZATION none
- URL_MANIPULATION none
- VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
- WEAK_URL_SANITIZATION hostname_regular_expression
- WEAK_URL_SANITIZATION regular_expression_anchor
- WEAK_URL_SANITIZATION url_substring
- XML_EXTERNAL_ENTITY external_entities
- XSS none
|
- ASPNET_MVC_VERSION_HEADER none
- CONFIG.DYNAMIC_DATA_HTML_COMMENT none
- CONFIG.MISSING_CUSTOM_ERROR_PAGE none
- CSRF database_update
- CSRF filesystem_modification
- CSRF none
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HEADER_INJECTION none
- INSECURE_RANDOM insecure_random_used
- INSECURE_RANDOM insecure_random_value
- LDAP_INJECTION none
- LDAP_NOT_CONSTANT none
- LOG_INJECTION none
- MISSING_AUTHZ none
- OPEN_REDIRECT none
- OS_CMD_INJECTION command_argument
- OS_CMD_INJECTION executable_file
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- REGEX_INJECTION none
- RESOURCE_LEAK socket
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
- UNLOGGED_SECURITY_EXCEPTION unlogged_security_exception
- UNRESTRICTED_DISPATCH none
- UNSAFE_DESERIALIZATION none
- UNSAFE_NAMED_QUERY none
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
- XML_EXTERNAL_ENTITY external_entities
- XML_EXTERNAL_ENTITY unrestricted_dtds
- XML_INJECTION none
- XPATH_INJECTION none
- XSS none
- XSS stored_xss
|
| 1009 Audit |
- LOG_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- UNLOGGED_SECURITY_EXCEPTION unlogged_security_exception
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
|
- INSUFFICIENT_LOGGING logging_obligation
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
|
- CONFIG.SPRING_BOOT_SENSITIVE_LOGGING spring_boot_logging
- LOG_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- UNLOGGED_SECURITY_EXCEPTION unlogged_security_exception
|
- CONFIG.CORDOVA_EXCESSIVE_LOGGING cordova
- CONFIG.SEQUELIZE_ENABLED_LOGGING sequelize_logging_enabled
- EXPRESS_WINSTON_SENSITIVE_LOGGING error_logger
- EXPRESS_WINSTON_SENSITIVE_LOGGING meta_data
- EXPRESS_WINSTON_SENSITIVE_LOGGING request_logger
- INSUFFICIENT_LOGGING logging_obligation
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
|
|
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
|
- CONFIG.CORDOVA_EXCESSIVE_LOGGING cordova
- CONFIG.SEQUELIZE_ENABLED_LOGGING sequelize_logging_enabled
- EXPRESS_WINSTON_SENSITIVE_LOGGING error_logger
- EXPRESS_WINSTON_SENSITIVE_LOGGING meta_data
- EXPRESS_WINSTON_SENSITIVE_LOGGING request_logger
- INSUFFICIENT_LOGGING logging_obligation
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
|
- LOG_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- UNLOGGED_SECURITY_EXCEPTION unlogged_security_exception
|
| 1010 Authenticate Actors |
- CONFIG.CONNECTION_STRING_PASSWORD none
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- MISSING_AUTHZ none
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
|
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- WEAK_GUARD dns
- WEAK_GUARD dns_sensitive_op
- WEAK_GUARD http_referer
- WEAK_GUARD http_referer_sensitive_op
- WEAK_GUARD ip_address
- WEAK_GUARD ip_address_sensitive_op
- WEAK_GUARD none
- WEAK_GUARD os_login
- WEAK_GUARD os_login_sensitive_op
- WEAK_GUARD principal_name
- WEAK_GUARD principal_name_sensitive_op
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
|
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- WEAK_GUARD dns
- WEAK_GUARD dns_sensitive_op
- WEAK_GUARD http_referer
- WEAK_GUARD http_referer_sensitive_op
- WEAK_GUARD ip_address
- WEAK_GUARD ip_address_sensitive_op
- WEAK_GUARD none
- WEAK_GUARD os_login
- WEAK_GUARD os_login_sensitive_op
- WEAK_GUARD principal_name
- WEAK_GUARD principal_name_sensitive_op
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
|
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_transmission
|
- CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
- CONFIG.MISSING_JSF2_SECURITY_CONSTRAINT none
- CONFIG.SPRING_BOOT_SSL_DISABLED spring_boot_certificate_validation_skipped
- CONFIG.SPRING_SECURITY_HARDCODED_CREDENTIALS none
- CONFIG.SPRING_SECURITY_REMEMBER_ME_HARDCODED_KEY none
- CONFIG.SPRING_SECURITY_SESSION_FIXATION none
- CONFIG.SPRING_SECURITY_SESSION_FIXATION spring_security_source_code
- CONFIG.SPRING_SECURITY_WEAK_PASSWORD_HASH weak_encoding_for_password
- CORS_MISCONFIGURATION cors_with_credentials_null_origin
- CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
- CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
- FB.DMI_CONSTANT_DB_PASSWORD none
- FB.DMI_EMPTY_DB_PASSWORD none
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- INSECURE_COMMUNICATION none
- MISSING_AUTHZ none
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_transmission
- SESSION_FIXATION none
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- WEAK_GUARD dns
- WEAK_GUARD dns_sensitive_op
- WEAK_GUARD http_referer
- WEAK_GUARD http_referer_sensitive_op
- WEAK_GUARD ip_address
- WEAK_GUARD ip_address_sensitive_op
- WEAK_GUARD none
- WEAK_GUARD os_login
- WEAK_GUARD os_login_sensitive_op
- WEAK_GUARD principal_name
- WEAK_GUARD principal_name_sensitive_op
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
|
- AWS_SSL_DISABLED aws_ssl_disabled
- AWS_VALIDATION_DISABLED aws_credentials_validation
- AWS_VALIDATION_DISABLED aws_parameters_validation
- BAD_CERT_VERIFICATION bad_cert_verification
- BAD_CERT_VERIFICATION certificate_validation_disabled
- CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
- CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
- CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
- CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
- CORS_MISCONFIGURATION cors_with_credentials_all_origin
- CORS_MISCONFIGURATION cors_with_credentials_null_origin
- CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
- CORS_MISCONFIGURATION_AUDIT cors_headers_allowed
- CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_all_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_null_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_set_if
- INSECURE_COMMUNICATION insecure_connection
- INSECURE_SALT hardcoded
- MISSING_AUTHZ none
- MULTER_MISCONFIGURATION multer_applied_globally
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNLESS_CASE_SENSITIVE_ROUTE_MATCHING express_unless_case_sensitive_route_matching
- WEAK_URL_SANITIZATION hostname_regular_expression
- WEAK_URL_SANITIZATION regular_expression_anchor
- WEAK_URL_SANITIZATION url_substring
|
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- INSECURE_COMMUNICATION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
|
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- WEAK_GUARD dns
- WEAK_GUARD dns_sensitive_op
- WEAK_GUARD http_referer
- WEAK_GUARD http_referer_sensitive_op
- WEAK_GUARD ip_address
- WEAK_GUARD ip_address_sensitive_op
- WEAK_GUARD none
- WEAK_GUARD os_login
- WEAK_GUARD os_login_sensitive_op
- WEAK_GUARD principal_name
- WEAK_GUARD principal_name_sensitive_op
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
|
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- MISSING_AUTHZ none
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_transmission
|
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- MISSING_AUTHZ none
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_transmission
|
- HARDCODED_CREDENTIALS secret_in_source_med
- RAILS_DEVISE_CONFIG devise_encryptor_hi
- RAILS_DEVISE_CONFIG devise_lock_strategy_low
- RAILS_DEVISE_CONFIG devise_password_length_max_low
- RAILS_DEVISE_CONFIG devise_password_length_max_med
- RAILS_DEVISE_CONFIG devise_password_length_min_low
- RAILS_DEVISE_CONFIG devise_password_length_min_med
- RAILS_DEVISE_CONFIG devise_reset_timeout_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_7576_hi
- STRICT_TRANSPORT_SECURITY force_ssl_disabled_med
- UNSAFE_BASIC_AUTH basic_auth_password_hi
- UNSAFE_BASIC_AUTH basic_auth_timing_attack_low
- UNSAFE_BASIC_AUTH basic_auth_usage_low
- UNSAFE_SESSION_SETTING session_secret_hi
- WEAK_PASSWORD_HASH weak_hash_digest_hi
- WEAK_PASSWORD_HASH weak_hash_digest_med
- WEAK_PASSWORD_HASH weak_hash_hmac_med
|
|
- CONFIG.ATS_INSECURE none
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- INSECURE_COMMUNICATION none
- INSECURE_MULTIPEER_CONNECTION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- WEAK_BIOMETRIC_AUTH none
|
- AWS_SSL_DISABLED aws_ssl_disabled
- AWS_VALIDATION_DISABLED aws_credentials_validation
- AWS_VALIDATION_DISABLED aws_parameters_validation
- BAD_CERT_VERIFICATION bad_cert_verification
- BAD_CERT_VERIFICATION certificate_validation_disabled
- CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
- CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
- CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
- CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
- CORS_MISCONFIGURATION cors_with_credentials_all_origin
- CORS_MISCONFIGURATION cors_with_credentials_null_origin
- CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
- CORS_MISCONFIGURATION_AUDIT cors_headers_allowed
- CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_all_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_null_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_set_if
- INSECURE_COMMUNICATION insecure_connection
- INSECURE_SALT hardcoded
- MISSING_AUTHZ none
- MULTER_MISCONFIGURATION multer_applied_globally
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNLESS_CASE_SENSITIVE_ROUTE_MATCHING express_unless_case_sensitive_route_matching
- WEAK_URL_SANITIZATION hostname_regular_expression
- WEAK_URL_SANITIZATION regular_expression_anchor
- WEAK_URL_SANITIZATION url_substring
|
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- MISSING_AUTHZ none
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_transmission
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
|
| 1011 Authorize Actors |
- ASPNET_MVC_VERSION_HEADER none
- CONFIG.ASPNET_VERSION_HEADER none
- CONFIG.CONNECTION_STRING_PASSWORD none
- CONFIG.COOKIES_MISSING_HTTPONLY none
- CONFIG.DEAD_AUTHORIZATION_RULE dead_allow_rule
- CONFIG.DEAD_AUTHORIZATION_RULE dead_deny_rule
- CONFIG.DYNAMIC_DATA_HTML_COMMENT none
- CONFIG.ENABLED_DEBUG_MODE none
- CONFIG.ENABLED_TRACE_MODE none
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- INSECURE_COOKIE dotnet
- MISSING_AUTHZ none
- PATH_MANIPULATION none
- RESOURCE_LEAK socket
- RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- UNRESTRICTED_DISPATCH none
- XML_EXTERNAL_ENTITY unrestricted_dtds
|
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK nested_memory_access
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK sensitive_data_comparison
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_execution_data_leak
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_uninitialized_use
- AUTOSAR C++14 A15-3-3 none
- CHROOT none
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- MISRA C++-2008 Rule 15-3-2 none
- PATH_MANIPULATION none
- RISKY_CRYPTO ssl_protocol
- SECURE_TEMP none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- TAINTED_SCALAR allocation
- UNCAUGHT_EXCEPT none
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- WEAK_GUARD dns
- WEAK_GUARD dns_sensitive_op
- WEAK_GUARD http_referer
- WEAK_GUARD http_referer_sensitive_op
- WEAK_GUARD ip_address
- WEAK_GUARD ip_address_sensitive_op
- WEAK_GUARD none
- WEAK_GUARD os_login
- WEAK_GUARD os_login_sensitive_op
- WEAK_GUARD principal_name
- WEAK_GUARD principal_name_sensitive_op
|
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK nested_memory_access
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK sensitive_data_comparison
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_execution_data_leak
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_uninitialized_use
- AUTOSAR C++14 A15-3-3 none
- CHROOT none
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- MISRA C++-2008 Rule 15-3-2 none
- PATH_MANIPULATION none
- RISKY_CRYPTO ssl_protocol
- SECURE_TEMP none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- TAINTED_SCALAR allocation
- UNCAUGHT_EXCEPT none
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- WEAK_GUARD dns
- WEAK_GUARD dns_sensitive_op
- WEAK_GUARD http_referer
- WEAK_GUARD http_referer_sensitive_op
- WEAK_GUARD ip_address
- WEAK_GUARD ip_address_sensitive_op
- WEAK_GUARD none
- WEAK_GUARD os_login
- WEAK_GUARD os_login_sensitive_op
- WEAK_GUARD principal_name
- WEAK_GUARD principal_name_sensitive_op
|
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- PATH_MANIPULATION none
- RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
|
- ANDROID_CAPABILITY_LEAK none
- ANDROID_DEBUG_MODE none
- ANDROID_WEBVIEW_FILEACCESS android_webview_file_access
- BAD_CERT_VERIFICATION bad_hostname_verifier
- BAD_CERT_VERIFICATION bad_revocation_check
- BAD_CERT_VERIFICATION bad_ssl_session
- BAD_CERT_VERIFICATION bad_trust_manager
- CONFIG.ANDROID_BACKUPS_ALLOWED android
- CONFIG.DWR_DEBUG_MODE none
- CONFIG.DYNAMIC_DATA_HTML_COMMENT none
- CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
- CONFIG.JAVAEE_MISSING_HTTPONLY none
- CONFIG.JAVAEE_MISSING_SERVLET_MAPPING javaee
- CONFIG.MISSING_JSF2_SECURITY_CONSTRAINT none
- CONFIG.MYBATIS_MAPPER_SQLI none
- CONFIG.SPRING_BOOT_SENSITIVE_LOGGING spring_boot_logging
- CONFIG.SPRING_BOOT_SSL_DISABLED spring_boot_certificate_validation_skipped
- CONFIG.SPRING_BOOT_SSL_DISABLED spring_boot_ssl_disabled
- CONFIG.SPRING_SECURITY_DEBUG_MODE spring_debug_mode_enabled
- CONFIG.SPRING_SECURITY_DISABLE_AUTH_TAGS none
- CONFIG.SPRING_SECURITY_EXPOSED_SESSIONID session_id_in_url
- CONFIG.SPRING_SECURITY_HARDCODED_CREDENTIALS none
- CONFIG.SPRING_SECURITY_LOGIN_OVER_HTTP spring_security_login_over_http
- CONFIG.SPRING_SECURITY_REMEMBER_ME_HARDCODED_KEY none
- CONFIG.SPRING_SECURITY_SESSION_FIXATION none
- CONFIG.SPRING_SECURITY_SESSION_FIXATION spring_security_source_code
- CONFIG.SPRING_SECURITY_UNSAFE_AUTHENTICATION_FILTER authentication_filter
- CONFIG.SPRING_SECURITY_WEAK_PASSWORD_HASH weak_encoding_for_password
- CONFIG.STRUTS2_CONFIG_BROWSER_PLUGIN none
- CONFIG.STRUTS2_DYNAMIC_METHOD_INVOCATION none
- CONFIG.STRUTS2_ENABLED_DEV_MODE none
- CONFIG.UNSAFE_SESSION_TIMEOUT none
- CORS_MISCONFIGURATION cors_with_credentials_http_origin
- CORS_MISCONFIGURATION cors_with_credentials_null_origin
- CORS_MISCONFIGURATION_AUDIT cors_expose_sensitive_header
- CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
- CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
- DISABLED_ENCRYPTION text_encryptor
- EXPOSED_PREFERENCES none
- FB.DMI_CONSTANT_DB_PASSWORD none
- FB.DMI_EMPTY_DB_PASSWORD none
- FB.EI_EXPOSE_REP none
- FB.EI_EXPOSE_REP2 none
- FB.FI_PUBLIC_SHOULD_BE_PROTECTED none
- FB.MS_CANNOT_BE_FINAL none
- FB.PT_ABSOLUTE_PATH_TRAVERSAL none
- FB.PT_RELATIVE_PATH_TRAVERSAL none
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- IMPLICIT_INTENT none
- INSECURE_COMMUNICATION insecure_communication
- INSECURE_COMMUNICATION none
- INSECURE_COMMUNICATION unencrypted_connection
- INSECURE_REMEMBER_ME_COOKIE remember_me_cookie
- JAVA_CODE_INJECTION none
- JSP_DYNAMIC_INCLUDE none
- JSP_SQL_INJECTION none
- MISSING_AUTHZ none
- MISSING_PERMISSION_FOR_BROADCAST none
- MISSING_PERMISSION_ON_EXPORTED_COMPONENT none
- PATH_MANIPULATION none
- RESOURCE_LEAK socket
- RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_clipboard
- SENSITIVE_DATA_LEAK cleartext_storage_in_content_provider
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_intent
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SESSION_FIXATION none
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_access
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_read
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_write
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_access
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_read
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_write
- UNRESTRICTED_DISPATCH none
- UNSAFE_JNI none
- VERBOSE_ERROR_REPORTING exception_information
- VERBOSE_ERROR_REPORTING stack_trace
- WEAK_GUARD dns
- WEAK_GUARD dns_sensitive_op
- WEAK_GUARD http_referer
- WEAK_GUARD http_referer_sensitive_op
- WEAK_GUARD ip_address
- WEAK_GUARD ip_address_sensitive_op
- WEAK_GUARD none
- WEAK_GUARD os_login
- WEAK_GUARD os_login_sensitive_op
- WEAK_GUARD principal_name
- WEAK_GUARD principal_name_sensitive_op
- XML_EXTERNAL_ENTITY unrestricted_dtds
|
- AWS_SSL_DISABLED aws_ssl_disabled
- AWS_VALIDATION_DISABLED aws_credentials_validation
- AWS_VALIDATION_DISABLED aws_parameters_validation
- BAD_CERT_VERIFICATION bad_cert_verification
- BAD_CERT_VERIFICATION certificate_validation_disabled
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
- CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
- CONFIG.ENABLED_DEBUG_MODE debug_mode_enabled
- CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
- CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
- CONFIG.MYSQL_SSL_VERIFY_DISABLED mysql_ssl_verify_disabled
- CONFIG.REQUEST_STRICTSSL_DISABLED request_strictssl_disabled
- CONFIG.SEQUELIZE_ENABLED_LOGGING sequelize_logging_enabled
- CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
- CONFIG.UNSAFE_SESSION_TIMEOUT client_sessions_unsafe_session_timeout
- CONFIG.UNSAFE_SESSION_TIMEOUT connect_mongo_session_timeout_too_long
- CONFIG.UNSAFE_SESSION_TIMEOUT connect_redis_session_timeout_too_long
- CONFIG.UNSAFE_SESSION_TIMEOUT google_cloud_connect_datastore_unsafe_session_timeout
- CONFIG.VUE_ROUTER_PARAMS_EXPOSED_TO_PROPS vuerouter_exposed_params
- CORS_MISCONFIGURATION cors_configured_globally
- CORS_MISCONFIGURATION cors_origin_string
- CORS_MISCONFIGURATION cors_with_credentials_all_origin
- CORS_MISCONFIGURATION cors_with_credentials_http_origin
- CORS_MISCONFIGURATION cors_with_credentials_null_origin
- CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
- CORS_MISCONFIGURATION_AUDIT cors_expose_sensitive_header
- CORS_MISCONFIGURATION_AUDIT cors_headers_allowed
- CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
- CORS_MISCONFIGURATION_AUDIT cors_origin_string
- CORS_MISCONFIGURATION_AUDIT cors_preflight_age_too_long
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_all_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_http_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_null_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
- DNS_PREFETCHING helmet_dns_prefetching
- EXPRESS_SESSION_UNSAFE_MEMORYSTORE express_session_unsafe_memorystore
- EXPRESS_WINSTON_SENSITIVE_LOGGING error_logger
- EXPRESS_WINSTON_SENSITIVE_LOGGING meta_data
- EXPRESS_WINSTON_SENSITIVE_LOGGING request_logger
- EXPRESS_X_POWERED_BY_ENABLED x_powered_by_http_header
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_max_age
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_report_uri
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_set_if
- INSECURE_ACL insecure_acl
- INSECURE_COMMUNICATION insecure_connection
- INSECURE_COOKIE client_sessions_express_session
- INSECURE_COOKIE hapi_server_session
- INSECURE_REFERRER_POLICY insecure_referrer_policy
- INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_aws
- INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_google
- MISSING_AUTHZ none
- MISSING_IFRAME_SANDBOX none
- MULTER_MISCONFIGURATION multer_applied_globally
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_count
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
- MULTER_MISCONFIGURATION multer_misconfiguration_of_limits
- PATH_MANIPULATION none
- REVERSE_TABNABBING react_target_blank
- RISKY_CRYPTO ssl_protocol
- SA.RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- TEMPORARY_CREDENTIALS_DURATION temporary_credentials_duration
- UNCHECKED_ORIGIN none
- UNLESS_CASE_SENSITIVE_ROUTE_MATCHING express_unless_case_sensitive_route_matching
- UNRESTRICTED_MESSAGE_TARGET none
- UNSAFE_BUFFER_METHOD unsafe_buffer_method
- WEAK_URL_SANITIZATION hostname_regular_expression
- WEAK_URL_SANITIZATION regular_expression_anchor
- WEAK_URL_SANITIZATION url_substring
|
- ANDROID_CAPABILITY_LEAK none
- ANDROID_DEBUG_MODE none
- BAD_CERT_VERIFICATION bad_hostname_verifier
- BAD_CERT_VERIFICATION bad_revocation_check
- BAD_CERT_VERIFICATION bad_ssl_session
- BAD_CERT_VERIFICATION bad_trust_manager
- CONFIG.ANDROID_BACKUPS_ALLOWED android
- EXPOSED_PREFERENCES none
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- IMPLICIT_INTENT none
- INSECURE_COMMUNICATION none
- MISSING_PERMISSION_FOR_BROADCAST none
- PATH_MANIPULATION none
- RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_clipboard
- SENSITIVE_DATA_LEAK cleartext_storage_in_content_provider
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_intent
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_access
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_read
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_write
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_access
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_read
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_write
- XML_EXTERNAL_ENTITY unrestricted_dtds
|
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK nested_memory_access
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK sensitive_data_comparison
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_execution_data_leak
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_uninitialized_use
- CHROOT none
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- PATH_MANIPULATION none
- RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- TAINTED_SCALAR allocation
- UNCAUGHT_EXCEPT none
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- WEAK_GUARD dns
- WEAK_GUARD dns_sensitive_op
- WEAK_GUARD http_referer
- WEAK_GUARD http_referer_sensitive_op
- WEAK_GUARD ip_address
- WEAK_GUARD ip_address_sensitive_op
- WEAK_GUARD none
- WEAK_GUARD os_login
- WEAK_GUARD os_login_sensitive_op
- WEAK_GUARD principal_name
- WEAK_GUARD principal_name_sensitive_op
|
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- MISSING_AUTHZ none
- PATH_MANIPULATION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
|
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- MISSING_AUTHZ none
- PATH_MANIPULATION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
|
- BAD_CERT_VERIFICATION ssl_verification_bypass_hi
- HARDCODED_CREDENTIALS secret_in_source_med
- INSECURE_COOKIE missing_httponly_low
- INSECURE_DIRECT_OBJECT_REFERENCE unscoped_find_low
- PATH_MANIPULATION dynamic_render_path_hi
- PATH_MANIPULATION dynamic_render_path_low
- PATH_MANIPULATION dynamic_render_path_med
- PATH_MANIPULATION dynamic_render_path_rce_hi
- PATH_MANIPULATION file_access_hi
- PATH_MANIPULATION file_access_low
- PATH_MANIPULATION file_access_med
- RAILS_DEFAULT_ROUTES all_default_routes_hi
- RAILS_DEFAULT_ROUTES controller_default_routes_med
- RAILS_DEVISE_CONFIG devise_lock_strategy_low
- RAILS_DEVISE_CONFIG devise_password_length_max_low
- RAILS_DEVISE_CONFIG devise_password_length_max_med
- RAILS_DEVISE_CONFIG devise_password_length_min_low
- RAILS_DEVISE_CONFIG devise_password_length_min_med
- RAILS_DEVISE_CONFIG devise_reset_timeout_hi
- RAILS_MISSING_FILTER_ACTION missing_action_filter_low
- RUBY_VULNERABLE_LIBRARY cve_2011_2929_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_7829_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_7576_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_3760_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_3760_low
- SENSITIVE_DATA_LEAK detailed_exceptions_hi
- SENSITIVE_DATA_LEAK detailed_exceptions_med
- SENSITIVE_DATA_LEAK local_request_config_hi
- SESSION_MANIPULATION session_key_manipulation_hi
- SESSION_MANIPULATION session_key_manipulation_med
- STRICT_TRANSPORT_SECURITY force_ssl_disabled_med
- UNSAFE_BASIC_AUTH basic_auth_password_hi
- UNSAFE_BASIC_AUTH basic_auth_timing_attack_low
- UNSAFE_BASIC_AUTH basic_auth_usage_low
- UNSAFE_SESSION_SETTING http_cookies_hi
- UNSAFE_SESSION_SETTING session_secret_hi
|
|
- BAD_CERT_VERIFICATION bad_trust_manager
- BAD_CERT_VERIFICATION none
- CONFIG.ATS_INSECURE none
- CUSTOM_KEYBOARD_DATA_LEAK none
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- INSECURE_COMMUNICATION none
- INSECURE_MULTIPEER_CONNECTION none
- PATH_MANIPULATION none
- RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- WEAK_BIOMETRIC_AUTH none
|
- AWS_SSL_DISABLED aws_ssl_disabled
- AWS_VALIDATION_DISABLED aws_credentials_validation
- AWS_VALIDATION_DISABLED aws_parameters_validation
- BAD_CERT_VERIFICATION bad_cert_verification
- BAD_CERT_VERIFICATION certificate_validation_disabled
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
- CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
- CONFIG.ENABLED_DEBUG_MODE debug_mode_enabled
- CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
- CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
- CONFIG.MYSQL_SSL_VERIFY_DISABLED mysql_ssl_verify_disabled
- CONFIG.REQUEST_STRICTSSL_DISABLED request_strictssl_disabled
- CONFIG.SEQUELIZE_ENABLED_LOGGING sequelize_logging_enabled
- CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
- CONFIG.UNSAFE_SESSION_TIMEOUT client_sessions_unsafe_session_timeout
- CONFIG.UNSAFE_SESSION_TIMEOUT connect_mongo_session_timeout_too_long
- CONFIG.UNSAFE_SESSION_TIMEOUT connect_redis_session_timeout_too_long
- CONFIG.UNSAFE_SESSION_TIMEOUT google_cloud_connect_datastore_unsafe_session_timeout
- CONFIG.VUE_ROUTER_PARAMS_EXPOSED_TO_PROPS vuerouter_exposed_params
- CORS_MISCONFIGURATION cors_configured_globally
- CORS_MISCONFIGURATION cors_origin_string
- CORS_MISCONFIGURATION cors_with_credentials_all_origin
- CORS_MISCONFIGURATION cors_with_credentials_http_origin
- CORS_MISCONFIGURATION cors_with_credentials_null_origin
- CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
- CORS_MISCONFIGURATION_AUDIT cors_expose_sensitive_header
- CORS_MISCONFIGURATION_AUDIT cors_headers_allowed
- CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
- CORS_MISCONFIGURATION_AUDIT cors_origin_string
- CORS_MISCONFIGURATION_AUDIT cors_preflight_age_too_long
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_all_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_http_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_null_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
- DNS_PREFETCHING helmet_dns_prefetching
- EXPRESS_SESSION_UNSAFE_MEMORYSTORE express_session_unsafe_memorystore
- EXPRESS_WINSTON_SENSITIVE_LOGGING error_logger
- EXPRESS_WINSTON_SENSITIVE_LOGGING meta_data
- EXPRESS_WINSTON_SENSITIVE_LOGGING request_logger
- EXPRESS_X_POWERED_BY_ENABLED x_powered_by_http_header
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_max_age
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_report_uri
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_set_if
- INSECURE_ACL insecure_acl
- INSECURE_COMMUNICATION insecure_connection
- INSECURE_COOKIE client_sessions_express_session
- INSECURE_COOKIE hapi_server_session
- INSECURE_REFERRER_POLICY insecure_referrer_policy
- INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_aws
- INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_google
- MISSING_AUTHZ none
- MISSING_IFRAME_SANDBOX none
- MULTER_MISCONFIGURATION multer_applied_globally
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_count
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
- MULTER_MISCONFIGURATION multer_misconfiguration_of_limits
- PATH_MANIPULATION none
- REVERSE_TABNABBING react_target_blank
- RISKY_CRYPTO ssl_protocol
- SA.RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- TEMPORARY_CREDENTIALS_DURATION temporary_credentials_duration
- UNCHECKED_ORIGIN none
- UNLESS_CASE_SENSITIVE_ROUTE_MATCHING express_unless_case_sensitive_route_matching
- UNRESTRICTED_MESSAGE_TARGET none
- UNSAFE_BUFFER_METHOD unsafe_buffer_method
- WEAK_URL_SANITIZATION hostname_regular_expression
- WEAK_URL_SANITIZATION regular_expression_anchor
- WEAK_URL_SANITIZATION url_substring
|
- ASPNET_MVC_VERSION_HEADER none
- CONFIG.DYNAMIC_DATA_HTML_COMMENT none
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- MISSING_AUTHZ none
- PATH_MANIPULATION none
- RESOURCE_LEAK socket
- RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
- UNRESTRICTED_DISPATCH none
- XML_EXTERNAL_ENTITY unrestricted_dtds
|
| 1012 Cross Cutting |
- CONFIG.MISSING_CUSTOM_ERROR_PAGE none
- MISSING_THROW none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
|
- AUTOSAR C++14 A15-3-3 none
- BAD_COMPARE comparator_misuse
- CHECKED_RETURN library_function
- CHECKED_RETURN none
- CHECKED_RETURN returns_error_info
- CHECKED_RETURN short_read
- CHECKED_RETURN unchecked_arg
- CHECKED_RETURN user_required
- MISRA C++-2008 Rule 15-3-2 none
- NEGATIVE_RETURNS none
- REVERSE_NEGATIVE none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- TAINTED_SCALAR allocation
- TAINTED_SCALAR array_index_read
- TAINTED_SCALAR array_index_write
- TAINTED_SCALAR critical_argument
- TAINTED_SCALAR divisor
- TAINTED_SCALAR loop_bound
- TAINTED_SCALAR none
- TAINTED_SCALAR pointer_deref_read
- TAINTED_SCALAR pointer_deref_write
- UNCAUGHT_EXCEPT none
- WEAK_GUARD dns
- WEAK_GUARD dns_sensitive_op
- WEAK_GUARD http_referer
- WEAK_GUARD http_referer_sensitive_op
- WEAK_GUARD ip_address
- WEAK_GUARD ip_address_sensitive_op
- WEAK_GUARD none
- WEAK_GUARD os_login
- WEAK_GUARD os_login_sensitive_op
- WEAK_GUARD principal_name
- WEAK_GUARD principal_name_sensitive_op
|
- AUTOSAR C++14 A15-3-3 none
- BAD_COMPARE comparator_misuse
- CHECKED_RETURN library_function
- CHECKED_RETURN none
- CHECKED_RETURN returns_error_info
- CHECKED_RETURN short_read
- CHECKED_RETURN unchecked_arg
- CHECKED_RETURN user_required
- MISRA C++-2008 Rule 15-3-2 none
- NEGATIVE_RETURNS none
- REVERSE_NEGATIVE none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- TAINTED_SCALAR allocation
- TAINTED_SCALAR array_index_read
- TAINTED_SCALAR array_index_write
- TAINTED_SCALAR critical_argument
- TAINTED_SCALAR divisor
- TAINTED_SCALAR loop_bound
- TAINTED_SCALAR none
- TAINTED_SCALAR pointer_deref_read
- TAINTED_SCALAR pointer_deref_write
- UNCAUGHT_EXCEPT none
- WEAK_GUARD dns
- WEAK_GUARD dns_sensitive_op
- WEAK_GUARD http_referer
- WEAK_GUARD http_referer_sensitive_op
- WEAK_GUARD ip_address
- WEAK_GUARD ip_address_sensitive_op
- WEAK_GUARD none
- WEAK_GUARD os_login
- WEAK_GUARD os_login_sensitive_op
- WEAK_GUARD principal_name
- WEAK_GUARD principal_name_sensitive_op
|
- CHECKED_RETURN none
- CHECKED_RETURN unchecked_arg
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
|
- CHECKED_RETURN library_function
- CHECKED_RETURN none
- CHECKED_RETURN short_read
- CHECKED_RETURN user_required
- CONFIG.MISSING_GLOBAL_EXCEPTION_HANDLER none
- FB.DE_MIGHT_DROP none
- FB.DE_MIGHT_IGNORE none
- FB.REC_CATCH_EXCEPTION none
- FB.RV_RETURN_VALUE_IGNORED_BAD_PRACTICE none
- MISSING_THROW none
- ORM_LOAD_NULL_CHECK none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- VERBOSE_ERROR_REPORTING exception_information
- VERBOSE_ERROR_REPORTING stack_trace
- WEAK_GUARD dns
- WEAK_GUARD dns_sensitive_op
- WEAK_GUARD http_referer
- WEAK_GUARD http_referer_sensitive_op
- WEAK_GUARD ip_address
- WEAK_GUARD ip_address_sensitive_op
- WEAK_GUARD none
- WEAK_GUARD os_login
- WEAK_GUARD os_login_sensitive_op
- WEAK_GUARD principal_name
- WEAK_GUARD principal_name_sensitive_op
|
- CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
- CONFIG.MISSING_GLOBAL_EXCEPTION_HANDLER winston_exception_handling
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- WEAK_URL_SANITIZATION hostname_regular_expression
- WEAK_URL_SANITIZATION regular_expression_anchor
- WEAK_URL_SANITIZATION url_substring
|
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
|
- BAD_COMPARE comparator_misuse
- CHECKED_RETURN library_function
- CHECKED_RETURN none
- CHECKED_RETURN short_read
- CHECKED_RETURN unchecked_arg
- CHECKED_RETURN user_required
- NEGATIVE_RETURNS none
- REVERSE_NEGATIVE none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- TAINTED_SCALAR allocation
- TAINTED_SCALAR array_index_read
- TAINTED_SCALAR array_index_write
- TAINTED_SCALAR critical_argument
- TAINTED_SCALAR divisor
- TAINTED_SCALAR loop_bound
- TAINTED_SCALAR none
- TAINTED_SCALAR pointer_deref_read
- TAINTED_SCALAR pointer_deref_write
- UNCAUGHT_EXCEPT none
- WEAK_GUARD dns
- WEAK_GUARD dns_sensitive_op
- WEAK_GUARD http_referer
- WEAK_GUARD http_referer_sensitive_op
- WEAK_GUARD ip_address
- WEAK_GUARD ip_address_sensitive_op
- WEAK_GUARD none
- WEAK_GUARD os_login
- WEAK_GUARD os_login_sensitive_op
- WEAK_GUARD principal_name
- WEAK_GUARD principal_name_sensitive_op
|
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
|
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
|
- SENSITIVE_DATA_LEAK detailed_exceptions_hi
- SENSITIVE_DATA_LEAK detailed_exceptions_med
|
|
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- UNEXPECTED_CONTROL_FLOW ignored_exception_to_optional
|
- CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
- CONFIG.MISSING_GLOBAL_EXCEPTION_HANDLER winston_exception_handling
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- WEAK_URL_SANITIZATION hostname_regular_expression
- WEAK_URL_SANITIZATION regular_expression_anchor
- WEAK_URL_SANITIZATION url_substring
|
- CONFIG.MISSING_CUSTOM_ERROR_PAGE none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
|
| 1013 Encrypt Data |
- CONFIG.CONNECTION_STRING_PASSWORD none
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- INSECURE_COOKIE dotnet
- INSECURE_RANDOM insecure_random_used
- INSECURE_RANDOM insecure_random_value
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
|
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
|
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
|
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
|
- CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
- CONFIG.SPRING_BOOT_SSL_DISABLED spring_boot_ssl_disabled
- CONFIG.SPRING_SECURITY_HARDCODED_CREDENTIALS none
- CONFIG.SPRING_SECURITY_LOGIN_OVER_HTTP spring_security_login_over_http
- CONFIG.SPRING_SECURITY_REMEMBER_ME_HARDCODED_KEY none
- CONFIG.SPRING_SECURITY_WEAK_PASSWORD_HASH weak_encoding_for_password
- DISABLED_ENCRYPTION text_encryptor
- FB.DMI_CONSTANT_DB_PASSWORD none
- FB.DMI_EMPTY_DB_PASSWORD none
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- INSECURE_COMMUNICATION insecure_communication
- INSECURE_COMMUNICATION none
- INSECURE_COMMUNICATION unencrypted_connection
- INSECURE_COOKIE java
- INSECURE_RANDOM insecure_random_used
- INSECURE_RANDOM insecure_random_value
- INSECURE_REMEMBER_ME_COOKIE remember_me_cookie
- MOBILE_ID_MISUSE none
- PREDICTABLE_RANDOM_SEED random_seed
- PREDICTABLE_RANDOM_SEED secure_random_seed_const
- PREDICTABLE_RANDOM_SEED secure_random_seed_sys_time
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_access
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_access
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
|
- AWS_SSL_DISABLED aws_ssl_disabled
- CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
- CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
- CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- INSECURE_COMMUNICATION insecure_connection
- INSECURE_COOKIE client_sessions_express_session
- INSECURE_COOKIE hapi_server_session
- INSECURE_RANDOM insecure_random_used
- INSECURE_RANDOM insecure_random_value
- INSECURE_SALT hardcoded
- LOCALSTORAGE_WRITE none
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO insecure_cipher
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SA.RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
|
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- INSECURE_COMMUNICATION none
- INSECURE_RANDOM insecure_random_used
- INSECURE_RANDOM insecure_random_value
- MOBILE_ID_MISUSE none
- PREDICTABLE_RANDOM_SEED random_seed
- PREDICTABLE_RANDOM_SEED secure_random_seed_const
- PREDICTABLE_RANDOM_SEED secure_random_seed_sys_time
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_access
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_access
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
|
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
|
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
|
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
|
- HARDCODED_CREDENTIALS secret_in_source_med
- INSECURE_COOKIE cookie_missing_secure_flag_low
- RAILS_DEVISE_CONFIG devise_encryptor_hi
- STRICT_TRANSPORT_SECURITY force_ssl_disabled_med
- UNSAFE_BASIC_AUTH basic_auth_password_hi
- UNSAFE_SESSION_SETTING secure_cookies_hi
- UNSAFE_SESSION_SETTING session_secret_hi
- WEAK_PASSWORD_HASH weak_hash_digest_hi
- WEAK_PASSWORD_HASH weak_hash_digest_med
- WEAK_PASSWORD_HASH weak_hash_hmac_med
|
|
- CONFIG.ATS_INSECURE none
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- INSECURE_COMMUNICATION none
- INSECURE_MULTIPEER_CONNECTION none
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
|
- AWS_SSL_DISABLED aws_ssl_disabled
- CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
- CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
- CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- INSECURE_COMMUNICATION insecure_connection
- INSECURE_COOKIE client_sessions_express_session
- INSECURE_COOKIE hapi_server_session
- INSECURE_RANDOM insecure_random_used
- INSECURE_RANDOM insecure_random_value
- INSECURE_SALT hardcoded
- LOCALSTORAGE_WRITE none
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO insecure_cipher
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SA.RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
|
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- INSECURE_RANDOM insecure_random_used
- INSECURE_RANDOM insecure_random_value
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
|
| 1014 Identify Actors |
- CSRF database_update
- CSRF filesystem_modification
- CSRF none
|
|
|
|
- BAD_CERT_VERIFICATION bad_hostname_verifier
- BAD_CERT_VERIFICATION bad_revocation_check
- BAD_CERT_VERIFICATION bad_ssl_session
- BAD_CERT_VERIFICATION bad_trust_manager
- CONFIG.SPRING_BOOT_SSL_DISABLED spring_boot_certificate_validation_skipped
- CONFIG.SPRING_SECURITY_CSRF_PROTECTION_DISABLED spring_security
- CONFIG.UNSAFE_SESSION_TIMEOUT none
- CSRF database_update
- CSRF filesystem_modification
- CSRF none
- URL_MANIPULATION bad_content_uri
- URL_MANIPULATION bad_intent_uri
- URL_MANIPULATION bad_web_uri
|
- AWS_VALIDATION_DISABLED aws_credentials_validation
- BAD_CERT_VERIFICATION bad_cert_verification
- BAD_CERT_VERIFICATION certificate_validation_disabled
- CONFIG.CSURF_IGNORE_METHODS csurf_ignore_methods
- CONFIG.HANA_XS_PREVENT_XSRF_DISABLED none
- CONFIG.MYSQL_SSL_VERIFY_DISABLED mysql_ssl_verify_disabled
- CONFIG.REQUEST_STRICTSSL_DISABLED request_strictssl_disabled
- CONFIG.UNSAFE_SESSION_TIMEOUT client_sessions_unsafe_session_timeout
- CONFIG.UNSAFE_SESSION_TIMEOUT connect_mongo_session_timeout_too_long
- CONFIG.UNSAFE_SESSION_TIMEOUT connect_redis_session_timeout_too_long
- CONFIG.UNSAFE_SESSION_TIMEOUT google_cloud_connect_datastore_unsafe_session_timeout
- CORS_MISCONFIGURATION_AUDIT cors_preflight_age_too_long
- CSRF database_update
- CSRF filesystem_modification
- CSRF none
- CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_cookie_name
- CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_no_validation
- CSRF_MISCONFIGURATION_HAPI_CRUMB insecure_cookie
- CSRF_MISCONFIGURATION_HAPI_CRUMB insufficient_token_entropy
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_max_age
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_report_uri
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_set_if
- INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_aws
- INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_google
- JSONWEBTOKEN_UNTRUSTED_DECODE jwt_untrusted_decode
- MULTER_MISCONFIGURATION multer_custom_file_filter
- TEMPORARY_CREDENTIALS_DURATION temporary_credentials_duration
- UNCHECKED_ORIGIN none
- URL_MANIPULATION none
|
- BAD_CERT_VERIFICATION bad_hostname_verifier
- BAD_CERT_VERIFICATION bad_revocation_check
- BAD_CERT_VERIFICATION bad_ssl_session
- BAD_CERT_VERIFICATION bad_trust_manager
- URL_MANIPULATION bad_content_uri
- URL_MANIPULATION bad_intent_uri
- URL_MANIPULATION bad_web_uri
|
|
- CONFIG.SYMFONY_CSRF_PROTECTION_DISABLED none
|
- CSRF database_update
- CSRF none
|
- BAD_CERT_VERIFICATION ssl_verification_bypass_hi
- CSRF csrf_not_protected_by_raising_exception_med
- CSRF csrf_protection_disabled_hi
- CSRF csrf_protection_missing_hi
- CSRF cve_2011_0447_hi
|
|
- BAD_CERT_VERIFICATION bad_trust_manager
- BAD_CERT_VERIFICATION none
|
- AWS_VALIDATION_DISABLED aws_credentials_validation
- BAD_CERT_VERIFICATION bad_cert_verification
- BAD_CERT_VERIFICATION certificate_validation_disabled
- CONFIG.CSURF_IGNORE_METHODS csurf_ignore_methods
- CONFIG.HANA_XS_PREVENT_XSRF_DISABLED none
- CONFIG.MYSQL_SSL_VERIFY_DISABLED mysql_ssl_verify_disabled
- CONFIG.REQUEST_STRICTSSL_DISABLED request_strictssl_disabled
- CONFIG.UNSAFE_SESSION_TIMEOUT client_sessions_unsafe_session_timeout
- CONFIG.UNSAFE_SESSION_TIMEOUT connect_mongo_session_timeout_too_long
- CONFIG.UNSAFE_SESSION_TIMEOUT connect_redis_session_timeout_too_long
- CONFIG.UNSAFE_SESSION_TIMEOUT google_cloud_connect_datastore_unsafe_session_timeout
- CORS_MISCONFIGURATION_AUDIT cors_preflight_age_too_long
- CSRF database_update
- CSRF filesystem_modification
- CSRF none
- CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_cookie_name
- CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_no_validation
- CSRF_MISCONFIGURATION_HAPI_CRUMB insecure_cookie
- CSRF_MISCONFIGURATION_HAPI_CRUMB insufficient_token_entropy
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_max_age
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_report_uri
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_set_if
- INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_aws
- INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_google
- JSONWEBTOKEN_UNTRUSTED_DECODE jwt_untrusted_decode
- MULTER_MISCONFIGURATION multer_custom_file_filter
- TEMPORARY_CREDENTIALS_DURATION temporary_credentials_duration
- UNCHECKED_ORIGIN none
- URL_MANIPULATION none
|
- CSRF database_update
- CSRF filesystem_modification
- CSRF none
|
| 1015 Limit Access |
- HEADER_INJECTION none
- OPEN_REDIRECT none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNRESTRICTED_DISPATCH none
- UNSAFE_NAMED_QUERY none
- XML_EXTERNAL_ENTITY external_entities
- XML_EXTERNAL_ENTITY unrestricted_dtds
|
- AUTOSAR C++14 A15-3-3 none
- CHROOT none
- MISRA C++-2008 Rule 15-3-2 none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNCAUGHT_EXCEPT none
- URL_MANIPULATION none
|
- AUTOSAR C++14 A15-3-3 none
- CHROOT none
- MISRA C++-2008 Rule 15-3-2 none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNCAUGHT_EXCEPT none
- URL_MANIPULATION none
|
- OPEN_REDIRECT none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_transmission
- URL_MANIPULATION none
- XML_EXTERNAL_ENTITY external_entities
|
- HEADER_INJECTION none
- JSP_DYNAMIC_INCLUDE none
- OPEN_REDIRECT none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_intent
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNRESTRICTED_DISPATCH none
- UNSAFE_JNI none
- UNSAFE_NAMED_QUERY none
- UNSAFE_REFLECTION none
- URL_MANIPULATION bad_content_uri
- URL_MANIPULATION bad_intent_uri
- URL_MANIPULATION bad_web_uri
- VERBOSE_ERROR_REPORTING exception_information
- VERBOSE_ERROR_REPORTING stack_trace
- XML_EXTERNAL_ENTITY external_entities
- XML_EXTERNAL_ENTITY unrestricted_dtds
|
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
- EXPRESS_X_POWERED_BY_ENABLED x_powered_by_http_header
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
- OPEN_REDIRECT none
- REVERSE_TABNABBING react_target_blank
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_transmission
- URL_MANIPULATION none
- XML_EXTERNAL_ENTITY external_entities
|
- HEADER_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_intent
- SENSITIVE_DATA_LEAK cleartext_transmission
- URL_MANIPULATION bad_content_uri
- URL_MANIPULATION bad_intent_uri
- URL_MANIPULATION bad_web_uri
- XML_EXTERNAL_ENTITY external_entities
- XML_EXTERNAL_ENTITY unrestricted_dtds
|
- CHROOT none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNCAUGHT_EXCEPT none
- URL_MANIPULATION none
|
- HEADER_INJECTION none
- OPEN_REDIRECT none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNSAFE_REFLECTION none
- XML_EXTERNAL_ENTITY external_entities
|
- OPEN_REDIRECT none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_transmission
- XML_EXTERNAL_ENTITY external_entities
|
- OPEN_REDIRECT open_redirect_hi
- OPEN_REDIRECT open_redirect_low
- REVERSE_TABNABBING reverse_tabnabbing_low
- RUBY_VULNERABLE_LIBRARY cve_2014_7829_hi
- SENSITIVE_DATA_LEAK detailed_exceptions_hi
- SENSITIVE_DATA_LEAK detailed_exceptions_med
- UNSAFE_REFLECTION dangerous_send_hi
- UNSAFE_REFLECTION unsafe_constantize_hi
- UNSAFE_REFLECTION unsafe_constantize_med
|
|
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_transmission
- XML_EXTERNAL_ENTITY external_entities
|
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
- EXPRESS_X_POWERED_BY_ENABLED x_powered_by_http_header
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
- OPEN_REDIRECT none
- REVERSE_TABNABBING react_target_blank
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_transmission
- URL_MANIPULATION none
- XML_EXTERNAL_ENTITY external_entities
|
- HEADER_INJECTION none
- OPEN_REDIRECT none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNRESTRICTED_DISPATCH none
- UNSAFE_NAMED_QUERY none
- XML_EXTERNAL_ENTITY external_entities
- XML_EXTERNAL_ENTITY unrestricted_dtds
|
| 1016 Limit Exposure |
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- XML_EXTERNAL_ENTITY unrestricted_dtds
|
- AUTOSAR C++14 A15-3-3 none
- MISRA C++-2008 Rule 15-3-2 none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- UNCAUGHT_EXCEPT none
|
- AUTOSAR C++14 A15-3-3 none
- MISRA C++-2008 Rule 15-3-2 none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- UNCAUGHT_EXCEPT none
|
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
|
- JAVA_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- VERBOSE_ERROR_REPORTING exception_information
- VERBOSE_ERROR_REPORTING stack_trace
- XML_EXTERNAL_ENTITY unrestricted_dtds
|
- MISSING_IFRAME_SANDBOX none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
|
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- XML_EXTERNAL_ENTITY unrestricted_dtds
|
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- UNCAUGHT_EXCEPT none
|
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
|
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
|
|
|
- CUSTOM_KEYBOARD_DATA_LEAK none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
|
- MISSING_IFRAME_SANDBOX none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
|
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- XML_EXTERNAL_ENTITY unrestricted_dtds
|
| 1017 Lock Computer |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1018 Manage User Sessions |
|
|
|
|
- CONFIG.SPRING_SECURITY_SESSION_FIXATION none
- CONFIG.SPRING_SECURITY_SESSION_FIXATION spring_security_source_code
- CONFIG.UNSAFE_SESSION_TIMEOUT none
- FB.J2EE_STORE_OF_NON_SERIALIZABLE_OBJECT_INTO_SESSION none
- SESSION_FIXATION none
|
- CONFIG.JSONWEBTOKEN_NON_EXPIRING_TOKEN jwt_non_expiring_token
- CONFIG.UNSAFE_SESSION_TIMEOUT client_sessions_unsafe_session_timeout
- CONFIG.UNSAFE_SESSION_TIMEOUT connect_mongo_session_timeout_too_long
- CONFIG.UNSAFE_SESSION_TIMEOUT connect_redis_session_timeout_too_long
- CONFIG.UNSAFE_SESSION_TIMEOUT google_cloud_connect_datastore_unsafe_session_timeout
- CORS_MISCONFIGURATION_AUDIT cors_preflight_age_too_long
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_max_age
- INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_aws
- INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_google
- JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_exipration
- JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_not_before
- TEMPORARY_CREDENTIALS_DURATION temporary_credentials_duration
|
|
|
|
|
|
|
|
- CONFIG.JSONWEBTOKEN_NON_EXPIRING_TOKEN jwt_non_expiring_token
- CONFIG.UNSAFE_SESSION_TIMEOUT client_sessions_unsafe_session_timeout
- CONFIG.UNSAFE_SESSION_TIMEOUT connect_mongo_session_timeout_too_long
- CONFIG.UNSAFE_SESSION_TIMEOUT connect_redis_session_timeout_too_long
- CONFIG.UNSAFE_SESSION_TIMEOUT google_cloud_connect_datastore_unsafe_session_timeout
- CORS_MISCONFIGURATION_AUDIT cors_preflight_age_too_long
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_max_age
- INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_aws
- INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_google
- JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_exipration
- JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_not_before
- TEMPORARY_CREDENTIALS_DURATION temporary_credentials_duration
|
|
| 1019 Validate Inputs |
- CSRF database_update
- CSRF filesystem_modification
- CSRF none
- HEADER_INJECTION none
- LDAP_INJECTION none
- LDAP_NOT_CONSTANT none
- LOG_INJECTION none
- NOSQL_QUERY_INJECTION none
- OPEN_REDIRECT none
- OS_CMD_INJECTION command_argument
- OS_CMD_INJECTION executable_file
- OS_CMD_INJECTION none
- OVERFLOW_BEFORE_WIDEN none
- PATH_MANIPULATION none
- REGEX_INJECTION none
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
- UNKNOWN_LANGUAGE_INJECTION none
- UNRESTRICTED_DISPATCH none
- UNSAFE_DESERIALIZATION none
- UNSAFE_NAMED_QUERY none
- XML_INJECTION none
- XPATH_INJECTION none
- XSS none
- XSS stored_xss
|
- ARRAY_VS_SINGLETON none
- BAD_ALLOC_ARITHMETIC none
- BUFFER_SIZE fixed_size_dest
- BUFFER_SIZE likely_overflow
- BUFFER_SIZE no_null_terminator
- BUFFER_SIZE no_null_terminator_warn
- BUFFER_SIZE none
- BUFFER_SIZE overflow
- BUFFER_SIZE overlapping_buffer
- COM.BAD_FREE none
- COM.BSTR.ALLOC double_free
- COM.BSTR.ALLOC free_uninit
- COM.BSTR.ALLOC none
- COM.BSTR.ALLOC use_after_free
- COM.BSTR.ALLOC use_uninit
- COM.BSTR.CONV none
- FORMAT_STRING_INJECTION none
- FORMAT_STRING_INJECTION paranoid
- HEADER_INJECTION none
- INCOMPATIBLE_CAST overrun
- INTEGER_OVERFLOW array_index_read
- INTEGER_OVERFLOW array_index_write
- INTEGER_OVERFLOW const_overflow
- INTEGER_OVERFLOW critical_argument
- INTEGER_OVERFLOW none
- INTEGER_OVERFLOW pointer_deref_read
- INTEGER_OVERFLOW pointer_deref_write
- INTEGER_OVERFLOW return_value_error
- INVALIDATE_ITERATOR none
- MISMATCHED_ITERATOR none
- MISMATCHED_ITERATOR splice_iterator_mismatch
- MISSING_ASSIGN none
- MISSING_ASSIGN uncalled
- MISSING_COPY none
- MISSING_COPY uncalled
- NEGATIVE_RETURNS array_index_read
- NEGATIVE_RETURNS array_index_write
- NEGATIVE_RETURNS loop_bound
- OS_CMD_INJECTION none
- OVERFLOW_BEFORE_WIDEN none
- OVERRUN illegal_address
- OVERRUN none
- OVERRUN read
- OVERRUN strlen
- OVERRUN write
- PATH_MANIPULATION none
- PW.INTEGER_OVERFLOW none
- PW.INTEGER_TOO_LARGE none
- PW.NON_CONST_PRINTF_FORMAT_STRING none
- PW.SHIFT_COUNT_TOO_LARGE none
- READLINK none
- REVERSE_NEGATIVE array_index_read
- REVERSE_NEGATIVE array_index_write
- REVERSE_NEGATIVE critical_argument
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SIZECHECK likely_overflow
- SIZECHECK no_null_terminator
- SQLI none
- STRING_NULL none
- STRING_OVERFLOW fixed_size_dest
- STRING_OVERFLOW likely_overflow
- STRING_OVERFLOW none
- STRING_SIZE none
- TAINTED_SCALAR allocation
- TAINTED_SCALAR array_index_read
- TAINTED_SCALAR array_index_write
- TAINTED_SCALAR critical_argument
- TAINTED_SCALAR divisor
- TAINTED_SCALAR loop_bound
- TAINTED_SCALAR none
- TAINTED_SCALAR pointer_deref_read
- TAINTED_SCALAR pointer_deref_write
- TAINTED_STRING none
- URL_MANIPULATION none
- USER_POINTER none
- USE_AFTER_FREE deref_read_after_free
- USE_AFTER_FREE deref_write_after_free
- USE_AFTER_FREE double_free
- USE_AFTER_FREE none
- WRAPPER_ESCAPE COM_deref_read_after_free
- WRAPPER_ESCAPE COM_deref_write_after_free
- WRAPPER_ESCAPE COM_use_after_free
- WRAPPER_ESCAPE deref_read_after_free
- WRAPPER_ESCAPE deref_write_after_free
- WRAPPER_ESCAPE none
- XPATH_INJECTION none
|
- ARRAY_VS_SINGLETON none
- BAD_ALLOC_ARITHMETIC none
- BUFFER_SIZE fixed_size_dest
- BUFFER_SIZE likely_overflow
- BUFFER_SIZE no_null_terminator
- BUFFER_SIZE no_null_terminator_warn
- BUFFER_SIZE none
- BUFFER_SIZE overflow
- BUFFER_SIZE overlapping_buffer
- FORMAT_STRING_INJECTION none
- FORMAT_STRING_INJECTION paranoid
- HEADER_INJECTION none
- INCOMPATIBLE_CAST overrun
- INTEGER_OVERFLOW array_index_read
- INTEGER_OVERFLOW array_index_write
- INTEGER_OVERFLOW const_overflow
- INTEGER_OVERFLOW critical_argument
- INTEGER_OVERFLOW none
- INTEGER_OVERFLOW pointer_deref_read
- INTEGER_OVERFLOW pointer_deref_write
- INTEGER_OVERFLOW return_value_error
- INVALIDATE_ITERATOR none
- MISMATCHED_ITERATOR none
- MISMATCHED_ITERATOR splice_iterator_mismatch
- MISSING_ASSIGN none
- MISSING_ASSIGN uncalled
- MISSING_COPY none
- MISSING_COPY uncalled
- NEGATIVE_RETURNS array_index_read
- NEGATIVE_RETURNS array_index_write
- NEGATIVE_RETURNS loop_bound
- OS_CMD_INJECTION none
- OVERFLOW_BEFORE_WIDEN none
- OVERRUN illegal_address
- OVERRUN none
- OVERRUN read
- OVERRUN strlen
- OVERRUN write
- PATH_MANIPULATION none
- PW.INTEGER_OVERFLOW none
- PW.INTEGER_TOO_LARGE none
- PW.NON_CONST_PRINTF_FORMAT_STRING none
- PW.SHIFT_COUNT_TOO_LARGE none
- READLINK none
- REVERSE_NEGATIVE array_index_read
- REVERSE_NEGATIVE array_index_write
- REVERSE_NEGATIVE critical_argument
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SIZECHECK likely_overflow
- SIZECHECK no_null_terminator
- SQLI none
- STRING_NULL none
- STRING_OVERFLOW fixed_size_dest
- STRING_OVERFLOW likely_overflow
- STRING_OVERFLOW none
- STRING_SIZE none
- TAINTED_SCALAR allocation
- TAINTED_SCALAR array_index_read
- TAINTED_SCALAR array_index_write
- TAINTED_SCALAR critical_argument
- TAINTED_SCALAR divisor
- TAINTED_SCALAR loop_bound
- TAINTED_SCALAR none
- TAINTED_SCALAR pointer_deref_read
- TAINTED_SCALAR pointer_deref_write
- TAINTED_STRING none
- URL_MANIPULATION none
- USER_POINTER none
- USE_AFTER_FREE deref_read_after_free
- USE_AFTER_FREE deref_write_after_free
- USE_AFTER_FREE double_free
- USE_AFTER_FREE none
- WRAPPER_ESCAPE COM_deref_read_after_free
- WRAPPER_ESCAPE COM_deref_write_after_free
- WRAPPER_ESCAPE COM_use_after_free
- WRAPPER_ESCAPE deref_read_after_free
- WRAPPER_ESCAPE deref_write_after_free
- WRAPPER_ESCAPE none
- XPATH_INJECTION none
|
- DISTRUSTED_DATA_DESERIALIZATION none
- HEADER_INJECTION none
- NOSQL_QUERY_INJECTION none
- OPEN_REDIRECT none
- OS_CMD_INJECTION command_as_one_string
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SQLI none
- SQLI nosink
- SQLI sink
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
- TEMPLATE_INJECTION none
- URL_MANIPULATION none
- XSS none
|
- CONFIG.MYBATIS_MAPPER_SQLI none
- CONFIG.SPRING_SECURITY_CSRF_PROTECTION_DISABLED spring_security
- CONFIG.SPRING_SECURITY_DEPRECATED_XSS_HEADER deprecated_xss_header
- CONFIG.STRUTS2_CONFIG_BROWSER_PLUGIN none
- CONFIG.STRUTS2_DYNAMIC_METHOD_INVOCATION none
- CONFIG.STRUTS2_ENABLED_DEV_MODE none
- CSRF database_update
- CSRF filesystem_modification
- CSRF none
- EL_INJECTION none
- FB.HRS_REQUEST_PARAMETER_TO_COOKIE none
- FB.HRS_REQUEST_PARAMETER_TO_HTTP_HEADER none
- FB.PT_ABSOLUTE_PATH_TRAVERSAL none
- FB.PT_RELATIVE_PATH_TRAVERSAL none
- FB.SQL_NONCONSTANT_STRING_PASSED_TO_EXECUTE none
- FB.SQL_PREPARED_STATEMENT_GENERATED_FROM_NONCONSTANT_STRING none
- FB.XSS_REQUEST_PARAMETER_TO_JSP_WRITER none
- FB.XSS_REQUEST_PARAMETER_TO_SEND_ERROR none
- FB.XSS_REQUEST_PARAMETER_TO_SERVLET_WRITER none
- HEADER_INJECTION none
- INVALIDATE_ITERATOR map_put
- INVALIDATE_ITERATOR none
- JAVA_CODE_INJECTION none
- JCR_INJECTION none
- JSP_DYNAMIC_INCLUDE none
- JSP_SQL_INJECTION none
- LDAP_INJECTION none
- LDAP_NOT_CONSTANT none
- LOG_INJECTION none
- MISSING_HEADER_VALIDATION missing_header_validation
- NOSQL_QUERY_INJECTION none
- OGNL_INJECTION none
- OPEN_REDIRECT none
- OS_CMD_INJECTION command_as_array_of_args
- OS_CMD_INJECTION command_as_one_string
- OS_CMD_INJECTION none
- OVERFLOW_BEFORE_WIDEN none
- PATH_MANIPULATION none
- REGEX_INJECTION none
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
- UNKNOWN_LANGUAGE_INJECTION none
- UNRESTRICTED_DISPATCH none
- UNSAFE_DESERIALIZATION none
- UNSAFE_JNI none
- UNSAFE_NAMED_QUERY none
- UNSAFE_REFLECTION none
- URL_MANIPULATION bad_content_uri
- URL_MANIPULATION bad_intent_uri
- URL_MANIPULATION bad_web_uri
- XML_INJECTION none
- XPATH_INJECTION none
- XSS none
- XSS stored_xss
|
- ANGULAR_BYPASS_SECURITY none
- ANGULAR_ELEMENT_REFERENCE none
- ANGULAR_EXPRESSION_INJECTION none
- ANGULAR_SCE_DISABLED angular_sce_disabled
- AWS_VALIDATION_DISABLED aws_parameters_validation
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
- CONFIG.CSURF_IGNORE_METHODS csurf_ignore_methods
- CONFIG.HANA_XS_PREVENT_XSRF_DISABLED none
- COOKIE_INJECTION none
- CSRF database_update
- CSRF filesystem_modification
- CSRF none
- CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_cookie_name
- CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_no_validation
- CSRF_MISCONFIGURATION_HAPI_CRUMB insecure_cookie
- CSRF_MISCONFIGURATION_HAPI_CRUMB insufficient_token_entropy
- CSS_INJECTION none
- DOM_XSS none
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
- HEADER_INJECTION none
- LOCALSTORAGE_MANIPULATION none
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
- NOSQL_QUERY_INJECTION none
- OPEN_REDIRECT none
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- REACT_DANGEROUS_INNERHTML react_set_unsafe_html
- REGEX_INJECTION none
- REVERSE_TABNABBING react_target_blank
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SESSIONSTORAGE_MANIPULATION none
- SQLI none
- SQLI nosink
- SQLI sink
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
- TEMPLATE_INJECTION none
- UNSAFE_DESERIALIZATION none
- URL_MANIPULATION none
- VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
- WEAK_URL_SANITIZATION url_substring
- XSS none
|
- HEADER_INJECTION none
- OS_CMD_INJECTION command_as_array_of_args
- OS_CMD_INJECTION command_as_one_string
- PATH_MANIPULATION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SQLI none
- SQLI nosink
- SQLI sink
- UNSAFE_DESERIALIZATION none
- URL_MANIPULATION bad_content_uri
- URL_MANIPULATION bad_intent_uri
- URL_MANIPULATION bad_web_uri
|
- ARRAY_VS_SINGLETON none
- BAD_ALLOC_ARITHMETIC none
- BUFFER_SIZE fixed_size_dest
- BUFFER_SIZE likely_overflow
- BUFFER_SIZE no_null_terminator
- BUFFER_SIZE no_null_terminator_warn
- BUFFER_SIZE none
- BUFFER_SIZE overflow
- BUFFER_SIZE overlapping_buffer
- FORMAT_STRING_INJECTION none
- FORMAT_STRING_INJECTION paranoid
- HEADER_INJECTION none
- INCOMPATIBLE_CAST overrun
- INTEGER_OVERFLOW array_index_read
- INTEGER_OVERFLOW array_index_write
- INTEGER_OVERFLOW const_overflow
- INTEGER_OVERFLOW critical_argument
- INTEGER_OVERFLOW none
- INTEGER_OVERFLOW pointer_deref_read
- INTEGER_OVERFLOW pointer_deref_write
- INTEGER_OVERFLOW return_value_error
- INVALIDATE_ITERATOR none
- MISMATCHED_ITERATOR none
- MISMATCHED_ITERATOR splice_iterator_mismatch
- MISSING_ASSIGN none
- MISSING_ASSIGN uncalled
- MISSING_COPY none
- MISSING_COPY uncalled
- NEGATIVE_RETURNS array_index_read
- NEGATIVE_RETURNS array_index_write
- NEGATIVE_RETURNS loop_bound
- OS_CMD_INJECTION none
- OVERFLOW_BEFORE_WIDEN none
- OVERRUN illegal_address
- OVERRUN none
- OVERRUN read
- OVERRUN strlen
- OVERRUN write
- PATH_MANIPULATION none
- READLINK none
- REVERSE_NEGATIVE array_index_read
- REVERSE_NEGATIVE array_index_write
- REVERSE_NEGATIVE critical_argument
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SIZECHECK likely_overflow
- SIZECHECK no_null_terminator
- SQLI none
- STRING_NULL none
- STRING_OVERFLOW fixed_size_dest
- STRING_OVERFLOW likely_overflow
- STRING_OVERFLOW none
- STRING_SIZE none
- TAINTED_SCALAR allocation
- TAINTED_SCALAR array_index_read
- TAINTED_SCALAR array_index_write
- TAINTED_SCALAR critical_argument
- TAINTED_SCALAR divisor
- TAINTED_SCALAR loop_bound
- TAINTED_SCALAR none
- TAINTED_SCALAR pointer_deref_read
- TAINTED_SCALAR pointer_deref_write
- TAINTED_STRING none
- URL_MANIPULATION none
- USER_POINTER none
- USE_AFTER_FREE deref_read_after_free
- USE_AFTER_FREE deref_write_after_free
- USE_AFTER_FREE double_free
- USE_AFTER_FREE none
- WRAPPER_ESCAPE COM_deref_read_after_free
- WRAPPER_ESCAPE COM_deref_write_after_free
- WRAPPER_ESCAPE COM_use_after_free
- WRAPPER_ESCAPE deref_read_after_free
- WRAPPER_ESCAPE deref_write_after_free
- WRAPPER_ESCAPE none
- XPATH_INJECTION none
|
- CONFIG.SYMFONY_CSRF_PROTECTION_DISABLED none
- HEADER_INJECTION none
- NOSQL_QUERY_INJECTION none
- OPEN_REDIRECT none
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SQLI none
- SQLI nosink
- SQLI sink
- SYMFONY_EL_INJECTION none
- UNSAFE_DESERIALIZATION none
- UNSAFE_REFLECTION none
- XSS none
|
- CSRF database_update
- CSRF none
- NOSQL_QUERY_INJECTION none
- OPEN_REDIRECT none
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SQLI none
- SQLI nosink
- SQLI sink
- UNSAFE_DESERIALIZATION none
- XSS none
|
- COOKIE_SERIALIZER_CONFIG unsafe_cookie_serialization_med
- CSRF csrf_not_protected_by_raising_exception_med
- CSRF csrf_protection_disabled_hi
- CSRF csrf_protection_missing_hi
- CSRF cve_2011_0447_hi
- DYNAMIC_OBJECT_ATTRIBUTES cve_2013_0276_hi
- OPEN_REDIRECT open_redirect_hi
- OPEN_REDIRECT open_redirect_low
- OS_CMD_INJECTION command_injection_hi
- OS_CMD_INJECTION command_injection_med
- PATH_MANIPULATION dynamic_render_path_hi
- PATH_MANIPULATION dynamic_render_path_low
- PATH_MANIPULATION dynamic_render_path_med
- PATH_MANIPULATION dynamic_render_path_rce_hi
- PATH_MANIPULATION file_access_hi
- PATH_MANIPULATION file_access_low
- PATH_MANIPULATION file_access_med
- REGEX_INJECTION regex_dos_hi
- REGEX_INJECTION regex_dos_low
- REGEX_INJECTION regex_dos_med
- REVERSE_TABNABBING reverse_tabnabbing_low
- RUBY_VULNERABLE_LIBRARY cve_2010_3933_hi
- RUBY_VULNERABLE_LIBRARY cve_2011_2929_hi
- RUBY_VULNERABLE_LIBRARY cve_2011_2930_med
- RUBY_VULNERABLE_LIBRARY cve_2011_2931_hi
- RUBY_VULNERABLE_LIBRARY cve_2011_2932_hi
- RUBY_VULNERABLE_LIBRARY cve_2011_3186_med
- RUBY_VULNERABLE_LIBRARY cve_2012_2660_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_2661_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_2695_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_3463_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_3465_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_5664_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_0155_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_0156_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_0269_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_0269_low
- RUBY_VULNERABLE_LIBRARY cve_2013_0269_med
- RUBY_VULNERABLE_LIBRARY cve_2013_0277_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_0277_med
- RUBY_VULNERABLE_LIBRARY cve_2013_0333_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_1855_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_1857_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_4491_med
- RUBY_VULNERABLE_LIBRARY cve_2013_6416_call_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_6416_med
- RUBY_VULNERABLE_LIBRARY cve_2013_6417_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_0080_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_0081_call_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_0081_med
- RUBY_VULNERABLE_LIBRARY cve_2014_3482_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_3483_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_low
- RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_med
- RUBY_VULNERABLE_LIBRARY cve_2014_3514_med
- RUBY_VULNERABLE_LIBRARY cve_2014_7829_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_3226_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_3226_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7577_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7578_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_7578_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7579_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_7579_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7580_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_7580_med
- RUBY_VULNERABLE_LIBRARY cve_2016_6317_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_3741_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_3741_med
- RUBY_VULNERABLE_LIBRARY cve_2018_3760_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_3760_low
- RUBY_VULNERABLE_LIBRARY cve_2018_8048_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_8048_med
- RUBY_VULNERABLE_LIBRARY safe_buffer_vuln_med
- RUBY_VULNERABLE_LIBRARY select_options_vuln_low
- RUBY_VULNERABLE_LIBRARY select_options_vuln_med
- RUBY_VULNERABLE_LIBRARY translate_vuln_hi
- RUBY_VULNERABLE_LIBRARY translate_vuln_med
- SCRIPT_CODE_INJECTION code_eval_hi
- SCRIPT_CODE_INJECTION code_eval_low
- SQLI sql_injection_calculate_hi
- SQLI sql_injection_calculate_low
- SQLI sql_injection_calculate_med
- SQLI sql_injection_connection_hi
- SQLI sql_injection_connection_low
- SQLI sql_injection_connection_med
- SQLI sql_injection_delete_hi
- SQLI sql_injection_delete_low
- SQLI sql_injection_delete_med
- SQLI sql_injection_dynamic_finder_med
- SQLI sql_injection_exists_hi
- SQLI sql_injection_find_by_hi
- SQLI sql_injection_find_hi
- SQLI sql_injection_find_low
- SQLI sql_injection_find_med
- SQLI sql_injection_from_hi
- SQLI sql_injection_from_low
- SQLI sql_injection_from_med
- SQLI sql_injection_group_low
- SQLI sql_injection_group_med
- SQLI sql_injection_having_low
- SQLI sql_injection_having_med
- SQLI sql_injection_hi
- SQLI sql_injection_interp_hi
- SQLI sql_injection_interp_low
- SQLI sql_injection_interp_med
- SQLI sql_injection_joins_hi
- SQLI sql_injection_joins_low
- SQLI sql_injection_joins_med
- SQLI sql_injection_limit_offset_hi
- SQLI sql_injection_limit_offset_low
- SQLI sql_injection_low
- SQLI sql_injection_med
- SQLI sql_injection_not_low
- SQLI sql_injection_order_hi
- SQLI sql_injection_order_low
- SQLI sql_injection_order_med
- SQLI sql_injection_pluck_hi
- SQLI sql_injection_pluck_low
- SQLI sql_injection_pluck_med
- SQLI sql_injection_reorder_hi
- SQLI sql_injection_reorder_low
- SQLI sql_injection_reorder_med
- SQLI sql_injection_select_hi
- SQLI sql_injection_select_med
- SQLI sql_injection_where_hi
- SQLI sql_injection_where_low
- SQLI sql_injection_where_med
- UNESCAPED_HTML unescaped_output_low
- UNSAFE_DESERIALIZATION unsafe_deserialize_hi
- UNSAFE_DESERIALIZATION unsafe_deserialize_med
- UNSAFE_REFLECTION dangerous_send_hi
- UNSAFE_REFLECTION unsafe_constantize_hi
- UNSAFE_REFLECTION unsafe_constantize_med
- XSS cross_site_scripting_hi
- XSS cross_site_scripting_inline_hi
- XSS cross_site_scripting_inline_med
- XSS cross_site_scripting_low
- XSS cross_site_scripting_med
- XSS cve_2011_0446_hi
- XSS cve_2012_3464_med
- XSS cve_2016_6316_hi
- XSS cve_2016_6316_med
- XSS unquoted_attribute_hi
- XSS unquoted_attribute_low
- XSS unquoted_attribute_med
- XSS xss_content_tag_hi
- XSS xss_content_tag_med
- XSS xss_link_to_hi
- XSS xss_link_to_href_hi
- XSS xss_link_to_href_low
- XSS xss_link_to_med
- XSS xss_to_json_hi
- XSS xss_to_json_med
|
- OVERFLOW_BEFORE_WIDEN none
|
- PATH_MANIPULATION none
- REGEX_INJECTION none
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SQLI none
- SQLI nosink
- SQLI sink
- XPATH_INJECTION none
|
- ANGULAR_BYPASS_SECURITY none
- ANGULAR_ELEMENT_REFERENCE none
- ANGULAR_EXPRESSION_INJECTION none
- ANGULAR_SCE_DISABLED angular_sce_disabled
- AWS_VALIDATION_DISABLED aws_parameters_validation
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
- CONFIG.CSURF_IGNORE_METHODS csurf_ignore_methods
- CONFIG.HANA_XS_PREVENT_XSRF_DISABLED none
- COOKIE_INJECTION none
- CSRF database_update
- CSRF filesystem_modification
- CSRF none
- CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_cookie_name
- CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_no_validation
- CSRF_MISCONFIGURATION_HAPI_CRUMB insecure_cookie
- CSRF_MISCONFIGURATION_HAPI_CRUMB insufficient_token_entropy
- CSS_INJECTION none
- DOM_XSS none
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
- HEADER_INJECTION none
- LOCALSTORAGE_MANIPULATION none
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
- NOSQL_QUERY_INJECTION none
- OPEN_REDIRECT none
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- REACT_DANGEROUS_INNERHTML react_set_unsafe_html
- REGEX_INJECTION none
- REVERSE_TABNABBING react_target_blank
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SESSIONSTORAGE_MANIPULATION none
- SQLI none
- SQLI nosink
- SQLI sink
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
- TEMPLATE_INJECTION none
- UNSAFE_DESERIALIZATION none
- URL_MANIPULATION none
- VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
- WEAK_URL_SANITIZATION url_substring
- XSS none
|
- CSRF database_update
- CSRF filesystem_modification
- CSRF none
- HEADER_INJECTION none
- LDAP_INJECTION none
- LDAP_NOT_CONSTANT none
- LOG_INJECTION none
- OPEN_REDIRECT none
- OS_CMD_INJECTION command_argument
- OS_CMD_INJECTION executable_file
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- REGEX_INJECTION none
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
- UNRESTRICTED_DISPATCH none
- UNSAFE_DESERIALIZATION none
- UNSAFE_NAMED_QUERY none
- XML_INJECTION none
- XPATH_INJECTION none
- XSS none
- XSS stored_xss
|
| 1020 Verify Message Integrity |
- CONFIG.MISSING_CUSTOM_ERROR_PAGE none
- HEADER_INJECTION none
- LDAP_INJECTION none
- LDAP_NOT_CONSTANT none
- LOG_INJECTION none
- MISSING_THROW none
- NOSQL_QUERY_INJECTION none
- OS_CMD_INJECTION command_argument
- OS_CMD_INJECTION executable_file
- OS_CMD_INJECTION none
- REGEX_INJECTION none
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
- UNKNOWN_LANGUAGE_INJECTION none
- XML_INJECTION none
- XPATH_INJECTION none
- XSS none
- XSS stored_xss
|
- AUTOSAR C++14 A15-3-3 none
- BUFFER_SIZE no_null_terminator
- BUFFER_SIZE no_null_terminator_warn
- FORMAT_STRING_INJECTION none
- FORMAT_STRING_INJECTION paranoid
- HEADER_INJECTION none
- MISRA C++-2008 Rule 15-3-2 none
- OS_CMD_INJECTION none
- PW.NON_CONST_PRINTF_FORMAT_STRING none
- READLINK none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SIZECHECK no_null_terminator
- SQLI none
- STRING_NULL none
- TAINTED_SCALAR allocation
- TAINTED_SCALAR array_index_read
- TAINTED_SCALAR array_index_write
- TAINTED_SCALAR critical_argument
- TAINTED_SCALAR divisor
- TAINTED_SCALAR loop_bound
- TAINTED_SCALAR none
- TAINTED_SCALAR pointer_deref_read
- TAINTED_SCALAR pointer_deref_write
- UNCAUGHT_EXCEPT none
- URL_MANIPULATION none
- XPATH_INJECTION none
|
- AUTOSAR C++14 A15-3-3 none
- BUFFER_SIZE no_null_terminator
- BUFFER_SIZE no_null_terminator_warn
- FORMAT_STRING_INJECTION none
- FORMAT_STRING_INJECTION paranoid
- HEADER_INJECTION none
- MISRA C++-2008 Rule 15-3-2 none
- OS_CMD_INJECTION none
- PW.NON_CONST_PRINTF_FORMAT_STRING none
- READLINK none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SIZECHECK no_null_terminator
- SQLI none
- STRING_NULL none
- TAINTED_SCALAR allocation
- TAINTED_SCALAR array_index_read
- TAINTED_SCALAR array_index_write
- TAINTED_SCALAR critical_argument
- TAINTED_SCALAR divisor
- TAINTED_SCALAR loop_bound
- TAINTED_SCALAR none
- TAINTED_SCALAR pointer_deref_read
- TAINTED_SCALAR pointer_deref_write
- UNCAUGHT_EXCEPT none
- URL_MANIPULATION none
- XPATH_INJECTION none
|
- HEADER_INJECTION none
- NOSQL_QUERY_INJECTION none
- OS_CMD_INJECTION command_as_one_string
- OS_CMD_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SQLI none
- SQLI nosink
- SQLI sink
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
- TEMPLATE_INJECTION none
- URL_MANIPULATION none
- XSS none
|
- CONFIG.MISSING_GLOBAL_EXCEPTION_HANDLER none
- CONFIG.MYBATIS_MAPPER_SQLI none
- CONFIG.SPRING_SECURITY_DEPRECATED_XSS_HEADER deprecated_xss_header
- EL_INJECTION none
- FB.DE_MIGHT_DROP none
- FB.DE_MIGHT_IGNORE none
- FB.HRS_REQUEST_PARAMETER_TO_COOKIE none
- FB.HRS_REQUEST_PARAMETER_TO_HTTP_HEADER none
- FB.REC_CATCH_EXCEPTION none
- FB.SQL_NONCONSTANT_STRING_PASSED_TO_EXECUTE none
- FB.SQL_PREPARED_STATEMENT_GENERATED_FROM_NONCONSTANT_STRING none
- FB.XSS_REQUEST_PARAMETER_TO_JSP_WRITER none
- FB.XSS_REQUEST_PARAMETER_TO_SEND_ERROR none
- FB.XSS_REQUEST_PARAMETER_TO_SERVLET_WRITER none
- HEADER_INJECTION none
- JAVA_CODE_INJECTION none
- JCR_INJECTION none
- JSP_DYNAMIC_INCLUDE none
- JSP_SQL_INJECTION none
- LDAP_INJECTION none
- LDAP_NOT_CONSTANT none
- LOG_INJECTION none
- MISSING_HEADER_VALIDATION missing_header_validation
- MISSING_THROW none
- NOSQL_QUERY_INJECTION none
- OGNL_INJECTION none
- OS_CMD_INJECTION command_as_array_of_args
- OS_CMD_INJECTION command_as_one_string
- OS_CMD_INJECTION none
- REGEX_INJECTION none
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
- UNKNOWN_LANGUAGE_INJECTION none
- URL_MANIPULATION bad_content_uri
- URL_MANIPULATION bad_intent_uri
- URL_MANIPULATION bad_web_uri
- VERBOSE_ERROR_REPORTING exception_information
- VERBOSE_ERROR_REPORTING stack_trace
- XML_INJECTION none
- XPATH_INJECTION none
- XSS none
- XSS stored_xss
|
- ANGULAR_BYPASS_SECURITY none
- ANGULAR_ELEMENT_REFERENCE none
- ANGULAR_EXPRESSION_INJECTION none
- ANGULAR_SCE_DISABLED angular_sce_disabled
- CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
- CONFIG.MISSING_GLOBAL_EXCEPTION_HANDLER winston_exception_handling
- CSS_INJECTION none
- DOM_XSS none
- HEADER_INJECTION none
- LOCALSTORAGE_MANIPULATION none
- NOSQL_QUERY_INJECTION none
- OS_CMD_INJECTION none
- REACT_DANGEROUS_INNERHTML react_set_unsafe_html
- REGEX_INJECTION none
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SESSIONSTORAGE_MANIPULATION none
- SQLI none
- SQLI nosink
- SQLI sink
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
- TEMPLATE_INJECTION none
- URL_MANIPULATION none
- VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
- XSS none
|
- HEADER_INJECTION none
- OS_CMD_INJECTION command_as_array_of_args
- OS_CMD_INJECTION command_as_one_string
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SQLI none
- SQLI nosink
- SQLI sink
- URL_MANIPULATION bad_content_uri
- URL_MANIPULATION bad_intent_uri
- URL_MANIPULATION bad_web_uri
|
- BUFFER_SIZE no_null_terminator
- BUFFER_SIZE no_null_terminator_warn
- FORMAT_STRING_INJECTION none
- FORMAT_STRING_INJECTION paranoid
- HEADER_INJECTION none
- OS_CMD_INJECTION none
- READLINK none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SIZECHECK no_null_terminator
- SQLI none
- STRING_NULL none
- TAINTED_SCALAR allocation
- TAINTED_SCALAR array_index_read
- TAINTED_SCALAR array_index_write
- TAINTED_SCALAR critical_argument
- TAINTED_SCALAR divisor
- TAINTED_SCALAR loop_bound
- TAINTED_SCALAR none
- TAINTED_SCALAR pointer_deref_read
- TAINTED_SCALAR pointer_deref_write
- UNCAUGHT_EXCEPT none
- URL_MANIPULATION none
- XPATH_INJECTION none
|
- HEADER_INJECTION none
- NOSQL_QUERY_INJECTION none
- OS_CMD_INJECTION none
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SQLI none
- SQLI nosink
- SQLI sink
- SYMFONY_EL_INJECTION none
- XSS none
|
- NOSQL_QUERY_INJECTION none
- OS_CMD_INJECTION none
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SQLI none
- SQLI nosink
- SQLI sink
- XSS none
|
- DYNAMIC_OBJECT_ATTRIBUTES cve_2013_0276_hi
- OS_CMD_INJECTION command_injection_hi
- OS_CMD_INJECTION command_injection_med
- PATH_MANIPULATION dynamic_render_path_rce_hi
- REGEX_INJECTION regex_dos_hi
- REGEX_INJECTION regex_dos_low
- REGEX_INJECTION regex_dos_med
- RUBY_VULNERABLE_LIBRARY cve_2010_3933_hi
- RUBY_VULNERABLE_LIBRARY cve_2011_2930_med
- RUBY_VULNERABLE_LIBRARY cve_2011_2931_hi
- RUBY_VULNERABLE_LIBRARY cve_2011_2932_hi
- RUBY_VULNERABLE_LIBRARY cve_2011_3186_med
- RUBY_VULNERABLE_LIBRARY cve_2012_2660_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_2661_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_2695_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_3463_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_3465_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_5664_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_0155_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_1855_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_1857_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_4491_med
- RUBY_VULNERABLE_LIBRARY cve_2013_6416_call_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_6416_med
- RUBY_VULNERABLE_LIBRARY cve_2013_6417_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_0080_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_0081_call_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_0081_med
- RUBY_VULNERABLE_LIBRARY cve_2014_3482_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_3483_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_low
- RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_med
- RUBY_VULNERABLE_LIBRARY cve_2014_3514_med
- RUBY_VULNERABLE_LIBRARY cve_2015_3226_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_3226_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7577_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7578_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_7578_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7579_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_7579_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7580_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_7580_med
- RUBY_VULNERABLE_LIBRARY cve_2016_6317_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_3741_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_3741_med
- RUBY_VULNERABLE_LIBRARY cve_2018_8048_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_8048_med
- RUBY_VULNERABLE_LIBRARY safe_buffer_vuln_med
- RUBY_VULNERABLE_LIBRARY select_options_vuln_low
- RUBY_VULNERABLE_LIBRARY select_options_vuln_med
- RUBY_VULNERABLE_LIBRARY translate_vuln_hi
- RUBY_VULNERABLE_LIBRARY translate_vuln_med
- SCRIPT_CODE_INJECTION code_eval_hi
- SCRIPT_CODE_INJECTION code_eval_low
- SENSITIVE_DATA_LEAK detailed_exceptions_hi
- SENSITIVE_DATA_LEAK detailed_exceptions_med
- SQLI sql_injection_calculate_hi
- SQLI sql_injection_calculate_low
- SQLI sql_injection_calculate_med
- SQLI sql_injection_connection_hi
- SQLI sql_injection_connection_low
- SQLI sql_injection_connection_med
- SQLI sql_injection_delete_hi
- SQLI sql_injection_delete_low
- SQLI sql_injection_delete_med
- SQLI sql_injection_dynamic_finder_med
- SQLI sql_injection_exists_hi
- SQLI sql_injection_find_by_hi
- SQLI sql_injection_find_hi
- SQLI sql_injection_find_low
- SQLI sql_injection_find_med
- SQLI sql_injection_from_hi
- SQLI sql_injection_from_low
- SQLI sql_injection_from_med
- SQLI sql_injection_group_low
- SQLI sql_injection_group_med
- SQLI sql_injection_having_low
- SQLI sql_injection_having_med
- SQLI sql_injection_hi
- SQLI sql_injection_interp_hi
- SQLI sql_injection_interp_low
- SQLI sql_injection_interp_med
- SQLI sql_injection_joins_hi
- SQLI sql_injection_joins_low
- SQLI sql_injection_joins_med
- SQLI sql_injection_limit_offset_hi
- SQLI sql_injection_limit_offset_low
- SQLI sql_injection_low
- SQLI sql_injection_med
- SQLI sql_injection_not_low
- SQLI sql_injection_order_hi
- SQLI sql_injection_order_low
- SQLI sql_injection_order_med
- SQLI sql_injection_pluck_hi
- SQLI sql_injection_pluck_low
- SQLI sql_injection_pluck_med
- SQLI sql_injection_reorder_hi
- SQLI sql_injection_reorder_low
- SQLI sql_injection_reorder_med
- SQLI sql_injection_select_hi
- SQLI sql_injection_select_med
- SQLI sql_injection_where_hi
- SQLI sql_injection_where_low
- SQLI sql_injection_where_med
- UNESCAPED_HTML unescaped_output_low
- XSS cross_site_scripting_hi
- XSS cross_site_scripting_inline_hi
- XSS cross_site_scripting_inline_med
- XSS cross_site_scripting_low
- XSS cross_site_scripting_med
- XSS cve_2011_0446_hi
- XSS cve_2012_3464_med
- XSS cve_2016_6316_hi
- XSS cve_2016_6316_med
- XSS unquoted_attribute_hi
- XSS unquoted_attribute_low
- XSS unquoted_attribute_med
- XSS xss_content_tag_hi
- XSS xss_content_tag_med
- XSS xss_link_to_hi
- XSS xss_link_to_href_hi
- XSS xss_link_to_href_low
- XSS xss_link_to_med
- XSS xss_to_json_hi
- XSS xss_to_json_med
|
|
- REGEX_INJECTION none
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SQLI none
- SQLI nosink
- SQLI sink
- UNEXPECTED_CONTROL_FLOW ignored_exception_to_optional
- XPATH_INJECTION none
|
- ANGULAR_BYPASS_SECURITY none
- ANGULAR_ELEMENT_REFERENCE none
- ANGULAR_EXPRESSION_INJECTION none
- ANGULAR_SCE_DISABLED angular_sce_disabled
- CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
- CONFIG.MISSING_GLOBAL_EXCEPTION_HANDLER winston_exception_handling
- CSS_INJECTION none
- DOM_XSS none
- HEADER_INJECTION none
- LOCALSTORAGE_MANIPULATION none
- NOSQL_QUERY_INJECTION none
- OS_CMD_INJECTION none
- REACT_DANGEROUS_INNERHTML react_set_unsafe_html
- REGEX_INJECTION none
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SESSIONSTORAGE_MANIPULATION none
- SQLI none
- SQLI nosink
- SQLI sink
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
- TEMPLATE_INJECTION none
- URL_MANIPULATION none
- VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
- XSS none
|
- CONFIG.MISSING_CUSTOM_ERROR_PAGE none
- HEADER_INJECTION none
- LDAP_INJECTION none
- LDAP_NOT_CONSTANT none
- LOG_INJECTION none
- OS_CMD_INJECTION command_argument
- OS_CMD_INJECTION executable_file
- OS_CMD_INJECTION none
- REGEX_INJECTION none
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
- XML_INJECTION none
- XPATH_INJECTION none
- XSS none
- XSS stored_xss
|
| 1021 Improper Restriction of Rendered UI Layers or Frames |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1022 Use of Web Link to Untrusted Target with window.opener Access |
|
|
|
|
|
- REVERSE_TABNABBING react_target_blank
|
|
|
|
|
|
|
|
- REVERSE_TABNABBING react_target_blank
|
|
| 1023 Incomplete Comparison with Missing Factors |
|
|
|
|
- HIBERNATE_BAD_HASHCODE bad_equals
|
|
|
|
|
|
|
|
|
|
|
| 1024 Comparison of Incompatible Types |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1025 Comparison Using Wrong Factors |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1026 Weaknesses in OWASP Top Ten (2017) |
- ASPNET_MVC_VERSION_HEADER none
- CONFIG.ASPNET_VERSION_HEADER none
- CONFIG.ASP_VIEWSTATE_MAC none
- CONFIG.CONNECTION_STRING_PASSWORD none
- CONFIG.COOKIES_MISSING_HTTPONLY none
- CONFIG.DEAD_AUTHORIZATION_RULE dead_allow_rule
- CONFIG.DEAD_AUTHORIZATION_RULE dead_deny_rule
- CONFIG.DYNAMIC_DATA_HTML_COMMENT none
- CONFIG.ENABLED_DEBUG_MODE none
- CONFIG.ENABLED_TRACE_MODE none
- CONFIG.MISSING_CUSTOM_ERROR_PAGE none
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HEADER_INJECTION none
- INSECURE_COOKIE dotnet
- LDAP_INJECTION none
- LDAP_NOT_CONSTANT none
- MISSING_AUTHZ none
- NOSQL_QUERY_INJECTION none
- OS_CMD_INJECTION command_argument
- OS_CMD_INJECTION executable_file
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- REGEX_INJECTION none
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- UNKNOWN_LANGUAGE_INJECTION none
- UNLOGGED_SECURITY_EXCEPTION unlogged_security_exception
- UNSAFE_DESERIALIZATION none
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
- XML_EXTERNAL_ENTITY entity_expansion
- XML_EXTERNAL_ENTITY external_entities
- XML_EXTERNAL_ENTITY unrestricted_dtds
- XML_INJECTION none
- XPATH_INJECTION none
- XSS none
- XSS stored_xss
|
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK nested_memory_access
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK sensitive_data_comparison
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_execution_data_leak
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_uninitialized_use
- AUTOSAR C++14 A15-3-3 none
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HEADER_INJECTION none
- MISRA C++-2008 Rule 15-3-2 none
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- PW.NON_CONST_PRINTF_FORMAT_STRING none
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- UNCAUGHT_EXCEPT none
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- URL_MANIPULATION none
- WEAK_GUARD dns
- WEAK_GUARD dns_sensitive_op
- WEAK_GUARD http_referer
- WEAK_GUARD http_referer_sensitive_op
- WEAK_GUARD ip_address
- WEAK_GUARD ip_address_sensitive_op
- WEAK_GUARD none
- WEAK_GUARD os_login
- WEAK_GUARD os_login_sensitive_op
- WEAK_GUARD principal_name
- WEAK_GUARD principal_name_sensitive_op
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
- XPATH_INJECTION none
|
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK nested_memory_access
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK sensitive_data_comparison
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_execution_data_leak
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_uninitialized_use
- AUTOSAR C++14 A15-3-3 none
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HEADER_INJECTION none
- MISRA C++-2008 Rule 15-3-2 none
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- UNCAUGHT_EXCEPT none
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- URL_MANIPULATION none
- WEAK_GUARD dns
- WEAK_GUARD dns_sensitive_op
- WEAK_GUARD http_referer
- WEAK_GUARD http_referer_sensitive_op
- WEAK_GUARD ip_address
- WEAK_GUARD ip_address_sensitive_op
- WEAK_GUARD none
- WEAK_GUARD os_login
- WEAK_GUARD os_login_sensitive_op
- WEAK_GUARD principal_name
- WEAK_GUARD principal_name_sensitive_op
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
- XPATH_INJECTION none
|
- DISTRUSTED_DATA_DESERIALIZATION none
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HEADER_INJECTION none
- INSUFFICIENT_LOGGING logging_obligation
- NOSQL_QUERY_INJECTION none
- OS_CMD_INJECTION command_as_one_string
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
- URL_MANIPULATION none
- XML_EXTERNAL_ENTITY entity_expansion
- XML_EXTERNAL_ENTITY external_entities
- XSS none
|
- ANDROID_CAPABILITY_LEAK none
- ANDROID_WEBVIEW_FILEACCESS android_webview_file_access
- BAD_CERT_VERIFICATION bad_hostname_verifier
- BAD_CERT_VERIFICATION bad_revocation_check
- BAD_CERT_VERIFICATION bad_ssl_session
- BAD_CERT_VERIFICATION bad_trust_manager
- CONFIG.ANDROID_OUTDATED_TARGETSDKVERSION android
- CONFIG.ANDROID_UNSAFE_MINSDKVERSION android
- CONFIG.DUPLICATE_SERVLET_DEFINITION none
- CONFIG.DWR_DEBUG_MODE none
- CONFIG.DYNAMIC_DATA_HTML_COMMENT none
- CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
- CONFIG.HTTP_VERB_TAMPERING none
- CONFIG.JAVAEE_MISSING_HTTPONLY none
- CONFIG.JAVAEE_MISSING_SERVLET_MAPPING javaee
- CONFIG.MISSING_GLOBAL_EXCEPTION_HANDLER none
- CONFIG.MISSING_JSF2_SECURITY_CONSTRAINT none
- CONFIG.MYBATIS_MAPPER_SQLI none
- CONFIG.SPRING_BOOT_SSL_DISABLED spring_boot_certificate_validation_skipped
- CONFIG.SPRING_BOOT_SSL_DISABLED spring_boot_ssl_disabled
- CONFIG.SPRING_SECURITY_DEBUG_MODE spring_debug_mode_enabled
- CONFIG.SPRING_SECURITY_DEPRECATED_XSS_HEADER deprecated_xss_header
- CONFIG.SPRING_SECURITY_DISABLE_AUTH_TAGS none
- CONFIG.SPRING_SECURITY_EXPOSED_SESSIONID session_id_in_url
- CONFIG.SPRING_SECURITY_HARDCODED_CREDENTIALS none
- CONFIG.SPRING_SECURITY_LOGIN_OVER_HTTP spring_security_login_over_http
- CONFIG.SPRING_SECURITY_REMEMBER_ME_HARDCODED_KEY none
- CONFIG.SPRING_SECURITY_SESSION_FIXATION none
- CONFIG.SPRING_SECURITY_SESSION_FIXATION spring_security_source_code
- CONFIG.SPRING_SECURITY_UNSAFE_AUTHENTICATION_FILTER authentication_filter
- CONFIG.SPRING_SECURITY_WEAK_PASSWORD_HASH weak_encoding_for_password
- CONFIG.STRUTS2_CONFIG_BROWSER_PLUGIN none
- CONFIG.STRUTS2_DYNAMIC_METHOD_INVOCATION none
- CONFIG.STRUTS2_ENABLED_DEV_MODE none
- CONFIG.UNSAFE_SESSION_TIMEOUT none
- CORS_MISCONFIGURATION cors_with_credentials_http_origin
- CORS_MISCONFIGURATION cors_with_credentials_null_origin
- CORS_MISCONFIGURATION_AUDIT cors_expose_sensitive_header
- CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
- CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
- DISABLED_ENCRYPTION text_encryptor
- EL_INJECTION none
- FB.DMI_CONSTANT_DB_PASSWORD none
- FB.DMI_EMPTY_DB_PASSWORD none
- FB.PT_ABSOLUTE_PATH_TRAVERSAL none
- FB.PT_RELATIVE_PATH_TRAVERSAL none
- FB.SQL_NONCONSTANT_STRING_PASSED_TO_EXECUTE none
- FB.SQL_PREPARED_STATEMENT_GENERATED_FROM_NONCONSTANT_STRING none
- FB.XSS_REQUEST_PARAMETER_TO_JSP_WRITER none
- FB.XSS_REQUEST_PARAMETER_TO_SEND_ERROR none
- FB.XSS_REQUEST_PARAMETER_TO_SERVLET_WRITER none
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HEADER_INJECTION none
- IMPLICIT_INTENT none
- INSECURE_COMMUNICATION insecure_communication
- INSECURE_COMMUNICATION none
- INSECURE_COMMUNICATION unencrypted_connection
- INSECURE_COOKIE java
- INSECURE_HTTP_FIREWALL spring_security
- INSECURE_REMEMBER_ME_COOKIE remember_me_cookie
- JAVA_CODE_INJECTION none
- JCR_INJECTION none
- JSP_DYNAMIC_INCLUDE none
- JSP_SQL_INJECTION none
- LDAP_INJECTION none
- LDAP_NOT_CONSTANT none
- MISSING_AUTHZ none
- MISSING_HEADER_VALIDATION missing_header_validation
- MISSING_PERMISSION_FOR_BROADCAST none
- MISSING_PERMISSION_ON_EXPORTED_COMPONENT none
- NOSQL_QUERY_INJECTION none
- OGNL_INJECTION none
- OS_CMD_INJECTION command_as_array_of_args
- OS_CMD_INJECTION command_as_one_string
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- REGEX_INJECTION none
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_clipboard
- SENSITIVE_DATA_LEAK cleartext_storage_in_content_provider
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_intent
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SESSION_FIXATION none
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- UNKNOWN_LANGUAGE_INJECTION none
- UNLOGGED_SECURITY_EXCEPTION unlogged_security_exception
- UNSAFE_DESERIALIZATION none
- UNSAFE_JNI none
- UNSAFE_REFLECTION none
- URL_MANIPULATION bad_content_uri
- URL_MANIPULATION bad_intent_uri
- URL_MANIPULATION bad_web_uri
- VERBOSE_ERROR_REPORTING exception_information
- VERBOSE_ERROR_REPORTING stack_trace
- WEAK_GUARD dns
- WEAK_GUARD dns_sensitive_op
- WEAK_GUARD http_referer
- WEAK_GUARD http_referer_sensitive_op
- WEAK_GUARD ip_address
- WEAK_GUARD ip_address_sensitive_op
- WEAK_GUARD none
- WEAK_GUARD os_login
- WEAK_GUARD os_login_sensitive_op
- WEAK_GUARD principal_name
- WEAK_GUARD principal_name_sensitive_op
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
- XML_EXTERNAL_ENTITY entity_expansion
- XML_EXTERNAL_ENTITY external_entities
- XML_EXTERNAL_ENTITY unrestricted_dtds
- XML_INJECTION none
- XPATH_INJECTION none
- XSS none
- XSS stored_xss
|
- ANGULAR_BYPASS_SECURITY none
- ANGULAR_ELEMENT_REFERENCE none
- ANGULAR_EXPRESSION_INJECTION none
- ANGULAR_SCE_DISABLED angular_sce_disabled
- AWS_SSL_DISABLED aws_ssl_disabled
- AWS_VALIDATION_DISABLED aws_credentials_validation
- AWS_VALIDATION_DISABLED aws_parameters_validation
- BAD_CERT_VERIFICATION bad_cert_verification
- BAD_CERT_VERIFICATION certificate_validation_disabled
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
- CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
- CONFIG.ENABLED_DEBUG_MODE debug_mode_enabled
- CONFIG.HANA_XS_PREVENT_XSRF_DISABLED none
- CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
- CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
- CONFIG.JSONWEBTOKEN_NON_EXPIRING_TOKEN jwt_non_expiring_token
- CONFIG.MISSING_GLOBAL_EXCEPTION_HANDLER winston_exception_handling
- CONFIG.MYSQL_SSL_VERIFY_DISABLED mysql_ssl_verify_disabled
- CONFIG.REQUEST_STRICTSSL_DISABLED request_strictssl_disabled
- CONFIG.SEQUELIZE_ENABLED_LOGGING sequelize_logging_enabled
- CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
- CONFIG.UNSAFE_SESSION_TIMEOUT client_sessions_unsafe_session_timeout
- CONFIG.UNSAFE_SESSION_TIMEOUT connect_mongo_session_timeout_too_long
- CONFIG.UNSAFE_SESSION_TIMEOUT connect_redis_session_timeout_too_long
- CONFIG.UNSAFE_SESSION_TIMEOUT google_cloud_connect_datastore_unsafe_session_timeout
- CONFIG.VUE_ROUTER_PARAMS_EXPOSED_TO_PROPS vuerouter_exposed_params
- CORS_MISCONFIGURATION cors_configured_globally
- CORS_MISCONFIGURATION cors_origin_string
- CORS_MISCONFIGURATION cors_with_credentials_all_origin
- CORS_MISCONFIGURATION cors_with_credentials_http_origin
- CORS_MISCONFIGURATION cors_with_credentials_null_origin
- CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
- CORS_MISCONFIGURATION_AUDIT cors_expose_sensitive_header
- CORS_MISCONFIGURATION_AUDIT cors_headers_allowed
- CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
- CORS_MISCONFIGURATION_AUDIT cors_origin_string
- CORS_MISCONFIGURATION_AUDIT cors_preflight_age_too_long
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_all_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_http_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_null_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
- DOM_XSS none
- EXPRESS_X_POWERED_BY_ENABLED x_powered_by_http_header
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HEADER_INJECTION none
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_max_age
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_report_uri
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_set_if
- INSECURE_ACL insecure_acl
- INSECURE_COMMUNICATION insecure_connection
- INSECURE_COOKIE client_sessions_express_session
- INSECURE_COOKIE hapi_server_session
- INSECURE_REFERRER_POLICY insecure_referrer_policy
- INSECURE_SALT hardcoded
- INSUFFICIENT_LOGGING logging_obligation
- INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_aws
- INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_google
- JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_exipration
- JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_not_before
- MISSING_AUTHZ none
- MULTER_MISCONFIGURATION multer_applied_globally
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
- NOSQL_QUERY_INJECTION none
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- REACT_DANGEROUS_INNERHTML react_set_unsafe_html
- REGEX_INJECTION none
- REVERSE_TABNABBING react_target_blank
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO insecure_cipher
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SA.RISKY_CRYPTO ssl_protocol
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
- TEMPORARY_CREDENTIALS_DURATION temporary_credentials_duration
- UNCHECKED_ORIGIN none
- UNLESS_CASE_SENSITIVE_ROUTE_MATCHING express_unless_case_sensitive_route_matching
- UNSAFE_BUFFER_METHOD unsafe_buffer_method
- UNSAFE_DESERIALIZATION none
- URL_MANIPULATION none
- VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
- WEAK_URL_SANITIZATION hostname_regular_expression
- WEAK_URL_SANITIZATION regular_expression_anchor
- WEAK_URL_SANITIZATION url_substring
- XML_EXTERNAL_ENTITY entity_expansion
- XML_EXTERNAL_ENTITY external_entities
- XSS none
|
- ANDROID_CAPABILITY_LEAK none
- BAD_CERT_VERIFICATION bad_hostname_verifier
- BAD_CERT_VERIFICATION bad_revocation_check
- BAD_CERT_VERIFICATION bad_ssl_session
- BAD_CERT_VERIFICATION bad_trust_manager
- CONFIG.ANDROID_OUTDATED_TARGETSDKVERSION android
- CONFIG.ANDROID_UNSAFE_MINSDKVERSION android
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HEADER_INJECTION none
- IMPLICIT_INTENT none
- INSECURE_COMMUNICATION none
- MISSING_PERMISSION_FOR_BROADCAST none
- OS_CMD_INJECTION command_as_array_of_args
- OS_CMD_INJECTION command_as_one_string
- PATH_MANIPULATION none
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_clipboard
- SENSITIVE_DATA_LEAK cleartext_storage_in_content_provider
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_intent
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- UNSAFE_DESERIALIZATION none
- URL_MANIPULATION bad_content_uri
- URL_MANIPULATION bad_intent_uri
- URL_MANIPULATION bad_web_uri
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
- XML_EXTERNAL_ENTITY entity_expansion
- XML_EXTERNAL_ENTITY external_entities
- XML_EXTERNAL_ENTITY unrestricted_dtds
|
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK nested_memory_access
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK sensitive_data_comparison
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_execution_data_leak
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_uninitialized_use
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HEADER_INJECTION none
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- UNCAUGHT_EXCEPT none
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- URL_MANIPULATION none
- WEAK_GUARD dns
- WEAK_GUARD dns_sensitive_op
- WEAK_GUARD http_referer
- WEAK_GUARD http_referer_sensitive_op
- WEAK_GUARD ip_address
- WEAK_GUARD ip_address_sensitive_op
- WEAK_GUARD none
- WEAK_GUARD os_login
- WEAK_GUARD os_login_sensitive_op
- WEAK_GUARD principal_name
- WEAK_GUARD principal_name_sensitive_op
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
- XPATH_INJECTION none
|
- CONFIG.SYMFONY_CSRF_PROTECTION_DISABLED none
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HEADER_INJECTION none
- MISSING_AUTHZ none
- NOSQL_QUERY_INJECTION none
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- SYMFONY_EL_INJECTION none
- UNSAFE_DESERIALIZATION none
- UNSAFE_REFLECTION none
- XML_EXTERNAL_ENTITY external_entities
- XSS none
|
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- MISSING_AUTHZ none
- NOSQL_QUERY_INJECTION none
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- UNSAFE_DESERIALIZATION none
- XML_EXTERNAL_ENTITY external_entities
- XSS none
|
- BAD_CERT_VERIFICATION ssl_verification_bypass_hi
- COOKIE_SERIALIZER_CONFIG unsafe_cookie_serialization_med
- DYNAMIC_OBJECT_ATTRIBUTES cve_2013_0276_hi
- HARDCODED_CREDENTIALS secret_in_source_med
- INSECURE_COOKIE cookie_missing_secure_flag_low
- INSECURE_COOKIE missing_httponly_low
- INSECURE_DIRECT_OBJECT_REFERENCE unscoped_find_low
- OS_CMD_INJECTION command_injection_hi
- OS_CMD_INJECTION command_injection_med
- PATH_MANIPULATION dynamic_render_path_hi
- PATH_MANIPULATION dynamic_render_path_low
- PATH_MANIPULATION dynamic_render_path_med
- PATH_MANIPULATION dynamic_render_path_rce_hi
- PATH_MANIPULATION file_access_hi
- PATH_MANIPULATION file_access_low
- PATH_MANIPULATION file_access_med
- RAILS_DEFAULT_ROUTES all_default_routes_hi
- RAILS_DEFAULT_ROUTES controller_default_routes_med
- RAILS_DEVISE_CONFIG devise_encryptor_hi
- RAILS_DEVISE_CONFIG devise_lock_strategy_low
- RAILS_DEVISE_CONFIG devise_password_length_max_low
- RAILS_DEVISE_CONFIG devise_password_length_max_med
- RAILS_DEVISE_CONFIG devise_password_length_min_low
- RAILS_DEVISE_CONFIG devise_password_length_min_med
- RAILS_DEVISE_CONFIG devise_reset_timeout_hi
- RAILS_MISSING_FILTER_ACTION missing_action_filter_low
- REGEX_INJECTION regex_dos_hi
- REGEX_INJECTION regex_dos_low
- REGEX_INJECTION regex_dos_med
- RUBY_VULNERABLE_LIBRARY cve_2010_3933_hi
- RUBY_VULNERABLE_LIBRARY cve_2011_2929_hi
- RUBY_VULNERABLE_LIBRARY cve_2011_2930_med
- RUBY_VULNERABLE_LIBRARY cve_2011_2931_hi
- RUBY_VULNERABLE_LIBRARY cve_2011_2932_hi
- RUBY_VULNERABLE_LIBRARY cve_2011_3186_med
- RUBY_VULNERABLE_LIBRARY cve_2012_2660_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_2661_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_2695_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_3424_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_3424_low
- RUBY_VULNERABLE_LIBRARY cve_2012_3463_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_3465_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_5664_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_0155_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_0156_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_0269_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_0269_low
- RUBY_VULNERABLE_LIBRARY cve_2013_0269_med
- RUBY_VULNERABLE_LIBRARY cve_2013_0277_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_0277_med
- RUBY_VULNERABLE_LIBRARY cve_2013_0333_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_1854_med
- RUBY_VULNERABLE_LIBRARY cve_2013_1855_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_1856_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_1857_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_4491_med
- RUBY_VULNERABLE_LIBRARY cve_2013_6414_med
- RUBY_VULNERABLE_LIBRARY cve_2013_6416_call_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_6416_med
- RUBY_VULNERABLE_LIBRARY cve_2013_6417_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_0080_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_0081_call_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_0081_med
- RUBY_VULNERABLE_LIBRARY cve_2014_0082_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_3482_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_3483_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_low
- RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_med
- RUBY_VULNERABLE_LIBRARY cve_2014_3514_med
- RUBY_VULNERABLE_LIBRARY cve_2014_7829_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_3226_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_3226_med
- RUBY_VULNERABLE_LIBRARY cve_2015_3227_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7576_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_7577_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7578_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_7578_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7579_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_7579_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7580_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_7580_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7581_med
- RUBY_VULNERABLE_LIBRARY cve_2016_0751_med
- RUBY_VULNERABLE_LIBRARY cve_2016_6317_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_3741_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_3741_med
- RUBY_VULNERABLE_LIBRARY cve_2018_3760_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_3760_low
- RUBY_VULNERABLE_LIBRARY cve_2018_8048_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_8048_med
- RUBY_VULNERABLE_LIBRARY safe_buffer_vuln_med
- RUBY_VULNERABLE_LIBRARY select_options_vuln_low
- RUBY_VULNERABLE_LIBRARY select_options_vuln_med
- RUBY_VULNERABLE_LIBRARY translate_vuln_hi
- RUBY_VULNERABLE_LIBRARY translate_vuln_med
- SCRIPT_CODE_INJECTION code_eval_hi
- SCRIPT_CODE_INJECTION code_eval_low
- SENSITIVE_DATA_LEAK detailed_exceptions_hi
- SENSITIVE_DATA_LEAK detailed_exceptions_med
- SENSITIVE_DATA_LEAK local_request_config_hi
- SQLI sql_injection_calculate_hi
- SQLI sql_injection_calculate_low
- SQLI sql_injection_calculate_med
- SQLI sql_injection_connection_hi
- SQLI sql_injection_connection_low
- SQLI sql_injection_connection_med
- SQLI sql_injection_delete_hi
- SQLI sql_injection_delete_low
- SQLI sql_injection_delete_med
- SQLI sql_injection_dynamic_finder_med
- SQLI sql_injection_exists_hi
- SQLI sql_injection_find_by_hi
- SQLI sql_injection_find_hi
- SQLI sql_injection_find_low
- SQLI sql_injection_find_med
- SQLI sql_injection_from_hi
- SQLI sql_injection_from_low
- SQLI sql_injection_from_med
- SQLI sql_injection_group_low
- SQLI sql_injection_group_med
- SQLI sql_injection_having_low
- SQLI sql_injection_having_med
- SQLI sql_injection_hi
- SQLI sql_injection_interp_hi
- SQLI sql_injection_interp_low
- SQLI sql_injection_interp_med
- SQLI sql_injection_joins_hi
- SQLI sql_injection_joins_low
- SQLI sql_injection_joins_med
- SQLI sql_injection_limit_offset_hi
- SQLI sql_injection_limit_offset_low
- SQLI sql_injection_low
- SQLI sql_injection_med
- SQLI sql_injection_not_low
- SQLI sql_injection_order_hi
- SQLI sql_injection_order_low
- SQLI sql_injection_order_med
- SQLI sql_injection_pluck_hi
- SQLI sql_injection_pluck_low
- SQLI sql_injection_pluck_med
- SQLI sql_injection_reorder_hi
- SQLI sql_injection_reorder_low
- SQLI sql_injection_reorder_med
- SQLI sql_injection_select_hi
- SQLI sql_injection_select_med
- SQLI sql_injection_where_hi
- SQLI sql_injection_where_low
- SQLI sql_injection_where_med
- STRICT_TRANSPORT_SECURITY force_ssl_disabled_med
- UNESCAPED_HTML unescaped_output_low
- UNSAFE_BASIC_AUTH basic_auth_password_hi
- UNSAFE_BASIC_AUTH basic_auth_timing_attack_low
- UNSAFE_BASIC_AUTH basic_auth_usage_low
- UNSAFE_DESERIALIZATION unsafe_deserialize_hi
- UNSAFE_DESERIALIZATION unsafe_deserialize_med
- UNSAFE_REFLECTION dangerous_send_hi
- UNSAFE_REFLECTION unsafe_constantize_hi
- UNSAFE_REFLECTION unsafe_constantize_med
- UNSAFE_SESSION_SETTING http_cookies_hi
- UNSAFE_SESSION_SETTING secure_cookies_hi
- UNSAFE_SESSION_SETTING session_secret_hi
- WEAK_PASSWORD_HASH weak_hash_digest_hi
- WEAK_PASSWORD_HASH weak_hash_digest_med
- WEAK_PASSWORD_HASH weak_hash_hmac_med
- XSS cross_site_scripting_hi
- XSS cross_site_scripting_inline_hi
- XSS cross_site_scripting_inline_med
- XSS cross_site_scripting_low
- XSS cross_site_scripting_med
- XSS cve_2011_0446_hi
- XSS cve_2012_3464_med
- XSS cve_2016_6316_hi
- XSS cve_2016_6316_med
- XSS unquoted_attribute_hi
- XSS unquoted_attribute_low
- XSS unquoted_attribute_med
- XSS xss_content_tag_hi
- XSS xss_content_tag_med
- XSS xss_link_to_hi
- XSS xss_link_to_href_hi
- XSS xss_link_to_href_low
- XSS xss_link_to_med
- XSS xss_to_json_hi
- XSS xss_to_json_med
|
|
- BAD_CERT_VERIFICATION bad_trust_manager
- BAD_CERT_VERIFICATION none
- CONFIG.ATS_INSECURE none
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- INSECURE_COMMUNICATION none
- INSECURE_MULTIPEER_CONNECTION none
- PATH_MANIPULATION none
- REGEX_INJECTION none
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- WEAK_BIOMETRIC_AUTH none
- XML_EXTERNAL_ENTITY external_entities
- XPATH_INJECTION none
|
- ANGULAR_BYPASS_SECURITY none
- ANGULAR_ELEMENT_REFERENCE none
- ANGULAR_EXPRESSION_INJECTION none
- ANGULAR_SCE_DISABLED angular_sce_disabled
- AWS_SSL_DISABLED aws_ssl_disabled
- AWS_VALIDATION_DISABLED aws_credentials_validation
- AWS_VALIDATION_DISABLED aws_parameters_validation
- BAD_CERT_VERIFICATION bad_cert_verification
- BAD_CERT_VERIFICATION certificate_validation_disabled
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
- CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
- CONFIG.ENABLED_DEBUG_MODE debug_mode_enabled
- CONFIG.HANA_XS_PREVENT_XSRF_DISABLED none
- CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
- CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
- CONFIG.JSONWEBTOKEN_NON_EXPIRING_TOKEN jwt_non_expiring_token
- CONFIG.MISSING_GLOBAL_EXCEPTION_HANDLER winston_exception_handling
- CONFIG.MYSQL_SSL_VERIFY_DISABLED mysql_ssl_verify_disabled
- CONFIG.REQUEST_STRICTSSL_DISABLED request_strictssl_disabled
- CONFIG.SEQUELIZE_ENABLED_LOGGING sequelize_logging_enabled
- CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
- CONFIG.UNSAFE_SESSION_TIMEOUT client_sessions_unsafe_session_timeout
- CONFIG.UNSAFE_SESSION_TIMEOUT connect_mongo_session_timeout_too_long
- CONFIG.UNSAFE_SESSION_TIMEOUT connect_redis_session_timeout_too_long
- CONFIG.UNSAFE_SESSION_TIMEOUT google_cloud_connect_datastore_unsafe_session_timeout
- CONFIG.VUE_ROUTER_PARAMS_EXPOSED_TO_PROPS vuerouter_exposed_params
- CORS_MISCONFIGURATION cors_configured_globally
- CORS_MISCONFIGURATION cors_origin_string
- CORS_MISCONFIGURATION cors_with_credentials_all_origin
- CORS_MISCONFIGURATION cors_with_credentials_http_origin
- CORS_MISCONFIGURATION cors_with_credentials_null_origin
- CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
- CORS_MISCONFIGURATION_AUDIT cors_expose_sensitive_header
- CORS_MISCONFIGURATION_AUDIT cors_headers_allowed
- CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
- CORS_MISCONFIGURATION_AUDIT cors_origin_string
- CORS_MISCONFIGURATION_AUDIT cors_preflight_age_too_long
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_all_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_http_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_null_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
- DOM_XSS none
- EXPRESS_X_POWERED_BY_ENABLED x_powered_by_http_header
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HEADER_INJECTION none
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_max_age
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_report_uri
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_set_if
- INSECURE_ACL insecure_acl
- INSECURE_COMMUNICATION insecure_connection
- INSECURE_COOKIE client_sessions_express_session
- INSECURE_COOKIE hapi_server_session
- INSECURE_REFERRER_POLICY insecure_referrer_policy
- INSECURE_SALT hardcoded
- INSUFFICIENT_LOGGING logging_obligation
- INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_aws
- INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_google
- JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_exipration
- JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_not_before
- MISSING_AUTHZ none
- MULTER_MISCONFIGURATION multer_applied_globally
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
- NOSQL_QUERY_INJECTION none
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- REACT_DANGEROUS_INNERHTML react_set_unsafe_html
- REGEX_INJECTION none
- REVERSE_TABNABBING react_target_blank
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO insecure_cipher
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SA.RISKY_CRYPTO ssl_protocol
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
- TEMPORARY_CREDENTIALS_DURATION temporary_credentials_duration
- UNCHECKED_ORIGIN none
- UNLESS_CASE_SENSITIVE_ROUTE_MATCHING express_unless_case_sensitive_route_matching
- UNSAFE_BUFFER_METHOD unsafe_buffer_method
- UNSAFE_DESERIALIZATION none
- URL_MANIPULATION none
- VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
- WEAK_URL_SANITIZATION hostname_regular_expression
- WEAK_URL_SANITIZATION regular_expression_anchor
- WEAK_URL_SANITIZATION url_substring
- XML_EXTERNAL_ENTITY entity_expansion
- XML_EXTERNAL_ENTITY external_entities
- XSS none
|
- ASPNET_MVC_VERSION_HEADER none
- CONFIG.DYNAMIC_DATA_HTML_COMMENT none
- CONFIG.MISSING_CUSTOM_ERROR_PAGE none
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HEADER_INJECTION none
- LDAP_INJECTION none
- LDAP_NOT_CONSTANT none
- MISSING_AUTHZ none
- OS_CMD_INJECTION command_argument
- OS_CMD_INJECTION executable_file
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- REGEX_INJECTION none
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
- UNLOGGED_SECURITY_EXCEPTION unlogged_security_exception
- UNSAFE_DESERIALIZATION none
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
- XML_EXTERNAL_ENTITY entity_expansion
- XML_EXTERNAL_ENTITY external_entities
- XML_EXTERNAL_ENTITY unrestricted_dtds
- XML_INJECTION none
- XPATH_INJECTION none
- XSS none
- XSS stored_xss
|
| 1027 OWASP Top Ten 2017 Category A1 - Injection |
- HEADER_INJECTION none
- LDAP_INJECTION none
- LDAP_NOT_CONSTANT none
- NOSQL_QUERY_INJECTION none
- OS_CMD_INJECTION command_argument
- OS_CMD_INJECTION executable_file
- OS_CMD_INJECTION none
- REGEX_INJECTION none
- SCRIPT_CODE_INJECTION none
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
- UNKNOWN_LANGUAGE_INJECTION none
- XML_INJECTION none
- XPATH_INJECTION none
|
- HEADER_INJECTION none
- OS_CMD_INJECTION none
- PW.NON_CONST_PRINTF_FORMAT_STRING none
- SQLI none
- URL_MANIPULATION none
- XPATH_INJECTION none
|
- HEADER_INJECTION none
- OS_CMD_INJECTION none
- SQLI none
- URL_MANIPULATION none
- XPATH_INJECTION none
|
- HEADER_INJECTION none
- NOSQL_QUERY_INJECTION none
- OS_CMD_INJECTION command_as_one_string
- OS_CMD_INJECTION none
- SQLI none
- SQLI nosink
- SQLI sink
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
- URL_MANIPULATION none
|
- CONFIG.MYBATIS_MAPPER_SQLI none
- EL_INJECTION none
- FB.SQL_NONCONSTANT_STRING_PASSED_TO_EXECUTE none
- FB.SQL_PREPARED_STATEMENT_GENERATED_FROM_NONCONSTANT_STRING none
- HEADER_INJECTION none
- JAVA_CODE_INJECTION none
- JCR_INJECTION none
- JSP_DYNAMIC_INCLUDE none
- JSP_SQL_INJECTION none
- LDAP_INJECTION none
- LDAP_NOT_CONSTANT none
- MISSING_HEADER_VALIDATION missing_header_validation
- NOSQL_QUERY_INJECTION none
- OGNL_INJECTION none
- OS_CMD_INJECTION command_as_array_of_args
- OS_CMD_INJECTION command_as_one_string
- OS_CMD_INJECTION none
- REGEX_INJECTION none
- SCRIPT_CODE_INJECTION none
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
- UNKNOWN_LANGUAGE_INJECTION none
- UNSAFE_JNI none
- UNSAFE_REFLECTION none
- URL_MANIPULATION bad_content_uri
- URL_MANIPULATION bad_intent_uri
- URL_MANIPULATION bad_web_uri
- XML_INJECTION none
- XPATH_INJECTION none
|
- ANGULAR_EXPRESSION_INJECTION none
- HEADER_INJECTION none
- NOSQL_QUERY_INJECTION none
- OS_CMD_INJECTION none
- REGEX_INJECTION none
- SCRIPT_CODE_INJECTION none
- SQLI none
- SQLI nosink
- SQLI sink
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
- URL_MANIPULATION none
|
- HEADER_INJECTION none
- OS_CMD_INJECTION command_as_array_of_args
- OS_CMD_INJECTION command_as_one_string
- SQLI none
- SQLI nosink
- SQLI sink
- URL_MANIPULATION bad_content_uri
- URL_MANIPULATION bad_intent_uri
- URL_MANIPULATION bad_web_uri
|
- HEADER_INJECTION none
- OS_CMD_INJECTION none
- SQLI none
- URL_MANIPULATION none
- XPATH_INJECTION none
|
- HEADER_INJECTION none
- NOSQL_QUERY_INJECTION none
- OS_CMD_INJECTION none
- SCRIPT_CODE_INJECTION none
- SQLI none
- SQLI nosink
- SQLI sink
- SYMFONY_EL_INJECTION none
- UNSAFE_REFLECTION none
|
- NOSQL_QUERY_INJECTION none
- OS_CMD_INJECTION none
- SCRIPT_CODE_INJECTION none
- SQLI none
- SQLI nosink
- SQLI sink
|
- DYNAMIC_OBJECT_ATTRIBUTES cve_2013_0276_hi
- OS_CMD_INJECTION command_injection_hi
- OS_CMD_INJECTION command_injection_med
- REGEX_INJECTION regex_dos_hi
- REGEX_INJECTION regex_dos_low
- REGEX_INJECTION regex_dos_med
- RUBY_VULNERABLE_LIBRARY cve_2010_3933_hi
- RUBY_VULNERABLE_LIBRARY cve_2011_2930_med
- RUBY_VULNERABLE_LIBRARY cve_2012_2660_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_2661_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_2695_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_5664_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_0155_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_6417_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_0080_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_3482_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_3483_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_low
- RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_med
- RUBY_VULNERABLE_LIBRARY cve_2014_3514_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7577_med
- RUBY_VULNERABLE_LIBRARY cve_2016_6317_hi
- SCRIPT_CODE_INJECTION code_eval_hi
- SCRIPT_CODE_INJECTION code_eval_low
- SQLI sql_injection_calculate_hi
- SQLI sql_injection_calculate_low
- SQLI sql_injection_calculate_med
- SQLI sql_injection_connection_hi
- SQLI sql_injection_connection_low
- SQLI sql_injection_connection_med
- SQLI sql_injection_delete_hi
- SQLI sql_injection_delete_low
- SQLI sql_injection_delete_med
- SQLI sql_injection_dynamic_finder_med
- SQLI sql_injection_exists_hi
- SQLI sql_injection_find_by_hi
- SQLI sql_injection_find_hi
- SQLI sql_injection_find_low
- SQLI sql_injection_find_med
- SQLI sql_injection_from_hi
- SQLI sql_injection_from_low
- SQLI sql_injection_from_med
- SQLI sql_injection_group_low
- SQLI sql_injection_group_med
- SQLI sql_injection_having_low
- SQLI sql_injection_having_med
- SQLI sql_injection_hi
- SQLI sql_injection_interp_hi
- SQLI sql_injection_interp_low
- SQLI sql_injection_interp_med
- SQLI sql_injection_joins_hi
- SQLI sql_injection_joins_low
- SQLI sql_injection_joins_med
- SQLI sql_injection_limit_offset_hi
- SQLI sql_injection_limit_offset_low
- SQLI sql_injection_low
- SQLI sql_injection_med
- SQLI sql_injection_not_low
- SQLI sql_injection_order_hi
- SQLI sql_injection_order_low
- SQLI sql_injection_order_med
- SQLI sql_injection_pluck_hi
- SQLI sql_injection_pluck_low
- SQLI sql_injection_pluck_med
- SQLI sql_injection_reorder_hi
- SQLI sql_injection_reorder_low
- SQLI sql_injection_reorder_med
- SQLI sql_injection_select_hi
- SQLI sql_injection_select_med
- SQLI sql_injection_where_hi
- SQLI sql_injection_where_low
- SQLI sql_injection_where_med
- UNSAFE_REFLECTION dangerous_send_hi
- UNSAFE_REFLECTION unsafe_constantize_hi
- UNSAFE_REFLECTION unsafe_constantize_med
|
|
- REGEX_INJECTION none
- SCRIPT_CODE_INJECTION none
- SQLI none
- SQLI nosink
- SQLI sink
- XPATH_INJECTION none
|
- ANGULAR_EXPRESSION_INJECTION none
- HEADER_INJECTION none
- NOSQL_QUERY_INJECTION none
- OS_CMD_INJECTION none
- REGEX_INJECTION none
- SCRIPT_CODE_INJECTION none
- SQLI none
- SQLI nosink
- SQLI sink
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
- URL_MANIPULATION none
|
- HEADER_INJECTION none
- LDAP_INJECTION none
- LDAP_NOT_CONSTANT none
- OS_CMD_INJECTION command_argument
- OS_CMD_INJECTION executable_file
- OS_CMD_INJECTION none
- REGEX_INJECTION none
- SCRIPT_CODE_INJECTION none
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
- XML_INJECTION none
- XPATH_INJECTION none
|
| 1028 OWASP Top Ten 2017 Category A2 - Broken Authentication |
- CONFIG.ASP_VIEWSTATE_MAC none
- CONFIG.CONNECTION_STRING_PASSWORD none
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- INSECURE_COOKIE dotnet
- MISSING_AUTHZ none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
|
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- WEAK_GUARD dns
- WEAK_GUARD dns_sensitive_op
- WEAK_GUARD http_referer
- WEAK_GUARD http_referer_sensitive_op
- WEAK_GUARD ip_address
- WEAK_GUARD ip_address_sensitive_op
- WEAK_GUARD none
- WEAK_GUARD os_login
- WEAK_GUARD os_login_sensitive_op
- WEAK_GUARD principal_name
- WEAK_GUARD principal_name_sensitive_op
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
|
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- WEAK_GUARD dns
- WEAK_GUARD dns_sensitive_op
- WEAK_GUARD http_referer
- WEAK_GUARD http_referer_sensitive_op
- WEAK_GUARD ip_address
- WEAK_GUARD ip_address_sensitive_op
- WEAK_GUARD none
- WEAK_GUARD os_login
- WEAK_GUARD os_login_sensitive_op
- WEAK_GUARD principal_name
- WEAK_GUARD principal_name_sensitive_op
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
|
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
|
- CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
- CONFIG.MISSING_JSF2_SECURITY_CONSTRAINT none
- CONFIG.SPRING_BOOT_SSL_DISABLED spring_boot_certificate_validation_skipped
- CONFIG.SPRING_BOOT_SSL_DISABLED spring_boot_ssl_disabled
- CONFIG.SPRING_SECURITY_EXPOSED_SESSIONID session_id_in_url
- CONFIG.SPRING_SECURITY_HARDCODED_CREDENTIALS none
- CONFIG.SPRING_SECURITY_LOGIN_OVER_HTTP spring_security_login_over_http
- CONFIG.SPRING_SECURITY_REMEMBER_ME_HARDCODED_KEY none
- CONFIG.SPRING_SECURITY_SESSION_FIXATION none
- CONFIG.SPRING_SECURITY_SESSION_FIXATION spring_security_source_code
- CONFIG.SPRING_SECURITY_UNSAFE_AUTHENTICATION_FILTER authentication_filter
- CONFIG.SPRING_SECURITY_WEAK_PASSWORD_HASH weak_encoding_for_password
- CONFIG.UNSAFE_SESSION_TIMEOUT none
- CORS_MISCONFIGURATION cors_with_credentials_null_origin
- CORS_MISCONFIGURATION_AUDIT cors_expose_sensitive_header
- CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
- CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
- DISABLED_ENCRYPTION text_encryptor
- FB.DMI_CONSTANT_DB_PASSWORD none
- FB.DMI_EMPTY_DB_PASSWORD none
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- INSECURE_COMMUNICATION insecure_communication
- INSECURE_COMMUNICATION none
- INSECURE_COMMUNICATION unencrypted_connection
- INSECURE_COOKIE java
- INSECURE_REMEMBER_ME_COOKIE remember_me_cookie
- JSP_DYNAMIC_INCLUDE none
- MISSING_AUTHZ none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_clipboard
- SENSITIVE_DATA_LEAK cleartext_storage_in_content_provider
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_intent
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SESSION_FIXATION none
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- VERBOSE_ERROR_REPORTING exception_information
- VERBOSE_ERROR_REPORTING stack_trace
- WEAK_GUARD dns
- WEAK_GUARD dns_sensitive_op
- WEAK_GUARD http_referer
- WEAK_GUARD http_referer_sensitive_op
- WEAK_GUARD ip_address
- WEAK_GUARD ip_address_sensitive_op
- WEAK_GUARD none
- WEAK_GUARD os_login
- WEAK_GUARD os_login_sensitive_op
- WEAK_GUARD principal_name
- WEAK_GUARD principal_name_sensitive_op
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
|
- AWS_SSL_DISABLED aws_ssl_disabled
- AWS_VALIDATION_DISABLED aws_credentials_validation
- AWS_VALIDATION_DISABLED aws_parameters_validation
- BAD_CERT_VERIFICATION bad_cert_verification
- BAD_CERT_VERIFICATION certificate_validation_disabled
- CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
- CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
- CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
- CONFIG.JSONWEBTOKEN_NON_EXPIRING_TOKEN jwt_non_expiring_token
- CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
- CONFIG.UNSAFE_SESSION_TIMEOUT client_sessions_unsafe_session_timeout
- CONFIG.UNSAFE_SESSION_TIMEOUT connect_mongo_session_timeout_too_long
- CONFIG.UNSAFE_SESSION_TIMEOUT connect_redis_session_timeout_too_long
- CONFIG.UNSAFE_SESSION_TIMEOUT google_cloud_connect_datastore_unsafe_session_timeout
- CORS_MISCONFIGURATION cors_configured_globally
- CORS_MISCONFIGURATION cors_origin_string
- CORS_MISCONFIGURATION cors_with_credentials_all_origin
- CORS_MISCONFIGURATION cors_with_credentials_null_origin
- CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
- CORS_MISCONFIGURATION_AUDIT cors_expose_sensitive_header
- CORS_MISCONFIGURATION_AUDIT cors_headers_allowed
- CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
- CORS_MISCONFIGURATION_AUDIT cors_origin_string
- CORS_MISCONFIGURATION_AUDIT cors_preflight_age_too_long
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_all_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_null_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_max_age
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_report_uri
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_set_if
- INSECURE_ACL insecure_acl
- INSECURE_COMMUNICATION insecure_connection
- INSECURE_COOKIE client_sessions_express_session
- INSECURE_COOKIE hapi_server_session
- INSECURE_REFERRER_POLICY insecure_referrer_policy
- INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_aws
- INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_google
- JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_exipration
- JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_not_before
- MISSING_AUTHZ none
- MULTER_MISCONFIGURATION multer_applied_globally
- REVERSE_TABNABBING react_target_blank
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- TEMPORARY_CREDENTIALS_DURATION temporary_credentials_duration
- UNLESS_CASE_SENSITIVE_ROUTE_MATCHING express_unless_case_sensitive_route_matching
- UNSAFE_BUFFER_METHOD unsafe_buffer_method
- WEAK_URL_SANITIZATION hostname_regular_expression
- WEAK_URL_SANITIZATION regular_expression_anchor
- WEAK_URL_SANITIZATION url_substring
|
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- INSECURE_COMMUNICATION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_clipboard
- SENSITIVE_DATA_LEAK cleartext_storage_in_content_provider
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_intent
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
|
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- WEAK_GUARD dns
- WEAK_GUARD dns_sensitive_op
- WEAK_GUARD http_referer
- WEAK_GUARD http_referer_sensitive_op
- WEAK_GUARD ip_address
- WEAK_GUARD ip_address_sensitive_op
- WEAK_GUARD none
- WEAK_GUARD os_login
- WEAK_GUARD os_login_sensitive_op
- WEAK_GUARD principal_name
- WEAK_GUARD principal_name_sensitive_op
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
|
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- MISSING_AUTHZ none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
|
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- MISSING_AUTHZ none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
|
- HARDCODED_CREDENTIALS secret_in_source_med
- RAILS_DEVISE_CONFIG devise_lock_strategy_low
- RAILS_DEVISE_CONFIG devise_password_length_max_low
- RAILS_DEVISE_CONFIG devise_password_length_max_med
- RAILS_DEVISE_CONFIG devise_password_length_min_low
- RAILS_DEVISE_CONFIG devise_password_length_min_med
- RAILS_DEVISE_CONFIG devise_reset_timeout_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_7576_hi
- SENSITIVE_DATA_LEAK detailed_exceptions_hi
- SENSITIVE_DATA_LEAK detailed_exceptions_med
- SENSITIVE_DATA_LEAK local_request_config_hi
- STRICT_TRANSPORT_SECURITY force_ssl_disabled_med
- UNSAFE_BASIC_AUTH basic_auth_password_hi
- UNSAFE_BASIC_AUTH basic_auth_timing_attack_low
- UNSAFE_BASIC_AUTH basic_auth_usage_low
- UNSAFE_SESSION_SETTING session_secret_hi
- WEAK_PASSWORD_HASH weak_hash_digest_hi
- WEAK_PASSWORD_HASH weak_hash_digest_med
- WEAK_PASSWORD_HASH weak_hash_hmac_med
|
|
- CONFIG.ATS_INSECURE none
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- INSECURE_COMMUNICATION none
- INSECURE_MULTIPEER_CONNECTION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- WEAK_BIOMETRIC_AUTH none
|
- AWS_SSL_DISABLED aws_ssl_disabled
- AWS_VALIDATION_DISABLED aws_credentials_validation
- AWS_VALIDATION_DISABLED aws_parameters_validation
- BAD_CERT_VERIFICATION bad_cert_verification
- BAD_CERT_VERIFICATION certificate_validation_disabled
- CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
- CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
- CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
- CONFIG.JSONWEBTOKEN_NON_EXPIRING_TOKEN jwt_non_expiring_token
- CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
- CONFIG.UNSAFE_SESSION_TIMEOUT client_sessions_unsafe_session_timeout
- CONFIG.UNSAFE_SESSION_TIMEOUT connect_mongo_session_timeout_too_long
- CONFIG.UNSAFE_SESSION_TIMEOUT connect_redis_session_timeout_too_long
- CONFIG.UNSAFE_SESSION_TIMEOUT google_cloud_connect_datastore_unsafe_session_timeout
- CORS_MISCONFIGURATION cors_configured_globally
- CORS_MISCONFIGURATION cors_origin_string
- CORS_MISCONFIGURATION cors_with_credentials_all_origin
- CORS_MISCONFIGURATION cors_with_credentials_null_origin
- CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
- CORS_MISCONFIGURATION_AUDIT cors_expose_sensitive_header
- CORS_MISCONFIGURATION_AUDIT cors_headers_allowed
- CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
- CORS_MISCONFIGURATION_AUDIT cors_origin_string
- CORS_MISCONFIGURATION_AUDIT cors_preflight_age_too_long
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_all_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_null_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_max_age
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_report_uri
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_set_if
- INSECURE_ACL insecure_acl
- INSECURE_COMMUNICATION insecure_connection
- INSECURE_COOKIE client_sessions_express_session
- INSECURE_COOKIE hapi_server_session
- INSECURE_REFERRER_POLICY insecure_referrer_policy
- INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_aws
- INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_google
- JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_exipration
- JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_not_before
- MISSING_AUTHZ none
- MULTER_MISCONFIGURATION multer_applied_globally
- REVERSE_TABNABBING react_target_blank
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- TEMPORARY_CREDENTIALS_DURATION temporary_credentials_duration
- UNLESS_CASE_SENSITIVE_ROUTE_MATCHING express_unless_case_sensitive_route_matching
- UNSAFE_BUFFER_METHOD unsafe_buffer_method
- WEAK_URL_SANITIZATION hostname_regular_expression
- WEAK_URL_SANITIZATION regular_expression_anchor
- WEAK_URL_SANITIZATION url_substring
|
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- MISSING_AUTHZ none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
|
| 1029 OWASP Top Ten 2017 Category A3 - Sensitive Data Exposure |
- ASPNET_MVC_VERSION_HEADER none
- CONFIG.ASPNET_VERSION_HEADER none
- CONFIG.COOKIES_MISSING_HTTPONLY none
- CONFIG.DYNAMIC_DATA_HTML_COMMENT none
- CONFIG.ENABLED_DEBUG_MODE none
- CONFIG.ENABLED_TRACE_MODE none
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- INSECURE_COOKIE dotnet
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
|
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK nested_memory_access
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK sensitive_data_comparison
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_execution_data_leak
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_uninitialized_use
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
|
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK nested_memory_access
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK sensitive_data_comparison
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_execution_data_leak
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_uninitialized_use
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
|
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
|
- BAD_CERT_VERIFICATION bad_hostname_verifier
- BAD_CERT_VERIFICATION bad_revocation_check
- BAD_CERT_VERIFICATION bad_ssl_session
- BAD_CERT_VERIFICATION bad_trust_manager
- CONFIG.DWR_DEBUG_MODE none
- CONFIG.DYNAMIC_DATA_HTML_COMMENT none
- CONFIG.JAVAEE_MISSING_HTTPONLY none
- CONFIG.SPRING_BOOT_SSL_DISABLED spring_boot_certificate_validation_skipped
- CONFIG.SPRING_BOOT_SSL_DISABLED spring_boot_ssl_disabled
- CONFIG.SPRING_SECURITY_DEBUG_MODE spring_debug_mode_enabled
- CONFIG.SPRING_SECURITY_EXPOSED_SESSIONID session_id_in_url
- CONFIG.SPRING_SECURITY_LOGIN_OVER_HTTP spring_security_login_over_http
- CONFIG.SPRING_SECURITY_UNSAFE_AUTHENTICATION_FILTER authentication_filter
- CONFIG.SPRING_SECURITY_WEAK_PASSWORD_HASH weak_encoding_for_password
- CORS_MISCONFIGURATION_AUDIT cors_expose_sensitive_header
- DISABLED_ENCRYPTION text_encryptor
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- INSECURE_COMMUNICATION insecure_communication
- INSECURE_COMMUNICATION none
- INSECURE_COMMUNICATION unencrypted_connection
- INSECURE_COOKIE java
- INSECURE_REMEMBER_ME_COOKIE remember_me_cookie
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_clipboard
- SENSITIVE_DATA_LEAK cleartext_storage_in_content_provider
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_intent
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- VERBOSE_ERROR_REPORTING exception_information
- VERBOSE_ERROR_REPORTING stack_trace
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
|
- AWS_SSL_DISABLED aws_ssl_disabled
- AWS_VALIDATION_DISABLED aws_credentials_validation
- BAD_CERT_VERIFICATION bad_cert_verification
- BAD_CERT_VERIFICATION certificate_validation_disabled
- CONFIG.ENABLED_DEBUG_MODE debug_mode_enabled
- CONFIG.MYSQL_SSL_VERIFY_DISABLED mysql_ssl_verify_disabled
- CONFIG.REQUEST_STRICTSSL_DISABLED request_strictssl_disabled
- CONFIG.SEQUELIZE_ENABLED_LOGGING sequelize_logging_enabled
- CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
- CONFIG.VUE_ROUTER_PARAMS_EXPOSED_TO_PROPS vuerouter_exposed_params
- CORS_MISCONFIGURATION cors_configured_globally
- CORS_MISCONFIGURATION cors_origin_string
- CORS_MISCONFIGURATION_AUDIT cors_expose_sensitive_header
- CORS_MISCONFIGURATION_AUDIT cors_origin_string
- EXPRESS_X_POWERED_BY_ENABLED x_powered_by_http_header
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_max_age
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_report_uri
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_set_if
- INSECURE_ACL insecure_acl
- INSECURE_COMMUNICATION insecure_connection
- INSECURE_COOKIE client_sessions_express_session
- INSECURE_COOKIE hapi_server_session
- INSECURE_REFERRER_POLICY insecure_referrer_policy
- INSECURE_SALT hardcoded
- REVERSE_TABNABBING react_target_blank
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO insecure_cipher
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SA.RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNSAFE_BUFFER_METHOD unsafe_buffer_method
|
- BAD_CERT_VERIFICATION bad_hostname_verifier
- BAD_CERT_VERIFICATION bad_revocation_check
- BAD_CERT_VERIFICATION bad_ssl_session
- BAD_CERT_VERIFICATION bad_trust_manager
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- INSECURE_COMMUNICATION none
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_clipboard
- SENSITIVE_DATA_LEAK cleartext_storage_in_content_provider
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_intent
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
|
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK nested_memory_access
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK sensitive_data_comparison
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_execution_data_leak
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_uninitialized_use
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
|
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
|
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
|
- BAD_CERT_VERIFICATION ssl_verification_bypass_hi
- HARDCODED_CREDENTIALS secret_in_source_med
- INSECURE_COOKIE cookie_missing_secure_flag_low
- RAILS_DEVISE_CONFIG devise_encryptor_hi
- SENSITIVE_DATA_LEAK detailed_exceptions_hi
- SENSITIVE_DATA_LEAK detailed_exceptions_med
- SENSITIVE_DATA_LEAK local_request_config_hi
- STRICT_TRANSPORT_SECURITY force_ssl_disabled_med
- UNSAFE_SESSION_SETTING secure_cookies_hi
- UNSAFE_SESSION_SETTING session_secret_hi
- WEAK_PASSWORD_HASH weak_hash_digest_hi
- WEAK_PASSWORD_HASH weak_hash_digest_med
- WEAK_PASSWORD_HASH weak_hash_hmac_med
|
|
- BAD_CERT_VERIFICATION bad_trust_manager
- BAD_CERT_VERIFICATION none
- CONFIG.ATS_INSECURE none
- INSECURE_COMMUNICATION none
- INSECURE_MULTIPEER_CONNECTION none
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
|
- AWS_SSL_DISABLED aws_ssl_disabled
- AWS_VALIDATION_DISABLED aws_credentials_validation
- BAD_CERT_VERIFICATION bad_cert_verification
- BAD_CERT_VERIFICATION certificate_validation_disabled
- CONFIG.ENABLED_DEBUG_MODE debug_mode_enabled
- CONFIG.MYSQL_SSL_VERIFY_DISABLED mysql_ssl_verify_disabled
- CONFIG.REQUEST_STRICTSSL_DISABLED request_strictssl_disabled
- CONFIG.SEQUELIZE_ENABLED_LOGGING sequelize_logging_enabled
- CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
- CONFIG.VUE_ROUTER_PARAMS_EXPOSED_TO_PROPS vuerouter_exposed_params
- CORS_MISCONFIGURATION cors_configured_globally
- CORS_MISCONFIGURATION cors_origin_string
- CORS_MISCONFIGURATION_AUDIT cors_expose_sensitive_header
- CORS_MISCONFIGURATION_AUDIT cors_origin_string
- EXPRESS_X_POWERED_BY_ENABLED x_powered_by_http_header
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_max_age
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_report_uri
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_set_if
- INSECURE_ACL insecure_acl
- INSECURE_COMMUNICATION insecure_connection
- INSECURE_COOKIE client_sessions_express_session
- INSECURE_COOKIE hapi_server_session
- INSECURE_REFERRER_POLICY insecure_referrer_policy
- INSECURE_SALT hardcoded
- REVERSE_TABNABBING react_target_blank
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO insecure_cipher
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SA.RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNSAFE_BUFFER_METHOD unsafe_buffer_method
|
- ASPNET_MVC_VERSION_HEADER none
- CONFIG.DYNAMIC_DATA_HTML_COMMENT none
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
|
| 1030 OWASP Top Ten 2017 Category A4 - XML External Entities (XXE) |
- XML_EXTERNAL_ENTITY entity_expansion
- XML_EXTERNAL_ENTITY external_entities
- XML_EXTERNAL_ENTITY unrestricted_dtds
|
|
|
- XML_EXTERNAL_ENTITY entity_expansion
- XML_EXTERNAL_ENTITY external_entities
|
- XML_EXTERNAL_ENTITY entity_expansion
- XML_EXTERNAL_ENTITY external_entities
- XML_EXTERNAL_ENTITY unrestricted_dtds
|
- XML_EXTERNAL_ENTITY entity_expansion
- XML_EXTERNAL_ENTITY external_entities
|
- XML_EXTERNAL_ENTITY entity_expansion
- XML_EXTERNAL_ENTITY external_entities
- XML_EXTERNAL_ENTITY unrestricted_dtds
|
|
- XML_EXTERNAL_ENTITY external_entities
|
- XML_EXTERNAL_ENTITY external_entities
|
|
|
- XML_EXTERNAL_ENTITY external_entities
|
- XML_EXTERNAL_ENTITY entity_expansion
- XML_EXTERNAL_ENTITY external_entities
|
- XML_EXTERNAL_ENTITY entity_expansion
- XML_EXTERNAL_ENTITY external_entities
- XML_EXTERNAL_ENTITY unrestricted_dtds
|
| 1031 OWASP Top Ten 2017 Category A5 - Broken Access Control |
- CONFIG.CONNECTION_STRING_PASSWORD none
- CONFIG.DEAD_AUTHORIZATION_RULE dead_allow_rule
- CONFIG.DEAD_AUTHORIZATION_RULE dead_deny_rule
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- INSECURE_COOKIE dotnet
- MISSING_AUTHZ none
- PATH_MANIPULATION none
- RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
|
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- PATH_MANIPULATION none
- RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- URL_MANIPULATION none
- WEAK_GUARD dns
- WEAK_GUARD dns_sensitive_op
- WEAK_GUARD http_referer
- WEAK_GUARD http_referer_sensitive_op
- WEAK_GUARD ip_address
- WEAK_GUARD ip_address_sensitive_op
- WEAK_GUARD none
- WEAK_GUARD os_login
- WEAK_GUARD os_login_sensitive_op
- WEAK_GUARD principal_name
- WEAK_GUARD principal_name_sensitive_op
|
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- PATH_MANIPULATION none
- RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- URL_MANIPULATION none
- WEAK_GUARD dns
- WEAK_GUARD dns_sensitive_op
- WEAK_GUARD http_referer
- WEAK_GUARD http_referer_sensitive_op
- WEAK_GUARD ip_address
- WEAK_GUARD ip_address_sensitive_op
- WEAK_GUARD none
- WEAK_GUARD os_login
- WEAK_GUARD os_login_sensitive_op
- WEAK_GUARD principal_name
- WEAK_GUARD principal_name_sensitive_op
|
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- PATH_MANIPULATION none
- RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- URL_MANIPULATION none
|
- ANDROID_CAPABILITY_LEAK none
- ANDROID_WEBVIEW_FILEACCESS android_webview_file_access
- BAD_CERT_VERIFICATION bad_hostname_verifier
- BAD_CERT_VERIFICATION bad_revocation_check
- BAD_CERT_VERIFICATION bad_ssl_session
- BAD_CERT_VERIFICATION bad_trust_manager
- CONFIG.DWR_DEBUG_MODE none
- CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
- CONFIG.JAVAEE_MISSING_SERVLET_MAPPING javaee
- CONFIG.MISSING_JSF2_SECURITY_CONSTRAINT none
- CONFIG.MYBATIS_MAPPER_SQLI none
- CONFIG.SPRING_BOOT_SSL_DISABLED spring_boot_certificate_validation_skipped
- CONFIG.SPRING_SECURITY_DISABLE_AUTH_TAGS none
- CONFIG.SPRING_SECURITY_HARDCODED_CREDENTIALS none
- CONFIG.SPRING_SECURITY_REMEMBER_ME_HARDCODED_KEY none
- CONFIG.SPRING_SECURITY_SESSION_FIXATION none
- CONFIG.SPRING_SECURITY_SESSION_FIXATION spring_security_source_code
- CONFIG.SPRING_SECURITY_WEAK_PASSWORD_HASH weak_encoding_for_password
- CONFIG.STRUTS2_CONFIG_BROWSER_PLUGIN none
- CONFIG.STRUTS2_DYNAMIC_METHOD_INVOCATION none
- CONFIG.STRUTS2_ENABLED_DEV_MODE none
- CONFIG.UNSAFE_SESSION_TIMEOUT none
- CORS_MISCONFIGURATION cors_with_credentials_http_origin
- CORS_MISCONFIGURATION cors_with_credentials_null_origin
- CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
- CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
- FB.DMI_CONSTANT_DB_PASSWORD none
- FB.DMI_EMPTY_DB_PASSWORD none
- FB.PT_ABSOLUTE_PATH_TRAVERSAL none
- FB.PT_RELATIVE_PATH_TRAVERSAL none
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- IMPLICIT_INTENT none
- INSECURE_COMMUNICATION none
- INSECURE_REMEMBER_ME_COOKIE remember_me_cookie
- JSP_DYNAMIC_INCLUDE none
- JSP_SQL_INJECTION none
- MISSING_AUTHZ none
- MISSING_PERMISSION_FOR_BROADCAST none
- MISSING_PERMISSION_ON_EXPORTED_COMPONENT none
- PATH_MANIPULATION none
- RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_intent
- SENSITIVE_DATA_LEAK cleartext_transmission
- SESSION_FIXATION none
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- URL_MANIPULATION bad_content_uri
- URL_MANIPULATION bad_intent_uri
- URL_MANIPULATION bad_web_uri
- WEAK_GUARD dns
- WEAK_GUARD dns_sensitive_op
- WEAK_GUARD http_referer
- WEAK_GUARD http_referer_sensitive_op
- WEAK_GUARD ip_address
- WEAK_GUARD ip_address_sensitive_op
- WEAK_GUARD none
- WEAK_GUARD os_login
- WEAK_GUARD os_login_sensitive_op
- WEAK_GUARD principal_name
- WEAK_GUARD principal_name_sensitive_op
|
- AWS_SSL_DISABLED aws_ssl_disabled
- AWS_VALIDATION_DISABLED aws_credentials_validation
- AWS_VALIDATION_DISABLED aws_parameters_validation
- BAD_CERT_VERIFICATION bad_cert_verification
- BAD_CERT_VERIFICATION certificate_validation_disabled
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
- CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
- CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
- CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
- CONFIG.REQUEST_STRICTSSL_DISABLED request_strictssl_disabled
- CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
- CONFIG.UNSAFE_SESSION_TIMEOUT client_sessions_unsafe_session_timeout
- CONFIG.UNSAFE_SESSION_TIMEOUT connect_mongo_session_timeout_too_long
- CONFIG.UNSAFE_SESSION_TIMEOUT connect_redis_session_timeout_too_long
- CONFIG.UNSAFE_SESSION_TIMEOUT google_cloud_connect_datastore_unsafe_session_timeout
- CORS_MISCONFIGURATION cors_with_credentials_all_origin
- CORS_MISCONFIGURATION cors_with_credentials_http_origin
- CORS_MISCONFIGURATION cors_with_credentials_null_origin
- CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
- CORS_MISCONFIGURATION_AUDIT cors_headers_allowed
- CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
- CORS_MISCONFIGURATION_AUDIT cors_preflight_age_too_long
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_all_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_http_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_null_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_max_age
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_set_if
- INSECURE_ACL insecure_acl
- INSECURE_COMMUNICATION insecure_connection
- INSECURE_COOKIE client_sessions_express_session
- INSECURE_COOKIE hapi_server_session
- INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_aws
- INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_google
- MISSING_AUTHZ none
- MULTER_MISCONFIGURATION multer_applied_globally
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
- PATH_MANIPULATION none
- RISKY_CRYPTO ssl_protocol
- SA.RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- TEMPORARY_CREDENTIALS_DURATION temporary_credentials_duration
- UNCHECKED_ORIGIN none
- UNLESS_CASE_SENSITIVE_ROUTE_MATCHING express_unless_case_sensitive_route_matching
- URL_MANIPULATION none
- WEAK_URL_SANITIZATION hostname_regular_expression
- WEAK_URL_SANITIZATION regular_expression_anchor
- WEAK_URL_SANITIZATION url_substring
|
- ANDROID_CAPABILITY_LEAK none
- BAD_CERT_VERIFICATION bad_hostname_verifier
- BAD_CERT_VERIFICATION bad_revocation_check
- BAD_CERT_VERIFICATION bad_ssl_session
- BAD_CERT_VERIFICATION bad_trust_manager
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- IMPLICIT_INTENT none
- INSECURE_COMMUNICATION none
- MISSING_PERMISSION_FOR_BROADCAST none
- PATH_MANIPULATION none
- RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_intent
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- URL_MANIPULATION bad_content_uri
- URL_MANIPULATION bad_intent_uri
- URL_MANIPULATION bad_web_uri
|
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- PATH_MANIPULATION none
- RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- URL_MANIPULATION none
- WEAK_GUARD dns
- WEAK_GUARD dns_sensitive_op
- WEAK_GUARD http_referer
- WEAK_GUARD http_referer_sensitive_op
- WEAK_GUARD ip_address
- WEAK_GUARD ip_address_sensitive_op
- WEAK_GUARD none
- WEAK_GUARD os_login
- WEAK_GUARD os_login_sensitive_op
- WEAK_GUARD principal_name
- WEAK_GUARD principal_name_sensitive_op
|
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- MISSING_AUTHZ none
- PATH_MANIPULATION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
|
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- MISSING_AUTHZ none
- PATH_MANIPULATION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
|
- BAD_CERT_VERIFICATION ssl_verification_bypass_hi
- HARDCODED_CREDENTIALS secret_in_source_med
- INSECURE_COOKIE missing_httponly_low
- INSECURE_DIRECT_OBJECT_REFERENCE unscoped_find_low
- PATH_MANIPULATION dynamic_render_path_hi
- PATH_MANIPULATION dynamic_render_path_low
- PATH_MANIPULATION dynamic_render_path_med
- PATH_MANIPULATION dynamic_render_path_rce_hi
- PATH_MANIPULATION file_access_hi
- PATH_MANIPULATION file_access_low
- PATH_MANIPULATION file_access_med
- RAILS_DEFAULT_ROUTES all_default_routes_hi
- RAILS_DEFAULT_ROUTES controller_default_routes_med
- RAILS_DEVISE_CONFIG devise_lock_strategy_low
- RAILS_DEVISE_CONFIG devise_password_length_max_low
- RAILS_DEVISE_CONFIG devise_password_length_max_med
- RAILS_DEVISE_CONFIG devise_password_length_min_low
- RAILS_DEVISE_CONFIG devise_password_length_min_med
- RAILS_DEVISE_CONFIG devise_reset_timeout_hi
- RAILS_MISSING_FILTER_ACTION missing_action_filter_low
- RUBY_VULNERABLE_LIBRARY cve_2011_2929_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_7576_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_3760_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_3760_low
- STRICT_TRANSPORT_SECURITY force_ssl_disabled_med
- UNSAFE_BASIC_AUTH basic_auth_password_hi
- UNSAFE_BASIC_AUTH basic_auth_timing_attack_low
- UNSAFE_BASIC_AUTH basic_auth_usage_low
- UNSAFE_SESSION_SETTING http_cookies_hi
- UNSAFE_SESSION_SETTING session_secret_hi
|
|
- BAD_CERT_VERIFICATION bad_trust_manager
- BAD_CERT_VERIFICATION none
- CONFIG.ATS_INSECURE none
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- INSECURE_COMMUNICATION none
- INSECURE_MULTIPEER_CONNECTION none
- PATH_MANIPULATION none
- RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- WEAK_BIOMETRIC_AUTH none
|
- AWS_SSL_DISABLED aws_ssl_disabled
- AWS_VALIDATION_DISABLED aws_credentials_validation
- AWS_VALIDATION_DISABLED aws_parameters_validation
- BAD_CERT_VERIFICATION bad_cert_verification
- BAD_CERT_VERIFICATION certificate_validation_disabled
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
- CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
- CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
- CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
- CONFIG.REQUEST_STRICTSSL_DISABLED request_strictssl_disabled
- CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
- CONFIG.UNSAFE_SESSION_TIMEOUT client_sessions_unsafe_session_timeout
- CONFIG.UNSAFE_SESSION_TIMEOUT connect_mongo_session_timeout_too_long
- CONFIG.UNSAFE_SESSION_TIMEOUT connect_redis_session_timeout_too_long
- CONFIG.UNSAFE_SESSION_TIMEOUT google_cloud_connect_datastore_unsafe_session_timeout
- CORS_MISCONFIGURATION cors_with_credentials_all_origin
- CORS_MISCONFIGURATION cors_with_credentials_http_origin
- CORS_MISCONFIGURATION cors_with_credentials_null_origin
- CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
- CORS_MISCONFIGURATION_AUDIT cors_headers_allowed
- CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
- CORS_MISCONFIGURATION_AUDIT cors_preflight_age_too_long
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_all_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_http_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_null_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_max_age
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_set_if
- INSECURE_ACL insecure_acl
- INSECURE_COMMUNICATION insecure_connection
- INSECURE_COOKIE client_sessions_express_session
- INSECURE_COOKIE hapi_server_session
- INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_aws
- INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_google
- MISSING_AUTHZ none
- MULTER_MISCONFIGURATION multer_applied_globally
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
- PATH_MANIPULATION none
- RISKY_CRYPTO ssl_protocol
- SA.RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- TEMPORARY_CREDENTIALS_DURATION temporary_credentials_duration
- UNCHECKED_ORIGIN none
- UNLESS_CASE_SENSITIVE_ROUTE_MATCHING express_unless_case_sensitive_route_matching
- URL_MANIPULATION none
- WEAK_URL_SANITIZATION hostname_regular_expression
- WEAK_URL_SANITIZATION regular_expression_anchor
- WEAK_URL_SANITIZATION url_substring
|
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- MISSING_AUTHZ none
- PATH_MANIPULATION none
- RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
|
| 1032 OWASP Top Ten 2017 Category A6 - Security Misconfiguration |
- CONFIG.ASPNET_VERSION_HEADER none
- CONFIG.ASP_VIEWSTATE_MAC none
- CONFIG.CONNECTION_STRING_PASSWORD none
- CONFIG.COOKIES_MISSING_HTTPONLY none
- CONFIG.DEAD_AUTHORIZATION_RULE dead_allow_rule
- CONFIG.DEAD_AUTHORIZATION_RULE dead_deny_rule
- CONFIG.ENABLED_DEBUG_MODE none
- CONFIG.ENABLED_TRACE_MODE none
- CONFIG.MISSING_CUSTOM_ERROR_PAGE none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
|
- AUTOSAR C++14 A15-3-3 none
- MISRA C++-2008 Rule 15-3-2 none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNCAUGHT_EXCEPT none
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
|
- AUTOSAR C++14 A15-3-3 none
- MISRA C++-2008 Rule 15-3-2 none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNCAUGHT_EXCEPT none
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
|
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_transmission
|
- CONFIG.ANDROID_OUTDATED_TARGETSDKVERSION android
- CONFIG.DUPLICATE_SERVLET_DEFINITION none
- CONFIG.DWR_DEBUG_MODE none
- CONFIG.HTTP_VERB_TAMPERING none
- CONFIG.JAVAEE_MISSING_HTTPONLY none
- CONFIG.MISSING_GLOBAL_EXCEPTION_HANDLER none
- CONFIG.MISSING_JSF2_SECURITY_CONSTRAINT none
- CONFIG.SPRING_SECURITY_DEBUG_MODE spring_debug_mode_enabled
- CONFIG.SPRING_SECURITY_DISABLE_AUTH_TAGS none
- CONFIG.SPRING_SECURITY_HARDCODED_CREDENTIALS none
- CONFIG.SPRING_SECURITY_LOGIN_OVER_HTTP spring_security_login_over_http
- CONFIG.SPRING_SECURITY_REMEMBER_ME_HARDCODED_KEY none
- CONFIG.SPRING_SECURITY_SESSION_FIXATION none
- CONFIG.STRUTS2_CONFIG_BROWSER_PLUGIN none
- CONFIG.STRUTS2_DYNAMIC_METHOD_INVOCATION none
- CONFIG.STRUTS2_ENABLED_DEV_MODE none
- CONFIG.UNSAFE_SESSION_TIMEOUT none
- INSECURE_COMMUNICATION insecure_communication
- INSECURE_COMMUNICATION none
- INSECURE_COMMUNICATION unencrypted_connection
- INSECURE_HTTP_FIREWALL spring_security
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- VERBOSE_ERROR_REPORTING exception_information
- VERBOSE_ERROR_REPORTING stack_trace
|
- CONFIG.ENABLED_DEBUG_MODE debug_mode_enabled
- CONFIG.HANA_XS_PREVENT_XSRF_DISABLED none
- CONFIG.MISSING_GLOBAL_EXCEPTION_HANDLER winston_exception_handling
- CONFIG.UNSAFE_SESSION_TIMEOUT client_sessions_unsafe_session_timeout
- CONFIG.UNSAFE_SESSION_TIMEOUT connect_mongo_session_timeout_too_long
- CONFIG.UNSAFE_SESSION_TIMEOUT connect_redis_session_timeout_too_long
- CONFIG.UNSAFE_SESSION_TIMEOUT google_cloud_connect_datastore_unsafe_session_timeout
- CORS_MISCONFIGURATION_AUDIT cors_preflight_age_too_long
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_max_age
- INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_aws
- INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_google
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_transmission
- TEMPORARY_CREDENTIALS_DURATION temporary_credentials_duration
|
- CONFIG.ANDROID_OUTDATED_TARGETSDKVERSION android
- INSECURE_COMMUNICATION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
|
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNCAUGHT_EXCEPT none
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
|
- CONFIG.SYMFONY_CSRF_PROTECTION_DISABLED none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_transmission
|
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_transmission
|
- SENSITIVE_DATA_LEAK detailed_exceptions_hi
- SENSITIVE_DATA_LEAK detailed_exceptions_med
|
|
- INSECURE_COMMUNICATION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
|
- CONFIG.ENABLED_DEBUG_MODE debug_mode_enabled
- CONFIG.HANA_XS_PREVENT_XSRF_DISABLED none
- CONFIG.MISSING_GLOBAL_EXCEPTION_HANDLER winston_exception_handling
- CONFIG.UNSAFE_SESSION_TIMEOUT client_sessions_unsafe_session_timeout
- CONFIG.UNSAFE_SESSION_TIMEOUT connect_mongo_session_timeout_too_long
- CONFIG.UNSAFE_SESSION_TIMEOUT connect_redis_session_timeout_too_long
- CONFIG.UNSAFE_SESSION_TIMEOUT google_cloud_connect_datastore_unsafe_session_timeout
- CORS_MISCONFIGURATION_AUDIT cors_preflight_age_too_long
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_max_age
- INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_aws
- INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_google
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_transmission
- TEMPORARY_CREDENTIALS_DURATION temporary_credentials_duration
|
- CONFIG.MISSING_CUSTOM_ERROR_PAGE none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_transmission
|
| 1033 OWASP Top Ten 2017 Category A7 - Cross-Site Scripting (XSS) |
|
|
|
|
- CONFIG.SPRING_SECURITY_DEPRECATED_XSS_HEADER deprecated_xss_header
- FB.XSS_REQUEST_PARAMETER_TO_JSP_WRITER none
- FB.XSS_REQUEST_PARAMETER_TO_SEND_ERROR none
- FB.XSS_REQUEST_PARAMETER_TO_SERVLET_WRITER none
- XSS none
- XSS stored_xss
|
- ANGULAR_BYPASS_SECURITY none
- ANGULAR_ELEMENT_REFERENCE none
- ANGULAR_SCE_DISABLED angular_sce_disabled
- DOM_XSS none
- REACT_DANGEROUS_INNERHTML react_set_unsafe_html
- VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
- XSS none
|
|
|
|
|
- RUBY_VULNERABLE_LIBRARY cve_2011_2931_hi
- RUBY_VULNERABLE_LIBRARY cve_2011_2932_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_3463_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_3465_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_1855_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_1857_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_4491_med
- RUBY_VULNERABLE_LIBRARY cve_2013_6416_call_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_6416_med
- RUBY_VULNERABLE_LIBRARY cve_2014_0081_call_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_0081_med
- RUBY_VULNERABLE_LIBRARY cve_2015_3226_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_3226_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7578_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_7578_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7579_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_7579_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7580_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_7580_med
- RUBY_VULNERABLE_LIBRARY cve_2018_3741_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_3741_med
- RUBY_VULNERABLE_LIBRARY cve_2018_8048_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_8048_med
- RUBY_VULNERABLE_LIBRARY safe_buffer_vuln_med
- RUBY_VULNERABLE_LIBRARY select_options_vuln_low
- RUBY_VULNERABLE_LIBRARY select_options_vuln_med
- RUBY_VULNERABLE_LIBRARY translate_vuln_hi
- RUBY_VULNERABLE_LIBRARY translate_vuln_med
- UNESCAPED_HTML unescaped_output_low
- XSS cross_site_scripting_hi
- XSS cross_site_scripting_inline_hi
- XSS cross_site_scripting_inline_med
- XSS cross_site_scripting_low
- XSS cross_site_scripting_med
- XSS cve_2011_0446_hi
- XSS cve_2012_3464_med
- XSS cve_2016_6316_hi
- XSS cve_2016_6316_med
- XSS unquoted_attribute_hi
- XSS unquoted_attribute_low
- XSS unquoted_attribute_med
- XSS xss_content_tag_hi
- XSS xss_content_tag_med
- XSS xss_link_to_hi
- XSS xss_link_to_href_hi
- XSS xss_link_to_href_low
- XSS xss_link_to_med
- XSS xss_to_json_hi
- XSS xss_to_json_med
|
|
|
- ANGULAR_BYPASS_SECURITY none
- ANGULAR_ELEMENT_REFERENCE none
- ANGULAR_SCE_DISABLED angular_sce_disabled
- DOM_XSS none
- REACT_DANGEROUS_INNERHTML react_set_unsafe_html
- VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
- XSS none
|
|
| 1034 OWASP Top Ten 2017 Category A8 - Insecure Deserialization |
- UNSAFE_DESERIALIZATION none
|
|
|
- DISTRUSTED_DATA_DESERIALIZATION none
|
- UNSAFE_DESERIALIZATION none
|
- UNSAFE_DESERIALIZATION none
|
- UNSAFE_DESERIALIZATION none
|
|
- UNSAFE_DESERIALIZATION none
|
- UNSAFE_DESERIALIZATION none
|
- COOKIE_SERIALIZER_CONFIG unsafe_cookie_serialization_med
- RUBY_VULNERABLE_LIBRARY cve_2013_0156_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_0269_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_0269_low
- RUBY_VULNERABLE_LIBRARY cve_2013_0269_med
- RUBY_VULNERABLE_LIBRARY cve_2013_0277_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_0277_med
- RUBY_VULNERABLE_LIBRARY cve_2013_0333_hi
- UNSAFE_DESERIALIZATION unsafe_deserialize_hi
- UNSAFE_DESERIALIZATION unsafe_deserialize_med
|
|
|
- UNSAFE_DESERIALIZATION none
|
- UNSAFE_DESERIALIZATION none
|
| 1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities |
|
|
|
|
- CONFIG.ANDROID_UNSAFE_MINSDKVERSION android
|
|
- CONFIG.ANDROID_UNSAFE_MINSDKVERSION android
|
|
|
|
- RUBY_VULNERABLE_LIBRARY cve_2010_3933_hi
- RUBY_VULNERABLE_LIBRARY cve_2011_2929_hi
- RUBY_VULNERABLE_LIBRARY cve_2011_2930_med
- RUBY_VULNERABLE_LIBRARY cve_2011_2931_hi
- RUBY_VULNERABLE_LIBRARY cve_2011_2932_hi
- RUBY_VULNERABLE_LIBRARY cve_2011_3186_med
- RUBY_VULNERABLE_LIBRARY cve_2012_2660_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_2661_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_2695_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_3424_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_3424_low
- RUBY_VULNERABLE_LIBRARY cve_2012_3463_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_3465_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_5664_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_0155_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_0156_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_0269_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_0269_low
- RUBY_VULNERABLE_LIBRARY cve_2013_0269_med
- RUBY_VULNERABLE_LIBRARY cve_2013_0277_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_0277_med
- RUBY_VULNERABLE_LIBRARY cve_2013_0333_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_1854_med
- RUBY_VULNERABLE_LIBRARY cve_2013_1855_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_1856_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_1857_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_4491_med
- RUBY_VULNERABLE_LIBRARY cve_2013_6414_med
- RUBY_VULNERABLE_LIBRARY cve_2013_6416_call_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_6416_med
- RUBY_VULNERABLE_LIBRARY cve_2013_6417_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_0080_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_0081_call_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_0081_med
- RUBY_VULNERABLE_LIBRARY cve_2014_0082_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_3482_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_3483_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_low
- RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_med
- RUBY_VULNERABLE_LIBRARY cve_2014_3514_med
- RUBY_VULNERABLE_LIBRARY cve_2014_7829_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_3226_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_3226_med
- RUBY_VULNERABLE_LIBRARY cve_2015_3227_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7576_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_7577_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7578_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_7578_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7579_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_7579_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7580_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_7580_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7581_med
- RUBY_VULNERABLE_LIBRARY cve_2016_0751_med
- RUBY_VULNERABLE_LIBRARY cve_2016_6317_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_3741_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_3741_med
- RUBY_VULNERABLE_LIBRARY cve_2018_3760_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_3760_low
- RUBY_VULNERABLE_LIBRARY cve_2018_8048_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_8048_med
- RUBY_VULNERABLE_LIBRARY safe_buffer_vuln_med
- RUBY_VULNERABLE_LIBRARY select_options_vuln_low
- RUBY_VULNERABLE_LIBRARY select_options_vuln_med
- RUBY_VULNERABLE_LIBRARY translate_vuln_hi
- RUBY_VULNERABLE_LIBRARY translate_vuln_med
|
|
|
|
|
| 1036 OWASP Top Ten 2017 Category A10 - Insufficient Logging & Monitoring |
- UNLOGGED_SECURITY_EXCEPTION unlogged_security_exception
|
|
|
- INSUFFICIENT_LOGGING logging_obligation
|
- UNLOGGED_SECURITY_EXCEPTION unlogged_security_exception
|
- INSUFFICIENT_LOGGING logging_obligation
|
|
|
|
|
|
|
|
- INSUFFICIENT_LOGGING logging_obligation
|
- UNLOGGED_SECURITY_EXCEPTION unlogged_security_exception
|
| 1037 Processor Optimization Removal or Modification of Security-critical Code |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1038 Insecure Automated Optimizations |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1039 Automated Recognition Mechanism with Inadequate Detection or Handling of Adversarial Input Perturbations |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1040 Quality Weaknesses with Indirect Security Impacts |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1041 Use of Redundant Code |
- IDENTICAL_BRANCHES case
- IDENTICAL_BRANCHES chain
- IDENTICAL_BRANCHES if
- IDENTICAL_BRANCHES ternary
|
- IDENTICAL_BRANCHES case
- IDENTICAL_BRANCHES chain
- IDENTICAL_BRANCHES if
- IDENTICAL_BRANCHES ternary
|
- IDENTICAL_BRANCHES case
- IDENTICAL_BRANCHES chain
- IDENTICAL_BRANCHES if
- IDENTICAL_BRANCHES ternary
|
- IDENTICAL_BRANCHES case
- IDENTICAL_BRANCHES chain
- IDENTICAL_BRANCHES if
- IDENTICAL_BRANCHES ternary
|
- IDENTICAL_BRANCHES case
- IDENTICAL_BRANCHES chain
- IDENTICAL_BRANCHES if
- IDENTICAL_BRANCHES ternary
|
- IDENTICAL_BRANCHES case
- IDENTICAL_BRANCHES chain
- IDENTICAL_BRANCHES if
- IDENTICAL_BRANCHES ternary
|
|
- IDENTICAL_BRANCHES case
- IDENTICAL_BRANCHES chain
- IDENTICAL_BRANCHES if
- IDENTICAL_BRANCHES ternary
|
- IDENTICAL_BRANCHES case
- IDENTICAL_BRANCHES chain
- IDENTICAL_BRANCHES if
- IDENTICAL_BRANCHES ternary
|
- IDENTICAL_BRANCHES chain
- IDENTICAL_BRANCHES if
- IDENTICAL_BRANCHES ternary
|
- IDENTICAL_BRANCHES chain
- IDENTICAL_BRANCHES if
- IDENTICAL_BRANCHES ternary
|
- IDENTICAL_BRANCHES case
- IDENTICAL_BRANCHES chain
- IDENTICAL_BRANCHES if
- IDENTICAL_BRANCHES ternary
|
- IDENTICAL_BRANCHES case
- IDENTICAL_BRANCHES chain
- IDENTICAL_BRANCHES if
- IDENTICAL_BRANCHES ternary
|
- IDENTICAL_BRANCHES case
- IDENTICAL_BRANCHES chain
- IDENTICAL_BRANCHES if
- IDENTICAL_BRANCHES ternary
|
- IDENTICAL_BRANCHES case
- IDENTICAL_BRANCHES chain
- IDENTICAL_BRANCHES if
- IDENTICAL_BRANCHES ternary
|
| 1042 Static Member Data Element outside of a Singleton Class Element |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1043 Data Element Aggregating an Excessively Large Number of Non-Primitive Elements |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1044 Architecture with Number of Horizontal Layers Outside of Expected Range |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1045 Parent Class with a Virtual Destructor and a Child Class without a Virtual Destructor |
|
- VIRTUAL_DTOR empty_dtor
- VIRTUAL_DTOR none
|
- VIRTUAL_DTOR empty_dtor
- VIRTUAL_DTOR none
|
|
|
|
|
- VIRTUAL_DTOR empty_dtor
- VIRTUAL_DTOR none
|
|
|
|
|
|
|
|
| 1046 Creation of Immutable Text Using String Concatenation |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1047 Modules with Circular Dependencies |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1048 Invokable Control Element with Large Number of Outward Calls |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1049 Excessive Data Query Operations in a Large Data Table |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1050 Excessive Platform Resource Consumption within a Loop |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1051 Initialization with Hard-Coded Network Resource Configuration Data |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1052 Excessive Use of Hard-Coded Literals in Initialization |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1053 Missing Documentation for Design |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1054 Invocation of a Control Element at an Unnecessarily Deep Horizontal Layer |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1055 Multiple Inheritance from Concrete Classes |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1056 Invokable Control Element with Variadic Parameters |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1057 Data Access Operations Outside of Expected Data Manager Component |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1058 Invokable Control Element in Multi-Thread Context with non-Final Static Storable or Member Element |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1059 Incomplete Documentation |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1060 Excessive Number of Inefficient Server-Side Data Accesses |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1061 Insufficient Encapsulation |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1062 Parent Class with References to Child Class |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1063 Creation of Class Instance within a Static Code Block |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1064 Invokable Control Element with Signature Containing an Excessive Number of Parameters |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1065 Runtime Resource Management Control Element in a Component Built to Run on Application Servers |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1066 Missing Serialization Control Element |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1067 Excessive Execution of Sequential Searches of Data Resource |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1068 Inconsistency Between Implementation and Documented Design |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1069 Empty Exception Block |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1070 Serializable Data Element Containing non-Serializable Item Elements |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1071 Empty Code Block |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1072 Data Resource Access without Use of Connection Pooling |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1073 Non-SQL Invokable Control Element with Excessive Number of Data Resource Accesses |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1074 Class with Excessively Deep Inheritance |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1075 Unconditional Control Flow Transfer outside of Switch Block |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1076 Insufficient Adherence to Expected Conventions |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1077 Floating Point Comparison with Incorrect Operator |
|
- FLOATING_POINT_EQUALITY none
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1078 Inappropriate Source Code Style or Formatting |
- NESTING_INDENT_MISMATCH bad_indentation
- NESTING_INDENT_MISMATCH none
|
- NESTING_INDENT_MISMATCH bad_indentation
- NESTING_INDENT_MISMATCH none
|
- NESTING_INDENT_MISMATCH bad_indentation
- NESTING_INDENT_MISMATCH none
|
|
- NESTING_INDENT_MISMATCH bad_indentation
- NESTING_INDENT_MISMATCH none
|
- NESTING_INDENT_MISMATCH bad_indentation
- NESTING_INDENT_MISMATCH none
|
|
- NESTING_INDENT_MISMATCH bad_indentation
- NESTING_INDENT_MISMATCH none
|
- NESTING_INDENT_MISMATCH bad_indentation
- NESTING_INDENT_MISMATCH none
|
|
|
- NESTING_INDENT_MISMATCH bad_indentation
- NESTING_INDENT_MISMATCH none
|
|
- NESTING_INDENT_MISMATCH bad_indentation
- NESTING_INDENT_MISMATCH none
|
|
| 1079 Parent Class without Virtual Destructor Method |
|
- VIRTUAL_DTOR empty_dtor
- VIRTUAL_DTOR none
|
- VIRTUAL_DTOR empty_dtor
- VIRTUAL_DTOR none
|
|
|
|
|
- VIRTUAL_DTOR empty_dtor
- VIRTUAL_DTOR none
|
|
|
|
|
|
|
|
| 1080 Source Code File with Excessive Number of Lines of Code |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1082 Class Instance Self Destruction Control Element |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1083 Data Access from Outside Expected Data Manager Component |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1084 Invokable Control Element with Excessive File or Data Access Operations |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1085 Invokable Control Element with Excessive Volume of Commented-out Code |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1086 Class with Excessive Number of Child Classes |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1087 Class with Virtual Method without a Virtual Destructor |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1088 Synchronous Access of Remote Resource without Timeout |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1089 Large Data Table with Excessive Number of Indices |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1090 Method Containing Access of a Member Element from Another Class |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1091 Use of Object without Invoking Destructor Method |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1092 Use of Same Invokable Control Element in Multiple Architectural Layers |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1093 Excessively Complex Data Representation |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1094 Excessive Index Range Scan for a Data Resource |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1095 Loop Condition Value Update within the Loop |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1096 Singleton Class Instance Creation without Proper Locking or Synchronization |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1097 Persistent Storable Data Element without Associated Comparison Control Element |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1098 Data Element containing Pointer Item without Proper Copy Control Element |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1099 Inconsistent Naming Conventions for Identifiers |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1100 Insufficient Isolation of System-Dependent Functions |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1101 Reliance on Runtime Component in Generated Code |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1102 Reliance on Machine-Dependent Data Representation |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1103 Use of Platform-Dependent Third Party Components |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1104 Use of Unmaintained Third Party Components |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1105 Insufficient Encapsulation of Machine-Dependent Functionality |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1106 Insufficient Use of Symbolic Constants |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1107 Insufficient Isolation of Symbolic Constant Definitions |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1108 Excessive Reliance on Global Variables |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1109 Use of Same Variable for Multiple Purposes |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1110 Incomplete Design Documentation |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1111 Incomplete I/O Documentation |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1112 Incomplete Documentation of Program Execution |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1113 Inappropriate Comment Style |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1114 Inappropriate Whitespace Style |
- NESTING_INDENT_MISMATCH bad_indentation
- NESTING_INDENT_MISMATCH none
|
- NESTING_INDENT_MISMATCH bad_indentation
- NESTING_INDENT_MISMATCH none
|
- NESTING_INDENT_MISMATCH bad_indentation
- NESTING_INDENT_MISMATCH none
|
|
- NESTING_INDENT_MISMATCH bad_indentation
- NESTING_INDENT_MISMATCH none
|
- NESTING_INDENT_MISMATCH bad_indentation
- NESTING_INDENT_MISMATCH none
|
|
- NESTING_INDENT_MISMATCH bad_indentation
- NESTING_INDENT_MISMATCH none
|
- NESTING_INDENT_MISMATCH bad_indentation
- NESTING_INDENT_MISMATCH none
|
|
|
- NESTING_INDENT_MISMATCH bad_indentation
- NESTING_INDENT_MISMATCH none
|
|
- NESTING_INDENT_MISMATCH bad_indentation
- NESTING_INDENT_MISMATCH none
|
|
| 1115 Source Code Element without Standard Prologue |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1116 Inaccurate Comments |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1117 Callable with Insufficient Behavioral Summary |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1118 Insufficient Documentation of Error Handling Techniques |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1119 Excessive Use of Unconditional Branching |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1120 Excessive Code Complexity |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1121 Excessive McCabe Cyclomatic Complexity |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1122 Excessive Halstead Complexity |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1123 Excessive Use of Self-Modifying Code |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1124 Excessively Deep Nesting |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1125 Excessive Attack Surface |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1126 Declaration of Variable with Unnecessarily Wide Scope |
|
- MISRA C-2004 Rule 8.7 none
|
- MISRA C-2004 Rule 8.7 none
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1127 Compilation with Insufficient Warnings or Errors |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1128 CISQ Quality Measures (2016) |
- BAD_EQ_TYPES none
- CONFIG.CONNECTION_STRING_PASSWORD none
- DEADCODE dead_case_in_switch
- DEADCODE dead_default_in_switch
- DEADCODE effectively_constant
- DEADCODE none
- DEADCODE redundant_test
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- IDENTICAL_BRANCHES case
- IDENTICAL_BRANCHES chain
- IDENTICAL_BRANCHES if
- IDENTICAL_BRANCHES ternary
- INFINITE_LOOP no_escape
- INFINITE_LOOP none
- LOCK_INVERSION none
- OS_CMD_INJECTION command_argument
- OS_CMD_INJECTION executable_file
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
- UNREACHABLE none
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
- XML_EXTERNAL_ENTITY entity_expansion
- XML_EXTERNAL_ENTITY unrestricted_dtds
- XSS none
- XSS stored_xss
|
- ARRAY_VS_SINGLETON none
- BAD_ALLOC_ARITHMETIC none
- BUFFER_SIZE fixed_size_dest
- BUFFER_SIZE likely_overflow
- BUFFER_SIZE none
- BUFFER_SIZE overflow
- BUFFER_SIZE overlapping_buffer
- CHAR_IO none
- CHECKED_RETURN library_function
- CHECKED_RETURN none
- CHECKED_RETURN returns_error_info
- CHECKED_RETURN short_read
- CHECKED_RETURN unchecked_arg
- CHECKED_RETURN user_required
- COM.ADDROF_LEAK none
- COM.BAD_FREE none
- COM.BSTR.ALLOC double_free
- COM.BSTR.ALLOC free_uninit
- COM.BSTR.ALLOC leak
- COM.BSTR.ALLOC none
- COM.BSTR.ALLOC use_after_free
- COM.BSTR.ALLOC use_uninit
- CTOR_DTOR_LEAK none
- DEADCODE dead_case_in_switch
- DEADCODE dead_default_in_switch
- DEADCODE effectively_constant
- DEADCODE none
- DEADCODE redundant_test
- FLOATING_POINT_EQUALITY none
- FORMAT_STRING_INJECTION none
- FORMAT_STRING_INJECTION paranoid
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- IDENTICAL_BRANCHES case
- IDENTICAL_BRANCHES chain
- IDENTICAL_BRANCHES if
- IDENTICAL_BRANCHES ternary
- INCOMPATIBLE_CAST float_vs_integral
- INCOMPATIBLE_CAST none
- INFINITE_LOOP no_escape
- INFINITE_LOOP none
- INTEGER_OVERFLOW array_index_read
- INTEGER_OVERFLOW pointer_deref_read
- LOCK double_lock
- LOCK missing_unlock
- LOCK none
- MISRA_CAST bitwise_op_bad_cast
- MISRA_CAST bitwise_op_no_cast
- MISRA_CAST float_complex_conversion
- MISRA_CAST float_narrowing_conversion
- MISRA_CAST float_non_constant_arg_conversion
- MISRA_CAST float_non_constant_conversion
- MISRA_CAST float_non_constant_rtn_conversion
- MISRA_CAST float_to_integer_cast
- MISRA_CAST float_to_integer_conversion
- MISRA_CAST float_widening_cast
- MISRA_CAST integer_complex_conversion
- MISRA_CAST integer_narrowing_conversion
- MISRA_CAST integer_non_constant_arg_conversion
- MISRA_CAST integer_non_constant_conversion
- MISRA_CAST integer_non_constant_rtn_conversion
- MISRA_CAST integer_signedness_changing_cast
- MISRA_CAST integer_signedness_changing_conversion
- MISRA_CAST integer_to_float_cast
- MISRA_CAST integer_to_float_conversion
- MISRA_CAST integer_widening_cast
- MISRA_CAST none
- MISSING_ASSIGN none
- MISSING_ASSIGN uncalled
- MISSING_COPY none
- MISSING_COPY uncalled
- NEGATIVE_RETURNS array_index_read
- NEGATIVE_RETURNS array_index_write
- NEGATIVE_RETURNS loop_bound
- NO_EFFECT bad_memset_truncated_fill
- NO_EFFECT bad_memset_zero_size
- NO_EFFECT incomplete_delete
- NO_EFFECT unsigned_compare
- NO_EFFECT unsigned_compare_macros
- NO_EFFECT unsigned_enums
- ORDER_REVERSAL none
- OS_CMD_INJECTION none
- OVERRUN illegal_address
- OVERRUN none
- OVERRUN read
- OVERRUN strlen
- OVERRUN write
- PATH_MANIPULATION none
- PW.BAD_CAST none
- PW.CONVERSION_TO_POINTER_LOSES_BITS none
- PW.NON_CONST_PRINTF_FORMAT_STRING none
- PW.RETURN_PTR_TO_LOCAL_TEMP none
- PW.UNSIGNED_COMPARE_WITH_NEGATIVE none
- RESOURCE_LEAK fds_handles
- RETURN_LOCAL escape_local_addr_to_fields_or_globals
- RETURN_LOCAL none
- REVERSE_NEGATIVE array_index_read
- REVERSE_NEGATIVE array_index_write
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SIGN_EXTENSION none
- SIZECHECK likely_overflow
- SLEEP none
- SQLI none
- STRING_OVERFLOW fixed_size_dest
- STRING_OVERFLOW likely_overflow
- STRING_OVERFLOW none
- STRING_SIZE none
- TAINTED_SCALAR array_index_read
- TAINTED_SCALAR array_index_write
- TAINTED_SCALAR loop_bound
- TAINTED_SCALAR pointer_deref_read
- TAINTED_SCALAR pointer_deref_write
- UNREACHABLE none
- URL_MANIPULATION none
- USE_AFTER_FREE deref_read_after_free
- USE_AFTER_FREE deref_write_after_free
- USE_AFTER_FREE double_close
- USE_AFTER_FREE double_free
- USE_AFTER_FREE none
- USE_AFTER_FREE use_after_close
- VIRTUAL_DTOR empty_dtor
- VIRTUAL_DTOR none
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
- WRAPPER_ESCAPE COM_deref_read_after_free
- WRAPPER_ESCAPE COM_deref_write_after_free
- WRAPPER_ESCAPE COM_use_after_free
- WRAPPER_ESCAPE deref_read_after_free
- WRAPPER_ESCAPE deref_write_after_free
- WRAPPER_ESCAPE none
- Y2K38_SAFETY declaration_with_small_time_t
- Y2K38_SAFETY truncation_of_time_t
|
- ARRAY_VS_SINGLETON none
- BAD_ALLOC_ARITHMETIC none
- BUFFER_SIZE fixed_size_dest
- BUFFER_SIZE likely_overflow
- BUFFER_SIZE none
- BUFFER_SIZE overflow
- BUFFER_SIZE overlapping_buffer
- CHAR_IO none
- CHECKED_RETURN library_function
- CHECKED_RETURN none
- CHECKED_RETURN returns_error_info
- CHECKED_RETURN short_read
- CHECKED_RETURN unchecked_arg
- CHECKED_RETURN user_required
- CTOR_DTOR_LEAK none
- DEADCODE dead_case_in_switch
- DEADCODE dead_default_in_switch
- DEADCODE effectively_constant
- DEADCODE none
- DEADCODE redundant_test
- FORMAT_STRING_INJECTION none
- FORMAT_STRING_INJECTION paranoid
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- IDENTICAL_BRANCHES case
- IDENTICAL_BRANCHES chain
- IDENTICAL_BRANCHES if
- IDENTICAL_BRANCHES ternary
- INCOMPATIBLE_CAST float_vs_integral
- INCOMPATIBLE_CAST none
- INFINITE_LOOP no_escape
- INFINITE_LOOP none
- INTEGER_OVERFLOW array_index_read
- INTEGER_OVERFLOW pointer_deref_read
- LOCK double_lock
- LOCK missing_unlock
- LOCK none
- MISRA_CAST bitwise_op_bad_cast
- MISRA_CAST bitwise_op_no_cast
- MISRA_CAST float_complex_conversion
- MISRA_CAST float_narrowing_conversion
- MISRA_CAST float_non_constant_arg_conversion
- MISRA_CAST float_non_constant_conversion
- MISRA_CAST float_non_constant_rtn_conversion
- MISRA_CAST float_to_integer_cast
- MISRA_CAST float_to_integer_conversion
- MISRA_CAST float_widening_cast
- MISRA_CAST integer_complex_conversion
- MISRA_CAST integer_narrowing_conversion
- MISRA_CAST integer_non_constant_arg_conversion
- MISRA_CAST integer_non_constant_conversion
- MISRA_CAST integer_non_constant_rtn_conversion
- MISRA_CAST integer_signedness_changing_cast
- MISRA_CAST integer_signedness_changing_conversion
- MISRA_CAST integer_to_float_cast
- MISRA_CAST integer_to_float_conversion
- MISRA_CAST integer_widening_cast
- MISRA_CAST none
- MISSING_ASSIGN none
- MISSING_ASSIGN uncalled
- MISSING_COPY none
- MISSING_COPY uncalled
- NEGATIVE_RETURNS array_index_read
- NEGATIVE_RETURNS array_index_write
- NEGATIVE_RETURNS loop_bound
- NO_EFFECT bad_memset_truncated_fill
- NO_EFFECT bad_memset_zero_size
- NO_EFFECT incomplete_delete
- NO_EFFECT unsigned_compare
- NO_EFFECT unsigned_compare_macros
- NO_EFFECT unsigned_enums
- ORDER_REVERSAL none
- OS_CMD_INJECTION none
- OVERRUN illegal_address
- OVERRUN none
- OVERRUN read
- OVERRUN strlen
- OVERRUN write
- PATH_MANIPULATION none
- PW.BAD_CAST none
- PW.CONVERSION_TO_POINTER_LOSES_BITS none
- PW.NON_CONST_PRINTF_FORMAT_STRING none
- PW.RETURN_PTR_TO_LOCAL_TEMP none
- PW.UNSIGNED_COMPARE_WITH_NEGATIVE none
- RESOURCE_LEAK fds_handles
- RETURN_LOCAL escape_local_addr_to_fields_or_globals
- RETURN_LOCAL none
- REVERSE_NEGATIVE array_index_read
- REVERSE_NEGATIVE array_index_write
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SIGN_EXTENSION none
- SIZECHECK likely_overflow
- SLEEP none
- SQLI none
- STRING_OVERFLOW fixed_size_dest
- STRING_OVERFLOW likely_overflow
- STRING_OVERFLOW none
- STRING_SIZE none
- TAINTED_SCALAR array_index_read
- TAINTED_SCALAR array_index_write
- TAINTED_SCALAR loop_bound
- TAINTED_SCALAR pointer_deref_read
- TAINTED_SCALAR pointer_deref_write
- UNREACHABLE none
- URL_MANIPULATION none
- USE_AFTER_FREE deref_read_after_free
- USE_AFTER_FREE deref_write_after_free
- USE_AFTER_FREE double_close
- USE_AFTER_FREE double_free
- USE_AFTER_FREE none
- USE_AFTER_FREE use_after_close
- VIRTUAL_DTOR empty_dtor
- VIRTUAL_DTOR none
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
- WRAPPER_ESCAPE COM_deref_read_after_free
- WRAPPER_ESCAPE COM_deref_write_after_free
- WRAPPER_ESCAPE COM_use_after_free
- WRAPPER_ESCAPE deref_read_after_free
- WRAPPER_ESCAPE deref_write_after_free
- WRAPPER_ESCAPE none
|
- CHECKED_RETURN none
- CHECKED_RETURN unchecked_arg
- DEADCODE dead_case_in_switch
- DEADCODE dead_default_in_switch
- DEADCODE effectively_constant
- DEADCODE none
- DEADCODE redundant_test
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- IDENTICAL_BRANCHES case
- IDENTICAL_BRANCHES chain
- IDENTICAL_BRANCHES if
- IDENTICAL_BRANCHES ternary
- INFINITE_LOOP no_escape
- INFINITE_LOOP none
- LOCK double_lock
- LOCK missing_unlock
- LOCK none
- LOCK_INVERSION none
- OS_CMD_INJECTION command_as_one_string
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SLEEP none
- SQLI none
- SQLI nosink
- SQLI sink
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
- URL_MANIPULATION none
- XML_EXTERNAL_ENTITY entity_expansion
- XSS none
|
- CHECKED_RETURN library_function
- CHECKED_RETURN none
- CHECKED_RETURN short_read
- CHECKED_RETURN user_required
- CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
- CONFIG.MYBATIS_MAPPER_SQLI none
- CONFIG.SPRING_SECURITY_DEPRECATED_XSS_HEADER deprecated_xss_header
- CONFIG.SPRING_SECURITY_HARDCODED_CREDENTIALS none
- CONFIG.SPRING_SECURITY_REMEMBER_ME_HARDCODED_KEY none
- CONFIG.SPRING_SECURITY_WEAK_PASSWORD_HASH weak_encoding_for_password
- CONFIG.UNSAFE_SESSION_TIMEOUT none
- DC.DEADLOCK none
- DEADCODE dead_case_in_switch
- DEADCODE dead_default_in_switch
- DEADCODE effectively_constant
- DEADCODE none
- DEADCODE redundant_test
- FB.BC_IMPOSSIBLE_CAST none
- FB.BC_IMPOSSIBLE_DOWNCAST none
- FB.BC_IMPOSSIBLE_DOWNCAST_OF_TOARRAY none
- FB.BC_IMPOSSIBLE_INSTANCEOF none
- FB.BC_VACUOUS_INSTANCEOF none
- FB.BX_BOXING_IMMEDIATELY_UNBOXED_TO_PERFORM_COERCION none
- FB.DC_DOUBLECHECK none
- FB.DC_PARTIALLY_CONSTRUCTED none
- FB.DMI_CONSTANT_DB_PASSWORD none
- FB.DMI_EMPTY_DB_PASSWORD none
- FB.ICAST_BAD_SHIFT_AMOUNT none
- FB.ICAST_IDIV_CAST_TO_DOUBLE none
- FB.ICAST_INTEGER_MULTIPLY_CAST_TO_LONG none
- FB.ICAST_INT_2_LONG_AS_INSTANT none
- FB.ICAST_INT_CAST_TO_DOUBLE_PASSED_TO_CEIL none
- FB.ICAST_INT_CAST_TO_FLOAT_PASSED_TO_ROUND none
- FB.ICAST_QUESTIONABLE_UNSIGNED_RIGHT_SHIFT none
- FB.IL_INFINITE_RECURSIVE_LOOP none
- FB.PT_ABSOLUTE_PATH_TRAVERSAL none
- FB.PT_RELATIVE_PATH_TRAVERSAL none
- FB.REC_CATCH_EXCEPTION none
- FB.SQL_NONCONSTANT_STRING_PASSED_TO_EXECUTE none
- FB.SQL_PREPARED_STATEMENT_GENERATED_FROM_NONCONSTANT_STRING none
- FB.XSS_REQUEST_PARAMETER_TO_JSP_WRITER none
- FB.XSS_REQUEST_PARAMETER_TO_SEND_ERROR none
- FB.XSS_REQUEST_PARAMETER_TO_SERVLET_WRITER none
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- IDENTICAL_BRANCHES case
- IDENTICAL_BRANCHES chain
- IDENTICAL_BRANCHES if
- IDENTICAL_BRANCHES ternary
- INFINITE_LOOP no_escape
- INFINITE_LOOP none
- JSP_DYNAMIC_INCLUDE none
- JSP_SQL_INJECTION none
- LOCK_INVERSION none
- OS_CMD_INJECTION command_as_array_of_args
- OS_CMD_INJECTION command_as_one_string
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
- UNREACHABLE none
- URL_MANIPULATION bad_content_uri
- URL_MANIPULATION bad_intent_uri
- URL_MANIPULATION bad_web_uri
- USE_AFTER_FREE none
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
- XML_EXTERNAL_ENTITY entity_expansion
- XML_EXTERNAL_ENTITY unrestricted_dtds
- XSS none
- XSS stored_xss
|
- ANGULAR_BYPASS_SECURITY none
- ANGULAR_ELEMENT_REFERENCE none
- ANGULAR_SCE_DISABLED angular_sce_disabled
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
- CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
- CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
- CONFIG.JSONWEBTOKEN_NON_EXPIRING_TOKEN jwt_non_expiring_token
- CONFIG.UNSAFE_SESSION_TIMEOUT client_sessions_unsafe_session_timeout
- CONFIG.UNSAFE_SESSION_TIMEOUT connect_mongo_session_timeout_too_long
- CONFIG.UNSAFE_SESSION_TIMEOUT connect_redis_session_timeout_too_long
- CONFIG.UNSAFE_SESSION_TIMEOUT google_cloud_connect_datastore_unsafe_session_timeout
- CORS_MISCONFIGURATION_AUDIT cors_preflight_age_too_long
- DEADCODE none
- DEADCODE redundant_test
- DOM_XSS none
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_max_age
- IDENTICAL_BRANCHES case
- IDENTICAL_BRANCHES chain
- IDENTICAL_BRANCHES if
- IDENTICAL_BRANCHES ternary
- INSECURE_SALT hardcoded
- INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_aws
- INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_google
- JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_exipration
- JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_not_before
- LOCALSTORAGE_MANIPULATION none
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- REACT_DANGEROUS_INNERHTML react_set_unsafe_html
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO insecure_cipher
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SA.RISKY_CRYPTO ssl_protocol
- SESSIONSTORAGE_MANIPULATION none
- SQLI none
- SQLI nosink
- SQLI sink
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
- TEMPORARY_CREDENTIALS_DURATION temporary_credentials_duration
- UNREACHABLE none
- URL_MANIPULATION none
- VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
- XML_EXTERNAL_ENTITY entity_expansion
- XSS none
|
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- OS_CMD_INJECTION command_as_array_of_args
- OS_CMD_INJECTION command_as_one_string
- PATH_MANIPULATION none
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SQLI none
- SQLI nosink
- SQLI sink
- URL_MANIPULATION bad_content_uri
- URL_MANIPULATION bad_intent_uri
- URL_MANIPULATION bad_web_uri
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
- XML_EXTERNAL_ENTITY entity_expansion
- XML_EXTERNAL_ENTITY unrestricted_dtds
|
- ARRAY_VS_SINGLETON none
- BAD_ALLOC_ARITHMETIC none
- BUFFER_SIZE fixed_size_dest
- BUFFER_SIZE likely_overflow
- BUFFER_SIZE none
- BUFFER_SIZE overflow
- BUFFER_SIZE overlapping_buffer
- CHAR_IO none
- CHECKED_RETURN library_function
- CHECKED_RETURN none
- CHECKED_RETURN short_read
- CHECKED_RETURN unchecked_arg
- CHECKED_RETURN user_required
- CTOR_DTOR_LEAK none
- DEADCODE dead_case_in_switch
- DEADCODE dead_default_in_switch
- DEADCODE effectively_constant
- DEADCODE none
- DEADCODE redundant_test
- FORMAT_STRING_INJECTION none
- FORMAT_STRING_INJECTION paranoid
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- IDENTICAL_BRANCHES case
- IDENTICAL_BRANCHES chain
- IDENTICAL_BRANCHES if
- IDENTICAL_BRANCHES ternary
- INCOMPATIBLE_CAST float_vs_integral
- INCOMPATIBLE_CAST none
- INFINITE_LOOP no_escape
- INFINITE_LOOP none
- INTEGER_OVERFLOW array_index_read
- INTEGER_OVERFLOW pointer_deref_read
- LOCK double_lock
- LOCK missing_unlock
- LOCK none
- MISRA_CAST bitwise_op_bad_cast
- MISRA_CAST bitwise_op_no_cast
- MISRA_CAST float_complex_conversion
- MISRA_CAST float_narrowing_conversion
- MISRA_CAST float_non_constant_arg_conversion
- MISRA_CAST float_non_constant_conversion
- MISRA_CAST float_non_constant_rtn_conversion
- MISRA_CAST float_to_integer_cast
- MISRA_CAST float_to_integer_conversion
- MISRA_CAST float_widening_cast
- MISRA_CAST integer_complex_conversion
- MISRA_CAST integer_narrowing_conversion
- MISRA_CAST integer_non_constant_arg_conversion
- MISRA_CAST integer_non_constant_conversion
- MISRA_CAST integer_non_constant_rtn_conversion
- MISRA_CAST integer_signedness_changing_cast
- MISRA_CAST integer_signedness_changing_conversion
- MISRA_CAST integer_to_float_cast
- MISRA_CAST integer_to_float_conversion
- MISRA_CAST integer_widening_cast
- MISRA_CAST none
- MISSING_ASSIGN none
- MISSING_ASSIGN uncalled
- MISSING_COPY none
- MISSING_COPY uncalled
- NEGATIVE_RETURNS array_index_read
- NEGATIVE_RETURNS array_index_write
- NEGATIVE_RETURNS loop_bound
- NO_EFFECT bad_memset_truncated_fill
- NO_EFFECT bad_memset_zero_size
- NO_EFFECT incomplete_delete
- NO_EFFECT unsigned_compare
- NO_EFFECT unsigned_compare_macros
- NO_EFFECT unsigned_enums
- ORDER_REVERSAL none
- OS_CMD_INJECTION none
- OVERRUN illegal_address
- OVERRUN none
- OVERRUN read
- OVERRUN strlen
- OVERRUN write
- PATH_MANIPULATION none
- RESOURCE_LEAK fds_handles
- RETURN_LOCAL escape_local_addr_to_fields_or_globals
- RETURN_LOCAL none
- REVERSE_NEGATIVE array_index_read
- REVERSE_NEGATIVE array_index_write
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SIGN_EXTENSION none
- SIZECHECK likely_overflow
- SLEEP none
- SQLI none
- STRING_OVERFLOW fixed_size_dest
- STRING_OVERFLOW likely_overflow
- STRING_OVERFLOW none
- STRING_SIZE none
- TAINTED_SCALAR array_index_read
- TAINTED_SCALAR array_index_write
- TAINTED_SCALAR loop_bound
- TAINTED_SCALAR pointer_deref_read
- TAINTED_SCALAR pointer_deref_write
- UNREACHABLE none
- URL_MANIPULATION none
- USE_AFTER_FREE deref_read_after_free
- USE_AFTER_FREE deref_write_after_free
- USE_AFTER_FREE double_close
- USE_AFTER_FREE double_free
- USE_AFTER_FREE none
- USE_AFTER_FREE use_after_close
- VIRTUAL_DTOR empty_dtor
- VIRTUAL_DTOR none
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
- WRAPPER_ESCAPE COM_deref_read_after_free
- WRAPPER_ESCAPE COM_deref_write_after_free
- WRAPPER_ESCAPE COM_use_after_free
- WRAPPER_ESCAPE deref_read_after_free
- WRAPPER_ESCAPE deref_write_after_free
- WRAPPER_ESCAPE none
|
- DEADCODE none
- DEADCODE redundant_test
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- IDENTICAL_BRANCHES case
- IDENTICAL_BRANCHES chain
- IDENTICAL_BRANCHES if
- IDENTICAL_BRANCHES ternary
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- SQLI none
- SQLI nosink
- SQLI sink
- UNREACHABLE none
- XSS none
|
- DEADCODE none
- DEADCODE redundant_test
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- IDENTICAL_BRANCHES chain
- IDENTICAL_BRANCHES if
- IDENTICAL_BRANCHES ternary
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- SQLI none
- SQLI nosink
- SQLI sink
- UNREACHABLE none
- XSS none
|
- DEADCODE none
- DEADCODE redundant_test
- DYNAMIC_OBJECT_ATTRIBUTES cve_2013_0276_hi
- HARDCODED_CREDENTIALS secret_in_source_med
- IDENTICAL_BRANCHES chain
- IDENTICAL_BRANCHES if
- IDENTICAL_BRANCHES ternary
- OS_CMD_INJECTION command_injection_hi
- OS_CMD_INJECTION command_injection_med
- PATH_MANIPULATION dynamic_render_path_hi
- PATH_MANIPULATION dynamic_render_path_low
- PATH_MANIPULATION dynamic_render_path_med
- PATH_MANIPULATION dynamic_render_path_rce_hi
- PATH_MANIPULATION file_access_hi
- PATH_MANIPULATION file_access_low
- PATH_MANIPULATION file_access_med
- RAILS_DEVISE_CONFIG devise_encryptor_hi
- RUBY_VULNERABLE_LIBRARY cve_2010_3933_hi
- RUBY_VULNERABLE_LIBRARY cve_2011_2929_hi
- RUBY_VULNERABLE_LIBRARY cve_2011_2930_med
- RUBY_VULNERABLE_LIBRARY cve_2011_2931_hi
- RUBY_VULNERABLE_LIBRARY cve_2011_2932_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_2660_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_2661_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_2695_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_3463_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_3465_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_5664_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_0155_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_1855_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_1857_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_4491_med
- RUBY_VULNERABLE_LIBRARY cve_2013_6416_call_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_6416_med
- RUBY_VULNERABLE_LIBRARY cve_2013_6417_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_0080_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_0081_call_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_0081_med
- RUBY_VULNERABLE_LIBRARY cve_2014_3482_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_3483_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_low
- RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_med
- RUBY_VULNERABLE_LIBRARY cve_2014_3514_med
- RUBY_VULNERABLE_LIBRARY cve_2015_3226_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_3226_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7577_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7578_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_7578_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7579_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_7579_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7580_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_7580_med
- RUBY_VULNERABLE_LIBRARY cve_2016_6317_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_3741_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_3741_med
- RUBY_VULNERABLE_LIBRARY cve_2018_3760_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_3760_low
- RUBY_VULNERABLE_LIBRARY cve_2018_8048_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_8048_med
- RUBY_VULNERABLE_LIBRARY safe_buffer_vuln_med
- RUBY_VULNERABLE_LIBRARY select_options_vuln_low
- RUBY_VULNERABLE_LIBRARY select_options_vuln_med
- RUBY_VULNERABLE_LIBRARY translate_vuln_hi
- RUBY_VULNERABLE_LIBRARY translate_vuln_med
- SQLI sql_injection_calculate_hi
- SQLI sql_injection_calculate_low
- SQLI sql_injection_calculate_med
- SQLI sql_injection_connection_hi
- SQLI sql_injection_connection_low
- SQLI sql_injection_connection_med
- SQLI sql_injection_delete_hi
- SQLI sql_injection_delete_low
- SQLI sql_injection_delete_med
- SQLI sql_injection_dynamic_finder_med
- SQLI sql_injection_exists_hi
- SQLI sql_injection_find_by_hi
- SQLI sql_injection_find_hi
- SQLI sql_injection_find_low
- SQLI sql_injection_find_med
- SQLI sql_injection_from_hi
- SQLI sql_injection_from_low
- SQLI sql_injection_from_med
- SQLI sql_injection_group_low
- SQLI sql_injection_group_med
- SQLI sql_injection_having_low
- SQLI sql_injection_having_med
- SQLI sql_injection_hi
- SQLI sql_injection_interp_hi
- SQLI sql_injection_interp_low
- SQLI sql_injection_interp_med
- SQLI sql_injection_joins_hi
- SQLI sql_injection_joins_low
- SQLI sql_injection_joins_med
- SQLI sql_injection_limit_offset_hi
- SQLI sql_injection_limit_offset_low
- SQLI sql_injection_low
- SQLI sql_injection_med
- SQLI sql_injection_not_low
- SQLI sql_injection_order_hi
- SQLI sql_injection_order_low
- SQLI sql_injection_order_med
- SQLI sql_injection_pluck_hi
- SQLI sql_injection_pluck_low
- SQLI sql_injection_pluck_med
- SQLI sql_injection_reorder_hi
- SQLI sql_injection_reorder_low
- SQLI sql_injection_reorder_med
- SQLI sql_injection_select_hi
- SQLI sql_injection_select_med
- SQLI sql_injection_where_hi
- SQLI sql_injection_where_low
- SQLI sql_injection_where_med
- UNESCAPED_HTML unescaped_output_low
- UNREACHABLE none
- UNSAFE_BASIC_AUTH basic_auth_password_hi
- UNSAFE_SESSION_SETTING session_secret_hi
- WEAK_PASSWORD_HASH weak_hash_digest_hi
- WEAK_PASSWORD_HASH weak_hash_digest_med
- WEAK_PASSWORD_HASH weak_hash_hmac_med
- XSS cross_site_scripting_hi
- XSS cross_site_scripting_inline_hi
- XSS cross_site_scripting_inline_med
- XSS cross_site_scripting_low
- XSS cross_site_scripting_med
- XSS cve_2011_0446_hi
- XSS cve_2012_3464_med
- XSS cve_2016_6316_hi
- XSS cve_2016_6316_med
- XSS unquoted_attribute_hi
- XSS unquoted_attribute_low
- XSS unquoted_attribute_med
- XSS xss_content_tag_hi
- XSS xss_content_tag_med
- XSS xss_link_to_hi
- XSS xss_link_to_href_hi
- XSS xss_link_to_href_low
- XSS xss_link_to_med
- XSS xss_to_json_hi
- XSS xss_to_json_med
|
- DEADCODE dead_case_in_switch
- DEADCODE dead_default_in_switch
- DEADCODE effectively_constant
- DEADCODE none
- DEADCODE redundant_test
- IDENTICAL_BRANCHES case
- IDENTICAL_BRANCHES chain
- IDENTICAL_BRANCHES if
- IDENTICAL_BRANCHES ternary
- UNREACHABLE none
|
- DEADCODE dead_case_in_switch
- DEADCODE dead_default_in_switch
- DEADCODE effectively_constant
- DEADCODE none
- DEADCODE redundant_test
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- IDENTICAL_BRANCHES case
- IDENTICAL_BRANCHES chain
- IDENTICAL_BRANCHES if
- IDENTICAL_BRANCHES ternary
- PATH_MANIPULATION none
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SQLI none
- SQLI nosink
- SQLI sink
|
- ANGULAR_BYPASS_SECURITY none
- ANGULAR_ELEMENT_REFERENCE none
- ANGULAR_SCE_DISABLED angular_sce_disabled
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
- CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
- CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
- CONFIG.JSONWEBTOKEN_NON_EXPIRING_TOKEN jwt_non_expiring_token
- CONFIG.UNSAFE_SESSION_TIMEOUT client_sessions_unsafe_session_timeout
- CONFIG.UNSAFE_SESSION_TIMEOUT connect_mongo_session_timeout_too_long
- CONFIG.UNSAFE_SESSION_TIMEOUT connect_redis_session_timeout_too_long
- CONFIG.UNSAFE_SESSION_TIMEOUT google_cloud_connect_datastore_unsafe_session_timeout
- CORS_MISCONFIGURATION_AUDIT cors_preflight_age_too_long
- DEADCODE none
- DEADCODE redundant_test
- DOM_XSS none
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_max_age
- IDENTICAL_BRANCHES case
- IDENTICAL_BRANCHES chain
- IDENTICAL_BRANCHES if
- IDENTICAL_BRANCHES ternary
- INSECURE_SALT hardcoded
- INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_aws
- INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_google
- JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_exipration
- JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_not_before
- LOCALSTORAGE_MANIPULATION none
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- REACT_DANGEROUS_INNERHTML react_set_unsafe_html
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO insecure_cipher
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SA.RISKY_CRYPTO ssl_protocol
- SESSIONSTORAGE_MANIPULATION none
- SQLI none
- SQLI nosink
- SQLI sink
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
- TEMPORARY_CREDENTIALS_DURATION temporary_credentials_duration
- UNREACHABLE none
- URL_MANIPULATION none
- VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
- XML_EXTERNAL_ENTITY entity_expansion
- XSS none
|
- DEADCODE dead_case_in_switch
- DEADCODE dead_default_in_switch
- DEADCODE effectively_constant
- DEADCODE none
- DEADCODE redundant_test
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- IDENTICAL_BRANCHES case
- IDENTICAL_BRANCHES chain
- IDENTICAL_BRANCHES if
- IDENTICAL_BRANCHES ternary
- INFINITE_LOOP no_escape
- INFINITE_LOOP none
- OS_CMD_INJECTION command_argument
- OS_CMD_INJECTION executable_file
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
- UNREACHABLE none
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
- XML_EXTERNAL_ENTITY entity_expansion
- XML_EXTERNAL_ENTITY unrestricted_dtds
- XSS none
- XSS stored_xss
|
| 1129 CISQ Quality Measures - Reliability |
- XML_EXTERNAL_ENTITY entity_expansion
- XML_EXTERNAL_ENTITY unrestricted_dtds
|
- ARRAY_VS_SINGLETON none
- BAD_ALLOC_ARITHMETIC none
- BUFFER_SIZE fixed_size_dest
- BUFFER_SIZE likely_overflow
- BUFFER_SIZE none
- BUFFER_SIZE overflow
- BUFFER_SIZE overlapping_buffer
- CHAR_IO none
- CHECKED_RETURN library_function
- CHECKED_RETURN none
- CHECKED_RETURN returns_error_info
- CHECKED_RETURN short_read
- CHECKED_RETURN unchecked_arg
- CHECKED_RETURN user_required
- COM.ADDROF_LEAK none
- COM.BSTR.ALLOC leak
- CTOR_DTOR_LEAK none
- FLOATING_POINT_EQUALITY none
- INCOMPATIBLE_CAST float_vs_integral
- INCOMPATIBLE_CAST none
- INTEGER_OVERFLOW array_index_read
- INTEGER_OVERFLOW pointer_deref_read
- MISRA_CAST bitwise_op_bad_cast
- MISRA_CAST bitwise_op_no_cast
- MISRA_CAST float_complex_conversion
- MISRA_CAST float_narrowing_conversion
- MISRA_CAST float_non_constant_arg_conversion
- MISRA_CAST float_non_constant_conversion
- MISRA_CAST float_non_constant_rtn_conversion
- MISRA_CAST float_to_integer_cast
- MISRA_CAST float_to_integer_conversion
- MISRA_CAST float_widening_cast
- MISRA_CAST integer_complex_conversion
- MISRA_CAST integer_narrowing_conversion
- MISRA_CAST integer_non_constant_arg_conversion
- MISRA_CAST integer_non_constant_conversion
- MISRA_CAST integer_non_constant_rtn_conversion
- MISRA_CAST integer_signedness_changing_cast
- MISRA_CAST integer_signedness_changing_conversion
- MISRA_CAST integer_to_float_cast
- MISRA_CAST integer_to_float_conversion
- MISRA_CAST integer_widening_cast
- MISRA_CAST none
- NO_EFFECT bad_memset_truncated_fill
- NO_EFFECT bad_memset_zero_size
- NO_EFFECT incomplete_delete
- OVERRUN illegal_address
- OVERRUN none
- OVERRUN read
- OVERRUN strlen
- OVERRUN write
- PW.BAD_CAST none
- PW.CONVERSION_TO_POINTER_LOSES_BITS none
- RESOURCE_LEAK fds_handles
- SIGN_EXTENSION none
- SIZECHECK likely_overflow
- STRING_OVERFLOW fixed_size_dest
- STRING_OVERFLOW likely_overflow
- STRING_OVERFLOW none
- STRING_SIZE none
- VIRTUAL_DTOR empty_dtor
- VIRTUAL_DTOR none
- Y2K38_SAFETY declaration_with_small_time_t
- Y2K38_SAFETY truncation_of_time_t
|
- ARRAY_VS_SINGLETON none
- BAD_ALLOC_ARITHMETIC none
- BUFFER_SIZE fixed_size_dest
- BUFFER_SIZE likely_overflow
- BUFFER_SIZE none
- BUFFER_SIZE overflow
- BUFFER_SIZE overlapping_buffer
- CHAR_IO none
- CHECKED_RETURN library_function
- CHECKED_RETURN none
- CHECKED_RETURN returns_error_info
- CHECKED_RETURN short_read
- CHECKED_RETURN unchecked_arg
- CHECKED_RETURN user_required
- CTOR_DTOR_LEAK none
- INCOMPATIBLE_CAST float_vs_integral
- INCOMPATIBLE_CAST none
- INTEGER_OVERFLOW array_index_read
- INTEGER_OVERFLOW pointer_deref_read
- MISRA_CAST bitwise_op_bad_cast
- MISRA_CAST bitwise_op_no_cast
- MISRA_CAST float_complex_conversion
- MISRA_CAST float_narrowing_conversion
- MISRA_CAST float_non_constant_arg_conversion
- MISRA_CAST float_non_constant_conversion
- MISRA_CAST float_non_constant_rtn_conversion
- MISRA_CAST float_to_integer_cast
- MISRA_CAST float_to_integer_conversion
- MISRA_CAST float_widening_cast
- MISRA_CAST integer_complex_conversion
- MISRA_CAST integer_narrowing_conversion
- MISRA_CAST integer_non_constant_arg_conversion
- MISRA_CAST integer_non_constant_conversion
- MISRA_CAST integer_non_constant_rtn_conversion
- MISRA_CAST integer_signedness_changing_cast
- MISRA_CAST integer_signedness_changing_conversion
- MISRA_CAST integer_to_float_cast
- MISRA_CAST integer_to_float_conversion
- MISRA_CAST integer_widening_cast
- MISRA_CAST none
- NO_EFFECT bad_memset_truncated_fill
- NO_EFFECT bad_memset_zero_size
- NO_EFFECT incomplete_delete
- OVERRUN illegal_address
- OVERRUN none
- OVERRUN read
- OVERRUN strlen
- OVERRUN write
- PW.BAD_CAST none
- PW.CONVERSION_TO_POINTER_LOSES_BITS none
- RESOURCE_LEAK fds_handles
- SIGN_EXTENSION none
- SIZECHECK likely_overflow
- STRING_OVERFLOW fixed_size_dest
- STRING_OVERFLOW likely_overflow
- STRING_OVERFLOW none
- STRING_SIZE none
- VIRTUAL_DTOR empty_dtor
- VIRTUAL_DTOR none
|
- CHECKED_RETURN none
- CHECKED_RETURN unchecked_arg
- XML_EXTERNAL_ENTITY entity_expansion
|
- CHECKED_RETURN library_function
- CHECKED_RETURN none
- CHECKED_RETURN short_read
- CHECKED_RETURN user_required
- FB.BX_BOXING_IMMEDIATELY_UNBOXED_TO_PERFORM_COERCION none
- FB.ICAST_BAD_SHIFT_AMOUNT none
- FB.ICAST_IDIV_CAST_TO_DOUBLE none
- FB.ICAST_INTEGER_MULTIPLY_CAST_TO_LONG none
- FB.ICAST_INT_2_LONG_AS_INSTANT none
- FB.ICAST_INT_CAST_TO_DOUBLE_PASSED_TO_CEIL none
- FB.ICAST_INT_CAST_TO_FLOAT_PASSED_TO_ROUND none
- FB.ICAST_QUESTIONABLE_UNSIGNED_RIGHT_SHIFT none
- FB.IL_INFINITE_RECURSIVE_LOOP none
- FB.REC_CATCH_EXCEPTION none
- XML_EXTERNAL_ENTITY entity_expansion
- XML_EXTERNAL_ENTITY unrestricted_dtds
|
- XML_EXTERNAL_ENTITY entity_expansion
|
- XML_EXTERNAL_ENTITY entity_expansion
- XML_EXTERNAL_ENTITY unrestricted_dtds
|
- ARRAY_VS_SINGLETON none
- BAD_ALLOC_ARITHMETIC none
- BUFFER_SIZE fixed_size_dest
- BUFFER_SIZE likely_overflow
- BUFFER_SIZE none
- BUFFER_SIZE overflow
- BUFFER_SIZE overlapping_buffer
- CHAR_IO none
- CHECKED_RETURN library_function
- CHECKED_RETURN none
- CHECKED_RETURN short_read
- CHECKED_RETURN unchecked_arg
- CHECKED_RETURN user_required
- CTOR_DTOR_LEAK none
- INCOMPATIBLE_CAST float_vs_integral
- INCOMPATIBLE_CAST none
- INTEGER_OVERFLOW array_index_read
- INTEGER_OVERFLOW pointer_deref_read
- MISRA_CAST bitwise_op_bad_cast
- MISRA_CAST bitwise_op_no_cast
- MISRA_CAST float_complex_conversion
- MISRA_CAST float_narrowing_conversion
- MISRA_CAST float_non_constant_arg_conversion
- MISRA_CAST float_non_constant_conversion
- MISRA_CAST float_non_constant_rtn_conversion
- MISRA_CAST float_to_integer_cast
- MISRA_CAST float_to_integer_conversion
- MISRA_CAST float_widening_cast
- MISRA_CAST integer_complex_conversion
- MISRA_CAST integer_narrowing_conversion
- MISRA_CAST integer_non_constant_arg_conversion
- MISRA_CAST integer_non_constant_conversion
- MISRA_CAST integer_non_constant_rtn_conversion
- MISRA_CAST integer_signedness_changing_cast
- MISRA_CAST integer_signedness_changing_conversion
- MISRA_CAST integer_to_float_cast
- MISRA_CAST integer_to_float_conversion
- MISRA_CAST integer_widening_cast
- MISRA_CAST none
- NO_EFFECT bad_memset_truncated_fill
- NO_EFFECT bad_memset_zero_size
- NO_EFFECT incomplete_delete
- OVERRUN illegal_address
- OVERRUN none
- OVERRUN read
- OVERRUN strlen
- OVERRUN write
- RESOURCE_LEAK fds_handles
- SIGN_EXTENSION none
- SIZECHECK likely_overflow
- STRING_OVERFLOW fixed_size_dest
- STRING_OVERFLOW likely_overflow
- STRING_OVERFLOW none
- STRING_SIZE none
- VIRTUAL_DTOR empty_dtor
- VIRTUAL_DTOR none
|
|
|
- SQLI sql_injection_dynamic_finder_med
|
|
|
- XML_EXTERNAL_ENTITY entity_expansion
|
- XML_EXTERNAL_ENTITY entity_expansion
- XML_EXTERNAL_ENTITY unrestricted_dtds
|
| 1130 CISQ Quality Measures - Maintainability |
- BAD_EQ_TYPES none
- DEADCODE dead_case_in_switch
- DEADCODE dead_default_in_switch
- DEADCODE effectively_constant
- DEADCODE none
- DEADCODE redundant_test
- IDENTICAL_BRANCHES case
- IDENTICAL_BRANCHES chain
- IDENTICAL_BRANCHES if
- IDENTICAL_BRANCHES ternary
- UNREACHABLE none
|
- DEADCODE dead_case_in_switch
- DEADCODE dead_default_in_switch
- DEADCODE effectively_constant
- DEADCODE none
- DEADCODE redundant_test
- IDENTICAL_BRANCHES case
- IDENTICAL_BRANCHES chain
- IDENTICAL_BRANCHES if
- IDENTICAL_BRANCHES ternary
- NO_EFFECT unsigned_compare
- NO_EFFECT unsigned_compare_macros
- NO_EFFECT unsigned_enums
- PW.UNSIGNED_COMPARE_WITH_NEGATIVE none
- UNREACHABLE none
|
- DEADCODE dead_case_in_switch
- DEADCODE dead_default_in_switch
- DEADCODE effectively_constant
- DEADCODE none
- DEADCODE redundant_test
- IDENTICAL_BRANCHES case
- IDENTICAL_BRANCHES chain
- IDENTICAL_BRANCHES if
- IDENTICAL_BRANCHES ternary
- NO_EFFECT unsigned_compare
- NO_EFFECT unsigned_compare_macros
- NO_EFFECT unsigned_enums
- PW.UNSIGNED_COMPARE_WITH_NEGATIVE none
- UNREACHABLE none
|
- DEADCODE dead_case_in_switch
- DEADCODE dead_default_in_switch
- DEADCODE effectively_constant
- DEADCODE none
- DEADCODE redundant_test
- IDENTICAL_BRANCHES case
- IDENTICAL_BRANCHES chain
- IDENTICAL_BRANCHES if
- IDENTICAL_BRANCHES ternary
|
- DEADCODE dead_case_in_switch
- DEADCODE dead_default_in_switch
- DEADCODE effectively_constant
- DEADCODE none
- DEADCODE redundant_test
- FB.BC_IMPOSSIBLE_CAST none
- FB.BC_IMPOSSIBLE_DOWNCAST none
- FB.BC_IMPOSSIBLE_DOWNCAST_OF_TOARRAY none
- FB.BC_IMPOSSIBLE_INSTANCEOF none
- FB.BC_VACUOUS_INSTANCEOF none
- IDENTICAL_BRANCHES case
- IDENTICAL_BRANCHES chain
- IDENTICAL_BRANCHES if
- IDENTICAL_BRANCHES ternary
- UNREACHABLE none
|
- DEADCODE none
- DEADCODE redundant_test
- IDENTICAL_BRANCHES case
- IDENTICAL_BRANCHES chain
- IDENTICAL_BRANCHES if
- IDENTICAL_BRANCHES ternary
- UNREACHABLE none
|
|
- DEADCODE dead_case_in_switch
- DEADCODE dead_default_in_switch
- DEADCODE effectively_constant
- DEADCODE none
- DEADCODE redundant_test
- IDENTICAL_BRANCHES case
- IDENTICAL_BRANCHES chain
- IDENTICAL_BRANCHES if
- IDENTICAL_BRANCHES ternary
- NO_EFFECT unsigned_compare
- NO_EFFECT unsigned_compare_macros
- NO_EFFECT unsigned_enums
- UNREACHABLE none
|
- DEADCODE none
- DEADCODE redundant_test
- IDENTICAL_BRANCHES case
- IDENTICAL_BRANCHES chain
- IDENTICAL_BRANCHES if
- IDENTICAL_BRANCHES ternary
- UNREACHABLE none
|
- DEADCODE none
- DEADCODE redundant_test
- IDENTICAL_BRANCHES chain
- IDENTICAL_BRANCHES if
- IDENTICAL_BRANCHES ternary
- UNREACHABLE none
|
- DEADCODE none
- DEADCODE redundant_test
- IDENTICAL_BRANCHES chain
- IDENTICAL_BRANCHES if
- IDENTICAL_BRANCHES ternary
- UNREACHABLE none
|
- DEADCODE dead_case_in_switch
- DEADCODE dead_default_in_switch
- DEADCODE effectively_constant
- DEADCODE none
- DEADCODE redundant_test
- IDENTICAL_BRANCHES case
- IDENTICAL_BRANCHES chain
- IDENTICAL_BRANCHES if
- IDENTICAL_BRANCHES ternary
- UNREACHABLE none
|
- DEADCODE dead_case_in_switch
- DEADCODE dead_default_in_switch
- DEADCODE effectively_constant
- DEADCODE none
- DEADCODE redundant_test
- IDENTICAL_BRANCHES case
- IDENTICAL_BRANCHES chain
- IDENTICAL_BRANCHES if
- IDENTICAL_BRANCHES ternary
|
- DEADCODE none
- DEADCODE redundant_test
- IDENTICAL_BRANCHES case
- IDENTICAL_BRANCHES chain
- IDENTICAL_BRANCHES if
- IDENTICAL_BRANCHES ternary
- UNREACHABLE none
|
- DEADCODE dead_case_in_switch
- DEADCODE dead_default_in_switch
- DEADCODE effectively_constant
- DEADCODE none
- DEADCODE redundant_test
- IDENTICAL_BRANCHES case
- IDENTICAL_BRANCHES chain
- IDENTICAL_BRANCHES if
- IDENTICAL_BRANCHES ternary
- UNREACHABLE none
|
| 1131 CISQ Quality Measures - Security |
- CONFIG.CONNECTION_STRING_PASSWORD none
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- INFINITE_LOOP no_escape
- INFINITE_LOOP none
- LOCK_INVERSION none
- OS_CMD_INJECTION command_argument
- OS_CMD_INJECTION executable_file
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
- XSS none
- XSS stored_xss
|
- BUFFER_SIZE fixed_size_dest
- BUFFER_SIZE likely_overflow
- BUFFER_SIZE none
- BUFFER_SIZE overflow
- BUFFER_SIZE overlapping_buffer
- CHAR_IO none
- CHECKED_RETURN library_function
- CHECKED_RETURN none
- CHECKED_RETURN returns_error_info
- CHECKED_RETURN short_read
- CHECKED_RETURN unchecked_arg
- CHECKED_RETURN user_required
- COM.ADDROF_LEAK none
- COM.BAD_FREE none
- COM.BSTR.ALLOC double_free
- COM.BSTR.ALLOC free_uninit
- COM.BSTR.ALLOC leak
- COM.BSTR.ALLOC none
- COM.BSTR.ALLOC use_after_free
- COM.BSTR.ALLOC use_uninit
- CTOR_DTOR_LEAK none
- FORMAT_STRING_INJECTION none
- FORMAT_STRING_INJECTION paranoid
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- INFINITE_LOOP no_escape
- INFINITE_LOOP none
- LOCK double_lock
- LOCK missing_unlock
- LOCK none
- MISRA_CAST bitwise_op_bad_cast
- MISRA_CAST bitwise_op_no_cast
- MISRA_CAST float_complex_conversion
- MISRA_CAST float_narrowing_conversion
- MISRA_CAST float_non_constant_arg_conversion
- MISRA_CAST float_non_constant_conversion
- MISRA_CAST float_non_constant_rtn_conversion
- MISRA_CAST float_to_integer_cast
- MISRA_CAST float_to_integer_conversion
- MISRA_CAST float_widening_cast
- MISRA_CAST integer_complex_conversion
- MISRA_CAST integer_narrowing_conversion
- MISRA_CAST integer_non_constant_arg_conversion
- MISRA_CAST integer_non_constant_conversion
- MISRA_CAST integer_non_constant_rtn_conversion
- MISRA_CAST integer_signedness_changing_cast
- MISRA_CAST integer_signedness_changing_conversion
- MISRA_CAST integer_to_float_cast
- MISRA_CAST integer_to_float_conversion
- MISRA_CAST integer_widening_cast
- MISRA_CAST none
- MISSING_ASSIGN none
- MISSING_ASSIGN uncalled
- MISSING_COPY none
- MISSING_COPY uncalled
- NEGATIVE_RETURNS array_index_read
- NEGATIVE_RETURNS array_index_write
- NEGATIVE_RETURNS loop_bound
- NO_EFFECT bad_memset_truncated_fill
- NO_EFFECT bad_memset_zero_size
- NO_EFFECT incomplete_delete
- ORDER_REVERSAL none
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- PW.NON_CONST_PRINTF_FORMAT_STRING none
- PW.RETURN_PTR_TO_LOCAL_TEMP none
- RESOURCE_LEAK fds_handles
- RETURN_LOCAL escape_local_addr_to_fields_or_globals
- RETURN_LOCAL none
- REVERSE_NEGATIVE array_index_read
- REVERSE_NEGATIVE array_index_write
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SIGN_EXTENSION none
- SIZECHECK likely_overflow
- SLEEP none
- SQLI none
- STRING_OVERFLOW fixed_size_dest
- STRING_OVERFLOW likely_overflow
- STRING_OVERFLOW none
- STRING_SIZE none
- TAINTED_SCALAR array_index_read
- TAINTED_SCALAR array_index_write
- TAINTED_SCALAR loop_bound
- TAINTED_SCALAR pointer_deref_read
- TAINTED_SCALAR pointer_deref_write
- URL_MANIPULATION none
- USE_AFTER_FREE deref_read_after_free
- USE_AFTER_FREE deref_write_after_free
- USE_AFTER_FREE double_close
- USE_AFTER_FREE double_free
- USE_AFTER_FREE none
- USE_AFTER_FREE use_after_close
- VIRTUAL_DTOR empty_dtor
- VIRTUAL_DTOR none
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
- WRAPPER_ESCAPE COM_deref_read_after_free
- WRAPPER_ESCAPE COM_deref_write_after_free
- WRAPPER_ESCAPE COM_use_after_free
- WRAPPER_ESCAPE deref_read_after_free
- WRAPPER_ESCAPE deref_write_after_free
- WRAPPER_ESCAPE none
- Y2K38_SAFETY declaration_with_small_time_t
- Y2K38_SAFETY truncation_of_time_t
|
- BUFFER_SIZE fixed_size_dest
- BUFFER_SIZE likely_overflow
- BUFFER_SIZE none
- BUFFER_SIZE overflow
- BUFFER_SIZE overlapping_buffer
- CHAR_IO none
- CHECKED_RETURN library_function
- CHECKED_RETURN none
- CHECKED_RETURN returns_error_info
- CHECKED_RETURN short_read
- CHECKED_RETURN unchecked_arg
- CHECKED_RETURN user_required
- CTOR_DTOR_LEAK none
- FORMAT_STRING_INJECTION none
- FORMAT_STRING_INJECTION paranoid
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- INFINITE_LOOP no_escape
- INFINITE_LOOP none
- LOCK double_lock
- LOCK missing_unlock
- LOCK none
- MISRA_CAST bitwise_op_bad_cast
- MISRA_CAST bitwise_op_no_cast
- MISRA_CAST float_complex_conversion
- MISRA_CAST float_narrowing_conversion
- MISRA_CAST float_non_constant_arg_conversion
- MISRA_CAST float_non_constant_conversion
- MISRA_CAST float_non_constant_rtn_conversion
- MISRA_CAST float_to_integer_cast
- MISRA_CAST float_to_integer_conversion
- MISRA_CAST float_widening_cast
- MISRA_CAST integer_complex_conversion
- MISRA_CAST integer_narrowing_conversion
- MISRA_CAST integer_non_constant_arg_conversion
- MISRA_CAST integer_non_constant_conversion
- MISRA_CAST integer_non_constant_rtn_conversion
- MISRA_CAST integer_signedness_changing_cast
- MISRA_CAST integer_signedness_changing_conversion
- MISRA_CAST integer_to_float_cast
- MISRA_CAST integer_to_float_conversion
- MISRA_CAST integer_widening_cast
- MISRA_CAST none
- MISSING_ASSIGN none
- MISSING_ASSIGN uncalled
- MISSING_COPY none
- MISSING_COPY uncalled
- NEGATIVE_RETURNS array_index_read
- NEGATIVE_RETURNS array_index_write
- NEGATIVE_RETURNS loop_bound
- NO_EFFECT bad_memset_truncated_fill
- NO_EFFECT bad_memset_zero_size
- NO_EFFECT incomplete_delete
- ORDER_REVERSAL none
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- PW.NON_CONST_PRINTF_FORMAT_STRING none
- PW.RETURN_PTR_TO_LOCAL_TEMP none
- RESOURCE_LEAK fds_handles
- RETURN_LOCAL escape_local_addr_to_fields_or_globals
- RETURN_LOCAL none
- REVERSE_NEGATIVE array_index_read
- REVERSE_NEGATIVE array_index_write
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SIGN_EXTENSION none
- SIZECHECK likely_overflow
- SLEEP none
- SQLI none
- STRING_OVERFLOW fixed_size_dest
- STRING_OVERFLOW likely_overflow
- STRING_OVERFLOW none
- STRING_SIZE none
- TAINTED_SCALAR array_index_read
- TAINTED_SCALAR array_index_write
- TAINTED_SCALAR loop_bound
- TAINTED_SCALAR pointer_deref_read
- TAINTED_SCALAR pointer_deref_write
- URL_MANIPULATION none
- USE_AFTER_FREE deref_read_after_free
- USE_AFTER_FREE deref_write_after_free
- USE_AFTER_FREE double_close
- USE_AFTER_FREE double_free
- USE_AFTER_FREE none
- USE_AFTER_FREE use_after_close
- VIRTUAL_DTOR empty_dtor
- VIRTUAL_DTOR none
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
- WRAPPER_ESCAPE COM_deref_read_after_free
- WRAPPER_ESCAPE COM_deref_write_after_free
- WRAPPER_ESCAPE COM_use_after_free
- WRAPPER_ESCAPE deref_read_after_free
- WRAPPER_ESCAPE deref_write_after_free
- WRAPPER_ESCAPE none
|
- CHECKED_RETURN none
- CHECKED_RETURN unchecked_arg
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- INFINITE_LOOP no_escape
- INFINITE_LOOP none
- LOCK double_lock
- LOCK missing_unlock
- LOCK none
- LOCK_INVERSION none
- OS_CMD_INJECTION command_as_one_string
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SLEEP none
- SQLI none
- SQLI nosink
- SQLI sink
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
- URL_MANIPULATION none
- XSS none
|
- CHECKED_RETURN library_function
- CHECKED_RETURN none
- CHECKED_RETURN short_read
- CHECKED_RETURN user_required
- CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
- CONFIG.MYBATIS_MAPPER_SQLI none
- CONFIG.SPRING_SECURITY_DEPRECATED_XSS_HEADER deprecated_xss_header
- CONFIG.SPRING_SECURITY_HARDCODED_CREDENTIALS none
- CONFIG.SPRING_SECURITY_REMEMBER_ME_HARDCODED_KEY none
- CONFIG.SPRING_SECURITY_WEAK_PASSWORD_HASH weak_encoding_for_password
- CONFIG.UNSAFE_SESSION_TIMEOUT none
- DC.DEADLOCK none
- FB.BX_BOXING_IMMEDIATELY_UNBOXED_TO_PERFORM_COERCION none
- FB.DC_DOUBLECHECK none
- FB.DC_PARTIALLY_CONSTRUCTED none
- FB.DMI_CONSTANT_DB_PASSWORD none
- FB.DMI_EMPTY_DB_PASSWORD none
- FB.ICAST_BAD_SHIFT_AMOUNT none
- FB.ICAST_IDIV_CAST_TO_DOUBLE none
- FB.ICAST_INTEGER_MULTIPLY_CAST_TO_LONG none
- FB.ICAST_INT_2_LONG_AS_INSTANT none
- FB.ICAST_INT_CAST_TO_DOUBLE_PASSED_TO_CEIL none
- FB.ICAST_INT_CAST_TO_FLOAT_PASSED_TO_ROUND none
- FB.ICAST_QUESTIONABLE_UNSIGNED_RIGHT_SHIFT none
- FB.PT_ABSOLUTE_PATH_TRAVERSAL none
- FB.PT_RELATIVE_PATH_TRAVERSAL none
- FB.REC_CATCH_EXCEPTION none
- FB.SQL_NONCONSTANT_STRING_PASSED_TO_EXECUTE none
- FB.SQL_PREPARED_STATEMENT_GENERATED_FROM_NONCONSTANT_STRING none
- FB.XSS_REQUEST_PARAMETER_TO_JSP_WRITER none
- FB.XSS_REQUEST_PARAMETER_TO_SEND_ERROR none
- FB.XSS_REQUEST_PARAMETER_TO_SERVLET_WRITER none
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- INFINITE_LOOP no_escape
- INFINITE_LOOP none
- JSP_DYNAMIC_INCLUDE none
- JSP_SQL_INJECTION none
- LOCK_INVERSION none
- OS_CMD_INJECTION command_as_array_of_args
- OS_CMD_INJECTION command_as_one_string
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
- URL_MANIPULATION bad_content_uri
- URL_MANIPULATION bad_intent_uri
- URL_MANIPULATION bad_web_uri
- USE_AFTER_FREE none
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
- XSS none
- XSS stored_xss
|
- ANGULAR_BYPASS_SECURITY none
- ANGULAR_ELEMENT_REFERENCE none
- ANGULAR_SCE_DISABLED angular_sce_disabled
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
- CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
- CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
- CONFIG.JSONWEBTOKEN_NON_EXPIRING_TOKEN jwt_non_expiring_token
- CONFIG.UNSAFE_SESSION_TIMEOUT client_sessions_unsafe_session_timeout
- CONFIG.UNSAFE_SESSION_TIMEOUT connect_mongo_session_timeout_too_long
- CONFIG.UNSAFE_SESSION_TIMEOUT connect_redis_session_timeout_too_long
- CONFIG.UNSAFE_SESSION_TIMEOUT google_cloud_connect_datastore_unsafe_session_timeout
- CORS_MISCONFIGURATION_AUDIT cors_preflight_age_too_long
- DOM_XSS none
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_max_age
- INSECURE_SALT hardcoded
- INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_aws
- INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_google
- JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_exipration
- JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_not_before
- LOCALSTORAGE_MANIPULATION none
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- REACT_DANGEROUS_INNERHTML react_set_unsafe_html
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO insecure_cipher
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SA.RISKY_CRYPTO ssl_protocol
- SESSIONSTORAGE_MANIPULATION none
- SQLI none
- SQLI nosink
- SQLI sink
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
- TEMPORARY_CREDENTIALS_DURATION temporary_credentials_duration
- URL_MANIPULATION none
- VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
- XSS none
|
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- OS_CMD_INJECTION command_as_array_of_args
- OS_CMD_INJECTION command_as_one_string
- PATH_MANIPULATION none
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SQLI none
- SQLI nosink
- SQLI sink
- URL_MANIPULATION bad_content_uri
- URL_MANIPULATION bad_intent_uri
- URL_MANIPULATION bad_web_uri
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
|
- BUFFER_SIZE fixed_size_dest
- BUFFER_SIZE likely_overflow
- BUFFER_SIZE none
- BUFFER_SIZE overflow
- BUFFER_SIZE overlapping_buffer
- CHAR_IO none
- CHECKED_RETURN library_function
- CHECKED_RETURN none
- CHECKED_RETURN short_read
- CHECKED_RETURN unchecked_arg
- CHECKED_RETURN user_required
- CTOR_DTOR_LEAK none
- FORMAT_STRING_INJECTION none
- FORMAT_STRING_INJECTION paranoid
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- INFINITE_LOOP no_escape
- INFINITE_LOOP none
- LOCK double_lock
- LOCK missing_unlock
- LOCK none
- MISRA_CAST bitwise_op_bad_cast
- MISRA_CAST bitwise_op_no_cast
- MISRA_CAST float_complex_conversion
- MISRA_CAST float_narrowing_conversion
- MISRA_CAST float_non_constant_arg_conversion
- MISRA_CAST float_non_constant_conversion
- MISRA_CAST float_non_constant_rtn_conversion
- MISRA_CAST float_to_integer_cast
- MISRA_CAST float_to_integer_conversion
- MISRA_CAST float_widening_cast
- MISRA_CAST integer_complex_conversion
- MISRA_CAST integer_narrowing_conversion
- MISRA_CAST integer_non_constant_arg_conversion
- MISRA_CAST integer_non_constant_conversion
- MISRA_CAST integer_non_constant_rtn_conversion
- MISRA_CAST integer_signedness_changing_cast
- MISRA_CAST integer_signedness_changing_conversion
- MISRA_CAST integer_to_float_cast
- MISRA_CAST integer_to_float_conversion
- MISRA_CAST integer_widening_cast
- MISRA_CAST none
- MISSING_ASSIGN none
- MISSING_ASSIGN uncalled
- MISSING_COPY none
- MISSING_COPY uncalled
- NEGATIVE_RETURNS array_index_read
- NEGATIVE_RETURNS array_index_write
- NEGATIVE_RETURNS loop_bound
- NO_EFFECT bad_memset_truncated_fill
- NO_EFFECT bad_memset_zero_size
- NO_EFFECT incomplete_delete
- ORDER_REVERSAL none
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- RESOURCE_LEAK fds_handles
- RETURN_LOCAL escape_local_addr_to_fields_or_globals
- RETURN_LOCAL none
- REVERSE_NEGATIVE array_index_read
- REVERSE_NEGATIVE array_index_write
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SIGN_EXTENSION none
- SIZECHECK likely_overflow
- SLEEP none
- SQLI none
- STRING_OVERFLOW fixed_size_dest
- STRING_OVERFLOW likely_overflow
- STRING_OVERFLOW none
- STRING_SIZE none
- TAINTED_SCALAR array_index_read
- TAINTED_SCALAR array_index_write
- TAINTED_SCALAR loop_bound
- TAINTED_SCALAR pointer_deref_read
- TAINTED_SCALAR pointer_deref_write
- URL_MANIPULATION none
- USE_AFTER_FREE deref_read_after_free
- USE_AFTER_FREE deref_write_after_free
- USE_AFTER_FREE double_close
- USE_AFTER_FREE double_free
- USE_AFTER_FREE none
- USE_AFTER_FREE use_after_close
- VIRTUAL_DTOR empty_dtor
- VIRTUAL_DTOR none
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
- WRAPPER_ESCAPE COM_deref_read_after_free
- WRAPPER_ESCAPE COM_deref_write_after_free
- WRAPPER_ESCAPE COM_use_after_free
- WRAPPER_ESCAPE deref_read_after_free
- WRAPPER_ESCAPE deref_write_after_free
- WRAPPER_ESCAPE none
|
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- SQLI none
- SQLI nosink
- SQLI sink
- XSS none
|
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- SQLI none
- SQLI nosink
- SQLI sink
- XSS none
|
- DYNAMIC_OBJECT_ATTRIBUTES cve_2013_0276_hi
- HARDCODED_CREDENTIALS secret_in_source_med
- OS_CMD_INJECTION command_injection_hi
- OS_CMD_INJECTION command_injection_med
- PATH_MANIPULATION dynamic_render_path_hi
- PATH_MANIPULATION dynamic_render_path_low
- PATH_MANIPULATION dynamic_render_path_med
- PATH_MANIPULATION dynamic_render_path_rce_hi
- PATH_MANIPULATION file_access_hi
- PATH_MANIPULATION file_access_low
- PATH_MANIPULATION file_access_med
- RAILS_DEVISE_CONFIG devise_encryptor_hi
- RUBY_VULNERABLE_LIBRARY cve_2010_3933_hi
- RUBY_VULNERABLE_LIBRARY cve_2011_2929_hi
- RUBY_VULNERABLE_LIBRARY cve_2011_2930_med
- RUBY_VULNERABLE_LIBRARY cve_2011_2931_hi
- RUBY_VULNERABLE_LIBRARY cve_2011_2932_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_2660_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_2661_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_2695_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_3463_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_3465_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_5664_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_0155_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_1855_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_1857_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_4491_med
- RUBY_VULNERABLE_LIBRARY cve_2013_6416_call_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_6416_med
- RUBY_VULNERABLE_LIBRARY cve_2013_6417_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_0080_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_0081_call_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_0081_med
- RUBY_VULNERABLE_LIBRARY cve_2014_3482_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_3483_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_low
- RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_med
- RUBY_VULNERABLE_LIBRARY cve_2014_3514_med
- RUBY_VULNERABLE_LIBRARY cve_2015_3226_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_3226_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7577_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7578_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_7578_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7579_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_7579_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7580_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_7580_med
- RUBY_VULNERABLE_LIBRARY cve_2016_6317_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_3741_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_3741_med
- RUBY_VULNERABLE_LIBRARY cve_2018_3760_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_3760_low
- RUBY_VULNERABLE_LIBRARY cve_2018_8048_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_8048_med
- RUBY_VULNERABLE_LIBRARY safe_buffer_vuln_med
- RUBY_VULNERABLE_LIBRARY select_options_vuln_low
- RUBY_VULNERABLE_LIBRARY select_options_vuln_med
- RUBY_VULNERABLE_LIBRARY translate_vuln_hi
- RUBY_VULNERABLE_LIBRARY translate_vuln_med
- SQLI sql_injection_calculate_hi
- SQLI sql_injection_calculate_low
- SQLI sql_injection_calculate_med
- SQLI sql_injection_connection_hi
- SQLI sql_injection_connection_low
- SQLI sql_injection_connection_med
- SQLI sql_injection_delete_hi
- SQLI sql_injection_delete_low
- SQLI sql_injection_delete_med
- SQLI sql_injection_dynamic_finder_med
- SQLI sql_injection_exists_hi
- SQLI sql_injection_find_by_hi
- SQLI sql_injection_find_hi
- SQLI sql_injection_find_low
- SQLI sql_injection_find_med
- SQLI sql_injection_from_hi
- SQLI sql_injection_from_low
- SQLI sql_injection_from_med
- SQLI sql_injection_group_low
- SQLI sql_injection_group_med
- SQLI sql_injection_having_low
- SQLI sql_injection_having_med
- SQLI sql_injection_hi
- SQLI sql_injection_interp_hi
- SQLI sql_injection_interp_low
- SQLI sql_injection_interp_med
- SQLI sql_injection_joins_hi
- SQLI sql_injection_joins_low
- SQLI sql_injection_joins_med
- SQLI sql_injection_limit_offset_hi
- SQLI sql_injection_limit_offset_low
- SQLI sql_injection_low
- SQLI sql_injection_med
- SQLI sql_injection_not_low
- SQLI sql_injection_order_hi
- SQLI sql_injection_order_low
- SQLI sql_injection_order_med
- SQLI sql_injection_pluck_hi
- SQLI sql_injection_pluck_low
- SQLI sql_injection_pluck_med
- SQLI sql_injection_reorder_hi
- SQLI sql_injection_reorder_low
- SQLI sql_injection_reorder_med
- SQLI sql_injection_select_hi
- SQLI sql_injection_select_med
- SQLI sql_injection_where_hi
- SQLI sql_injection_where_low
- SQLI sql_injection_where_med
- UNESCAPED_HTML unescaped_output_low
- UNSAFE_BASIC_AUTH basic_auth_password_hi
- UNSAFE_SESSION_SETTING session_secret_hi
- WEAK_PASSWORD_HASH weak_hash_digest_hi
- WEAK_PASSWORD_HASH weak_hash_digest_med
- WEAK_PASSWORD_HASH weak_hash_hmac_med
- XSS cross_site_scripting_hi
- XSS cross_site_scripting_inline_hi
- XSS cross_site_scripting_inline_med
- XSS cross_site_scripting_low
- XSS cross_site_scripting_med
- XSS cve_2011_0446_hi
- XSS cve_2012_3464_med
- XSS cve_2016_6316_hi
- XSS cve_2016_6316_med
- XSS unquoted_attribute_hi
- XSS unquoted_attribute_low
- XSS unquoted_attribute_med
- XSS xss_content_tag_hi
- XSS xss_content_tag_med
- XSS xss_link_to_hi
- XSS xss_link_to_href_hi
- XSS xss_link_to_href_low
- XSS xss_link_to_med
- XSS xss_to_json_hi
- XSS xss_to_json_med
|
|
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- PATH_MANIPULATION none
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SQLI none
- SQLI nosink
- SQLI sink
|
- ANGULAR_BYPASS_SECURITY none
- ANGULAR_ELEMENT_REFERENCE none
- ANGULAR_SCE_DISABLED angular_sce_disabled
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
- CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
- CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
- CONFIG.JSONWEBTOKEN_NON_EXPIRING_TOKEN jwt_non_expiring_token
- CONFIG.UNSAFE_SESSION_TIMEOUT client_sessions_unsafe_session_timeout
- CONFIG.UNSAFE_SESSION_TIMEOUT connect_mongo_session_timeout_too_long
- CONFIG.UNSAFE_SESSION_TIMEOUT connect_redis_session_timeout_too_long
- CONFIG.UNSAFE_SESSION_TIMEOUT google_cloud_connect_datastore_unsafe_session_timeout
- CORS_MISCONFIGURATION_AUDIT cors_preflight_age_too_long
- DOM_XSS none
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_max_age
- INSECURE_SALT hardcoded
- INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_aws
- INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_google
- JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_exipration
- JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_not_before
- LOCALSTORAGE_MANIPULATION none
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- REACT_DANGEROUS_INNERHTML react_set_unsafe_html
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO insecure_cipher
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SA.RISKY_CRYPTO ssl_protocol
- SESSIONSTORAGE_MANIPULATION none
- SQLI none
- SQLI nosink
- SQLI sink
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
- TEMPORARY_CREDENTIALS_DURATION temporary_credentials_duration
- URL_MANIPULATION none
- VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
- XSS none
|
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- INFINITE_LOOP no_escape
- INFINITE_LOOP none
- OS_CMD_INJECTION command_argument
- OS_CMD_INJECTION executable_file
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
- XSS none
- XSS stored_xss
|
| 1132 CISQ Quality Measures - Performance |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1133 Weaknesses Addressed by the SEI CERT Oracle Coding Standard for Java |
- BAD_EQ referential
- BAD_LOCK_OBJECT boxed_lock
- BAD_LOCK_OBJECT interned_string_lock
- BAD_LOCK_OBJECT none
- BAD_LOCK_OBJECT single_thread_lock
- BAD_LOCK_OBJECT unsafe_assign_to_locked_field
- CALL_SUPER none
- CONFIG.CONNECTION_STRING_PASSWORD none
- CONFIG.MISSING_CUSTOM_ERROR_PAGE none
- DIVIDE_BY_ZERO float_divisor
- DIVIDE_BY_ZERO none
- FORWARD_NULL deref_constant_null
- FORWARD_NULL deref_constant_zero
- FORWARD_NULL dynamic_cast
- FORWARD_NULL none
- FORWARD_NULL null_from_as
- FORWARD_NULL throws_on_null
- GUARDED_BY_VIOLATION none
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HEADER_INJECTION none
- INSECURE_COOKIE dotnet
- INSECURE_RANDOM insecure_random_used
- INSECURE_RANDOM insecure_random_value
- LDAP_INJECTION none
- LDAP_NOT_CONSTANT none
- LOCK_EVASION none
- LOCK_INVERSION none
- LOG_INJECTION none
- MISSING_RESTORE likely
- MISSING_RESTORE none
- MISSING_RESTORE possible
- MISSING_THROW none
- NON_STATIC_GUARDING_STATIC none
- NOSQL_QUERY_INJECTION none
- NULL_RETURNS none
- NULL_RETURNS unimpl
- OS_CMD_INJECTION command_argument
- OS_CMD_INJECTION executable_file
- OS_CMD_INJECTION none
- OVERFLOW_BEFORE_WIDEN none
- REGEX_INJECTION none
- RESOURCE_LEAK channel
- RESOURCE_LEAK database
- RESOURCE_LEAK exceptional_path
- RESOURCE_LEAK none
- RESOURCE_LEAK socket
- RESOURCE_LEAK stream
- REVERSE_INULL none
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
- SWAPPED_ARGUMENTS none
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- UNKNOWN_LANGUAGE_INJECTION none
- UNSAFE_DESERIALIZATION none
- VOLATILE_ATOMICITY compare
- VOLATILE_ATOMICITY none
- VOLATILE_ATOMICITY semantic
- VOLATILE_ATOMICITY threshold
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
- XML_EXTERNAL_ENTITY entity_expansion
- XML_EXTERNAL_ENTITY unrestricted_dtds
- XML_INJECTION none
- XPATH_INJECTION none
- XSS none
- XSS stored_xss
|
- ALLOC_FREE_MISMATCH none
- ATOMICITY none
- AUTOSAR C++14 A15-3-3 none
- BAD_ALLOC_STRLEN none
- BAD_COMPARE comparator_misuse
- BAD_COMPARE none
- BAD_COMPARE string_lit_comparison
- BAD_FREE address
- BAD_FREE alloca
- BAD_FREE array
- BAD_FREE first_field_address
- BAD_FREE function_pointer
- BAD_FREE none
- BAD_SIZEOF none
- BAD_SIZEOF sizeof_ptr_expr
- BUFFER_SIZE no_null_terminator
- BUFFER_SIZE no_null_terminator_warn
- CHAR_IO none
- CHECKED_RETURN library_function
- CHECKED_RETURN none
- CHECKED_RETURN returns_error_info
- CHECKED_RETURN short_read
- CHECKED_RETURN unchecked_arg
- CHECKED_RETURN user_required
- CHROOT none
- COM.ADDROF_LEAK none
- COM.BAD_FREE none
- COM.BSTR.ALLOC double_free
- COM.BSTR.ALLOC leak
- COM.BSTR.CONV none
- CTOR_DTOR_LEAK none
- DELETE_ARRAY non_array_delete
- DELETE_ARRAY none
- DELETE_ARRAY object
- DELETE_ARRAY scalar
- DIVIDE_BY_ZERO float_divisor
- DIVIDE_BY_ZERO none
- FORMAT_STRING_INJECTION none
- FORMAT_STRING_INJECTION paranoid
- FORWARD_NULL deref_constant_null
- FORWARD_NULL dynamic_cast
- FORWARD_NULL none
- FORWARD_NULL throws_on_null
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HEADER_INJECTION none
- INTEGER_OVERFLOW array_index_read
- INTEGER_OVERFLOW array_index_write
- INTEGER_OVERFLOW const_overflow
- INTEGER_OVERFLOW critical_argument
- INTEGER_OVERFLOW none
- INTEGER_OVERFLOW pointer_deref_read
- INTEGER_OVERFLOW pointer_deref_write
- INTEGER_OVERFLOW return_value_error
- INVALIDATE_ITERATOR none
- LOCK double_lock
- LOCK lock_assert
- LOCK missing_unlock
- LOCK none
- MISRA C++-2008 Rule 15-3-2 none
- MISRA_CAST bitwise_op_bad_cast
- MISRA_CAST bitwise_op_no_cast
- MISRA_CAST float_complex_conversion
- MISRA_CAST float_narrowing_conversion
- MISRA_CAST float_non_constant_arg_conversion
- MISRA_CAST float_non_constant_conversion
- MISRA_CAST float_non_constant_rtn_conversion
- MISRA_CAST float_to_integer_cast
- MISRA_CAST float_to_integer_conversion
- MISRA_CAST float_widening_cast
- MISRA_CAST integer_complex_conversion
- MISRA_CAST integer_narrowing_conversion
- MISRA_CAST integer_non_constant_arg_conversion
- MISRA_CAST integer_non_constant_conversion
- MISRA_CAST integer_non_constant_rtn_conversion
- MISRA_CAST integer_signedness_changing_cast
- MISRA_CAST integer_signedness_changing_conversion
- MISRA_CAST integer_to_float_cast
- MISRA_CAST integer_to_float_conversion
- MISRA_CAST integer_widening_cast
- MISRA_CAST none
- MISSING_LOCK none
- MISSING_RESTORE likely
- MISSING_RESTORE none
- MISSING_RESTORE possible
- NEGATIVE_RETURNS critical_argument
- NEGATIVE_RETURNS none
- NO_EFFECT bad_memset_fill_value
- NO_EFFECT bad_memset_truncated_fill
- NO_EFFECT bad_memset_zero_size
- NO_EFFECT incomplete_delete
- NO_EFFECT self_assign
- NULL_RETURNS none
- NULL_RETURNS unimpl
- OPEN_ARGS none
- ORDER_REVERSAL none
- OS_CMD_INJECTION none
- OVERFLOW_BEFORE_WIDEN none
- PRINTF_ARGS extra_printf_arg
- PRINTF_ARGS invalid_printf_format_string
- PRINTF_ARGS invalid_type_printf_arg
- PRINTF_ARGS missing_printf_arg
- PW.BAD_PRINTF_FORMAT_STRING none
- PW.BRANCH_PAST_INITIALIZATION none
- PW.DIVIDE_BY_ZERO none
- PW.INTEGER_OVERFLOW none
- PW.INTEGER_TOO_LARGE none
- PW.NON_CONST_PRINTF_FORMAT_STRING none
- PW.SHIFT_COUNT_TOO_LARGE none
- PW.TOO_FEW_PRINTF_ARGS none
- PW.TOO_MANY_PRINTF_ARGS none
- READLINK none
- RESOURCE_LEAK exceptional_path
- RESOURCE_LEAK fds_handles
- RESOURCE_LEAK none
- REVERSE_INULL none
- REVERSE_NEGATIVE none
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SECURE_TEMP none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SIGN_EXTENSION none
- SIZECHECK ampersand_in_size
- SIZECHECK improper_new
- SIZECHECK incorrect_multiplication
- SIZECHECK likely_overflow
- SIZECHECK no_null_terminator
- SIZECHECK none
- SIZEOF_MISMATCH sizeof_punning
- SLEEP none
- SQLI none
- STACK_USE none
- STRING_NULL none
- SWAPPED_ARGUMENTS none
- TAINTED_SCALAR allocation
- TAINTED_SCALAR array_index_read
- TAINTED_SCALAR array_index_write
- TAINTED_SCALAR critical_argument
- TAINTED_SCALAR divisor
- TAINTED_SCALAR loop_bound
- TAINTED_SCALAR none
- TAINTED_SCALAR pointer_deref_read
- TAINTED_SCALAR pointer_deref_write
- TOCTOU none
- UNCAUGHT_EXCEPT none
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- UNINIT array_index_read
- UNINIT array_index_write
- UNINIT none
- UNINIT pointer_deref_read
- UNINIT pointer_deref_write
- UNINIT_CTOR none
- UNINIT_CTOR pointer
- URL_MANIPULATION none
- USE_AFTER_FREE double_free
- VARARGS none
- VIRTUAL_DTOR empty_dtor
- VIRTUAL_DTOR none
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
- XPATH_INJECTION none
- Y2K38_SAFETY declaration_with_small_time_t
- Y2K38_SAFETY truncation_of_time_t
|
- ALLOC_FREE_MISMATCH none
- ATOMICITY none
- AUTOSAR C++14 A15-3-3 none
- BAD_ALLOC_STRLEN none
- BAD_COMPARE comparator_misuse
- BAD_COMPARE none
- BAD_COMPARE string_lit_comparison
- BAD_FREE address
- BAD_FREE alloca
- BAD_FREE array
- BAD_FREE first_field_address
- BAD_FREE function_pointer
- BAD_FREE none
- BAD_SIZEOF none
- BAD_SIZEOF sizeof_ptr_expr
- BUFFER_SIZE no_null_terminator
- BUFFER_SIZE no_null_terminator_warn
- CHAR_IO none
- CHECKED_RETURN library_function
- CHECKED_RETURN none
- CHECKED_RETURN returns_error_info
- CHECKED_RETURN short_read
- CHECKED_RETURN unchecked_arg
- CHECKED_RETURN user_required
- CHROOT none
- CTOR_DTOR_LEAK none
- DELETE_ARRAY non_array_delete
- DELETE_ARRAY none
- DELETE_ARRAY object
- DELETE_ARRAY scalar
- DIVIDE_BY_ZERO float_divisor
- DIVIDE_BY_ZERO none
- FORMAT_STRING_INJECTION none
- FORMAT_STRING_INJECTION paranoid
- FORWARD_NULL deref_constant_null
- FORWARD_NULL dynamic_cast
- FORWARD_NULL none
- FORWARD_NULL throws_on_null
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HEADER_INJECTION none
- INTEGER_OVERFLOW array_index_read
- INTEGER_OVERFLOW array_index_write
- INTEGER_OVERFLOW const_overflow
- INTEGER_OVERFLOW critical_argument
- INTEGER_OVERFLOW none
- INTEGER_OVERFLOW pointer_deref_read
- INTEGER_OVERFLOW pointer_deref_write
- INTEGER_OVERFLOW return_value_error
- INVALIDATE_ITERATOR none
- LOCK double_lock
- LOCK lock_assert
- LOCK missing_unlock
- LOCK none
- MISRA C++-2008 Rule 15-3-2 none
- MISRA_CAST bitwise_op_bad_cast
- MISRA_CAST bitwise_op_no_cast
- MISRA_CAST float_complex_conversion
- MISRA_CAST float_narrowing_conversion
- MISRA_CAST float_non_constant_arg_conversion
- MISRA_CAST float_non_constant_conversion
- MISRA_CAST float_non_constant_rtn_conversion
- MISRA_CAST float_to_integer_cast
- MISRA_CAST float_to_integer_conversion
- MISRA_CAST float_widening_cast
- MISRA_CAST integer_complex_conversion
- MISRA_CAST integer_narrowing_conversion
- MISRA_CAST integer_non_constant_arg_conversion
- MISRA_CAST integer_non_constant_conversion
- MISRA_CAST integer_non_constant_rtn_conversion
- MISRA_CAST integer_signedness_changing_cast
- MISRA_CAST integer_signedness_changing_conversion
- MISRA_CAST integer_to_float_cast
- MISRA_CAST integer_to_float_conversion
- MISRA_CAST integer_widening_cast
- MISRA_CAST none
- MISSING_LOCK none
- MISSING_RESTORE likely
- MISSING_RESTORE none
- MISSING_RESTORE possible
- NEGATIVE_RETURNS critical_argument
- NEGATIVE_RETURNS none
- NO_EFFECT bad_memset_fill_value
- NO_EFFECT bad_memset_truncated_fill
- NO_EFFECT bad_memset_zero_size
- NO_EFFECT incomplete_delete
- NO_EFFECT self_assign
- NULL_RETURNS none
- NULL_RETURNS unimpl
- OPEN_ARGS none
- ORDER_REVERSAL none
- OS_CMD_INJECTION none
- OVERFLOW_BEFORE_WIDEN none
- PRINTF_ARGS extra_printf_arg
- PRINTF_ARGS invalid_printf_format_string
- PRINTF_ARGS invalid_type_printf_arg
- PRINTF_ARGS missing_printf_arg
- PW.BAD_PRINTF_FORMAT_STRING none
- PW.BRANCH_PAST_INITIALIZATION none
- PW.DIVIDE_BY_ZERO none
- PW.INTEGER_OVERFLOW none
- PW.INTEGER_TOO_LARGE none
- PW.NON_CONST_PRINTF_FORMAT_STRING none
- PW.SHIFT_COUNT_TOO_LARGE none
- PW.TOO_FEW_PRINTF_ARGS none
- PW.TOO_MANY_PRINTF_ARGS none
- READLINK none
- RESOURCE_LEAK exceptional_path
- RESOURCE_LEAK fds_handles
- RESOURCE_LEAK none
- REVERSE_INULL none
- REVERSE_NEGATIVE none
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SECURE_TEMP none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SIGN_EXTENSION none
- SIZECHECK ampersand_in_size
- SIZECHECK improper_new
- SIZECHECK incorrect_multiplication
- SIZECHECK likely_overflow
- SIZECHECK no_null_terminator
- SIZECHECK none
- SIZEOF_MISMATCH sizeof_punning
- SLEEP none
- SQLI none
- STACK_USE none
- STRING_NULL none
- SWAPPED_ARGUMENTS none
- TAINTED_SCALAR allocation
- TAINTED_SCALAR array_index_read
- TAINTED_SCALAR array_index_write
- TAINTED_SCALAR critical_argument
- TAINTED_SCALAR divisor
- TAINTED_SCALAR loop_bound
- TAINTED_SCALAR none
- TAINTED_SCALAR pointer_deref_read
- TAINTED_SCALAR pointer_deref_write
- TOCTOU none
- UNCAUGHT_EXCEPT none
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- UNINIT array_index_read
- UNINIT array_index_write
- UNINIT none
- UNINIT pointer_deref_read
- UNINIT pointer_deref_write
- UNINIT_CTOR none
- UNINIT_CTOR pointer
- URL_MANIPULATION none
- USE_AFTER_FREE double_free
- VARARGS none
- VIRTUAL_DTOR empty_dtor
- VIRTUAL_DTOR none
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
- XPATH_INJECTION none
|
- ATOMICITY none
- CHECKED_RETURN none
- CHECKED_RETURN unchecked_arg
- DISTRUSTED_DATA_DESERIALIZATION none
- DIVIDE_BY_ZERO float_divisor
- DIVIDE_BY_ZERO none
- FORWARD_NULL deref_constant_null
- FORWARD_NULL none
- GUARDED_BY_VIOLATION none
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HEADER_INJECTION none
- LOCK double_lock
- LOCK lock_assert
- LOCK missing_unlock
- LOCK none
- LOCK_INVERSION none
- NOSQL_QUERY_INJECTION none
- NULL_RETURNS none
- NULL_RETURNS unimpl
- OS_CMD_INJECTION command_as_one_string
- OS_CMD_INJECTION none
- REVERSE_INULL none
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SLEEP none
- SQLI none
- SQLI nosink
- SQLI sink
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
- TEMPLATE_INJECTION none
- URL_MANIPULATION none
- XML_EXTERNAL_ENTITY entity_expansion
- XSS none
|
- ATOMICITY none
- ATTRIBUTE_NAME_CONFLICT jsp_tag
- BAD_CERT_VERIFICATION bad_revocation_check
- BAD_CERT_VERIFICATION bad_trust_manager
- BAD_LOCK_OBJECT boxed_lock
- BAD_LOCK_OBJECT interned_string_lock
- BAD_LOCK_OBJECT none
- BAD_LOCK_OBJECT single_thread_lock
- BAD_LOCK_OBJECT unsafe_assign_to_locked_field
- CALL_SUPER clone
- CALL_SUPER finalize
- CALL_SUPER none
- CHECKED_RETURN library_function
- CHECKED_RETURN none
- CHECKED_RETURN short_read
- CHECKED_RETURN user_required
- CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
- CONFIG.MISSING_GLOBAL_EXCEPTION_HANDLER none
- CONFIG.MYBATIS_MAPPER_SQLI none
- CONFIG.SPRING_BOOT_SENSITIVE_LOGGING spring_boot_logging
- CONFIG.SPRING_BOOT_SSL_DISABLED spring_boot_ssl_disabled
- CONFIG.SPRING_SECURITY_DEPRECATED_XSS_HEADER deprecated_xss_header
- CONFIG.SPRING_SECURITY_EXPOSED_SESSIONID session_id_in_url
- CONFIG.SPRING_SECURITY_HARDCODED_CREDENTIALS none
- CONFIG.SPRING_SECURITY_LOGIN_OVER_HTTP spring_security_login_over_http
- CONFIG.SPRING_SECURITY_REMEMBER_ME_HARDCODED_KEY none
- CONFIG.SPRING_SECURITY_UNSAFE_AUTHENTICATION_FILTER authentication_filter
- CONFIG.SPRING_SECURITY_WEAK_PASSWORD_HASH weak_encoding_for_password
- CORS_MISCONFIGURATION_AUDIT cors_expose_sensitive_header
- CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
- DC.DEADLOCK none
- DISABLED_ENCRYPTION text_encryptor
- DIVIDE_BY_ZERO float_divisor
- DIVIDE_BY_ZERO none
- EL_INJECTION none
- FB.BC_NULL_INSTANCEOF none
- FB.BX_BOXING_IMMEDIATELY_UNBOXED_TO_PERFORM_COERCION none
- FB.CN_IDIOM none
- FB.CN_IDIOM_NO_SUPER_CALL none
- FB.CN_IMPLEMENTS_CLONE_BUT_NOT_CLONEABLE none
- FB.DC_DOUBLECHECK none
- FB.DC_PARTIALLY_CONSTRUCTED none
- FB.DE_MIGHT_DROP none
- FB.DE_MIGHT_IGNORE none
- FB.DMI_CONSTANT_DB_PASSWORD none
- FB.DMI_EMPTY_DB_PASSWORD none
- FB.DM_EXIT none
- FB.EI_EXPOSE_REP none
- FB.EI_EXPOSE_REP2 none
- FB.EQ_ABSTRACT_SELF none
- FB.EQ_ALWAYS_FALSE none
- FB.EQ_ALWAYS_TRUE none
- FB.EQ_CHECK_FOR_OPERAND_NOT_COMPATIBLE_WITH_THIS none
- FB.EQ_COMPARETO_USE_OBJECT_EQUALS none
- FB.EQ_COMPARING_CLASS_NAMES none
- FB.EQ_DOESNT_OVERRIDE_EQUALS none
- FB.EQ_DONT_DEFINE_EQUALS_FOR_ENUM none
- FB.EQ_GETCLASS_AND_CLASS_CONSTANT none
- FB.EQ_OTHER_NO_OBJECT none
- FB.EQ_OTHER_USE_OBJECT none
- FB.EQ_OVERRIDING_EQUALS_NOT_SYMMETRIC none
- FB.EQ_SELF_NO_OBJECT none
- FB.EQ_SELF_USE_OBJECT none
- FB.EQ_UNUSUAL none
- FB.ES_COMPARING_PARAMETER_STRING_WITH_EQ none
- FB.ES_COMPARING_STRINGS_WITH_EQ none
- FB.FI_EMPTY none
- FB.FI_EXPLICIT_INVOCATION none
- FB.FI_FINALIZER_NULLS_FIELDS none
- FB.FI_FINALIZER_ONLY_NULLS_FIELDS none
- FB.FI_MISSING_SUPER_CALL none
- FB.FI_NULLIFY_SUPER none
- FB.FI_PUBLIC_SHOULD_BE_PROTECTED none
- FB.FI_USELESS none
- FB.HRS_REQUEST_PARAMETER_TO_COOKIE none
- FB.HRS_REQUEST_PARAMETER_TO_HTTP_HEADER none
- FB.ICAST_BAD_SHIFT_AMOUNT none
- FB.ICAST_IDIV_CAST_TO_DOUBLE none
- FB.ICAST_INTEGER_MULTIPLY_CAST_TO_LONG none
- FB.ICAST_INT_2_LONG_AS_INSTANT none
- FB.ICAST_INT_CAST_TO_DOUBLE_PASSED_TO_CEIL none
- FB.ICAST_INT_CAST_TO_FLOAT_PASSED_TO_ROUND none
- FB.ICAST_QUESTIONABLE_UNSIGNED_RIGHT_SHIFT none
- FB.IS2_INCONSISTENT_SYNC none
- FB.IS_FIELD_NOT_GUARDED none
- FB.IS_INCONSISTENT_SYNC none
- FB.J2EE_STORE_OF_NON_SERIALIZABLE_OBJECT_INTO_SESSION none
- FB.LI_LAZY_INIT_STATIC none
- FB.LI_LAZY_INIT_UPDATE_STATIC none
- FB.MS_CANNOT_BE_FINAL none
- FB.NP_ALWAYS_NULL none
- FB.NP_ALWAYS_NULL_EXCEPTION none
- FB.NP_ARGUMENT_MIGHT_BE_NULL none
- FB.NP_BOOLEAN_RETURN_NULL none
- FB.NP_CLONE_COULD_RETURN_NULL none
- FB.NP_CLOSING_NULL none
- FB.NP_DEREFERENCE_OF_READLINE_VALUE none
- FB.NP_DOES_NOT_HANDLE_NULL none
- FB.NP_EQUALS_SHOULD_HANDLE_NULL_ARGUMENT none
- FB.NP_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR none
- FB.NP_GUARANTEED_DEREF none
- FB.NP_GUARANTEED_DEREF_ON_EXCEPTION_PATH none
- FB.NP_IMMEDIATE_DEREFERENCE_OF_READLINE none
- FB.NP_LOAD_OF_KNOWN_NULL_VALUE none
- FB.NP_METHOD_PARAMETER_RELAXING_ANNOTATION none
- FB.NP_METHOD_PARAMETER_TIGHTENS_ANNOTATION none
- FB.NP_METHOD_RETURN_RELAXING_ANNOTATION none
- FB.NP_NONNULL_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR none
- FB.NP_NONNULL_PARAM_VIOLATION none
- FB.NP_NONNULL_RETURN_VIOLATION none
- FB.NP_NULL_INSTANCEOF none
- FB.NP_NULL_ON_SOME_PATH none
- FB.NP_NULL_ON_SOME_PATH_EXCEPTION none
- FB.NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE none
- FB.NP_NULL_ON_SOME_PATH_MIGHT_BE_INFEASIBLE none
- FB.NP_NULL_PARAM_DEREF none
- FB.NP_NULL_PARAM_DEREF_ALL_TARGETS_DANGEROUS none
- FB.NP_NULL_PARAM_DEREF_NONVIRTUAL none
- FB.NP_OPTIONAL_RETURN_NULL none
- FB.NP_PARAMETER_MUST_BE_NONNULL_BUT_MARKED_AS_NULLABLE none
- FB.NP_STORE_INTO_NONNULL_FIELD none
- FB.NP_TOSTRING_COULD_RETURN_NULL none
- FB.NP_UNWRITTEN_FIELD none
- FB.NP_UNWRITTEN_PUBLIC_OR_PROTECTED_FIELD none
- FB.RCN_REDUNDANT_COMPARISON_OF_NULL_AND_NONNULL_VALUE none
- FB.RCN_REDUNDANT_COMPARISON_TWO_NULL_VALUES none
- FB.RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE none
- FB.RCN_REDUNDANT_NULLCHECK_OF_NULL_VALUE none
- FB.RCN_REDUNDANT_NULLCHECK_WOULD_HAVE_BEEN_A_NPE none
- FB.REC_CATCH_EXCEPTION none
- FB.RE_BAD_SYNTAX_FOR_REGULAR_EXPRESSION none
- FB.RE_CANT_USE_FILE_SEPARATOR_AS_REGULAR_EXPRESSION none
- FB.RE_POSSIBLE_UNINTENDED_PATTERN none
- FB.RU_INVOKE_RUN none
- FB.RV_RETURN_VALUE_IGNORED_BAD_PRACTICE none
- FB.SQL_NONCONSTANT_STRING_PASSED_TO_EXECUTE none
- FB.SQL_PREPARED_STATEMENT_GENERATED_FROM_NONCONSTANT_STRING none
- FB.STCAL_INVOKE_ON_STATIC_CALENDAR_INSTANCE none
- FB.STCAL_INVOKE_ON_STATIC_DATE_FORMAT_INSTANCE none
- FB.STCAL_STATIC_CALENDAR_INSTANCE none
- FB.STCAL_STATIC_SIMPLE_DATE_FORMAT_INSTANCE none
- FB.XSS_REQUEST_PARAMETER_TO_JSP_WRITER none
- FB.XSS_REQUEST_PARAMETER_TO_SEND_ERROR none
- FB.XSS_REQUEST_PARAMETER_TO_SERVLET_WRITER none
- FORWARD_NULL deref_constant_null
- FORWARD_NULL deref_constant_zero
- FORWARD_NULL needs_null_check
- FORWARD_NULL none
- GUARDED_BY_VIOLATION none
- GUARDED_BY_VIOLATION unlocked_read
- GUARDED_BY_VIOLATION unlocked_write
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HEADER_INJECTION none
- HIBERNATE_BAD_HASHCODE bad_equals
- INSECURE_COMMUNICATION insecure_communication
- INSECURE_COMMUNICATION none
- INSECURE_COMMUNICATION unencrypted_connection
- INSECURE_COOKIE java
- INSECURE_HTTP_FIREWALL spring_security
- INSECURE_RANDOM insecure_random_used
- INSECURE_RANDOM insecure_random_value
- INSECURE_REMEMBER_ME_COOKIE remember_me_cookie
- INVALIDATE_ITERATOR map_put
- INVALIDATE_ITERATOR none
- JAVA_CODE_INJECTION none
- JCR_INJECTION none
- JSP_DYNAMIC_INCLUDE none
- JSP_SQL_INJECTION none
- LDAP_INJECTION none
- LDAP_NOT_CONSTANT none
- LOCK_EVASION none
- LOCK_INVERSION none
- LOG_INJECTION none
- MISSING_HEADER_VALIDATION missing_header_validation
- MISSING_RESTORE likely
- MISSING_RESTORE none
- MISSING_RESTORE possible
- MISSING_THROW none
- MOBILE_ID_MISUSE none
- NON_STATIC_GUARDING_STATIC none
- NOSQL_QUERY_INJECTION none
- NULL_RETURNS none
- NULL_RETURNS unimpl
- OGNL_INJECTION none
- ORM_LOAD_NULL_CHECK none
- OS_CMD_INJECTION command_as_array_of_args
- OS_CMD_INJECTION command_as_one_string
- OS_CMD_INJECTION none
- OVERFLOW_BEFORE_WIDEN none
- PREDICTABLE_RANDOM_SEED random_seed
- PREDICTABLE_RANDOM_SEED secure_random_seed_const
- PREDICTABLE_RANDOM_SEED secure_random_seed_sys_time
- REGEX_CONFUSION none
- REGEX_INJECTION none
- RESOURCE_LEAK exceptional_path
- RESOURCE_LEAK none
- RESOURCE_LEAK socket
- RESOURCE_LEAK stream
- REVERSE_INULL none
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_clipboard
- SENSITIVE_DATA_LEAK cleartext_storage_in_content_provider
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_intent
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SERVLET_ATOMICITY attribute_init_race
- SERVLET_ATOMICITY none
- SERVLET_ATOMICITY violation_on_session_object
- SINGLETON_RACE none
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
- SWAPPED_ARGUMENTS none
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- UNKNOWN_LANGUAGE_INJECTION none
- UNLIMITED_CONCURRENT_SESSIONS unlimited_concurrent_sessions
- UNSAFE_DESERIALIZATION none
- URL_MANIPULATION bad_content_uri
- URL_MANIPULATION bad_intent_uri
- URL_MANIPULATION bad_web_uri
- VERBOSE_ERROR_REPORTING exception_information
- VERBOSE_ERROR_REPORTING stack_trace
- VOLATILE_ATOMICITY compare
- VOLATILE_ATOMICITY none
- VOLATILE_ATOMICITY semantic
- VOLATILE_ATOMICITY threshold
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
- XML_EXTERNAL_ENTITY entity_expansion
- XML_EXTERNAL_ENTITY unrestricted_dtds
- XML_INJECTION none
- XPATH_INJECTION none
- XSS none
- XSS stored_xss
|
- ANGULAR_BYPASS_SECURITY none
- ANGULAR_ELEMENT_REFERENCE none
- ANGULAR_EXPRESSION_INJECTION none
- ANGULAR_SCE_DISABLED angular_sce_disabled
- AWS_SSL_DISABLED aws_ssl_disabled
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_fields
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_filesize
- CONFIG.CORDOVA_EXCESSIVE_LOGGING cordova
- CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_intent_whitelist
- CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_navigation_whitelist
- CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_network_request_whitelist
- CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
- CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
- CONFIG.MISSING_GLOBAL_EXCEPTION_HANDLER winston_exception_handling
- CONFIG.SEQUELIZE_ENABLED_LOGGING sequelize_logging_enabled
- CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
- CONFIG.SOCKETIO_MAXHTTPBUFFERSIZE_SET_TOO_LARGE socketio_max_buffer_size
- CONFIG.SOCKETIO_ORIGINS_ACCEPT_ALL socketio_all_origins
- CORS_MISCONFIGURATION cors_configured_globally
- CORS_MISCONFIGURATION cors_origin_string
- CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
- CORS_MISCONFIGURATION_AUDIT cors_expose_sensitive_header
- CORS_MISCONFIGURATION_AUDIT cors_origin_string
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
- CSS_INJECTION none
- DOM_XSS none
- EXPLICIT_THIS_EXPECTED none
- EXPRESS_SESSION_UNSAFE_MEMORYSTORE express_session_unsafe_memorystore
- EXPRESS_WINSTON_SENSITIVE_LOGGING error_logger
- EXPRESS_WINSTON_SENSITIVE_LOGGING meta_data
- EXPRESS_WINSTON_SENSITIVE_LOGGING request_logger
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_fields
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_filesize
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_use_temp_files
- FORWARD_NULL bad_null_value_use
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HEADER_INJECTION none
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_report_uri
- IDENTIFIER_TYPO none
- INSECURE_ACL insecure_acl
- INSECURE_COMMUNICATION insecure_connection
- INSECURE_COOKIE client_sessions_express_session
- INSECURE_COOKIE hapi_server_session
- INSECURE_RANDOM insecure_random_used
- INSECURE_RANDOM insecure_random_value
- INSECURE_REFERRER_POLICY insecure_referrer_policy
- INSECURE_SALT hardcoded
- LOCALSTORAGE_MANIPULATION none
- MULTER_MISCONFIGURATION multer_applied_globally
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_count
- MULTER_MISCONFIGURATION multer_misconfiguration_of_limits
- MULTER_MISCONFIGURATION multer_misconfiguration_of_storage
- NOSQL_QUERY_INJECTION none
- NO_EFFECT self_assign
- NULL_RETURNS none
- OS_CMD_INJECTION none
- REACT_DANGEROUS_INNERHTML react_set_unsafe_html
- REGEX_INJECTION none
- REVERSE_INULL none
- REVERSE_TABNABBING react_target_blank
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO insecure_cipher
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SA.RISKY_CRYPTO ssl_protocol
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SESSIONSTORAGE_MANIPULATION none
- SQLI none
- SQLI nosink
- SQLI sink
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
- TEMPLATE_INJECTION none
- UNLESS_CASE_SENSITIVE_ROUTE_MATCHING express_unless_case_sensitive_route_matching
- UNSAFE_BUFFER_METHOD unsafe_buffer_method
- UNSAFE_DESERIALIZATION none
- URL_MANIPULATION none
- VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
- WEAK_URL_SANITIZATION hostname_regular_expression
- WEAK_URL_SANITIZATION regular_expression_anchor
- XML_EXTERNAL_ENTITY entity_expansion
- XSS none
|
- BAD_CERT_VERIFICATION bad_revocation_check
- BAD_CERT_VERIFICATION bad_trust_manager
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HEADER_INJECTION none
- INSECURE_COMMUNICATION none
- INSECURE_RANDOM insecure_random_used
- INSECURE_RANDOM insecure_random_value
- MOBILE_ID_MISUSE none
- OS_CMD_INJECTION command_as_array_of_args
- OS_CMD_INJECTION command_as_one_string
- PREDICTABLE_RANDOM_SEED random_seed
- PREDICTABLE_RANDOM_SEED secure_random_seed_const
- PREDICTABLE_RANDOM_SEED secure_random_seed_sys_time
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_clipboard
- SENSITIVE_DATA_LEAK cleartext_storage_in_content_provider
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_intent
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- UNSAFE_DESERIALIZATION none
- URL_MANIPULATION bad_content_uri
- URL_MANIPULATION bad_intent_uri
- URL_MANIPULATION bad_web_uri
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
- XML_EXTERNAL_ENTITY entity_expansion
- XML_EXTERNAL_ENTITY unrestricted_dtds
|
- ALLOC_FREE_MISMATCH none
- ATOMICITY none
- BAD_ALLOC_STRLEN none
- BAD_COMPARE comparator_misuse
- BAD_COMPARE none
- BAD_COMPARE string_lit_comparison
- BAD_FREE address
- BAD_FREE alloca
- BAD_FREE array
- BAD_FREE first_field_address
- BAD_FREE function_pointer
- BAD_FREE none
- BAD_SIZEOF none
- BAD_SIZEOF sizeof_ptr_expr
- BUFFER_SIZE no_null_terminator
- BUFFER_SIZE no_null_terminator_warn
- CHAR_IO none
- CHECKED_RETURN library_function
- CHECKED_RETURN none
- CHECKED_RETURN short_read
- CHECKED_RETURN unchecked_arg
- CHECKED_RETURN user_required
- CHROOT none
- CTOR_DTOR_LEAK none
- DELETE_ARRAY non_array_delete
- DELETE_ARRAY none
- DELETE_ARRAY object
- DELETE_ARRAY scalar
- DIVIDE_BY_ZERO float_divisor
- DIVIDE_BY_ZERO none
- FORMAT_STRING_INJECTION none
- FORMAT_STRING_INJECTION paranoid
- FORWARD_NULL deref_constant_null
- FORWARD_NULL dynamic_cast
- FORWARD_NULL none
- FORWARD_NULL throws_on_null
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HEADER_INJECTION none
- INTEGER_OVERFLOW array_index_read
- INTEGER_OVERFLOW array_index_write
- INTEGER_OVERFLOW const_overflow
- INTEGER_OVERFLOW critical_argument
- INTEGER_OVERFLOW none
- INTEGER_OVERFLOW pointer_deref_read
- INTEGER_OVERFLOW pointer_deref_write
- INTEGER_OVERFLOW return_value_error
- INVALIDATE_ITERATOR none
- LOCK double_lock
- LOCK lock_assert
- LOCK missing_unlock
- LOCK none
- MISRA_CAST bitwise_op_bad_cast
- MISRA_CAST bitwise_op_no_cast
- MISRA_CAST float_complex_conversion
- MISRA_CAST float_narrowing_conversion
- MISRA_CAST float_non_constant_arg_conversion
- MISRA_CAST float_non_constant_conversion
- MISRA_CAST float_non_constant_rtn_conversion
- MISRA_CAST float_to_integer_cast
- MISRA_CAST float_to_integer_conversion
- MISRA_CAST float_widening_cast
- MISRA_CAST integer_complex_conversion
- MISRA_CAST integer_narrowing_conversion
- MISRA_CAST integer_non_constant_arg_conversion
- MISRA_CAST integer_non_constant_conversion
- MISRA_CAST integer_non_constant_rtn_conversion
- MISRA_CAST integer_signedness_changing_cast
- MISRA_CAST integer_signedness_changing_conversion
- MISRA_CAST integer_to_float_cast
- MISRA_CAST integer_to_float_conversion
- MISRA_CAST integer_widening_cast
- MISRA_CAST none
- MISSING_LOCK none
- MISSING_RESTORE likely
- MISSING_RESTORE none
- MISSING_RESTORE possible
- NEGATIVE_RETURNS critical_argument
- NEGATIVE_RETURNS none
- NO_EFFECT bad_memset_fill_value
- NO_EFFECT bad_memset_truncated_fill
- NO_EFFECT bad_memset_zero_size
- NO_EFFECT incomplete_delete
- NO_EFFECT self_assign
- NULL_RETURNS none
- NULL_RETURNS unimpl
- OPEN_ARGS none
- ORDER_REVERSAL none
- OS_CMD_INJECTION none
- OVERFLOW_BEFORE_WIDEN none
- PRINTF_ARGS extra_printf_arg
- PRINTF_ARGS invalid_printf_format_string
- PRINTF_ARGS invalid_type_printf_arg
- PRINTF_ARGS missing_printf_arg
- READLINK none
- RESOURCE_LEAK exceptional_path
- RESOURCE_LEAK fds_handles
- RESOURCE_LEAK none
- REVERSE_INULL none
- REVERSE_NEGATIVE none
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SIGN_EXTENSION none
- SIZECHECK ampersand_in_size
- SIZECHECK improper_new
- SIZECHECK incorrect_multiplication
- SIZECHECK likely_overflow
- SIZECHECK no_null_terminator
- SIZECHECK none
- SIZEOF_MISMATCH sizeof_punning
- SLEEP none
- SQLI none
- STACK_USE none
- STRING_NULL none
- SWAPPED_ARGUMENTS none
- TAINTED_SCALAR allocation
- TAINTED_SCALAR array_index_read
- TAINTED_SCALAR array_index_write
- TAINTED_SCALAR critical_argument
- TAINTED_SCALAR divisor
- TAINTED_SCALAR loop_bound
- TAINTED_SCALAR none
- TAINTED_SCALAR pointer_deref_read
- TAINTED_SCALAR pointer_deref_write
- TOCTOU none
- UNCAUGHT_EXCEPT none
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- UNINIT array_index_read
- UNINIT array_index_write
- UNINIT none
- UNINIT pointer_deref_read
- UNINIT pointer_deref_write
- UNINIT_CTOR none
- UNINIT_CTOR pointer
- URL_MANIPULATION none
- USE_AFTER_FREE double_free
- VARARGS none
- VIRTUAL_DTOR empty_dtor
- VIRTUAL_DTOR none
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
- XPATH_INJECTION none
|
- FORWARD_NULL bad_null_value_use
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HEADER_INJECTION none
- IDENTIFIER_TYPO none
- NOSQL_QUERY_INJECTION none
- NO_EFFECT self_assign
- OS_CMD_INJECTION none
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- SYMFONY_EL_INJECTION none
- UNSAFE_DESERIALIZATION none
- XSS none
|
- FORWARD_NULL bad_null_value_use
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- IDENTIFIER_TYPO none
- NOSQL_QUERY_INJECTION none
- OS_CMD_INJECTION none
- REVERSE_INULL none
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- UNSAFE_DESERIALIZATION none
- XSS none
|
- BLACKLIST_FOR_AUTHN auth_blacklist_med
- BLACKLIST_FOR_AUTHN csrf_blacklist_med
- COOKIE_SERIALIZER_CONFIG unsafe_cookie_serialization_med
- DIVIDE_BY_ZERO divide_by_zero_low
- DIVIDE_BY_ZERO divide_by_zero_med
- DYNAMIC_OBJECT_ATTRIBUTES cve_2013_0276_hi
- DYNAMIC_OBJECT_ATTRIBUTES dangerous_attr_accessible_hi
- DYNAMIC_OBJECT_ATTRIBUTES dangerous_attr_accessible_low
- DYNAMIC_OBJECT_ATTRIBUTES dangerous_attr_accessible_med
- DYNAMIC_OBJECT_ATTRIBUTES dangerous_permit_key_hi
- DYNAMIC_OBJECT_ATTRIBUTES dangerous_permit_key_med
- FORWARD_NULL bad_null_value_use
- HARDCODED_CREDENTIALS secret_in_source_med
- IDENTIFIER_TYPO none
- INSECURE_COOKIE cookie_missing_secure_flag_low
- INSECURE_COOKIE missing_httponly_low
- NO_EFFECT self_assign
- OS_CMD_INJECTION command_injection_hi
- OS_CMD_INJECTION command_injection_med
- PATH_MANIPULATION dynamic_render_path_rce_hi
- RAILS_DEFAULT_ROUTES cve_2014_0130_hi
- RAILS_DEFAULT_ROUTES cve_2014_0130_med
- RAILS_DEVISE_CONFIG devise_encryptor_hi
- RAILS_DEVISE_CONFIG devise_reset_timeout_hi
- REGEX_INJECTION regex_dos_hi
- REGEX_INJECTION regex_dos_low
- REGEX_INJECTION regex_dos_med
- REGEX_MISSING_ANCHOR validation_regex_hi
- RESOURCE_LEAK unsafe_symbol_creation_low
- REVERSE_INULL none
- RUBY_VULNERABLE_LIBRARY cve_2010_3933_hi
- RUBY_VULNERABLE_LIBRARY cve_2011_2930_med
- RUBY_VULNERABLE_LIBRARY cve_2011_2931_hi
- RUBY_VULNERABLE_LIBRARY cve_2011_2932_hi
- RUBY_VULNERABLE_LIBRARY cve_2011_3186_med
- RUBY_VULNERABLE_LIBRARY cve_2012_2660_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_2661_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_2695_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_3424_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_3424_low
- RUBY_VULNERABLE_LIBRARY cve_2012_3463_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_3465_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_5664_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_0155_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_0156_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_0269_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_0269_low
- RUBY_VULNERABLE_LIBRARY cve_2013_0269_med
- RUBY_VULNERABLE_LIBRARY cve_2013_0277_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_0277_med
- RUBY_VULNERABLE_LIBRARY cve_2013_0333_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_1854_med
- RUBY_VULNERABLE_LIBRARY cve_2013_1855_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_1857_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_4491_med
- RUBY_VULNERABLE_LIBRARY cve_2013_6414_med
- RUBY_VULNERABLE_LIBRARY cve_2013_6416_call_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_6416_med
- RUBY_VULNERABLE_LIBRARY cve_2013_6417_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_0080_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_0081_call_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_0081_med
- RUBY_VULNERABLE_LIBRARY cve_2014_0082_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_3482_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_3483_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_low
- RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_med
- RUBY_VULNERABLE_LIBRARY cve_2014_3514_med
- RUBY_VULNERABLE_LIBRARY cve_2015_3226_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_3226_med
- RUBY_VULNERABLE_LIBRARY cve_2015_3227_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7576_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_7577_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7578_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_7578_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7579_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_7579_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7580_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_7580_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7581_med
- RUBY_VULNERABLE_LIBRARY cve_2016_0751_med
- RUBY_VULNERABLE_LIBRARY cve_2016_6317_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_3741_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_3741_med
- RUBY_VULNERABLE_LIBRARY cve_2018_8048_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_8048_med
- RUBY_VULNERABLE_LIBRARY safe_buffer_vuln_med
- RUBY_VULNERABLE_LIBRARY select_options_vuln_low
- RUBY_VULNERABLE_LIBRARY select_options_vuln_med
- RUBY_VULNERABLE_LIBRARY translate_vuln_hi
- RUBY_VULNERABLE_LIBRARY translate_vuln_med
- SCRIPT_CODE_INJECTION code_eval_hi
- SCRIPT_CODE_INJECTION code_eval_low
- SENSITIVE_DATA_LEAK detailed_exceptions_hi
- SENSITIVE_DATA_LEAK detailed_exceptions_med
- SENSITIVE_DATA_LEAK local_request_config_hi
- SQLI sql_injection_calculate_hi
- SQLI sql_injection_calculate_low
- SQLI sql_injection_calculate_med
- SQLI sql_injection_connection_hi
- SQLI sql_injection_connection_low
- SQLI sql_injection_connection_med
- SQLI sql_injection_delete_hi
- SQLI sql_injection_delete_low
- SQLI sql_injection_delete_med
- SQLI sql_injection_dynamic_finder_med
- SQLI sql_injection_exists_hi
- SQLI sql_injection_find_by_hi
- SQLI sql_injection_find_hi
- SQLI sql_injection_find_low
- SQLI sql_injection_find_med
- SQLI sql_injection_from_hi
- SQLI sql_injection_from_low
- SQLI sql_injection_from_med
- SQLI sql_injection_group_low
- SQLI sql_injection_group_med
- SQLI sql_injection_having_low
- SQLI sql_injection_having_med
- SQLI sql_injection_hi
- SQLI sql_injection_interp_hi
- SQLI sql_injection_interp_low
- SQLI sql_injection_interp_med
- SQLI sql_injection_joins_hi
- SQLI sql_injection_joins_low
- SQLI sql_injection_joins_med
- SQLI sql_injection_limit_offset_hi
- SQLI sql_injection_limit_offset_low
- SQLI sql_injection_low
- SQLI sql_injection_med
- SQLI sql_injection_not_low
- SQLI sql_injection_order_hi
- SQLI sql_injection_order_low
- SQLI sql_injection_order_med
- SQLI sql_injection_pluck_hi
- SQLI sql_injection_pluck_low
- SQLI sql_injection_pluck_med
- SQLI sql_injection_reorder_hi
- SQLI sql_injection_reorder_low
- SQLI sql_injection_reorder_med
- SQLI sql_injection_select_hi
- SQLI sql_injection_select_med
- SQLI sql_injection_where_hi
- SQLI sql_injection_where_low
- SQLI sql_injection_where_med
- STRICT_TRANSPORT_SECURITY force_ssl_disabled_med
- UNESCAPED_HTML unescaped_output_low
- UNSAFE_BASIC_AUTH basic_auth_password_hi
- UNSAFE_BASIC_AUTH basic_auth_timing_attack_low
- UNSAFE_DESERIALIZATION unsafe_deserialize_hi
- UNSAFE_DESERIALIZATION unsafe_deserialize_med
- UNSAFE_SESSION_SETTING http_cookies_hi
- UNSAFE_SESSION_SETTING secure_cookies_hi
- UNSAFE_SESSION_SETTING session_secret_hi
- WEAK_PASSWORD_HASH weak_hash_digest_hi
- WEAK_PASSWORD_HASH weak_hash_digest_med
- WEAK_PASSWORD_HASH weak_hash_hmac_med
- XSS cross_site_scripting_hi
- XSS cross_site_scripting_inline_hi
- XSS cross_site_scripting_inline_med
- XSS cross_site_scripting_low
- XSS cross_site_scripting_med
- XSS cve_2011_0446_hi
- XSS cve_2012_3464_med
- XSS cve_2016_6316_hi
- XSS cve_2016_6316_med
- XSS unquoted_attribute_hi
- XSS unquoted_attribute_low
- XSS unquoted_attribute_med
- XSS xss_content_tag_hi
- XSS xss_content_tag_med
- XSS xss_link_to_hi
- XSS xss_link_to_href_hi
- XSS xss_link_to_href_low
- XSS xss_link_to_med
- XSS xss_to_json_hi
- XSS xss_to_json_med
|
- FORWARD_NULL deref_constant_null
- FORWARD_NULL none
- NO_EFFECT self_assign
- OVERFLOW_BEFORE_WIDEN none
- REVERSE_INULL none
|
- BAD_CERT_VERIFICATION bad_trust_manager
- CONFIG.ATS_INSECURE none
- FORWARD_NULL deref_constant_null
- FORWARD_NULL none
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- INSECURE_COMMUNICATION none
- INSECURE_MULTIPEER_CONNECTION none
- REGEX_INJECTION none
- REVERSE_INULL none
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- UNEXPECTED_CONTROL_FLOW ignored_exception_to_optional
- XPATH_INJECTION none
|
- ANGULAR_BYPASS_SECURITY none
- ANGULAR_ELEMENT_REFERENCE none
- ANGULAR_EXPRESSION_INJECTION none
- ANGULAR_SCE_DISABLED angular_sce_disabled
- AWS_SSL_DISABLED aws_ssl_disabled
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_fields
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_filesize
- CONFIG.CORDOVA_EXCESSIVE_LOGGING cordova
- CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_intent_whitelist
- CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_navigation_whitelist
- CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_network_request_whitelist
- CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
- CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
- CONFIG.MISSING_GLOBAL_EXCEPTION_HANDLER winston_exception_handling
- CONFIG.SEQUELIZE_ENABLED_LOGGING sequelize_logging_enabled
- CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
- CONFIG.SOCKETIO_MAXHTTPBUFFERSIZE_SET_TOO_LARGE socketio_max_buffer_size
- CONFIG.SOCKETIO_ORIGINS_ACCEPT_ALL socketio_all_origins
- CORS_MISCONFIGURATION cors_configured_globally
- CORS_MISCONFIGURATION cors_origin_string
- CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
- CORS_MISCONFIGURATION_AUDIT cors_expose_sensitive_header
- CORS_MISCONFIGURATION_AUDIT cors_origin_string
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
- CSS_INJECTION none
- DOM_XSS none
- EXPLICIT_THIS_EXPECTED none
- EXPRESS_SESSION_UNSAFE_MEMORYSTORE express_session_unsafe_memorystore
- EXPRESS_WINSTON_SENSITIVE_LOGGING error_logger
- EXPRESS_WINSTON_SENSITIVE_LOGGING meta_data
- EXPRESS_WINSTON_SENSITIVE_LOGGING request_logger
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_fields
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_filesize
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_use_temp_files
- FORWARD_NULL bad_null_value_use
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HEADER_INJECTION none
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_report_uri
- IDENTIFIER_TYPO none
- INSECURE_ACL insecure_acl
- INSECURE_COMMUNICATION insecure_connection
- INSECURE_COOKIE client_sessions_express_session
- INSECURE_COOKIE hapi_server_session
- INSECURE_RANDOM insecure_random_used
- INSECURE_RANDOM insecure_random_value
- INSECURE_REFERRER_POLICY insecure_referrer_policy
- INSECURE_SALT hardcoded
- LOCALSTORAGE_MANIPULATION none
- MULTER_MISCONFIGURATION multer_applied_globally
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_count
- MULTER_MISCONFIGURATION multer_misconfiguration_of_limits
- MULTER_MISCONFIGURATION multer_misconfiguration_of_storage
- NOSQL_QUERY_INJECTION none
- NO_EFFECT self_assign
- NULL_RETURNS none
- OS_CMD_INJECTION none
- REACT_DANGEROUS_INNERHTML react_set_unsafe_html
- REGEX_INJECTION none
- REVERSE_INULL none
- REVERSE_TABNABBING react_target_blank
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO insecure_cipher
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SA.RISKY_CRYPTO ssl_protocol
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SESSIONSTORAGE_MANIPULATION none
- SQLI none
- SQLI nosink
- SQLI sink
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
- TEMPLATE_INJECTION none
- UNLESS_CASE_SENSITIVE_ROUTE_MATCHING express_unless_case_sensitive_route_matching
- UNSAFE_BUFFER_METHOD unsafe_buffer_method
- UNSAFE_DESERIALIZATION none
- URL_MANIPULATION none
- VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
- WEAK_URL_SANITIZATION hostname_regular_expression
- WEAK_URL_SANITIZATION regular_expression_anchor
- XML_EXTERNAL_ENTITY entity_expansion
- XSS none
|
- CALL_SUPER none
- CONFIG.MISSING_CUSTOM_ERROR_PAGE none
- DIVIDE_BY_ZERO float_divisor
- DIVIDE_BY_ZERO none
- FORWARD_NULL deref_constant_null
- FORWARD_NULL deref_constant_zero
- FORWARD_NULL dynamic_cast
- FORWARD_NULL none
- FORWARD_NULL null_from_as
- FORWARD_NULL throws_on_null
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HEADER_INJECTION none
- INSECURE_RANDOM insecure_random_used
- INSECURE_RANDOM insecure_random_value
- LDAP_INJECTION none
- LDAP_NOT_CONSTANT none
- LOCK_EVASION none
- LOG_INJECTION none
- NULL_RETURNS none
- OS_CMD_INJECTION command_argument
- OS_CMD_INJECTION executable_file
- OS_CMD_INJECTION none
- REGEX_INJECTION none
- RESOURCE_LEAK channel
- RESOURCE_LEAK database
- RESOURCE_LEAK exceptional_path
- RESOURCE_LEAK none
- RESOURCE_LEAK socket
- RESOURCE_LEAK stream
- REVERSE_INULL none
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
- SWAPPED_ARGUMENTS none
- UNSAFE_DESERIALIZATION none
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
- XML_EXTERNAL_ENTITY entity_expansion
- XML_EXTERNAL_ENTITY unrestricted_dtds
- XML_INJECTION none
- XPATH_INJECTION none
- XSS none
- XSS stored_xss
|
| 1134 SEI CERT Oracle Secure Coding Standard for Java - Guidelines 00. Input Validation and Data Sanitization (IDS) |
- HEADER_INJECTION none
- LDAP_INJECTION none
- LDAP_NOT_CONSTANT none
- LOG_INJECTION none
- NOSQL_QUERY_INJECTION none
- OS_CMD_INJECTION command_argument
- OS_CMD_INJECTION executable_file
- OS_CMD_INJECTION none
- REGEX_INJECTION none
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
- UNKNOWN_LANGUAGE_INJECTION none
- XML_EXTERNAL_ENTITY entity_expansion
- XML_EXTERNAL_ENTITY unrestricted_dtds
- XML_INJECTION none
- XPATH_INJECTION none
- XSS none
- XSS stored_xss
|
- BUFFER_SIZE no_null_terminator
- BUFFER_SIZE no_null_terminator_warn
- FORMAT_STRING_INJECTION none
- FORMAT_STRING_INJECTION paranoid
- HEADER_INJECTION none
- OS_CMD_INJECTION none
- PW.NON_CONST_PRINTF_FORMAT_STRING none
- READLINK none
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SIZECHECK no_null_terminator
- SQLI none
- STRING_NULL none
- URL_MANIPULATION none
- XPATH_INJECTION none
|
- BUFFER_SIZE no_null_terminator
- BUFFER_SIZE no_null_terminator_warn
- FORMAT_STRING_INJECTION none
- FORMAT_STRING_INJECTION paranoid
- HEADER_INJECTION none
- OS_CMD_INJECTION none
- PW.NON_CONST_PRINTF_FORMAT_STRING none
- READLINK none
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SIZECHECK no_null_terminator
- SQLI none
- STRING_NULL none
- URL_MANIPULATION none
- XPATH_INJECTION none
|
- HEADER_INJECTION none
- NOSQL_QUERY_INJECTION none
- OS_CMD_INJECTION command_as_one_string
- OS_CMD_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SQLI none
- SQLI nosink
- SQLI sink
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
- TEMPLATE_INJECTION none
- URL_MANIPULATION none
- XML_EXTERNAL_ENTITY entity_expansion
- XSS none
|
- CONFIG.MYBATIS_MAPPER_SQLI none
- CONFIG.SPRING_SECURITY_DEPRECATED_XSS_HEADER deprecated_xss_header
- EL_INJECTION none
- FB.HRS_REQUEST_PARAMETER_TO_COOKIE none
- FB.HRS_REQUEST_PARAMETER_TO_HTTP_HEADER none
- FB.SQL_NONCONSTANT_STRING_PASSED_TO_EXECUTE none
- FB.SQL_PREPARED_STATEMENT_GENERATED_FROM_NONCONSTANT_STRING none
- FB.XSS_REQUEST_PARAMETER_TO_JSP_WRITER none
- FB.XSS_REQUEST_PARAMETER_TO_SEND_ERROR none
- FB.XSS_REQUEST_PARAMETER_TO_SERVLET_WRITER none
- HEADER_INJECTION none
- JAVA_CODE_INJECTION none
- JCR_INJECTION none
- JSP_DYNAMIC_INCLUDE none
- JSP_SQL_INJECTION none
- LDAP_INJECTION none
- LDAP_NOT_CONSTANT none
- LOG_INJECTION none
- MISSING_HEADER_VALIDATION missing_header_validation
- NOSQL_QUERY_INJECTION none
- OGNL_INJECTION none
- OS_CMD_INJECTION command_as_array_of_args
- OS_CMD_INJECTION command_as_one_string
- OS_CMD_INJECTION none
- REGEX_INJECTION none
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
- UNKNOWN_LANGUAGE_INJECTION none
- URL_MANIPULATION bad_content_uri
- URL_MANIPULATION bad_intent_uri
- URL_MANIPULATION bad_web_uri
- XML_EXTERNAL_ENTITY entity_expansion
- XML_EXTERNAL_ENTITY unrestricted_dtds
- XML_INJECTION none
- XPATH_INJECTION none
- XSS none
- XSS stored_xss
|
- ANGULAR_BYPASS_SECURITY none
- ANGULAR_ELEMENT_REFERENCE none
- ANGULAR_EXPRESSION_INJECTION none
- ANGULAR_SCE_DISABLED angular_sce_disabled
- CSS_INJECTION none
- DOM_XSS none
- HEADER_INJECTION none
- LOCALSTORAGE_MANIPULATION none
- MULTER_MISCONFIGURATION multer_applied_globally
- NOSQL_QUERY_INJECTION none
- OS_CMD_INJECTION none
- REACT_DANGEROUS_INNERHTML react_set_unsafe_html
- REGEX_INJECTION none
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SESSIONSTORAGE_MANIPULATION none
- SQLI none
- SQLI nosink
- SQLI sink
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
- TEMPLATE_INJECTION none
- UNLESS_CASE_SENSITIVE_ROUTE_MATCHING express_unless_case_sensitive_route_matching
- URL_MANIPULATION none
- VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
- XML_EXTERNAL_ENTITY entity_expansion
- XSS none
|
- HEADER_INJECTION none
- OS_CMD_INJECTION command_as_array_of_args
- OS_CMD_INJECTION command_as_one_string
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SQLI none
- SQLI nosink
- SQLI sink
- URL_MANIPULATION bad_content_uri
- URL_MANIPULATION bad_intent_uri
- URL_MANIPULATION bad_web_uri
- XML_EXTERNAL_ENTITY entity_expansion
- XML_EXTERNAL_ENTITY unrestricted_dtds
|
- BUFFER_SIZE no_null_terminator
- BUFFER_SIZE no_null_terminator_warn
- FORMAT_STRING_INJECTION none
- FORMAT_STRING_INJECTION paranoid
- HEADER_INJECTION none
- OS_CMD_INJECTION none
- READLINK none
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SIZECHECK no_null_terminator
- SQLI none
- STRING_NULL none
- URL_MANIPULATION none
- XPATH_INJECTION none
|
- HEADER_INJECTION none
- NOSQL_QUERY_INJECTION none
- OS_CMD_INJECTION none
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SQLI none
- SQLI nosink
- SQLI sink
- SYMFONY_EL_INJECTION none
- XSS none
|
- NOSQL_QUERY_INJECTION none
- OS_CMD_INJECTION none
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SQLI none
- SQLI nosink
- SQLI sink
- XSS none
|
- DYNAMIC_OBJECT_ATTRIBUTES cve_2013_0276_hi
- OS_CMD_INJECTION command_injection_hi
- OS_CMD_INJECTION command_injection_med
- PATH_MANIPULATION dynamic_render_path_rce_hi
- REGEX_INJECTION regex_dos_hi
- REGEX_INJECTION regex_dos_low
- REGEX_INJECTION regex_dos_med
- RUBY_VULNERABLE_LIBRARY cve_2010_3933_hi
- RUBY_VULNERABLE_LIBRARY cve_2011_2930_med
- RUBY_VULNERABLE_LIBRARY cve_2011_2931_hi
- RUBY_VULNERABLE_LIBRARY cve_2011_2932_hi
- RUBY_VULNERABLE_LIBRARY cve_2011_3186_med
- RUBY_VULNERABLE_LIBRARY cve_2012_2660_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_2661_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_2695_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_3463_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_3465_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_5664_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_0155_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_1855_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_1857_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_4491_med
- RUBY_VULNERABLE_LIBRARY cve_2013_6416_call_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_6416_med
- RUBY_VULNERABLE_LIBRARY cve_2013_6417_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_0080_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_0081_call_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_0081_med
- RUBY_VULNERABLE_LIBRARY cve_2014_3482_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_3483_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_low
- RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_med
- RUBY_VULNERABLE_LIBRARY cve_2014_3514_med
- RUBY_VULNERABLE_LIBRARY cve_2015_3226_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_3226_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7576_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_7577_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7578_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_7578_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7579_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_7579_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7580_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_7580_med
- RUBY_VULNERABLE_LIBRARY cve_2016_6317_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_3741_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_3741_med
- RUBY_VULNERABLE_LIBRARY cve_2018_8048_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_8048_med
- RUBY_VULNERABLE_LIBRARY safe_buffer_vuln_med
- RUBY_VULNERABLE_LIBRARY select_options_vuln_low
- RUBY_VULNERABLE_LIBRARY select_options_vuln_med
- RUBY_VULNERABLE_LIBRARY translate_vuln_hi
- RUBY_VULNERABLE_LIBRARY translate_vuln_med
- SCRIPT_CODE_INJECTION code_eval_hi
- SCRIPT_CODE_INJECTION code_eval_low
- SQLI sql_injection_calculate_hi
- SQLI sql_injection_calculate_low
- SQLI sql_injection_calculate_med
- SQLI sql_injection_connection_hi
- SQLI sql_injection_connection_low
- SQLI sql_injection_connection_med
- SQLI sql_injection_delete_hi
- SQLI sql_injection_delete_low
- SQLI sql_injection_delete_med
- SQLI sql_injection_dynamic_finder_med
- SQLI sql_injection_exists_hi
- SQLI sql_injection_find_by_hi
- SQLI sql_injection_find_hi
- SQLI sql_injection_find_low
- SQLI sql_injection_find_med
- SQLI sql_injection_from_hi
- SQLI sql_injection_from_low
- SQLI sql_injection_from_med
- SQLI sql_injection_group_low
- SQLI sql_injection_group_med
- SQLI sql_injection_having_low
- SQLI sql_injection_having_med
- SQLI sql_injection_hi
- SQLI sql_injection_interp_hi
- SQLI sql_injection_interp_low
- SQLI sql_injection_interp_med
- SQLI sql_injection_joins_hi
- SQLI sql_injection_joins_low
- SQLI sql_injection_joins_med
- SQLI sql_injection_limit_offset_hi
- SQLI sql_injection_limit_offset_low
- SQLI sql_injection_low
- SQLI sql_injection_med
- SQLI sql_injection_not_low
- SQLI sql_injection_order_hi
- SQLI sql_injection_order_low
- SQLI sql_injection_order_med
- SQLI sql_injection_pluck_hi
- SQLI sql_injection_pluck_low
- SQLI sql_injection_pluck_med
- SQLI sql_injection_reorder_hi
- SQLI sql_injection_reorder_low
- SQLI sql_injection_reorder_med
- SQLI sql_injection_select_hi
- SQLI sql_injection_select_med
- SQLI sql_injection_where_hi
- SQLI sql_injection_where_low
- SQLI sql_injection_where_med
- UNESCAPED_HTML unescaped_output_low
- UNSAFE_BASIC_AUTH basic_auth_timing_attack_low
- XSS cross_site_scripting_hi
- XSS cross_site_scripting_inline_hi
- XSS cross_site_scripting_inline_med
- XSS cross_site_scripting_low
- XSS cross_site_scripting_med
- XSS cve_2011_0446_hi
- XSS cve_2012_3464_med
- XSS cve_2016_6316_hi
- XSS cve_2016_6316_med
- XSS unquoted_attribute_hi
- XSS unquoted_attribute_low
- XSS unquoted_attribute_med
- XSS xss_content_tag_hi
- XSS xss_content_tag_med
- XSS xss_link_to_hi
- XSS xss_link_to_href_hi
- XSS xss_link_to_href_low
- XSS xss_link_to_med
- XSS xss_to_json_hi
- XSS xss_to_json_med
|
|
- REGEX_INJECTION none
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SQLI none
- SQLI nosink
- SQLI sink
- XPATH_INJECTION none
|
- ANGULAR_BYPASS_SECURITY none
- ANGULAR_ELEMENT_REFERENCE none
- ANGULAR_EXPRESSION_INJECTION none
- ANGULAR_SCE_DISABLED angular_sce_disabled
- CSS_INJECTION none
- DOM_XSS none
- HEADER_INJECTION none
- LOCALSTORAGE_MANIPULATION none
- MULTER_MISCONFIGURATION multer_applied_globally
- NOSQL_QUERY_INJECTION none
- OS_CMD_INJECTION none
- REACT_DANGEROUS_INNERHTML react_set_unsafe_html
- REGEX_INJECTION none
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SESSIONSTORAGE_MANIPULATION none
- SQLI none
- SQLI nosink
- SQLI sink
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
- TEMPLATE_INJECTION none
- UNLESS_CASE_SENSITIVE_ROUTE_MATCHING express_unless_case_sensitive_route_matching
- URL_MANIPULATION none
- VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
- XML_EXTERNAL_ENTITY entity_expansion
- XSS none
|
- HEADER_INJECTION none
- LDAP_INJECTION none
- LDAP_NOT_CONSTANT none
- LOG_INJECTION none
- OS_CMD_INJECTION command_argument
- OS_CMD_INJECTION executable_file
- OS_CMD_INJECTION none
- REGEX_INJECTION none
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
- XML_EXTERNAL_ENTITY entity_expansion
- XML_EXTERNAL_ENTITY unrestricted_dtds
- XML_INJECTION none
- XPATH_INJECTION none
- XSS none
- XSS stored_xss
|
| 1135 SEI CERT Oracle Secure Coding Standard for Java - Guidelines 01. Declarations and Initialization (DCL) |
|
- NO_EFFECT bad_memset_fill_value
- NO_EFFECT bad_memset_zero_size
- NO_EFFECT self_assign
- PW.BRANCH_PAST_INITIALIZATION none
- TAINTED_SCALAR allocation
- UNINIT array_index_read
- UNINIT array_index_write
- UNINIT none
- UNINIT pointer_deref_read
- UNINIT pointer_deref_write
- UNINIT_CTOR none
- UNINIT_CTOR pointer
|
- NO_EFFECT bad_memset_fill_value
- NO_EFFECT bad_memset_zero_size
- NO_EFFECT self_assign
- PW.BRANCH_PAST_INITIALIZATION none
- TAINTED_SCALAR allocation
- UNINIT array_index_read
- UNINIT array_index_write
- UNINIT none
- UNINIT pointer_deref_read
- UNINIT pointer_deref_write
- UNINIT_CTOR none
- UNINIT_CTOR pointer
|
|
|
- EXPRESS_SESSION_UNSAFE_MEMORYSTORE express_session_unsafe_memorystore
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_count
- MULTER_MISCONFIGURATION multer_misconfiguration_of_limits
- NO_EFFECT self_assign
|
|
- NO_EFFECT bad_memset_fill_value
- NO_EFFECT bad_memset_zero_size
- NO_EFFECT self_assign
- TAINTED_SCALAR allocation
- UNINIT array_index_read
- UNINIT array_index_write
- UNINIT none
- UNINIT pointer_deref_read
- UNINIT pointer_deref_write
- UNINIT_CTOR none
- UNINIT_CTOR pointer
|
|
|
|
|
|
- EXPRESS_SESSION_UNSAFE_MEMORYSTORE express_session_unsafe_memorystore
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_count
- MULTER_MISCONFIGURATION multer_misconfiguration_of_limits
- NO_EFFECT self_assign
|
|
| 1136 SEI CERT Oracle Secure Coding Standard for Java - Guidelines 02. Expressions (EXP) |
- BAD_EQ referential
- FORWARD_NULL deref_constant_null
- FORWARD_NULL deref_constant_zero
- FORWARD_NULL dynamic_cast
- FORWARD_NULL none
- FORWARD_NULL null_from_as
- FORWARD_NULL throws_on_null
- NULL_RETURNS none
- NULL_RETURNS unimpl
- REVERSE_INULL none
|
- BAD_COMPARE string_lit_comparison
- CHECKED_RETURN library_function
- CHECKED_RETURN none
- CHECKED_RETURN returns_error_info
- CHECKED_RETURN short_read
- CHECKED_RETURN unchecked_arg
- CHECKED_RETURN user_required
- FORWARD_NULL deref_constant_null
- FORWARD_NULL dynamic_cast
- FORWARD_NULL none
- FORWARD_NULL throws_on_null
- NULL_RETURNS none
- NULL_RETURNS unimpl
- REVERSE_INULL none
|
- BAD_COMPARE string_lit_comparison
- CHECKED_RETURN library_function
- CHECKED_RETURN none
- CHECKED_RETURN returns_error_info
- CHECKED_RETURN short_read
- CHECKED_RETURN unchecked_arg
- CHECKED_RETURN user_required
- FORWARD_NULL deref_constant_null
- FORWARD_NULL dynamic_cast
- FORWARD_NULL none
- FORWARD_NULL throws_on_null
- NULL_RETURNS none
- NULL_RETURNS unimpl
- REVERSE_INULL none
|
- CHECKED_RETURN none
- CHECKED_RETURN unchecked_arg
- FORWARD_NULL deref_constant_null
- FORWARD_NULL none
- NULL_RETURNS none
- NULL_RETURNS unimpl
- REVERSE_INULL none
|
- CHECKED_RETURN library_function
- CHECKED_RETURN none
- CHECKED_RETURN short_read
- CHECKED_RETURN user_required
- FB.BC_NULL_INSTANCEOF none
- FB.EQ_ABSTRACT_SELF none
- FB.EQ_ALWAYS_FALSE none
- FB.EQ_ALWAYS_TRUE none
- FB.EQ_CHECK_FOR_OPERAND_NOT_COMPATIBLE_WITH_THIS none
- FB.EQ_COMPARETO_USE_OBJECT_EQUALS none
- FB.EQ_COMPARING_CLASS_NAMES none
- FB.EQ_DOESNT_OVERRIDE_EQUALS none
- FB.EQ_DONT_DEFINE_EQUALS_FOR_ENUM none
- FB.EQ_GETCLASS_AND_CLASS_CONSTANT none
- FB.EQ_OTHER_NO_OBJECT none
- FB.EQ_OTHER_USE_OBJECT none
- FB.EQ_OVERRIDING_EQUALS_NOT_SYMMETRIC none
- FB.EQ_SELF_NO_OBJECT none
- FB.EQ_SELF_USE_OBJECT none
- FB.EQ_UNUSUAL none
- FB.ES_COMPARING_PARAMETER_STRING_WITH_EQ none
- FB.ES_COMPARING_STRINGS_WITH_EQ none
- FB.NP_ALWAYS_NULL none
- FB.NP_ALWAYS_NULL_EXCEPTION none
- FB.NP_ARGUMENT_MIGHT_BE_NULL none
- FB.NP_BOOLEAN_RETURN_NULL none
- FB.NP_CLONE_COULD_RETURN_NULL none
- FB.NP_CLOSING_NULL none
- FB.NP_DEREFERENCE_OF_READLINE_VALUE none
- FB.NP_DOES_NOT_HANDLE_NULL none
- FB.NP_EQUALS_SHOULD_HANDLE_NULL_ARGUMENT none
- FB.NP_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR none
- FB.NP_GUARANTEED_DEREF none
- FB.NP_GUARANTEED_DEREF_ON_EXCEPTION_PATH none
- FB.NP_IMMEDIATE_DEREFERENCE_OF_READLINE none
- FB.NP_LOAD_OF_KNOWN_NULL_VALUE none
- FB.NP_METHOD_PARAMETER_RELAXING_ANNOTATION none
- FB.NP_METHOD_PARAMETER_TIGHTENS_ANNOTATION none
- FB.NP_METHOD_RETURN_RELAXING_ANNOTATION none
- FB.NP_NONNULL_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR none
- FB.NP_NONNULL_PARAM_VIOLATION none
- FB.NP_NONNULL_RETURN_VIOLATION none
- FB.NP_NULL_INSTANCEOF none
- FB.NP_NULL_ON_SOME_PATH none
- FB.NP_NULL_ON_SOME_PATH_EXCEPTION none
- FB.NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE none
- FB.NP_NULL_ON_SOME_PATH_MIGHT_BE_INFEASIBLE none
- FB.NP_NULL_PARAM_DEREF none
- FB.NP_NULL_PARAM_DEREF_ALL_TARGETS_DANGEROUS none
- FB.NP_NULL_PARAM_DEREF_NONVIRTUAL none
- FB.NP_OPTIONAL_RETURN_NULL none
- FB.NP_PARAMETER_MUST_BE_NONNULL_BUT_MARKED_AS_NULLABLE none
- FB.NP_STORE_INTO_NONNULL_FIELD none
- FB.NP_TOSTRING_COULD_RETURN_NULL none
- FB.NP_UNWRITTEN_FIELD none
- FB.NP_UNWRITTEN_PUBLIC_OR_PROTECTED_FIELD none
- FB.RCN_REDUNDANT_COMPARISON_OF_NULL_AND_NONNULL_VALUE none
- FB.RCN_REDUNDANT_COMPARISON_TWO_NULL_VALUES none
- FB.RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE none
- FB.RCN_REDUNDANT_NULLCHECK_OF_NULL_VALUE none
- FB.RCN_REDUNDANT_NULLCHECK_WOULD_HAVE_BEEN_A_NPE none
- FORWARD_NULL deref_constant_null
- FORWARD_NULL deref_constant_zero
- FORWARD_NULL needs_null_check
- FORWARD_NULL none
- NULL_RETURNS none
- NULL_RETURNS unimpl
- REVERSE_INULL none
|
- FORWARD_NULL bad_null_value_use
- NULL_RETURNS none
- REVERSE_INULL none
|
|
- BAD_COMPARE string_lit_comparison
- CHECKED_RETURN library_function
- CHECKED_RETURN none
- CHECKED_RETURN short_read
- CHECKED_RETURN unchecked_arg
- CHECKED_RETURN user_required
- FORWARD_NULL deref_constant_null
- FORWARD_NULL dynamic_cast
- FORWARD_NULL none
- FORWARD_NULL throws_on_null
- NULL_RETURNS none
- NULL_RETURNS unimpl
- REVERSE_INULL none
|
- FORWARD_NULL bad_null_value_use
|
- FORWARD_NULL bad_null_value_use
- REVERSE_INULL none
|
- FORWARD_NULL bad_null_value_use
- REVERSE_INULL none
|
- FORWARD_NULL deref_constant_null
- FORWARD_NULL none
- REVERSE_INULL none
|
- FORWARD_NULL deref_constant_null
- FORWARD_NULL none
- REVERSE_INULL none
|
- FORWARD_NULL bad_null_value_use
- NULL_RETURNS none
- REVERSE_INULL none
|
- FORWARD_NULL deref_constant_null
- FORWARD_NULL deref_constant_zero
- FORWARD_NULL dynamic_cast
- FORWARD_NULL none
- FORWARD_NULL null_from_as
- FORWARD_NULL throws_on_null
- NULL_RETURNS none
- REVERSE_INULL none
|
| 1137 SEI CERT Oracle Secure Coding Standard for Java - Guidelines 03. Numeric Types and Operations (NUM) |
- DIVIDE_BY_ZERO float_divisor
- DIVIDE_BY_ZERO none
- OVERFLOW_BEFORE_WIDEN none
|
- BAD_ALLOC_STRLEN none
- BAD_SIZEOF none
- BAD_SIZEOF sizeof_ptr_expr
- CHAR_IO none
- COM.BSTR.CONV none
- DIVIDE_BY_ZERO float_divisor
- DIVIDE_BY_ZERO none
- INTEGER_OVERFLOW array_index_read
- INTEGER_OVERFLOW array_index_write
- INTEGER_OVERFLOW const_overflow
- INTEGER_OVERFLOW critical_argument
- INTEGER_OVERFLOW none
- INTEGER_OVERFLOW pointer_deref_read
- INTEGER_OVERFLOW pointer_deref_write
- INTEGER_OVERFLOW return_value_error
- MISRA_CAST bitwise_op_bad_cast
- MISRA_CAST bitwise_op_no_cast
- MISRA_CAST float_complex_conversion
- MISRA_CAST float_narrowing_conversion
- MISRA_CAST float_non_constant_arg_conversion
- MISRA_CAST float_non_constant_conversion
- MISRA_CAST float_non_constant_rtn_conversion
- MISRA_CAST float_to_integer_cast
- MISRA_CAST float_to_integer_conversion
- MISRA_CAST float_widening_cast
- MISRA_CAST integer_complex_conversion
- MISRA_CAST integer_narrowing_conversion
- MISRA_CAST integer_non_constant_arg_conversion
- MISRA_CAST integer_non_constant_conversion
- MISRA_CAST integer_non_constant_rtn_conversion
- MISRA_CAST integer_signedness_changing_cast
- MISRA_CAST integer_signedness_changing_conversion
- MISRA_CAST integer_to_float_cast
- MISRA_CAST integer_to_float_conversion
- MISRA_CAST integer_widening_cast
- MISRA_CAST none
- NO_EFFECT bad_memset_truncated_fill
- OVERFLOW_BEFORE_WIDEN none
- PW.DIVIDE_BY_ZERO none
- PW.INTEGER_OVERFLOW none
- PW.INTEGER_TOO_LARGE none
- PW.SHIFT_COUNT_TOO_LARGE none
- SIGN_EXTENSION none
- SIZECHECK ampersand_in_size
- SIZECHECK improper_new
- SIZECHECK incorrect_multiplication
- SIZECHECK likely_overflow
- SIZECHECK none
- SIZEOF_MISMATCH sizeof_punning
- TAINTED_SCALAR divisor
- Y2K38_SAFETY declaration_with_small_time_t
- Y2K38_SAFETY truncation_of_time_t
|
- BAD_ALLOC_STRLEN none
- BAD_SIZEOF none
- BAD_SIZEOF sizeof_ptr_expr
- CHAR_IO none
- DIVIDE_BY_ZERO float_divisor
- DIVIDE_BY_ZERO none
- INTEGER_OVERFLOW array_index_read
- INTEGER_OVERFLOW array_index_write
- INTEGER_OVERFLOW const_overflow
- INTEGER_OVERFLOW critical_argument
- INTEGER_OVERFLOW none
- INTEGER_OVERFLOW pointer_deref_read
- INTEGER_OVERFLOW pointer_deref_write
- INTEGER_OVERFLOW return_value_error
- MISRA_CAST bitwise_op_bad_cast
- MISRA_CAST bitwise_op_no_cast
- MISRA_CAST float_complex_conversion
- MISRA_CAST float_narrowing_conversion
- MISRA_CAST float_non_constant_arg_conversion
- MISRA_CAST float_non_constant_conversion
- MISRA_CAST float_non_constant_rtn_conversion
- MISRA_CAST float_to_integer_cast
- MISRA_CAST float_to_integer_conversion
- MISRA_CAST float_widening_cast
- MISRA_CAST integer_complex_conversion
- MISRA_CAST integer_narrowing_conversion
- MISRA_CAST integer_non_constant_arg_conversion
- MISRA_CAST integer_non_constant_conversion
- MISRA_CAST integer_non_constant_rtn_conversion
- MISRA_CAST integer_signedness_changing_cast
- MISRA_CAST integer_signedness_changing_conversion
- MISRA_CAST integer_to_float_cast
- MISRA_CAST integer_to_float_conversion
- MISRA_CAST integer_widening_cast
- MISRA_CAST none
- NO_EFFECT bad_memset_truncated_fill
- OVERFLOW_BEFORE_WIDEN none
- PW.DIVIDE_BY_ZERO none
- PW.INTEGER_OVERFLOW none
- PW.INTEGER_TOO_LARGE none
- PW.SHIFT_COUNT_TOO_LARGE none
- SIGN_EXTENSION none
- SIZECHECK ampersand_in_size
- SIZECHECK improper_new
- SIZECHECK incorrect_multiplication
- SIZECHECK likely_overflow
- SIZECHECK none
- SIZEOF_MISMATCH sizeof_punning
- TAINTED_SCALAR divisor
|
- DIVIDE_BY_ZERO float_divisor
- DIVIDE_BY_ZERO none
|
- DIVIDE_BY_ZERO float_divisor
- DIVIDE_BY_ZERO none
- FB.BX_BOXING_IMMEDIATELY_UNBOXED_TO_PERFORM_COERCION none
- FB.ICAST_BAD_SHIFT_AMOUNT none
- FB.ICAST_IDIV_CAST_TO_DOUBLE none
- FB.ICAST_INTEGER_MULTIPLY_CAST_TO_LONG none
- FB.ICAST_INT_2_LONG_AS_INSTANT none
- FB.ICAST_INT_CAST_TO_DOUBLE_PASSED_TO_CEIL none
- FB.ICAST_INT_CAST_TO_FLOAT_PASSED_TO_ROUND none
- FB.ICAST_QUESTIONABLE_UNSIGNED_RIGHT_SHIFT none
- OVERFLOW_BEFORE_WIDEN none
|
|
|
- BAD_ALLOC_STRLEN none
- BAD_SIZEOF none
- BAD_SIZEOF sizeof_ptr_expr
- CHAR_IO none
- DIVIDE_BY_ZERO float_divisor
- DIVIDE_BY_ZERO none
- INTEGER_OVERFLOW array_index_read
- INTEGER_OVERFLOW array_index_write
- INTEGER_OVERFLOW const_overflow
- INTEGER_OVERFLOW critical_argument
- INTEGER_OVERFLOW none
- INTEGER_OVERFLOW pointer_deref_read
- INTEGER_OVERFLOW pointer_deref_write
- INTEGER_OVERFLOW return_value_error
- MISRA_CAST bitwise_op_bad_cast
- MISRA_CAST bitwise_op_no_cast
- MISRA_CAST float_complex_conversion
- MISRA_CAST float_narrowing_conversion
- MISRA_CAST float_non_constant_arg_conversion
- MISRA_CAST float_non_constant_conversion
- MISRA_CAST float_non_constant_rtn_conversion
- MISRA_CAST float_to_integer_cast
- MISRA_CAST float_to_integer_conversion
- MISRA_CAST float_widening_cast
- MISRA_CAST integer_complex_conversion
- MISRA_CAST integer_narrowing_conversion
- MISRA_CAST integer_non_constant_arg_conversion
- MISRA_CAST integer_non_constant_conversion
- MISRA_CAST integer_non_constant_rtn_conversion
- MISRA_CAST integer_signedness_changing_cast
- MISRA_CAST integer_signedness_changing_conversion
- MISRA_CAST integer_to_float_cast
- MISRA_CAST integer_to_float_conversion
- MISRA_CAST integer_widening_cast
- MISRA_CAST none
- NO_EFFECT bad_memset_truncated_fill
- OVERFLOW_BEFORE_WIDEN none
- SIGN_EXTENSION none
- SIZECHECK ampersand_in_size
- SIZECHECK improper_new
- SIZECHECK incorrect_multiplication
- SIZECHECK likely_overflow
- SIZECHECK none
- SIZEOF_MISMATCH sizeof_punning
- TAINTED_SCALAR divisor
|
|
|
- DIVIDE_BY_ZERO divide_by_zero_low
- DIVIDE_BY_ZERO divide_by_zero_med
|
- OVERFLOW_BEFORE_WIDEN none
|
|
|
- DIVIDE_BY_ZERO float_divisor
- DIVIDE_BY_ZERO none
|
| 1138 SEI CERT Oracle Secure Coding Standard for Java - Guidelines 04. Characters and Strings (STR) |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1139 SEI CERT Oracle Secure Coding Standard for Java - Guidelines 05. Object Orientation (OBJ) |
|
|
|
|
- FB.EI_EXPOSE_REP none
- FB.EI_EXPOSE_REP2 none
- FB.MS_CANNOT_BE_FINAL none
|
|
|
|
|
|
|
|
|
|
|
| 1140 SEI CERT Oracle Secure Coding Standard for Java - Guidelines 06. Methods (MET) |
- BAD_EQ referential
- CALL_SUPER none
- MISSING_RESTORE likely
- MISSING_RESTORE none
- MISSING_RESTORE possible
- SWAPPED_ARGUMENTS none
|
- BAD_COMPARE comparator_misuse
- BAD_COMPARE none
- BAD_COMPARE string_lit_comparison
- CHECKED_RETURN library_function
- CHECKED_RETURN none
- CHECKED_RETURN returns_error_info
- CHECKED_RETURN short_read
- CHECKED_RETURN unchecked_arg
- CHECKED_RETURN user_required
- CHROOT none
- COM.BSTR.ALLOC double_free
- INVALIDATE_ITERATOR none
- LOCK double_lock
- LOCK lock_assert
- MISSING_RESTORE likely
- MISSING_RESTORE none
- MISSING_RESTORE possible
- NEGATIVE_RETURNS critical_argument
- OPEN_ARGS none
- PRINTF_ARGS extra_printf_arg
- PRINTF_ARGS invalid_printf_format_string
- PRINTF_ARGS invalid_type_printf_arg
- PRINTF_ARGS missing_printf_arg
- PW.BAD_PRINTF_FORMAT_STRING none
- PW.TOO_FEW_PRINTF_ARGS none
- PW.TOO_MANY_PRINTF_ARGS none
- SWAPPED_ARGUMENTS none
- USE_AFTER_FREE double_free
- VARARGS none
|
- BAD_COMPARE comparator_misuse
- BAD_COMPARE none
- BAD_COMPARE string_lit_comparison
- CHECKED_RETURN library_function
- CHECKED_RETURN none
- CHECKED_RETURN returns_error_info
- CHECKED_RETURN short_read
- CHECKED_RETURN unchecked_arg
- CHECKED_RETURN user_required
- CHROOT none
- INVALIDATE_ITERATOR none
- LOCK double_lock
- LOCK lock_assert
- MISSING_RESTORE likely
- MISSING_RESTORE none
- MISSING_RESTORE possible
- NEGATIVE_RETURNS critical_argument
- OPEN_ARGS none
- PRINTF_ARGS extra_printf_arg
- PRINTF_ARGS invalid_printf_format_string
- PRINTF_ARGS invalid_type_printf_arg
- PRINTF_ARGS missing_printf_arg
- PW.BAD_PRINTF_FORMAT_STRING none
- PW.TOO_FEW_PRINTF_ARGS none
- PW.TOO_MANY_PRINTF_ARGS none
- SWAPPED_ARGUMENTS none
- USE_AFTER_FREE double_free
- VARARGS none
|
- CHECKED_RETURN none
- CHECKED_RETURN unchecked_arg
- LOCK double_lock
- LOCK lock_assert
|
- ATTRIBUTE_NAME_CONFLICT jsp_tag
- BAD_CERT_VERIFICATION bad_trust_manager
- CALL_SUPER clone
- CALL_SUPER finalize
- CALL_SUPER none
- CHECKED_RETURN library_function
- CHECKED_RETURN none
- CHECKED_RETURN short_read
- CHECKED_RETURN user_required
- CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
- FB.CN_IDIOM none
- FB.CN_IDIOM_NO_SUPER_CALL none
- FB.CN_IMPLEMENTS_CLONE_BUT_NOT_CLONEABLE none
- FB.EQ_ABSTRACT_SELF none
- FB.EQ_ALWAYS_FALSE none
- FB.EQ_ALWAYS_TRUE none
- FB.EQ_CHECK_FOR_OPERAND_NOT_COMPATIBLE_WITH_THIS none
- FB.EQ_COMPARETO_USE_OBJECT_EQUALS none
- FB.EQ_COMPARING_CLASS_NAMES none
- FB.EQ_DOESNT_OVERRIDE_EQUALS none
- FB.EQ_DONT_DEFINE_EQUALS_FOR_ENUM none
- FB.EQ_GETCLASS_AND_CLASS_CONSTANT none
- FB.EQ_OTHER_NO_OBJECT none
- FB.EQ_OTHER_USE_OBJECT none
- FB.EQ_OVERRIDING_EQUALS_NOT_SYMMETRIC none
- FB.EQ_SELF_NO_OBJECT none
- FB.EQ_SELF_USE_OBJECT none
- FB.EQ_UNUSUAL none
- FB.ES_COMPARING_PARAMETER_STRING_WITH_EQ none
- FB.ES_COMPARING_STRINGS_WITH_EQ none
- FB.FI_EMPTY none
- FB.FI_EXPLICIT_INVOCATION none
- FB.FI_FINALIZER_NULLS_FIELDS none
- FB.FI_FINALIZER_ONLY_NULLS_FIELDS none
- FB.FI_MISSING_SUPER_CALL none
- FB.FI_NULLIFY_SUPER none
- FB.FI_PUBLIC_SHOULD_BE_PROTECTED none
- FB.FI_USELESS none
- FB.J2EE_STORE_OF_NON_SERIALIZABLE_OBJECT_INTO_SESSION none
- FB.RE_BAD_SYNTAX_FOR_REGULAR_EXPRESSION none
- FB.RE_CANT_USE_FILE_SEPARATOR_AS_REGULAR_EXPRESSION none
- FB.RE_POSSIBLE_UNINTENDED_PATTERN none
- FB.RV_RETURN_VALUE_IGNORED_BAD_PRACTICE none
- HIBERNATE_BAD_HASHCODE bad_equals
- INSECURE_HTTP_FIREWALL spring_security
- INSECURE_REMEMBER_ME_COOKIE remember_me_cookie
- INVALIDATE_ITERATOR map_put
- INVALIDATE_ITERATOR none
- MISSING_RESTORE likely
- MISSING_RESTORE none
- MISSING_RESTORE possible
- ORM_LOAD_NULL_CHECK none
- REGEX_CONFUSION none
- SWAPPED_ARGUMENTS none
|
- CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_intent_whitelist
- CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_navigation_whitelist
- CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_network_request_whitelist
- CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
- EXPLICIT_THIS_EXPECTED none
- IDENTIFIER_TYPO none
- INSECURE_COOKIE client_sessions_express_session
- INSECURE_COOKIE hapi_server_session
- WEAK_URL_SANITIZATION hostname_regular_expression
- WEAK_URL_SANITIZATION regular_expression_anchor
|
- BAD_CERT_VERIFICATION bad_trust_manager
|
- BAD_COMPARE comparator_misuse
- BAD_COMPARE none
- BAD_COMPARE string_lit_comparison
- CHECKED_RETURN library_function
- CHECKED_RETURN none
- CHECKED_RETURN short_read
- CHECKED_RETURN unchecked_arg
- CHECKED_RETURN user_required
- CHROOT none
- INVALIDATE_ITERATOR none
- LOCK double_lock
- LOCK lock_assert
- MISSING_RESTORE likely
- MISSING_RESTORE none
- MISSING_RESTORE possible
- NEGATIVE_RETURNS critical_argument
- OPEN_ARGS none
- PRINTF_ARGS extra_printf_arg
- PRINTF_ARGS invalid_printf_format_string
- PRINTF_ARGS invalid_type_printf_arg
- PRINTF_ARGS missing_printf_arg
- SWAPPED_ARGUMENTS none
- USE_AFTER_FREE double_free
- VARARGS none
|
|
|
- BLACKLIST_FOR_AUTHN auth_blacklist_med
- BLACKLIST_FOR_AUTHN csrf_blacklist_med
- DYNAMIC_OBJECT_ATTRIBUTES dangerous_attr_accessible_hi
- DYNAMIC_OBJECT_ATTRIBUTES dangerous_attr_accessible_low
- DYNAMIC_OBJECT_ATTRIBUTES dangerous_attr_accessible_med
- DYNAMIC_OBJECT_ATTRIBUTES dangerous_permit_key_hi
- DYNAMIC_OBJECT_ATTRIBUTES dangerous_permit_key_med
- IDENTIFIER_TYPO none
- REGEX_MISSING_ANCHOR validation_regex_hi
|
|
- BAD_CERT_VERIFICATION bad_trust_manager
|
- CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_intent_whitelist
- CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_navigation_whitelist
- CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_network_request_whitelist
- CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
- EXPLICIT_THIS_EXPECTED none
- IDENTIFIER_TYPO none
- INSECURE_COOKIE client_sessions_express_session
- INSECURE_COOKIE hapi_server_session
- WEAK_URL_SANITIZATION hostname_regular_expression
- WEAK_URL_SANITIZATION regular_expression_anchor
|
- CALL_SUPER none
- SWAPPED_ARGUMENTS none
|
| 1141 SEI CERT Oracle Secure Coding Standard for Java - Guidelines 07. Exceptional Behavior (ERR) |
- CONFIG.MISSING_CUSTOM_ERROR_PAGE none
- MISSING_THROW none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
|
- AUTOSAR C++14 A15-3-3 none
- BAD_COMPARE comparator_misuse
- CHECKED_RETURN library_function
- CHECKED_RETURN none
- CHECKED_RETURN returns_error_info
- CHECKED_RETURN short_read
- CHECKED_RETURN unchecked_arg
- CHECKED_RETURN user_required
- DELETE_ARRAY non_array_delete
- DELETE_ARRAY none
- DELETE_ARRAY object
- DELETE_ARRAY scalar
- MISRA C++-2008 Rule 15-3-2 none
- NEGATIVE_RETURNS none
- REVERSE_NEGATIVE none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- TAINTED_SCALAR allocation
- TAINTED_SCALAR array_index_read
- TAINTED_SCALAR array_index_write
- TAINTED_SCALAR critical_argument
- TAINTED_SCALAR divisor
- TAINTED_SCALAR loop_bound
- TAINTED_SCALAR none
- TAINTED_SCALAR pointer_deref_read
- TAINTED_SCALAR pointer_deref_write
- UNCAUGHT_EXCEPT none
|
- AUTOSAR C++14 A15-3-3 none
- BAD_COMPARE comparator_misuse
- CHECKED_RETURN library_function
- CHECKED_RETURN none
- CHECKED_RETURN returns_error_info
- CHECKED_RETURN short_read
- CHECKED_RETURN unchecked_arg
- CHECKED_RETURN user_required
- DELETE_ARRAY non_array_delete
- DELETE_ARRAY none
- DELETE_ARRAY object
- DELETE_ARRAY scalar
- MISRA C++-2008 Rule 15-3-2 none
- NEGATIVE_RETURNS none
- REVERSE_NEGATIVE none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- TAINTED_SCALAR allocation
- TAINTED_SCALAR array_index_read
- TAINTED_SCALAR array_index_write
- TAINTED_SCALAR critical_argument
- TAINTED_SCALAR divisor
- TAINTED_SCALAR loop_bound
- TAINTED_SCALAR none
- TAINTED_SCALAR pointer_deref_read
- TAINTED_SCALAR pointer_deref_write
- UNCAUGHT_EXCEPT none
|
- CHECKED_RETURN none
- CHECKED_RETURN unchecked_arg
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
|
- CALL_SUPER finalize
- CHECKED_RETURN library_function
- CHECKED_RETURN none
- CHECKED_RETURN short_read
- CHECKED_RETURN user_required
- CONFIG.MISSING_GLOBAL_EXCEPTION_HANDLER none
- FB.DE_MIGHT_DROP none
- FB.DE_MIGHT_IGNORE none
- FB.DM_EXIT none
- FB.REC_CATCH_EXCEPTION none
- FB.RV_RETURN_VALUE_IGNORED_BAD_PRACTICE none
- MISSING_THROW none
- ORM_LOAD_NULL_CHECK none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- VERBOSE_ERROR_REPORTING exception_information
- VERBOSE_ERROR_REPORTING stack_trace
|
- CONFIG.MISSING_GLOBAL_EXCEPTION_HANDLER winston_exception_handling
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
|
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
|
- BAD_COMPARE comparator_misuse
- CHECKED_RETURN library_function
- CHECKED_RETURN none
- CHECKED_RETURN short_read
- CHECKED_RETURN unchecked_arg
- CHECKED_RETURN user_required
- DELETE_ARRAY non_array_delete
- DELETE_ARRAY none
- DELETE_ARRAY object
- DELETE_ARRAY scalar
- NEGATIVE_RETURNS none
- REVERSE_NEGATIVE none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- TAINTED_SCALAR allocation
- TAINTED_SCALAR array_index_read
- TAINTED_SCALAR array_index_write
- TAINTED_SCALAR critical_argument
- TAINTED_SCALAR divisor
- TAINTED_SCALAR loop_bound
- TAINTED_SCALAR none
- TAINTED_SCALAR pointer_deref_read
- TAINTED_SCALAR pointer_deref_write
- UNCAUGHT_EXCEPT none
|
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
|
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
|
- SENSITIVE_DATA_LEAK detailed_exceptions_hi
- SENSITIVE_DATA_LEAK detailed_exceptions_med
|
|
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- UNEXPECTED_CONTROL_FLOW ignored_exception_to_optional
|
- CONFIG.MISSING_GLOBAL_EXCEPTION_HANDLER winston_exception_handling
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
|
- CONFIG.MISSING_CUSTOM_ERROR_PAGE none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
|
| 1142 SEI CERT Oracle Secure Coding Standard for Java - Guidelines 08. Visibility and Atomicity (VNA) |
- BAD_LOCK_OBJECT boxed_lock
- BAD_LOCK_OBJECT interned_string_lock
- BAD_LOCK_OBJECT none
- BAD_LOCK_OBJECT single_thread_lock
- BAD_LOCK_OBJECT unsafe_assign_to_locked_field
- GUARDED_BY_VIOLATION none
- LOCK_EVASION none
- LOCK_INVERSION none
- NON_STATIC_GUARDING_STATIC none
- VOLATILE_ATOMICITY compare
- VOLATILE_ATOMICITY none
- VOLATILE_ATOMICITY semantic
- VOLATILE_ATOMICITY threshold
|
- ATOMICITY none
- LOCK double_lock
- LOCK missing_unlock
- LOCK none
- MISSING_LOCK none
- ORDER_REVERSAL none
- SLEEP none
- TOCTOU none
|
- ATOMICITY none
- LOCK double_lock
- LOCK missing_unlock
- LOCK none
- MISSING_LOCK none
- ORDER_REVERSAL none
- SLEEP none
- TOCTOU none
|
- ATOMICITY none
- GUARDED_BY_VIOLATION none
- LOCK double_lock
- LOCK missing_unlock
- LOCK none
- LOCK_INVERSION none
- SLEEP none
|
- ATOMICITY none
- BAD_LOCK_OBJECT boxed_lock
- BAD_LOCK_OBJECT interned_string_lock
- BAD_LOCK_OBJECT none
- BAD_LOCK_OBJECT single_thread_lock
- BAD_LOCK_OBJECT unsafe_assign_to_locked_field
- DC.DEADLOCK none
- FB.DC_DOUBLECHECK none
- FB.DC_PARTIALLY_CONSTRUCTED none
- FB.IS2_INCONSISTENT_SYNC none
- FB.IS_FIELD_NOT_GUARDED none
- FB.IS_INCONSISTENT_SYNC none
- FB.LI_LAZY_INIT_STATIC none
- FB.LI_LAZY_INIT_UPDATE_STATIC none
- FB.RU_INVOKE_RUN none
- FB.STCAL_INVOKE_ON_STATIC_CALENDAR_INSTANCE none
- FB.STCAL_INVOKE_ON_STATIC_DATE_FORMAT_INSTANCE none
- FB.STCAL_STATIC_CALENDAR_INSTANCE none
- FB.STCAL_STATIC_SIMPLE_DATE_FORMAT_INSTANCE none
- GUARDED_BY_VIOLATION none
- GUARDED_BY_VIOLATION unlocked_read
- GUARDED_BY_VIOLATION unlocked_write
- LOCK_EVASION none
- LOCK_INVERSION none
- NON_STATIC_GUARDING_STATIC none
- SERVLET_ATOMICITY attribute_init_race
- SERVLET_ATOMICITY none
- SERVLET_ATOMICITY violation_on_session_object
- SINGLETON_RACE none
- VOLATILE_ATOMICITY compare
- VOLATILE_ATOMICITY none
- VOLATILE_ATOMICITY semantic
- VOLATILE_ATOMICITY threshold
|
|
|
- ATOMICITY none
- LOCK double_lock
- LOCK missing_unlock
- LOCK none
- MISSING_LOCK none
- ORDER_REVERSAL none
- SLEEP none
- TOCTOU none
|
|
|
|
|
|
|
|
| 1143 SEI CERT Oracle Secure Coding Standard for Java - Guidelines 09. Locking (LCK) |
- BAD_LOCK_OBJECT boxed_lock
- BAD_LOCK_OBJECT interned_string_lock
- BAD_LOCK_OBJECT none
- BAD_LOCK_OBJECT single_thread_lock
- BAD_LOCK_OBJECT unsafe_assign_to_locked_field
- GUARDED_BY_VIOLATION none
- LOCK_EVASION none
- LOCK_INVERSION none
- NON_STATIC_GUARDING_STATIC none
|
- LOCK double_lock
- LOCK missing_unlock
- LOCK none
- MISSING_LOCK none
- ORDER_REVERSAL none
- SLEEP none
|
- LOCK double_lock
- LOCK missing_unlock
- LOCK none
- MISSING_LOCK none
- ORDER_REVERSAL none
- SLEEP none
|
- GUARDED_BY_VIOLATION none
- LOCK double_lock
- LOCK missing_unlock
- LOCK none
- LOCK_INVERSION none
- SLEEP none
|
- BAD_LOCK_OBJECT boxed_lock
- BAD_LOCK_OBJECT interned_string_lock
- BAD_LOCK_OBJECT none
- BAD_LOCK_OBJECT single_thread_lock
- BAD_LOCK_OBJECT unsafe_assign_to_locked_field
- DC.DEADLOCK none
- FB.DC_DOUBLECHECK none
- FB.DC_PARTIALLY_CONSTRUCTED none
- FB.LI_LAZY_INIT_STATIC none
- FB.LI_LAZY_INIT_UPDATE_STATIC none
- GUARDED_BY_VIOLATION none
- GUARDED_BY_VIOLATION unlocked_read
- GUARDED_BY_VIOLATION unlocked_write
- LOCK_EVASION none
- LOCK_INVERSION none
- NON_STATIC_GUARDING_STATIC none
- SERVLET_ATOMICITY attribute_init_race
- SERVLET_ATOMICITY none
- SERVLET_ATOMICITY violation_on_session_object
- SINGLETON_RACE none
|
|
|
- LOCK double_lock
- LOCK missing_unlock
- LOCK none
- MISSING_LOCK none
- ORDER_REVERSAL none
- SLEEP none
|
|
|
|
|
|
|
|
| 1144 SEI CERT Oracle Secure Coding Standard for Java - Guidelines 10. Thread APIs (THI) |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1145 SEI CERT Oracle Secure Coding Standard for Java - Guidelines 11. Thread Pools (TPS) |
- XML_EXTERNAL_ENTITY entity_expansion
- XML_EXTERNAL_ENTITY unrestricted_dtds
|
|
|
- XML_EXTERNAL_ENTITY entity_expansion
|
- XML_EXTERNAL_ENTITY entity_expansion
- XML_EXTERNAL_ENTITY unrestricted_dtds
|
- XML_EXTERNAL_ENTITY entity_expansion
|
- XML_EXTERNAL_ENTITY entity_expansion
- XML_EXTERNAL_ENTITY unrestricted_dtds
|
|
|
|
|
|
|
- XML_EXTERNAL_ENTITY entity_expansion
|
- XML_EXTERNAL_ENTITY entity_expansion
- XML_EXTERNAL_ENTITY unrestricted_dtds
|
| 1146 SEI CERT Oracle Secure Coding Standard for Java - Guidelines 12. Thread-Safety Miscellaneous (TSM) |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1147 SEI CERT Oracle Secure Coding Standard for Java - Guidelines 13. Input Output (FIO) |
- BAD_EQ referential
- HEADER_INJECTION none
- INSECURE_COOKIE dotnet
- LDAP_INJECTION none
- LDAP_NOT_CONSTANT none
- LOG_INJECTION none
- NOSQL_QUERY_INJECTION none
- OS_CMD_INJECTION command_argument
- OS_CMD_INJECTION executable_file
- OS_CMD_INJECTION none
- REGEX_INJECTION none
- RESOURCE_LEAK channel
- RESOURCE_LEAK database
- RESOURCE_LEAK exceptional_path
- RESOURCE_LEAK none
- RESOURCE_LEAK socket
- RESOURCE_LEAK stream
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- UNKNOWN_LANGUAGE_INJECTION none
- XML_EXTERNAL_ENTITY entity_expansion
- XML_EXTERNAL_ENTITY unrestricted_dtds
- XML_INJECTION none
- XPATH_INJECTION none
- XSS none
- XSS stored_xss
|
- ALLOC_FREE_MISMATCH none
- BAD_COMPARE string_lit_comparison
- BAD_FREE address
- BAD_FREE alloca
- BAD_FREE array
- BAD_FREE first_field_address
- BAD_FREE function_pointer
- BAD_FREE none
- BUFFER_SIZE no_null_terminator
- BUFFER_SIZE no_null_terminator_warn
- COM.ADDROF_LEAK none
- COM.BAD_FREE none
- COM.BSTR.ALLOC leak
- CTOR_DTOR_LEAK none
- DELETE_ARRAY non_array_delete
- DELETE_ARRAY none
- DELETE_ARRAY object
- DELETE_ARRAY scalar
- FORMAT_STRING_INJECTION none
- FORMAT_STRING_INJECTION paranoid
- HEADER_INJECTION none
- NO_EFFECT incomplete_delete
- OS_CMD_INJECTION none
- PW.NON_CONST_PRINTF_FORMAT_STRING none
- READLINK none
- RESOURCE_LEAK exceptional_path
- RESOURCE_LEAK fds_handles
- RESOURCE_LEAK none
- SECURE_TEMP none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SIZECHECK no_null_terminator
- SQLI none
- STRING_NULL none
- TAINTED_SCALAR allocation
- TAINTED_SCALAR array_index_read
- TAINTED_SCALAR array_index_write
- TAINTED_SCALAR critical_argument
- TAINTED_SCALAR divisor
- TAINTED_SCALAR loop_bound
- TAINTED_SCALAR none
- TAINTED_SCALAR pointer_deref_read
- TAINTED_SCALAR pointer_deref_write
- UNCAUGHT_EXCEPT none
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- URL_MANIPULATION none
- VIRTUAL_DTOR empty_dtor
- VIRTUAL_DTOR none
- XPATH_INJECTION none
|
- ALLOC_FREE_MISMATCH none
- BAD_COMPARE string_lit_comparison
- BAD_FREE address
- BAD_FREE alloca
- BAD_FREE array
- BAD_FREE first_field_address
- BAD_FREE function_pointer
- BAD_FREE none
- BUFFER_SIZE no_null_terminator
- BUFFER_SIZE no_null_terminator_warn
- CTOR_DTOR_LEAK none
- DELETE_ARRAY non_array_delete
- DELETE_ARRAY none
- DELETE_ARRAY object
- DELETE_ARRAY scalar
- FORMAT_STRING_INJECTION none
- FORMAT_STRING_INJECTION paranoid
- HEADER_INJECTION none
- NO_EFFECT incomplete_delete
- OS_CMD_INJECTION none
- PW.NON_CONST_PRINTF_FORMAT_STRING none
- READLINK none
- RESOURCE_LEAK exceptional_path
- RESOURCE_LEAK fds_handles
- RESOURCE_LEAK none
- SECURE_TEMP none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SIZECHECK no_null_terminator
- SQLI none
- STRING_NULL none
- TAINTED_SCALAR allocation
- TAINTED_SCALAR array_index_read
- TAINTED_SCALAR array_index_write
- TAINTED_SCALAR critical_argument
- TAINTED_SCALAR divisor
- TAINTED_SCALAR loop_bound
- TAINTED_SCALAR none
- TAINTED_SCALAR pointer_deref_read
- TAINTED_SCALAR pointer_deref_write
- UNCAUGHT_EXCEPT none
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- URL_MANIPULATION none
- VIRTUAL_DTOR empty_dtor
- VIRTUAL_DTOR none
- XPATH_INJECTION none
|
- HEADER_INJECTION none
- NOSQL_QUERY_INJECTION none
- OS_CMD_INJECTION command_as_one_string
- OS_CMD_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
- TEMPLATE_INJECTION none
- URL_MANIPULATION none
- XML_EXTERNAL_ENTITY entity_expansion
- XSS none
|
- BAD_CERT_VERIFICATION bad_revocation_check
- CALL_SUPER finalize
- CONFIG.MYBATIS_MAPPER_SQLI none
- CONFIG.SPRING_BOOT_SENSITIVE_LOGGING spring_boot_logging
- CONFIG.SPRING_BOOT_SSL_DISABLED spring_boot_ssl_disabled
- CONFIG.SPRING_SECURITY_DEPRECATED_XSS_HEADER deprecated_xss_header
- CONFIG.SPRING_SECURITY_EXPOSED_SESSIONID session_id_in_url
- CONFIG.SPRING_SECURITY_LOGIN_OVER_HTTP spring_security_login_over_http
- CONFIG.SPRING_SECURITY_UNSAFE_AUTHENTICATION_FILTER authentication_filter
- CORS_MISCONFIGURATION_AUDIT cors_expose_sensitive_header
- CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
- DISABLED_ENCRYPTION text_encryptor
- EL_INJECTION none
- FB.DM_EXIT none
- FB.EQ_ABSTRACT_SELF none
- FB.EQ_ALWAYS_FALSE none
- FB.EQ_ALWAYS_TRUE none
- FB.EQ_CHECK_FOR_OPERAND_NOT_COMPATIBLE_WITH_THIS none
- FB.EQ_COMPARETO_USE_OBJECT_EQUALS none
- FB.EQ_COMPARING_CLASS_NAMES none
- FB.EQ_DOESNT_OVERRIDE_EQUALS none
- FB.EQ_DONT_DEFINE_EQUALS_FOR_ENUM none
- FB.EQ_GETCLASS_AND_CLASS_CONSTANT none
- FB.EQ_OTHER_NO_OBJECT none
- FB.EQ_OTHER_USE_OBJECT none
- FB.EQ_OVERRIDING_EQUALS_NOT_SYMMETRIC none
- FB.EQ_SELF_NO_OBJECT none
- FB.EQ_SELF_USE_OBJECT none
- FB.EQ_UNUSUAL none
- FB.ES_COMPARING_PARAMETER_STRING_WITH_EQ none
- FB.ES_COMPARING_STRINGS_WITH_EQ none
- FB.HRS_REQUEST_PARAMETER_TO_COOKIE none
- FB.HRS_REQUEST_PARAMETER_TO_HTTP_HEADER none
- FB.REC_CATCH_EXCEPTION none
- FB.RE_BAD_SYNTAX_FOR_REGULAR_EXPRESSION none
- FB.RE_CANT_USE_FILE_SEPARATOR_AS_REGULAR_EXPRESSION none
- FB.RE_POSSIBLE_UNINTENDED_PATTERN none
- FB.SQL_NONCONSTANT_STRING_PASSED_TO_EXECUTE none
- FB.SQL_PREPARED_STATEMENT_GENERATED_FROM_NONCONSTANT_STRING none
- FB.XSS_REQUEST_PARAMETER_TO_JSP_WRITER none
- FB.XSS_REQUEST_PARAMETER_TO_SEND_ERROR none
- FB.XSS_REQUEST_PARAMETER_TO_SERVLET_WRITER none
- HEADER_INJECTION none
- HIBERNATE_BAD_HASHCODE bad_equals
- INSECURE_COMMUNICATION insecure_communication
- INSECURE_COMMUNICATION unencrypted_connection
- INSECURE_HTTP_FIREWALL spring_security
- INSECURE_REMEMBER_ME_COOKIE remember_me_cookie
- JAVA_CODE_INJECTION none
- JCR_INJECTION none
- JSP_DYNAMIC_INCLUDE none
- JSP_SQL_INJECTION none
- LDAP_INJECTION none
- LDAP_NOT_CONSTANT none
- LOG_INJECTION none
- MISSING_HEADER_VALIDATION missing_header_validation
- NOSQL_QUERY_INJECTION none
- OGNL_INJECTION none
- OS_CMD_INJECTION command_as_array_of_args
- OS_CMD_INJECTION command_as_one_string
- OS_CMD_INJECTION none
- REGEX_CONFUSION none
- REGEX_INJECTION none
- RESOURCE_LEAK exceptional_path
- RESOURCE_LEAK none
- RESOURCE_LEAK socket
- RESOURCE_LEAK stream
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_clipboard
- SENSITIVE_DATA_LEAK cleartext_storage_in_content_provider
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_intent
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- UNKNOWN_LANGUAGE_INJECTION none
- URL_MANIPULATION bad_content_uri
- URL_MANIPULATION bad_intent_uri
- URL_MANIPULATION bad_web_uri
- VERBOSE_ERROR_REPORTING exception_information
- VERBOSE_ERROR_REPORTING stack_trace
- XML_EXTERNAL_ENTITY entity_expansion
- XML_EXTERNAL_ENTITY unrestricted_dtds
- XML_INJECTION none
- XPATH_INJECTION none
- XSS none
- XSS stored_xss
|
- ANGULAR_BYPASS_SECURITY none
- ANGULAR_ELEMENT_REFERENCE none
- ANGULAR_EXPRESSION_INJECTION none
- ANGULAR_SCE_DISABLED angular_sce_disabled
- AWS_SSL_DISABLED aws_ssl_disabled
- CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_intent_whitelist
- CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_navigation_whitelist
- CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_network_request_whitelist
- CONFIG.SEQUELIZE_ENABLED_LOGGING sequelize_logging_enabled
- CORS_MISCONFIGURATION cors_configured_globally
- CORS_MISCONFIGURATION cors_origin_string
- CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
- CORS_MISCONFIGURATION_AUDIT cors_expose_sensitive_header
- CORS_MISCONFIGURATION_AUDIT cors_origin_string
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
- CSS_INJECTION none
- DOM_XSS none
- EXPRESS_SESSION_UNSAFE_MEMORYSTORE express_session_unsafe_memorystore
- EXPRESS_WINSTON_SENSITIVE_LOGGING error_logger
- EXPRESS_WINSTON_SENSITIVE_LOGGING meta_data
- EXPRESS_WINSTON_SENSITIVE_LOGGING request_logger
- HEADER_INJECTION none
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_report_uri
- INSECURE_ACL insecure_acl
- INSECURE_COMMUNICATION insecure_connection
- INSECURE_COOKIE client_sessions_express_session
- INSECURE_COOKIE hapi_server_session
- INSECURE_REFERRER_POLICY insecure_referrer_policy
- LOCALSTORAGE_MANIPULATION none
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_count
- MULTER_MISCONFIGURATION multer_misconfiguration_of_limits
- NOSQL_QUERY_INJECTION none
- OS_CMD_INJECTION none
- REACT_DANGEROUS_INNERHTML react_set_unsafe_html
- REGEX_INJECTION none
- REVERSE_TABNABBING react_target_blank
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SESSIONSTORAGE_MANIPULATION none
- SQLI none
- SQLI nosink
- SQLI sink
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
- TEMPLATE_INJECTION none
- UNSAFE_BUFFER_METHOD unsafe_buffer_method
- URL_MANIPULATION none
- VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
- WEAK_URL_SANITIZATION hostname_regular_expression
- WEAK_URL_SANITIZATION regular_expression_anchor
- XML_EXTERNAL_ENTITY entity_expansion
- XSS none
|
- BAD_CERT_VERIFICATION bad_revocation_check
- HEADER_INJECTION none
- OS_CMD_INJECTION command_as_array_of_args
- OS_CMD_INJECTION command_as_one_string
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_clipboard
- SENSITIVE_DATA_LEAK cleartext_storage_in_content_provider
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_intent
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- URL_MANIPULATION bad_content_uri
- URL_MANIPULATION bad_intent_uri
- URL_MANIPULATION bad_web_uri
- XML_EXTERNAL_ENTITY entity_expansion
- XML_EXTERNAL_ENTITY unrestricted_dtds
|
- ALLOC_FREE_MISMATCH none
- BAD_COMPARE string_lit_comparison
- BAD_FREE address
- BAD_FREE alloca
- BAD_FREE array
- BAD_FREE first_field_address
- BAD_FREE function_pointer
- BAD_FREE none
- BUFFER_SIZE no_null_terminator
- BUFFER_SIZE no_null_terminator_warn
- CTOR_DTOR_LEAK none
- DELETE_ARRAY non_array_delete
- DELETE_ARRAY none
- DELETE_ARRAY object
- DELETE_ARRAY scalar
- FORMAT_STRING_INJECTION none
- FORMAT_STRING_INJECTION paranoid
- HEADER_INJECTION none
- NO_EFFECT incomplete_delete
- OS_CMD_INJECTION none
- READLINK none
- RESOURCE_LEAK exceptional_path
- RESOURCE_LEAK fds_handles
- RESOURCE_LEAK none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SIZECHECK no_null_terminator
- SQLI none
- STRING_NULL none
- TAINTED_SCALAR allocation
- TAINTED_SCALAR array_index_read
- TAINTED_SCALAR array_index_write
- TAINTED_SCALAR critical_argument
- TAINTED_SCALAR divisor
- TAINTED_SCALAR loop_bound
- TAINTED_SCALAR none
- TAINTED_SCALAR pointer_deref_read
- TAINTED_SCALAR pointer_deref_write
- UNCAUGHT_EXCEPT none
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- URL_MANIPULATION none
- VIRTUAL_DTOR empty_dtor
- VIRTUAL_DTOR none
- XPATH_INJECTION none
|
- HEADER_INJECTION none
- NOSQL_QUERY_INJECTION none
- OS_CMD_INJECTION none
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- SYMFONY_EL_INJECTION none
- XSS none
|
- NOSQL_QUERY_INJECTION none
- OS_CMD_INJECTION none
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- XSS none
|
- BLACKLIST_FOR_AUTHN auth_blacklist_med
- BLACKLIST_FOR_AUTHN csrf_blacklist_med
- DYNAMIC_OBJECT_ATTRIBUTES cve_2013_0276_hi
- DYNAMIC_OBJECT_ATTRIBUTES dangerous_attr_accessible_hi
- DYNAMIC_OBJECT_ATTRIBUTES dangerous_attr_accessible_low
- DYNAMIC_OBJECT_ATTRIBUTES dangerous_attr_accessible_med
- DYNAMIC_OBJECT_ATTRIBUTES dangerous_permit_key_hi
- DYNAMIC_OBJECT_ATTRIBUTES dangerous_permit_key_med
- INSECURE_COOKIE missing_httponly_low
- OS_CMD_INJECTION command_injection_hi
- OS_CMD_INJECTION command_injection_med
- PATH_MANIPULATION dynamic_render_path_rce_hi
- RAILS_DEVISE_CONFIG devise_reset_timeout_hi
- REGEX_INJECTION regex_dos_hi
- REGEX_INJECTION regex_dos_low
- REGEX_INJECTION regex_dos_med
- REGEX_MISSING_ANCHOR validation_regex_hi
- RESOURCE_LEAK unsafe_symbol_creation_low
- RUBY_VULNERABLE_LIBRARY cve_2010_3933_hi
- RUBY_VULNERABLE_LIBRARY cve_2011_2930_med
- RUBY_VULNERABLE_LIBRARY cve_2011_2931_hi
- RUBY_VULNERABLE_LIBRARY cve_2011_2932_hi
- RUBY_VULNERABLE_LIBRARY cve_2011_3186_med
- RUBY_VULNERABLE_LIBRARY cve_2012_2660_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_2661_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_2695_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_3463_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_3465_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_5664_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_0155_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_1855_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_1857_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_4491_med
- RUBY_VULNERABLE_LIBRARY cve_2013_6416_call_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_6416_med
- RUBY_VULNERABLE_LIBRARY cve_2013_6417_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_0080_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_0081_call_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_0081_med
- RUBY_VULNERABLE_LIBRARY cve_2014_3482_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_3483_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_low
- RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_med
- RUBY_VULNERABLE_LIBRARY cve_2014_3514_med
- RUBY_VULNERABLE_LIBRARY cve_2015_3226_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_3226_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7577_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7578_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_7578_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7579_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_7579_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7580_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_7580_med
- RUBY_VULNERABLE_LIBRARY cve_2016_6317_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_3741_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_3741_med
- RUBY_VULNERABLE_LIBRARY cve_2018_8048_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_8048_med
- RUBY_VULNERABLE_LIBRARY safe_buffer_vuln_med
- RUBY_VULNERABLE_LIBRARY select_options_vuln_low
- RUBY_VULNERABLE_LIBRARY select_options_vuln_med
- RUBY_VULNERABLE_LIBRARY translate_vuln_hi
- RUBY_VULNERABLE_LIBRARY translate_vuln_med
- SCRIPT_CODE_INJECTION code_eval_hi
- SCRIPT_CODE_INJECTION code_eval_low
- SENSITIVE_DATA_LEAK detailed_exceptions_hi
- SENSITIVE_DATA_LEAK detailed_exceptions_med
- SENSITIVE_DATA_LEAK local_request_config_hi
- SQLI sql_injection_calculate_hi
- SQLI sql_injection_calculate_low
- SQLI sql_injection_calculate_med
- SQLI sql_injection_connection_hi
- SQLI sql_injection_connection_low
- SQLI sql_injection_connection_med
- SQLI sql_injection_delete_hi
- SQLI sql_injection_delete_low
- SQLI sql_injection_delete_med
- SQLI sql_injection_dynamic_finder_med
- SQLI sql_injection_exists_hi
- SQLI sql_injection_find_by_hi
- SQLI sql_injection_find_hi
- SQLI sql_injection_find_low
- SQLI sql_injection_find_med
- SQLI sql_injection_from_hi
- SQLI sql_injection_from_low
- SQLI sql_injection_from_med
- SQLI sql_injection_group_low
- SQLI sql_injection_group_med
- SQLI sql_injection_having_low
- SQLI sql_injection_having_med
- SQLI sql_injection_hi
- SQLI sql_injection_interp_hi
- SQLI sql_injection_interp_low
- SQLI sql_injection_interp_med
- SQLI sql_injection_joins_hi
- SQLI sql_injection_joins_low
- SQLI sql_injection_joins_med
- SQLI sql_injection_limit_offset_hi
- SQLI sql_injection_limit_offset_low
- SQLI sql_injection_low
- SQLI sql_injection_med
- SQLI sql_injection_not_low
- SQLI sql_injection_order_hi
- SQLI sql_injection_order_low
- SQLI sql_injection_order_med
- SQLI sql_injection_pluck_hi
- SQLI sql_injection_pluck_low
- SQLI sql_injection_pluck_med
- SQLI sql_injection_reorder_hi
- SQLI sql_injection_reorder_low
- SQLI sql_injection_reorder_med
- SQLI sql_injection_select_hi
- SQLI sql_injection_select_med
- SQLI sql_injection_where_hi
- SQLI sql_injection_where_low
- SQLI sql_injection_where_med
- UNESCAPED_HTML unescaped_output_low
- UNSAFE_SESSION_SETTING http_cookies_hi
- XSS cross_site_scripting_hi
- XSS cross_site_scripting_inline_hi
- XSS cross_site_scripting_inline_med
- XSS cross_site_scripting_low
- XSS cross_site_scripting_med
- XSS cve_2011_0446_hi
- XSS cve_2012_3464_med
- XSS cve_2016_6316_hi
- XSS cve_2016_6316_med
- XSS unquoted_attribute_hi
- XSS unquoted_attribute_low
- XSS unquoted_attribute_med
- XSS xss_content_tag_hi
- XSS xss_content_tag_med
- XSS xss_link_to_hi
- XSS xss_link_to_href_hi
- XSS xss_link_to_href_low
- XSS xss_link_to_med
- XSS xss_to_json_hi
- XSS xss_to_json_med
|
|
- REGEX_INJECTION none
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- XPATH_INJECTION none
|
- ANGULAR_BYPASS_SECURITY none
- ANGULAR_ELEMENT_REFERENCE none
- ANGULAR_EXPRESSION_INJECTION none
- ANGULAR_SCE_DISABLED angular_sce_disabled
- AWS_SSL_DISABLED aws_ssl_disabled
- CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_intent_whitelist
- CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_navigation_whitelist
- CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_network_request_whitelist
- CONFIG.SEQUELIZE_ENABLED_LOGGING sequelize_logging_enabled
- CORS_MISCONFIGURATION cors_configured_globally
- CORS_MISCONFIGURATION cors_origin_string
- CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
- CORS_MISCONFIGURATION_AUDIT cors_expose_sensitive_header
- CORS_MISCONFIGURATION_AUDIT cors_origin_string
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
- CSS_INJECTION none
- DOM_XSS none
- EXPRESS_SESSION_UNSAFE_MEMORYSTORE express_session_unsafe_memorystore
- EXPRESS_WINSTON_SENSITIVE_LOGGING error_logger
- EXPRESS_WINSTON_SENSITIVE_LOGGING meta_data
- EXPRESS_WINSTON_SENSITIVE_LOGGING request_logger
- HEADER_INJECTION none
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_report_uri
- INSECURE_ACL insecure_acl
- INSECURE_COMMUNICATION insecure_connection
- INSECURE_COOKIE client_sessions_express_session
- INSECURE_COOKIE hapi_server_session
- INSECURE_REFERRER_POLICY insecure_referrer_policy
- LOCALSTORAGE_MANIPULATION none
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_count
- MULTER_MISCONFIGURATION multer_misconfiguration_of_limits
- NOSQL_QUERY_INJECTION none
- OS_CMD_INJECTION none
- REACT_DANGEROUS_INNERHTML react_set_unsafe_html
- REGEX_INJECTION none
- REVERSE_TABNABBING react_target_blank
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SESSIONSTORAGE_MANIPULATION none
- SQLI none
- SQLI nosink
- SQLI sink
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
- TEMPLATE_INJECTION none
- UNSAFE_BUFFER_METHOD unsafe_buffer_method
- URL_MANIPULATION none
- VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
- WEAK_URL_SANITIZATION hostname_regular_expression
- WEAK_URL_SANITIZATION regular_expression_anchor
- XML_EXTERNAL_ENTITY entity_expansion
- XSS none
|
- HEADER_INJECTION none
- LDAP_INJECTION none
- LDAP_NOT_CONSTANT none
- LOG_INJECTION none
- OS_CMD_INJECTION command_argument
- OS_CMD_INJECTION executable_file
- OS_CMD_INJECTION none
- REGEX_INJECTION none
- RESOURCE_LEAK channel
- RESOURCE_LEAK database
- RESOURCE_LEAK exceptional_path
- RESOURCE_LEAK none
- RESOURCE_LEAK socket
- RESOURCE_LEAK stream
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
- XML_EXTERNAL_ENTITY entity_expansion
- XML_EXTERNAL_ENTITY unrestricted_dtds
- XML_INJECTION none
- XPATH_INJECTION none
- XSS none
- XSS stored_xss
|
| 1148 SEI CERT Oracle Secure Coding Standard for Java - Guidelines 14. Serialization (SER) |
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- UNSAFE_DESERIALIZATION none
|
- COM.ADDROF_LEAK none
- COM.BSTR.ALLOC leak
- CTOR_DTOR_LEAK none
- NO_EFFECT incomplete_delete
- RESOURCE_LEAK fds_handles
- SENSITIVE_DATA_LEAK cleartext_transmission
- STACK_USE none
- TAINTED_SCALAR allocation
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- VIRTUAL_DTOR empty_dtor
- VIRTUAL_DTOR none
|
- CTOR_DTOR_LEAK none
- NO_EFFECT incomplete_delete
- RESOURCE_LEAK fds_handles
- SENSITIVE_DATA_LEAK cleartext_transmission
- STACK_USE none
- TAINTED_SCALAR allocation
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- VIRTUAL_DTOR empty_dtor
- VIRTUAL_DTOR none
|
- DISTRUSTED_DATA_DESERIALIZATION none
- SENSITIVE_DATA_LEAK cleartext_transmission
|
- CONFIG.SPRING_SECURITY_LOGIN_OVER_HTTP spring_security_login_over_http
- DISABLED_ENCRYPTION text_encryptor
- INSECURE_COMMUNICATION insecure_communication
- INSECURE_COMMUNICATION none
- INSECURE_COMMUNICATION unencrypted_connection
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- UNLIMITED_CONCURRENT_SESSIONS unlimited_concurrent_sessions
- UNSAFE_DESERIALIZATION none
|
- AWS_SSL_DISABLED aws_ssl_disabled
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_fields
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_filesize
- CONFIG.CORDOVA_EXCESSIVE_LOGGING cordova
- CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
- CONFIG.SOCKETIO_MAXHTTPBUFFERSIZE_SET_TOO_LARGE socketio_max_buffer_size
- CONFIG.SOCKETIO_ORIGINS_ACCEPT_ALL socketio_all_origins
- EXPRESS_SESSION_UNSAFE_MEMORYSTORE express_session_unsafe_memorystore
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_fields
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_filesize
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_use_temp_files
- INSECURE_COMMUNICATION insecure_connection
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_count
- MULTER_MISCONFIGURATION multer_misconfiguration_of_limits
- MULTER_MISCONFIGURATION multer_misconfiguration_of_storage
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNSAFE_DESERIALIZATION none
|
- INSECURE_COMMUNICATION none
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- UNSAFE_DESERIALIZATION none
|
- CTOR_DTOR_LEAK none
- NO_EFFECT incomplete_delete
- RESOURCE_LEAK fds_handles
- SENSITIVE_DATA_LEAK cleartext_transmission
- STACK_USE none
- TAINTED_SCALAR allocation
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- VIRTUAL_DTOR empty_dtor
- VIRTUAL_DTOR none
|
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNSAFE_DESERIALIZATION none
|
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNSAFE_DESERIALIZATION none
|
- COOKIE_SERIALIZER_CONFIG unsafe_cookie_serialization_med
- RAILS_DEFAULT_ROUTES cve_2014_0130_hi
- RAILS_DEFAULT_ROUTES cve_2014_0130_med
- RESOURCE_LEAK unsafe_symbol_creation_low
- RUBY_VULNERABLE_LIBRARY cve_2012_3424_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_3424_low
- RUBY_VULNERABLE_LIBRARY cve_2013_0156_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_0269_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_0269_low
- RUBY_VULNERABLE_LIBRARY cve_2013_0269_med
- RUBY_VULNERABLE_LIBRARY cve_2013_0277_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_0277_med
- RUBY_VULNERABLE_LIBRARY cve_2013_0333_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_1854_med
- RUBY_VULNERABLE_LIBRARY cve_2013_6414_med
- RUBY_VULNERABLE_LIBRARY cve_2014_0082_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_3227_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7581_med
- RUBY_VULNERABLE_LIBRARY cve_2016_0751_med
- STRICT_TRANSPORT_SECURITY force_ssl_disabled_med
- UNSAFE_DESERIALIZATION unsafe_deserialize_hi
- UNSAFE_DESERIALIZATION unsafe_deserialize_med
|
|
- CONFIG.ATS_INSECURE none
- INSECURE_COMMUNICATION none
- INSECURE_MULTIPEER_CONNECTION none
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
|
- AWS_SSL_DISABLED aws_ssl_disabled
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_fields
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_filesize
- CONFIG.CORDOVA_EXCESSIVE_LOGGING cordova
- CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
- CONFIG.SOCKETIO_MAXHTTPBUFFERSIZE_SET_TOO_LARGE socketio_max_buffer_size
- CONFIG.SOCKETIO_ORIGINS_ACCEPT_ALL socketio_all_origins
- EXPRESS_SESSION_UNSAFE_MEMORYSTORE express_session_unsafe_memorystore
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_fields
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_filesize
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_use_temp_files
- INSECURE_COMMUNICATION insecure_connection
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_count
- MULTER_MISCONFIGURATION multer_misconfiguration_of_limits
- MULTER_MISCONFIGURATION multer_misconfiguration_of_storage
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNSAFE_DESERIALIZATION none
|
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNSAFE_DESERIALIZATION none
|
| 1149 SEI CERT Oracle Secure Coding Standard for Java - Guidelines 15. Platform Security (SEC) |
|
|
|
|
|
- INSECURE_ACL insecure_acl
- INSECURE_COOKIE client_sessions_express_session
- INSECURE_COOKIE hapi_server_session
|
|
|
|
|
- INSECURE_COOKIE missing_httponly_low
- UNSAFE_SESSION_SETTING http_cookies_hi
|
|
|
- INSECURE_ACL insecure_acl
- INSECURE_COOKIE client_sessions_express_session
- INSECURE_COOKIE hapi_server_session
|
|
| 1150 SEI CERT Oracle Secure Coding Standard for Java - Guidelines 16. Runtime Environment (ENV) |
|
|
|
|
|
- INSECURE_ACL insecure_acl
- INSECURE_COOKIE client_sessions_express_session
- INSECURE_COOKIE hapi_server_session
|
|
|
|
|
- INSECURE_COOKIE missing_httponly_low
- UNSAFE_SESSION_SETTING http_cookies_hi
|
|
|
- INSECURE_ACL insecure_acl
- INSECURE_COOKIE client_sessions_express_session
- INSECURE_COOKIE hapi_server_session
|
|
| 1151 SEI CERT Oracle Secure Coding Standard for Java - Guidelines 17. Java Native Interface (JNI) |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1152 SEI CERT Oracle Secure Coding Standard for Java - Guidelines 49. Miscellaneous (MSC) |
- CONFIG.CONNECTION_STRING_PASSWORD none
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- INSECURE_COOKIE dotnet
- INSECURE_RANDOM insecure_random_used
- INSECURE_RANDOM insecure_random_value
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
|
- COM.ADDROF_LEAK none
- COM.BSTR.ALLOC leak
- CTOR_DTOR_LEAK none
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- NO_EFFECT incomplete_delete
- RESOURCE_LEAK fds_handles
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- STACK_USE none
- TAINTED_SCALAR allocation
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- VIRTUAL_DTOR empty_dtor
- VIRTUAL_DTOR none
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
|
- CTOR_DTOR_LEAK none
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- NO_EFFECT incomplete_delete
- RESOURCE_LEAK fds_handles
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- STACK_USE none
- TAINTED_SCALAR allocation
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- VIRTUAL_DTOR empty_dtor
- VIRTUAL_DTOR none
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
|
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
|
- CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
- CONFIG.SPRING_BOOT_SSL_DISABLED spring_boot_ssl_disabled
- CONFIG.SPRING_SECURITY_HARDCODED_CREDENTIALS none
- CONFIG.SPRING_SECURITY_LOGIN_OVER_HTTP spring_security_login_over_http
- CONFIG.SPRING_SECURITY_REMEMBER_ME_HARDCODED_KEY none
- CONFIG.SPRING_SECURITY_WEAK_PASSWORD_HASH weak_encoding_for_password
- DISABLED_ENCRYPTION text_encryptor
- FB.DMI_CONSTANT_DB_PASSWORD none
- FB.DMI_EMPTY_DB_PASSWORD none
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- INSECURE_COMMUNICATION insecure_communication
- INSECURE_COMMUNICATION none
- INSECURE_COMMUNICATION unencrypted_connection
- INSECURE_COOKIE java
- INSECURE_RANDOM insecure_random_used
- INSECURE_RANDOM insecure_random_value
- INSECURE_REMEMBER_ME_COOKIE remember_me_cookie
- MOBILE_ID_MISUSE none
- PREDICTABLE_RANDOM_SEED random_seed
- PREDICTABLE_RANDOM_SEED secure_random_seed_const
- PREDICTABLE_RANDOM_SEED secure_random_seed_sys_time
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- UNLIMITED_CONCURRENT_SESSIONS unlimited_concurrent_sessions
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
|
- AWS_SSL_DISABLED aws_ssl_disabled
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_fields
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_filesize
- CONFIG.CORDOVA_EXCESSIVE_LOGGING cordova
- CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
- CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
- CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
- CONFIG.SOCKETIO_MAXHTTPBUFFERSIZE_SET_TOO_LARGE socketio_max_buffer_size
- CONFIG.SOCKETIO_ORIGINS_ACCEPT_ALL socketio_all_origins
- EXPRESS_SESSION_UNSAFE_MEMORYSTORE express_session_unsafe_memorystore
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_fields
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_filesize
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_use_temp_files
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- INSECURE_COMMUNICATION insecure_connection
- INSECURE_COOKIE client_sessions_express_session
- INSECURE_COOKIE hapi_server_session
- INSECURE_RANDOM insecure_random_used
- INSECURE_RANDOM insecure_random_value
- INSECURE_SALT hardcoded
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_count
- MULTER_MISCONFIGURATION multer_misconfiguration_of_limits
- MULTER_MISCONFIGURATION multer_misconfiguration_of_storage
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO insecure_cipher
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SA.RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
|
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- INSECURE_COMMUNICATION none
- INSECURE_RANDOM insecure_random_used
- INSECURE_RANDOM insecure_random_value
- MOBILE_ID_MISUSE none
- PREDICTABLE_RANDOM_SEED random_seed
- PREDICTABLE_RANDOM_SEED secure_random_seed_const
- PREDICTABLE_RANDOM_SEED secure_random_seed_sys_time
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
|
- CTOR_DTOR_LEAK none
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- NO_EFFECT incomplete_delete
- RESOURCE_LEAK fds_handles
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- STACK_USE none
- TAINTED_SCALAR allocation
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- VIRTUAL_DTOR empty_dtor
- VIRTUAL_DTOR none
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
|
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
|
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
|
- HARDCODED_CREDENTIALS secret_in_source_med
- INSECURE_COOKIE cookie_missing_secure_flag_low
- RAILS_DEFAULT_ROUTES cve_2014_0130_hi
- RAILS_DEFAULT_ROUTES cve_2014_0130_med
- RAILS_DEVISE_CONFIG devise_encryptor_hi
- RESOURCE_LEAK unsafe_symbol_creation_low
- RUBY_VULNERABLE_LIBRARY cve_2012_3424_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_3424_low
- RUBY_VULNERABLE_LIBRARY cve_2013_1854_med
- RUBY_VULNERABLE_LIBRARY cve_2013_6414_med
- RUBY_VULNERABLE_LIBRARY cve_2014_0082_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_3227_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7581_med
- RUBY_VULNERABLE_LIBRARY cve_2016_0751_med
- STRICT_TRANSPORT_SECURITY force_ssl_disabled_med
- UNSAFE_BASIC_AUTH basic_auth_password_hi
- UNSAFE_SESSION_SETTING secure_cookies_hi
- UNSAFE_SESSION_SETTING session_secret_hi
- WEAK_PASSWORD_HASH weak_hash_digest_hi
- WEAK_PASSWORD_HASH weak_hash_digest_med
- WEAK_PASSWORD_HASH weak_hash_hmac_med
|
|
- CONFIG.ATS_INSECURE none
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- INSECURE_COMMUNICATION none
- INSECURE_MULTIPEER_CONNECTION none
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
|
- AWS_SSL_DISABLED aws_ssl_disabled
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_fields
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_filesize
- CONFIG.CORDOVA_EXCESSIVE_LOGGING cordova
- CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
- CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
- CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
- CONFIG.SOCKETIO_MAXHTTPBUFFERSIZE_SET_TOO_LARGE socketio_max_buffer_size
- CONFIG.SOCKETIO_ORIGINS_ACCEPT_ALL socketio_all_origins
- EXPRESS_SESSION_UNSAFE_MEMORYSTORE express_session_unsafe_memorystore
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_fields
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_filesize
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_use_temp_files
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- INSECURE_COMMUNICATION insecure_connection
- INSECURE_COOKIE client_sessions_express_session
- INSECURE_COOKIE hapi_server_session
- INSECURE_RANDOM insecure_random_used
- INSECURE_RANDOM insecure_random_value
- INSECURE_SALT hardcoded
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_count
- MULTER_MISCONFIGURATION multer_misconfiguration_of_limits
- MULTER_MISCONFIGURATION multer_misconfiguration_of_storage
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO insecure_cipher
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SA.RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
|
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- INSECURE_RANDOM insecure_random_used
- INSECURE_RANDOM insecure_random_value
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
|
| 1153 SEI CERT Oracle Secure Coding Standard for Java - Guidelines 50. Android (DRD) |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1154 Weaknesses Addressed by the SEI CERT C Coding Standard |
- ASPNET_MVC_VERSION_HEADER none
- BAD_LOCK_OBJECT boxed_lock
- BAD_LOCK_OBJECT interned_string_lock
- BAD_LOCK_OBJECT none
- BAD_LOCK_OBJECT single_thread_lock
- BAD_LOCK_OBJECT unsafe_assign_to_locked_field
- CALL_SUPER none
- CONFIG.ASPNET_VERSION_HEADER none
- CONFIG.CONNECTION_STRING_PASSWORD none
- CONFIG.COOKIES_MISSING_HTTPONLY none
- CONFIG.DEAD_AUTHORIZATION_RULE dead_allow_rule
- CONFIG.DEAD_AUTHORIZATION_RULE dead_deny_rule
- CONFIG.DYNAMIC_DATA_HTML_COMMENT none
- CONFIG.ENABLED_DEBUG_MODE none
- CONFIG.ENABLED_TRACE_MODE none
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- DIVIDE_BY_ZERO float_divisor
- DIVIDE_BY_ZERO none
- FORWARD_NULL deref_constant_null
- FORWARD_NULL deref_constant_zero
- FORWARD_NULL dynamic_cast
- FORWARD_NULL none
- FORWARD_NULL null_from_as
- FORWARD_NULL throws_on_null
- GUARDED_BY_VIOLATION none
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HEADER_INJECTION none
- INSECURE_COOKIE dotnet
- INSECURE_RANDOM insecure_random_used
- INSECURE_RANDOM insecure_random_value
- LDAP_INJECTION none
- LDAP_NOT_CONSTANT none
- LOCK_EVASION none
- LOCK_INVERSION none
- LOG_INJECTION none
- MISSING_AUTHZ none
- MISSING_RESTORE likely
- MISSING_RESTORE none
- MISSING_RESTORE possible
- NON_STATIC_GUARDING_STATIC none
- NOSQL_QUERY_INJECTION none
- NULL_RETURNS none
- NULL_RETURNS unimpl
- OPEN_REDIRECT none
- OS_CMD_INJECTION command_argument
- OS_CMD_INJECTION executable_file
- OS_CMD_INJECTION none
- OVERFLOW_BEFORE_WIDEN none
- PATH_MANIPULATION none
- REGEX_INJECTION none
- RESOURCE_LEAK channel
- RESOURCE_LEAK database
- RESOURCE_LEAK exceptional_path
- RESOURCE_LEAK none
- RESOURCE_LEAK socket
- RESOURCE_LEAK stream
- REVERSE_INULL none
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
- SWAPPED_ARGUMENTS none
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- UNKNOWN_LANGUAGE_INJECTION none
- UNLOGGED_SECURITY_EXCEPTION unlogged_security_exception
- UNRESTRICTED_DISPATCH none
- UNSAFE_DESERIALIZATION none
- UNSAFE_NAMED_QUERY none
- VOLATILE_ATOMICITY compare
- VOLATILE_ATOMICITY none
- VOLATILE_ATOMICITY semantic
- VOLATILE_ATOMICITY threshold
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
- XML_EXTERNAL_ENTITY entity_expansion
- XML_EXTERNAL_ENTITY external_entities
- XML_EXTERNAL_ENTITY unrestricted_dtds
- XML_INJECTION none
- XPATH_INJECTION none
- XSS none
- XSS stored_xss
|
- ALLOC_FREE_MISMATCH none
- ARRAY_VS_SINGLETON none
- ATOMICITY none
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK nested_memory_access
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK sensitive_data_comparison
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_execution_data_leak
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_uninitialized_use
- AUTOSAR C++14 A15-3-3 none
- BAD_ALLOC_ARITHMETIC none
- BAD_ALLOC_STRLEN none
- BAD_COMPARE comparator_misuse
- BAD_COMPARE none
- BAD_COMPARE string_lit_comparison
- BAD_FREE address
- BAD_FREE alloca
- BAD_FREE array
- BAD_FREE first_field_address
- BAD_FREE function_pointer
- BAD_FREE none
- BAD_SIZEOF none
- BAD_SIZEOF sizeof_ptr_expr
- BUFFER_SIZE fixed_size_dest
- BUFFER_SIZE likely_overflow
- BUFFER_SIZE no_null_terminator
- BUFFER_SIZE no_null_terminator_warn
- BUFFER_SIZE none
- BUFFER_SIZE overflow
- BUFFER_SIZE overlapping_buffer
- CHAR_IO none
- CHECKED_RETURN library_function
- CHECKED_RETURN none
- CHECKED_RETURN returns_error_info
- CHECKED_RETURN short_read
- CHECKED_RETURN unchecked_arg
- CHECKED_RETURN user_required
- CHROOT none
- COM.ADDROF_LEAK none
- COM.BAD_FREE none
- COM.BSTR.ALLOC double_free
- COM.BSTR.ALLOC free_uninit
- COM.BSTR.ALLOC leak
- COM.BSTR.ALLOC none
- COM.BSTR.ALLOC use_after_free
- COM.BSTR.ALLOC use_uninit
- COM.BSTR.CONV none
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- CTOR_DTOR_LEAK none
- DC.PREDICTABLE_KEY_PASSWORD none
- DC.STREAM_BUFFER none
- DC.STRING_BUFFER none
- DC.WEAK_CRYPTO none
- DELETE_ARRAY non_array_delete
- DELETE_ARRAY none
- DELETE_ARRAY object
- DELETE_ARRAY scalar
- DELETE_VOID none
- DIVIDE_BY_ZERO float_divisor
- DIVIDE_BY_ZERO none
- EVALUATION_ORDER none
- FORMAT_STRING_INJECTION none
- FORMAT_STRING_INJECTION paranoid
- FORWARD_NULL deref_constant_null
- FORWARD_NULL dynamic_cast
- FORWARD_NULL none
- FORWARD_NULL throws_on_null
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HEADER_INJECTION none
- INCOMPATIBLE_CAST endianness
- INCOMPATIBLE_CAST float_vs_integral
- INCOMPATIBLE_CAST none
- INCOMPATIBLE_CAST overrun
- INTEGER_OVERFLOW array_index_read
- INTEGER_OVERFLOW array_index_write
- INTEGER_OVERFLOW const_overflow
- INTEGER_OVERFLOW critical_argument
- INTEGER_OVERFLOW none
- INTEGER_OVERFLOW pointer_deref_read
- INTEGER_OVERFLOW pointer_deref_write
- INTEGER_OVERFLOW return_value_error
- INVALIDATE_ITERATOR none
- LOCK double_lock
- LOCK missing_unlock
- LOCK none
- MISMATCHED_ITERATOR none
- MISMATCHED_ITERATOR splice_iterator_mismatch
- MISRA C++-2008 Rule 15-3-2 none
- MISRA_CAST bitwise_op_bad_cast
- MISRA_CAST bitwise_op_no_cast
- MISRA_CAST float_complex_conversion
- MISRA_CAST float_narrowing_conversion
- MISRA_CAST float_non_constant_arg_conversion
- MISRA_CAST float_non_constant_conversion
- MISRA_CAST float_non_constant_rtn_conversion
- MISRA_CAST float_to_integer_cast
- MISRA_CAST float_to_integer_conversion
- MISRA_CAST float_widening_cast
- MISRA_CAST integer_complex_conversion
- MISRA_CAST integer_narrowing_conversion
- MISRA_CAST integer_non_constant_arg_conversion
- MISRA_CAST integer_non_constant_conversion
- MISRA_CAST integer_non_constant_rtn_conversion
- MISRA_CAST integer_signedness_changing_cast
- MISRA_CAST integer_signedness_changing_conversion
- MISRA_CAST integer_to_float_cast
- MISRA_CAST integer_to_float_conversion
- MISRA_CAST integer_widening_cast
- MISRA_CAST none
- MISSING_ASSIGN none
- MISSING_ASSIGN uncalled
- MISSING_COPY none
- MISSING_COPY uncalled
- MISSING_LOCK none
- MISSING_RESTORE likely
- MISSING_RESTORE none
- MISSING_RESTORE possible
- NEGATIVE_RETURNS array_index_read
- NEGATIVE_RETURNS array_index_write
- NEGATIVE_RETURNS critical_argument
- NEGATIVE_RETURNS loop_bound
- NO_EFFECT bad_memset_fill_value
- NO_EFFECT bad_memset_truncated_fill
- NO_EFFECT bad_memset_zero_size
- NO_EFFECT extra_comma
- NO_EFFECT incomplete_delete
- NO_EFFECT no_effect_test
- NO_EFFECT self_assign
- NULL_RETURNS none
- NULL_RETURNS unimpl
- OPEN_ARGS none
- ORDER_REVERSAL none
- OS_CMD_INJECTION none
- OVERFLOW_BEFORE_WIDEN none
- OVERRUN illegal_address
- OVERRUN none
- OVERRUN read
- OVERRUN strlen
- OVERRUN write
- PATH_MANIPULATION none
- PRINTF_ARGS extra_printf_arg
- PRINTF_ARGS invalid_printf_format_string
- PRINTF_ARGS invalid_type_printf_arg
- PRINTF_ARGS missing_printf_arg
- PW.ASSIGN_WHERE_COMPARE_MEANT none
- PW.BAD_CAST none
- PW.BAD_PRINTF_FORMAT_STRING none
- PW.BRANCH_PAST_INITIALIZATION none
- PW.CONVERSION_TO_POINTER_LOSES_BITS none
- PW.DIVIDE_BY_ZERO none
- PW.INTEGER_OVERFLOW none
- PW.INTEGER_TOO_LARGE none
- PW.NON_CONST_PRINTF_FORMAT_STRING none
- PW.RETURN_PTR_TO_LOCAL_TEMP none
- PW.SHIFT_COUNT_TOO_LARGE none
- PW.TOO_FEW_PRINTF_ARGS none
- PW.TOO_MANY_PRINTF_ARGS none
- READLINK none
- RESOURCE_LEAK exceptional_path
- RESOURCE_LEAK fds_handles
- RESOURCE_LEAK none
- RETURN_LOCAL escape_local_addr_to_fields_or_globals
- RETURN_LOCAL none
- REVERSE_INULL none
- REVERSE_NEGATIVE array_index_read
- REVERSE_NEGATIVE array_index_write
- REVERSE_NEGATIVE critical_argument
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SECURE_CODING none
- SECURE_TEMP none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SIGN_EXTENSION none
- SIZECHECK ampersand_in_size
- SIZECHECK improper_new
- SIZECHECK incorrect_multiplication
- SIZECHECK likely_overflow
- SIZECHECK no_null_terminator
- SIZECHECK none
- SIZEOF_MISMATCH sizeof_punning
- SLEEP none
- SQLI none
- STACK_USE none
- STRING_NULL none
- STRING_OVERFLOW fixed_size_dest
- STRING_OVERFLOW likely_overflow
- STRING_OVERFLOW none
- STRING_SIZE none
- SWAPPED_ARGUMENTS none
- TAINTED_SCALAR allocation
- TAINTED_SCALAR array_index_read
- TAINTED_SCALAR array_index_write
- TAINTED_SCALAR critical_argument
- TAINTED_SCALAR divisor
- TAINTED_SCALAR loop_bound
- TAINTED_SCALAR none
- TAINTED_SCALAR pointer_deref_read
- TAINTED_SCALAR pointer_deref_write
- TAINTED_STRING none
- UNCAUGHT_EXCEPT none
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- UNINIT array_index_read
- UNINIT array_index_write
- UNINIT none
- UNINIT pointer_deref_read
- UNINIT pointer_deref_write
- UNINIT_CTOR none
- UNINIT_CTOR pointer
- URL_MANIPULATION none
- USER_POINTER none
- USE_AFTER_FREE deref_read_after_free
- USE_AFTER_FREE deref_write_after_free
- USE_AFTER_FREE double_close
- USE_AFTER_FREE double_free
- USE_AFTER_FREE none
- USE_AFTER_FREE use_after_close
- VARARGS none
- VIRTUAL_DTOR empty_dtor
- VIRTUAL_DTOR none
- WEAK_GUARD dns
- WEAK_GUARD dns_sensitive_op
- WEAK_GUARD http_referer
- WEAK_GUARD http_referer_sensitive_op
- WEAK_GUARD ip_address
- WEAK_GUARD ip_address_sensitive_op
- WEAK_GUARD none
- WEAK_GUARD os_login
- WEAK_GUARD os_login_sensitive_op
- WEAK_GUARD principal_name
- WEAK_GUARD principal_name_sensitive_op
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
- WRAPPER_ESCAPE COM_deref_read_after_free
- WRAPPER_ESCAPE COM_deref_write_after_free
- WRAPPER_ESCAPE COM_use_after_free
- WRAPPER_ESCAPE deref_read_after_free
- WRAPPER_ESCAPE deref_write_after_free
- WRAPPER_ESCAPE none
- XPATH_INJECTION none
- Y2K38_SAFETY declaration_with_small_time_t
- Y2K38_SAFETY truncation_of_time_t
|
- ALLOC_FREE_MISMATCH none
- ARRAY_VS_SINGLETON none
- ATOMICITY none
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK nested_memory_access
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK sensitive_data_comparison
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_execution_data_leak
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_uninitialized_use
- AUTOSAR C++14 A15-3-3 none
- BAD_ALLOC_ARITHMETIC none
- BAD_ALLOC_STRLEN none
- BAD_COMPARE comparator_misuse
- BAD_COMPARE none
- BAD_COMPARE string_lit_comparison
- BAD_FREE address
- BAD_FREE alloca
- BAD_FREE array
- BAD_FREE first_field_address
- BAD_FREE function_pointer
- BAD_FREE none
- BAD_SIZEOF none
- BAD_SIZEOF sizeof_ptr_expr
- BUFFER_SIZE fixed_size_dest
- BUFFER_SIZE likely_overflow
- BUFFER_SIZE no_null_terminator
- BUFFER_SIZE no_null_terminator_warn
- BUFFER_SIZE none
- BUFFER_SIZE overflow
- BUFFER_SIZE overlapping_buffer
- CHAR_IO none
- CHECKED_RETURN library_function
- CHECKED_RETURN none
- CHECKED_RETURN returns_error_info
- CHECKED_RETURN short_read
- CHECKED_RETURN unchecked_arg
- CHECKED_RETURN user_required
- CHROOT none
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- CTOR_DTOR_LEAK none
- DC.PREDICTABLE_KEY_PASSWORD none
- DC.STREAM_BUFFER none
- DC.STRING_BUFFER none
- DC.WEAK_CRYPTO none
- DELETE_ARRAY non_array_delete
- DELETE_ARRAY none
- DELETE_ARRAY object
- DELETE_ARRAY scalar
- DELETE_VOID none
- DIVIDE_BY_ZERO float_divisor
- DIVIDE_BY_ZERO none
- EVALUATION_ORDER none
- FORMAT_STRING_INJECTION none
- FORMAT_STRING_INJECTION paranoid
- FORWARD_NULL deref_constant_null
- FORWARD_NULL dynamic_cast
- FORWARD_NULL none
- FORWARD_NULL throws_on_null
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HEADER_INJECTION none
- INCOMPATIBLE_CAST endianness
- INCOMPATIBLE_CAST float_vs_integral
- INCOMPATIBLE_CAST none
- INCOMPATIBLE_CAST overrun
- INTEGER_OVERFLOW array_index_read
- INTEGER_OVERFLOW array_index_write
- INTEGER_OVERFLOW const_overflow
- INTEGER_OVERFLOW critical_argument
- INTEGER_OVERFLOW none
- INTEGER_OVERFLOW pointer_deref_read
- INTEGER_OVERFLOW pointer_deref_write
- INTEGER_OVERFLOW return_value_error
- INVALIDATE_ITERATOR none
- LOCK double_lock
- LOCK missing_unlock
- LOCK none
- MISMATCHED_ITERATOR none
- MISMATCHED_ITERATOR splice_iterator_mismatch
- MISRA C++-2008 Rule 15-3-2 none
- MISRA_CAST bitwise_op_bad_cast
- MISRA_CAST bitwise_op_no_cast
- MISRA_CAST float_complex_conversion
- MISRA_CAST float_narrowing_conversion
- MISRA_CAST float_non_constant_arg_conversion
- MISRA_CAST float_non_constant_conversion
- MISRA_CAST float_non_constant_rtn_conversion
- MISRA_CAST float_to_integer_cast
- MISRA_CAST float_to_integer_conversion
- MISRA_CAST float_widening_cast
- MISRA_CAST integer_complex_conversion
- MISRA_CAST integer_narrowing_conversion
- MISRA_CAST integer_non_constant_arg_conversion
- MISRA_CAST integer_non_constant_conversion
- MISRA_CAST integer_non_constant_rtn_conversion
- MISRA_CAST integer_signedness_changing_cast
- MISRA_CAST integer_signedness_changing_conversion
- MISRA_CAST integer_to_float_cast
- MISRA_CAST integer_to_float_conversion
- MISRA_CAST integer_widening_cast
- MISRA_CAST none
- MISSING_ASSIGN none
- MISSING_ASSIGN uncalled
- MISSING_COPY none
- MISSING_COPY uncalled
- MISSING_LOCK none
- MISSING_RESTORE likely
- MISSING_RESTORE none
- MISSING_RESTORE possible
- NEGATIVE_RETURNS array_index_read
- NEGATIVE_RETURNS array_index_write
- NEGATIVE_RETURNS critical_argument
- NEGATIVE_RETURNS loop_bound
- NO_EFFECT bad_memset_fill_value
- NO_EFFECT bad_memset_truncated_fill
- NO_EFFECT bad_memset_zero_size
- NO_EFFECT extra_comma
- NO_EFFECT incomplete_delete
- NO_EFFECT no_effect_test
- NO_EFFECT self_assign
- NULL_RETURNS none
- NULL_RETURNS unimpl
- OPEN_ARGS none
- ORDER_REVERSAL none
- OS_CMD_INJECTION none
- OVERFLOW_BEFORE_WIDEN none
- OVERRUN illegal_address
- OVERRUN none
- OVERRUN read
- OVERRUN strlen
- OVERRUN write
- PATH_MANIPULATION none
- PRINTF_ARGS extra_printf_arg
- PRINTF_ARGS invalid_printf_format_string
- PRINTF_ARGS invalid_type_printf_arg
- PRINTF_ARGS missing_printf_arg
- PW.ASSIGN_WHERE_COMPARE_MEANT none
- PW.BAD_CAST none
- PW.BAD_PRINTF_FORMAT_STRING none
- PW.BRANCH_PAST_INITIALIZATION none
- PW.CONVERSION_TO_POINTER_LOSES_BITS none
- PW.DIVIDE_BY_ZERO none
- PW.INTEGER_OVERFLOW none
- PW.INTEGER_TOO_LARGE none
- PW.NON_CONST_PRINTF_FORMAT_STRING none
- PW.RETURN_PTR_TO_LOCAL_TEMP none
- PW.SHIFT_COUNT_TOO_LARGE none
- PW.TOO_FEW_PRINTF_ARGS none
- PW.TOO_MANY_PRINTF_ARGS none
- READLINK none
- RESOURCE_LEAK exceptional_path
- RESOURCE_LEAK fds_handles
- RESOURCE_LEAK none
- RETURN_LOCAL escape_local_addr_to_fields_or_globals
- RETURN_LOCAL none
- REVERSE_INULL none
- REVERSE_NEGATIVE array_index_read
- REVERSE_NEGATIVE array_index_write
- REVERSE_NEGATIVE critical_argument
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SECURE_CODING none
- SECURE_TEMP none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SIGN_EXTENSION none
- SIZECHECK ampersand_in_size
- SIZECHECK improper_new
- SIZECHECK incorrect_multiplication
- SIZECHECK likely_overflow
- SIZECHECK no_null_terminator
- SIZECHECK none
- SIZEOF_MISMATCH sizeof_punning
- SLEEP none
- SQLI none
- STACK_USE none
- STRING_NULL none
- STRING_OVERFLOW fixed_size_dest
- STRING_OVERFLOW likely_overflow
- STRING_OVERFLOW none
- STRING_SIZE none
- SWAPPED_ARGUMENTS none
- TAINTED_SCALAR allocation
- TAINTED_SCALAR array_index_read
- TAINTED_SCALAR array_index_write
- TAINTED_SCALAR critical_argument
- TAINTED_SCALAR divisor
- TAINTED_SCALAR loop_bound
- TAINTED_SCALAR none
- TAINTED_SCALAR pointer_deref_read
- TAINTED_SCALAR pointer_deref_write
- TAINTED_STRING none
- UNCAUGHT_EXCEPT none
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- UNINIT array_index_read
- UNINIT array_index_write
- UNINIT none
- UNINIT pointer_deref_read
- UNINIT pointer_deref_write
- UNINIT_CTOR none
- UNINIT_CTOR pointer
- URL_MANIPULATION none
- USER_POINTER none
- USE_AFTER_FREE deref_read_after_free
- USE_AFTER_FREE deref_write_after_free
- USE_AFTER_FREE double_close
- USE_AFTER_FREE double_free
- USE_AFTER_FREE none
- USE_AFTER_FREE use_after_close
- VARARGS none
- VIRTUAL_DTOR empty_dtor
- VIRTUAL_DTOR none
- WEAK_GUARD dns
- WEAK_GUARD dns_sensitive_op
- WEAK_GUARD http_referer
- WEAK_GUARD http_referer_sensitive_op
- WEAK_GUARD ip_address
- WEAK_GUARD ip_address_sensitive_op
- WEAK_GUARD none
- WEAK_GUARD os_login
- WEAK_GUARD os_login_sensitive_op
- WEAK_GUARD principal_name
- WEAK_GUARD principal_name_sensitive_op
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
- WRAPPER_ESCAPE COM_deref_read_after_free
- WRAPPER_ESCAPE COM_deref_write_after_free
- WRAPPER_ESCAPE COM_use_after_free
- WRAPPER_ESCAPE deref_read_after_free
- WRAPPER_ESCAPE deref_write_after_free
- WRAPPER_ESCAPE none
- XPATH_INJECTION none
|
- ATOMICITY none
- CHECKED_RETURN none
- CHECKED_RETURN unchecked_arg
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- DISTRUSTED_DATA_DESERIALIZATION none
- DIVIDE_BY_ZERO float_divisor
- DIVIDE_BY_ZERO none
- FORWARD_NULL deref_constant_null
- FORWARD_NULL none
- GUARDED_BY_VIOLATION none
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HEADER_INJECTION none
- INSUFFICIENT_LOGGING logging_obligation
- LOCK double_lock
- LOCK missing_unlock
- LOCK none
- LOCK_INVERSION none
- NOSQL_QUERY_INJECTION none
- NULL_RETURNS none
- NULL_RETURNS unimpl
- OPEN_REDIRECT none
- OS_CMD_INJECTION command_as_one_string
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- REVERSE_INULL none
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SLEEP none
- SQLI none
- SQLI nosink
- SQLI sink
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
- TEMPLATE_INJECTION none
- URL_MANIPULATION none
- XML_EXTERNAL_ENTITY entity_expansion
- XML_EXTERNAL_ENTITY external_entities
- XSS none
|
- ANDROID_CAPABILITY_LEAK none
- ANDROID_DEBUG_MODE none
- ANDROID_WEBVIEW_FILEACCESS android_webview_file_access
- ATOMICITY none
- ATTRIBUTE_NAME_CONFLICT jsp_tag
- BAD_CERT_VERIFICATION bad_hostname_verifier
- BAD_CERT_VERIFICATION bad_revocation_check
- BAD_CERT_VERIFICATION bad_ssl_session
- BAD_CERT_VERIFICATION bad_trust_manager
- BAD_LOCK_OBJECT boxed_lock
- BAD_LOCK_OBJECT interned_string_lock
- BAD_LOCK_OBJECT none
- BAD_LOCK_OBJECT single_thread_lock
- BAD_LOCK_OBJECT unsafe_assign_to_locked_field
- CALL_SUPER clone
- CALL_SUPER finalize
- CALL_SUPER none
- CHECKED_RETURN library_function
- CHECKED_RETURN none
- CHECKED_RETURN short_read
- CHECKED_RETURN user_required
- CONFIG.ANDROID_BACKUPS_ALLOWED android
- CONFIG.DWR_DEBUG_MODE none
- CONFIG.DYNAMIC_DATA_HTML_COMMENT none
- CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
- CONFIG.HTTP_VERB_TAMPERING none
- CONFIG.JAVAEE_MISSING_HTTPONLY none
- CONFIG.JAVAEE_MISSING_SERVLET_MAPPING javaee
- CONFIG.MISSING_JSF2_SECURITY_CONSTRAINT none
- CONFIG.MYBATIS_MAPPER_SQLI none
- CONFIG.SPRING_BOOT_SENSITIVE_LOGGING spring_boot_logging
- CONFIG.SPRING_BOOT_SSL_DISABLED spring_boot_certificate_validation_skipped
- CONFIG.SPRING_BOOT_SSL_DISABLED spring_boot_ssl_disabled
- CONFIG.SPRING_SECURITY_DEBUG_MODE spring_debug_mode_enabled
- CONFIG.SPRING_SECURITY_DEPRECATED_XSS_HEADER deprecated_xss_header
- CONFIG.SPRING_SECURITY_DISABLE_AUTH_TAGS none
- CONFIG.SPRING_SECURITY_EXPOSED_SESSIONID session_id_in_url
- CONFIG.SPRING_SECURITY_HARDCODED_CREDENTIALS none
- CONFIG.SPRING_SECURITY_LOGIN_OVER_HTTP spring_security_login_over_http
- CONFIG.SPRING_SECURITY_REMEMBER_ME_HARDCODED_KEY none
- CONFIG.SPRING_SECURITY_SESSION_FIXATION none
- CONFIG.SPRING_SECURITY_SESSION_FIXATION spring_security_source_code
- CONFIG.SPRING_SECURITY_UNSAFE_AUTHENTICATION_FILTER authentication_filter
- CONFIG.SPRING_SECURITY_WEAK_PASSWORD_HASH weak_encoding_for_password
- CONFIG.STRUTS2_CONFIG_BROWSER_PLUGIN none
- CONFIG.STRUTS2_DYNAMIC_METHOD_INVOCATION none
- CONFIG.STRUTS2_ENABLED_DEV_MODE none
- CONFIG.UNSAFE_SESSION_TIMEOUT none
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- CORS_MISCONFIGURATION cors_with_credentials_http_origin
- CORS_MISCONFIGURATION cors_with_credentials_null_origin
- CORS_MISCONFIGURATION_AUDIT cors_expose_sensitive_header
- CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
- CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
- DC.DANGEROUS none
- DC.DEADLOCK none
- DISABLED_ENCRYPTION text_encryptor
- DIVIDE_BY_ZERO float_divisor
- DIVIDE_BY_ZERO none
- EL_INJECTION none
- EXPOSED_PREFERENCES none
- FB.AM_CREATES_EMPTY_JAR_FILE_ENTRY none
- FB.AM_CREATES_EMPTY_ZIP_FILE_ENTRY none
- FB.BC_NULL_INSTANCEOF none
- FB.BX_BOXING_IMMEDIATELY_UNBOXED_TO_PERFORM_COERCION none
- FB.CN_IDIOM none
- FB.CN_IDIOM_NO_SUPER_CALL none
- FB.CN_IMPLEMENTS_CLONE_BUT_NOT_CLONEABLE none
- FB.DC_DOUBLECHECK none
- FB.DC_PARTIALLY_CONSTRUCTED none
- FB.DE_MIGHT_DROP none
- FB.DE_MIGHT_IGNORE none
- FB.DMI_ANNOTATION_IS_NOT_VISIBLE_TO_REFLECTION none
- FB.DMI_ARGUMENTS_WRONG_ORDER none
- FB.DMI_BAD_MONTH none
- FB.DMI_BIGDECIMAL_CONSTRUCTED_FROM_DOUBLE none
- FB.DMI_BLOCKING_METHODS_ON_URL none
- FB.DMI_CALLING_NEXT_FROM_HASNEXT none
- FB.DMI_COLLECTIONS_SHOULD_NOT_CONTAIN_THEMSELVES none
- FB.DMI_COLLECTION_OF_URLS none
- FB.DMI_CONSTANT_DB_PASSWORD none
- FB.DMI_DOH none
- FB.DMI_EMPTY_DB_PASSWORD none
- FB.DMI_ENTRY_SETS_MAY_REUSE_ENTRY_OBJECTS none
- FB.DMI_FUTILE_ATTEMPT_TO_CHANGE_MAXPOOL_SIZE_OF_SCHEDULED_THREAD none
- FB.DMI_HARDCODED_ABSOLUTE_FILENAME none
- FB.DMI_INVOKING_HASHCODE_ON_ARRAY none
- FB.DMI_INVOKING_TOSTRING_ON_ANONYMOUS_ARRAY none
- FB.DMI_INVOKING_TOSTRING_ON_ARRAY none
- FB.DMI_LONG_BITS_TO_DOUBLE_INVOKED_ON_INT none
- FB.DMI_NONSERIALIZABLE_OBJECT_WRITTEN none
- FB.DMI_RANDOM_USED_ONLY_ONCE none
- FB.DMI_SCHEDULED_THREAD_POOL_EXECUTOR_WITH_ZERO_CORE_THREADS none
- FB.DMI_THREAD_PASSED_WHERE_RUNNABLE_EXPECTED none
- FB.DMI_UNSUPPORTED_METHOD none
- FB.DMI_USELESS_SUBSTRING none
- FB.DMI_USING_REMOVEALL_TO_CLEAR_COLLECTION none
- FB.DMI_VACUOUS_CALL_TO_EASYMOCK_METHOD none
- FB.DMI_VACUOUS_SELF_COLLECTION_CALL none
- FB.DM_EXIT none
- FB.EI_EXPOSE_REP none
- FB.EI_EXPOSE_REP2 none
- FB.ES_COMPARING_PARAMETER_STRING_WITH_EQ none
- FB.ES_COMPARING_STRINGS_WITH_EQ none
- FB.FI_EMPTY none
- FB.FI_EXPLICIT_INVOCATION none
- FB.FI_FINALIZER_NULLS_FIELDS none
- FB.FI_FINALIZER_ONLY_NULLS_FIELDS none
- FB.FI_MISSING_SUPER_CALL none
- FB.FI_NULLIFY_SUPER none
- FB.FI_PUBLIC_SHOULD_BE_PROTECTED none
- FB.FI_USELESS none
- FB.HRS_REQUEST_PARAMETER_TO_COOKIE none
- FB.HRS_REQUEST_PARAMETER_TO_HTTP_HEADER none
- FB.ICAST_BAD_SHIFT_AMOUNT none
- FB.ICAST_IDIV_CAST_TO_DOUBLE none
- FB.ICAST_INTEGER_MULTIPLY_CAST_TO_LONG none
- FB.ICAST_INT_2_LONG_AS_INSTANT none
- FB.ICAST_INT_CAST_TO_DOUBLE_PASSED_TO_CEIL none
- FB.ICAST_INT_CAST_TO_FLOAT_PASSED_TO_ROUND none
- FB.ICAST_QUESTIONABLE_UNSIGNED_RIGHT_SHIFT none
- FB.IS2_INCONSISTENT_SYNC none
- FB.IS_FIELD_NOT_GUARDED none
- FB.IS_INCONSISTENT_SYNC none
- FB.J2EE_STORE_OF_NON_SERIALIZABLE_OBJECT_INTO_SESSION none
- FB.LI_LAZY_INIT_STATIC none
- FB.LI_LAZY_INIT_UPDATE_STATIC none
- FB.MS_CANNOT_BE_FINAL none
- FB.NP_ALWAYS_NULL none
- FB.NP_ALWAYS_NULL_EXCEPTION none
- FB.NP_ARGUMENT_MIGHT_BE_NULL none
- FB.NP_BOOLEAN_RETURN_NULL none
- FB.NP_CLONE_COULD_RETURN_NULL none
- FB.NP_CLOSING_NULL none
- FB.NP_DEREFERENCE_OF_READLINE_VALUE none
- FB.NP_DOES_NOT_HANDLE_NULL none
- FB.NP_EQUALS_SHOULD_HANDLE_NULL_ARGUMENT none
- FB.NP_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR none
- FB.NP_GUARANTEED_DEREF none
- FB.NP_GUARANTEED_DEREF_ON_EXCEPTION_PATH none
- FB.NP_IMMEDIATE_DEREFERENCE_OF_READLINE none
- FB.NP_LOAD_OF_KNOWN_NULL_VALUE none
- FB.NP_METHOD_PARAMETER_RELAXING_ANNOTATION none
- FB.NP_METHOD_PARAMETER_TIGHTENS_ANNOTATION none
- FB.NP_METHOD_RETURN_RELAXING_ANNOTATION none
- FB.NP_NONNULL_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR none
- FB.NP_NONNULL_PARAM_VIOLATION none
- FB.NP_NONNULL_RETURN_VIOLATION none
- FB.NP_NULL_INSTANCEOF none
- FB.NP_NULL_ON_SOME_PATH none
- FB.NP_NULL_ON_SOME_PATH_EXCEPTION none
- FB.NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE none
- FB.NP_NULL_ON_SOME_PATH_MIGHT_BE_INFEASIBLE none
- FB.NP_NULL_PARAM_DEREF none
- FB.NP_NULL_PARAM_DEREF_ALL_TARGETS_DANGEROUS none
- FB.NP_NULL_PARAM_DEREF_NONVIRTUAL none
- FB.NP_OPTIONAL_RETURN_NULL none
- FB.NP_PARAMETER_MUST_BE_NONNULL_BUT_MARKED_AS_NULLABLE none
- FB.NP_STORE_INTO_NONNULL_FIELD none
- FB.NP_TOSTRING_COULD_RETURN_NULL none
- FB.NP_UNWRITTEN_FIELD none
- FB.NP_UNWRITTEN_PUBLIC_OR_PROTECTED_FIELD none
- FB.PT_ABSOLUTE_PATH_TRAVERSAL none
- FB.PT_RELATIVE_PATH_TRAVERSAL none
- FB.QBA_QUESTIONABLE_BOOLEAN_ASSIGNMENT none
- FB.RCN_REDUNDANT_COMPARISON_OF_NULL_AND_NONNULL_VALUE none
- FB.RCN_REDUNDANT_COMPARISON_TWO_NULL_VALUES none
- FB.RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE none
- FB.RCN_REDUNDANT_NULLCHECK_OF_NULL_VALUE none
- FB.RCN_REDUNDANT_NULLCHECK_WOULD_HAVE_BEEN_A_NPE none
- FB.REC_CATCH_EXCEPTION none
- FB.RU_INVOKE_RUN none
- FB.RV_01_TO_INT none
- FB.RV_ABSOLUTE_VALUE_OF_HASHCODE none
- FB.RV_ABSOLUTE_VALUE_OF_RANDOM_INT none
- FB.RV_CHECK_COMPARETO_FOR_SPECIFIC_RETURN_VALUE none
- FB.RV_CHECK_FOR_POSITIVE_INDEXOF none
- FB.RV_DONT_JUST_NULL_CHECK_READLINE none
- FB.RV_EXCEPTION_NOT_THROWN none
- FB.RV_NEGATING_RESULT_OF_COMPARETO none
- FB.RV_REM_OF_HASHCODE none
- FB.RV_REM_OF_RANDOM_INT none
- FB.RV_RETURN_VALUE_IGNORED none
- FB.RV_RETURN_VALUE_IGNORED2 none
- FB.RV_RETURN_VALUE_IGNORED_BAD_PRACTICE none
- FB.RV_RETURN_VALUE_IGNORED_INFERRED none
- FB.RV_RETURN_VALUE_IGNORED_NO_SIDE_EFFECT none
- FB.RV_RETURN_VALUE_OF_PUTIFABSENT_IGNORED none
- FB.SQL_NONCONSTANT_STRING_PASSED_TO_EXECUTE none
- FB.SQL_PREPARED_STATEMENT_GENERATED_FROM_NONCONSTANT_STRING none
- FB.STCAL_INVOKE_ON_STATIC_CALENDAR_INSTANCE none
- FB.STCAL_INVOKE_ON_STATIC_DATE_FORMAT_INSTANCE none
- FB.STCAL_STATIC_CALENDAR_INSTANCE none
- FB.STCAL_STATIC_SIMPLE_DATE_FORMAT_INSTANCE none
- FB.XSS_REQUEST_PARAMETER_TO_JSP_WRITER none
- FB.XSS_REQUEST_PARAMETER_TO_SEND_ERROR none
- FB.XSS_REQUEST_PARAMETER_TO_SERVLET_WRITER none
- FORWARD_NULL deref_constant_null
- FORWARD_NULL deref_constant_zero
- FORWARD_NULL needs_null_check
- FORWARD_NULL none
- GUARDED_BY_VIOLATION none
- GUARDED_BY_VIOLATION unlocked_read
- GUARDED_BY_VIOLATION unlocked_write
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HEADER_INJECTION none
- IMPLICIT_INTENT none
- INSECURE_COMMUNICATION insecure_communication
- INSECURE_COMMUNICATION none
- INSECURE_COMMUNICATION unencrypted_connection
- INSECURE_HTTP_FIREWALL spring_security
- INSECURE_RANDOM insecure_random_used
- INSECURE_RANDOM insecure_random_value
- INSECURE_REMEMBER_ME_COOKIE remember_me_cookie
- INVALIDATE_ITERATOR map_put
- INVALIDATE_ITERATOR none
- JAVA_CODE_INJECTION none
- JCR_INJECTION none
- JSP_DYNAMIC_INCLUDE none
- JSP_SQL_INJECTION none
- LDAP_INJECTION none
- LDAP_NOT_CONSTANT none
- LOCK_EVASION none
- LOCK_INVERSION none
- LOG_INJECTION none
- MISSING_AUTHZ none
- MISSING_HEADER_VALIDATION missing_header_validation
- MISSING_PERMISSION_FOR_BROADCAST none
- MISSING_PERMISSION_ON_EXPORTED_COMPONENT none
- MISSING_RESTORE likely
- MISSING_RESTORE none
- MISSING_RESTORE possible
- MOBILE_ID_MISUSE none
- NON_STATIC_GUARDING_STATIC none
- NOSQL_QUERY_INJECTION none
- NULL_RETURNS none
- NULL_RETURNS unimpl
- OGNL_INJECTION none
- OPEN_REDIRECT none
- ORM_LOAD_NULL_CHECK none
- OS_CMD_INJECTION command_as_array_of_args
- OS_CMD_INJECTION command_as_one_string
- OS_CMD_INJECTION none
- OVERFLOW_BEFORE_WIDEN none
- PATH_MANIPULATION none
- PREDICTABLE_RANDOM_SEED random_seed
- PREDICTABLE_RANDOM_SEED secure_random_seed_const
- PREDICTABLE_RANDOM_SEED secure_random_seed_sys_time
- REGEX_INJECTION none
- RESOURCE_LEAK exceptional_path
- RESOURCE_LEAK none
- RESOURCE_LEAK socket
- RESOURCE_LEAK stream
- REVERSE_INULL none
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_clipboard
- SENSITIVE_DATA_LEAK cleartext_storage_in_content_provider
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_intent
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SERVLET_ATOMICITY attribute_init_race
- SERVLET_ATOMICITY none
- SERVLET_ATOMICITY violation_on_session_object
- SESSION_FIXATION none
- SINGLETON_RACE none
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
- SWAPPED_ARGUMENTS none
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
- TRUST_BOUNDARY_VIOLATION none
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- UNKNOWN_LANGUAGE_INJECTION none
- UNLIMITED_CONCURRENT_SESSIONS unlimited_concurrent_sessions
- UNLOGGED_SECURITY_EXCEPTION unlogged_security_exception
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_access
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_read
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_write
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_access
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_read
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_write
- UNRESTRICTED_DISPATCH none
- UNSAFE_DESERIALIZATION none
- UNSAFE_JNI none
- UNSAFE_NAMED_QUERY none
- UNSAFE_REFLECTION none
- URL_MANIPULATION bad_content_uri
- URL_MANIPULATION bad_intent_uri
- URL_MANIPULATION bad_web_uri
- USE_AFTER_FREE none
- VERBOSE_ERROR_REPORTING exception_information
- VERBOSE_ERROR_REPORTING stack_trace
- VOLATILE_ATOMICITY compare
- VOLATILE_ATOMICITY none
- VOLATILE_ATOMICITY semantic
- VOLATILE_ATOMICITY threshold
- WEAK_GUARD dns
- WEAK_GUARD dns_sensitive_op
- WEAK_GUARD http_referer
- WEAK_GUARD http_referer_sensitive_op
- WEAK_GUARD ip_address
- WEAK_GUARD ip_address_sensitive_op
- WEAK_GUARD none
- WEAK_GUARD os_login
- WEAK_GUARD os_login_sensitive_op
- WEAK_GUARD principal_name
- WEAK_GUARD principal_name_sensitive_op
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
- XML_EXTERNAL_ENTITY entity_expansion
- XML_EXTERNAL_ENTITY external_entities
- XML_EXTERNAL_ENTITY unrestricted_dtds
- XML_INJECTION none
- XPATH_INJECTION none
- XSS none
- XSS stored_xss
|
- ANGULAR_BYPASS_SECURITY none
- ANGULAR_ELEMENT_REFERENCE none
- ANGULAR_EXPRESSION_INJECTION none
- ANGULAR_SCE_DISABLED angular_sce_disabled
- AWS_SSL_DISABLED aws_ssl_disabled
- AWS_VALIDATION_DISABLED aws_credentials_validation
- AWS_VALIDATION_DISABLED aws_parameters_validation
- BAD_CERT_VERIFICATION bad_cert_verification
- BAD_CERT_VERIFICATION certificate_validation_disabled
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_fields
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_filesize
- CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
- CONFIG.CORDOVA_EXCESSIVE_LOGGING cordova
- CONFIG.ENABLED_DEBUG_MODE debug_mode_enabled
- CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
- CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
- CONFIG.JSONWEBTOKEN_NON_EXPIRING_TOKEN jwt_non_expiring_token
- CONFIG.MYSQL_SSL_VERIFY_DISABLED mysql_ssl_verify_disabled
- CONFIG.REQUEST_STRICTSSL_DISABLED request_strictssl_disabled
- CONFIG.SEQUELIZE_ENABLED_LOGGING sequelize_logging_enabled
- CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
- CONFIG.SOCKETIO_MAXHTTPBUFFERSIZE_SET_TOO_LARGE socketio_max_buffer_size
- CONFIG.SOCKETIO_ORIGINS_ACCEPT_ALL socketio_all_origins
- CONFIG.UNSAFE_SESSION_TIMEOUT client_sessions_unsafe_session_timeout
- CONFIG.UNSAFE_SESSION_TIMEOUT connect_mongo_session_timeout_too_long
- CONFIG.UNSAFE_SESSION_TIMEOUT connect_redis_session_timeout_too_long
- CONFIG.UNSAFE_SESSION_TIMEOUT google_cloud_connect_datastore_unsafe_session_timeout
- CONFIG.VUE_ROUTER_PARAMS_EXPOSED_TO_PROPS vuerouter_exposed_params
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- COOKIE_INJECTION none
- CORS_MISCONFIGURATION cors_configured_globally
- CORS_MISCONFIGURATION cors_origin_string
- CORS_MISCONFIGURATION cors_with_credentials_all_origin
- CORS_MISCONFIGURATION cors_with_credentials_http_origin
- CORS_MISCONFIGURATION cors_with_credentials_null_origin
- CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
- CORS_MISCONFIGURATION_AUDIT cors_expose_sensitive_header
- CORS_MISCONFIGURATION_AUDIT cors_headers_allowed
- CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
- CORS_MISCONFIGURATION_AUDIT cors_origin_string
- CORS_MISCONFIGURATION_AUDIT cors_preflight_age_too_long
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_all_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_http_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_null_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
- CSS_INJECTION none
- DNS_PREFETCHING helmet_dns_prefetching
- DOM_XSS none
- EXPLICIT_THIS_EXPECTED none
- EXPRESS_SESSION_UNSAFE_MEMORYSTORE express_session_unsafe_memorystore
- EXPRESS_WINSTON_SENSITIVE_LOGGING error_logger
- EXPRESS_WINSTON_SENSITIVE_LOGGING meta_data
- EXPRESS_WINSTON_SENSITIVE_LOGGING request_logger
- EXPRESS_X_POWERED_BY_ENABLED x_powered_by_http_header
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_fields
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_filesize
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_use_temp_files
- FORWARD_NULL bad_null_value_use
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HEADER_INJECTION none
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_max_age
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_report_uri
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_set_if
- IDENTIFIER_TYPO none
- INSECURE_ACL insecure_acl
- INSECURE_COMMUNICATION insecure_connection
- INSECURE_COOKIE client_sessions_express_session
- INSECURE_COOKIE hapi_server_session
- INSECURE_RANDOM insecure_random_used
- INSECURE_RANDOM insecure_random_value
- INSECURE_REFERRER_POLICY insecure_referrer_policy
- INSECURE_SALT hardcoded
- INSUFFICIENT_LOGGING logging_obligation
- INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_aws
- INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_google
- JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_exipration
- JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_not_before
- LOCALSTORAGE_MANIPULATION none
- LOCALSTORAGE_WRITE none
- MISSING_AUTHZ none
- MISSING_IFRAME_SANDBOX none
- MULTER_MISCONFIGURATION multer_applied_globally
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_count
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
- MULTER_MISCONFIGURATION multer_misconfiguration_of_limits
- MULTER_MISCONFIGURATION multer_misconfiguration_of_storage
- NOSQL_QUERY_INJECTION none
- NO_EFFECT self_assign
- NULL_RETURNS none
- OPEN_REDIRECT none
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- REACT_DANGEROUS_INNERHTML react_set_unsafe_html
- REGEX_INJECTION none
- REVERSE_INULL none
- REVERSE_TABNABBING react_target_blank
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO insecure_cipher
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SA.RISKY_CRYPTO ssl_protocol
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SESSIONSTORAGE_MANIPULATION none
- SQLI none
- SQLI nosink
- SQLI sink
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
- TEMPLATE_INJECTION none
- TEMPORARY_CREDENTIALS_DURATION temporary_credentials_duration
- UNCHECKED_ORIGIN none
- UNLESS_CASE_SENSITIVE_ROUTE_MATCHING express_unless_case_sensitive_route_matching
- UNRESTRICTED_MESSAGE_TARGET none
- UNSAFE_BUFFER_METHOD unsafe_buffer_method
- UNSAFE_DESERIALIZATION none
- URL_MANIPULATION none
- VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
- WEAK_URL_SANITIZATION hostname_regular_expression
- WEAK_URL_SANITIZATION regular_expression_anchor
- WEAK_URL_SANITIZATION url_substring
- XML_EXTERNAL_ENTITY entity_expansion
- XML_EXTERNAL_ENTITY external_entities
- XSS none
|
- ANDROID_CAPABILITY_LEAK none
- ANDROID_DEBUG_MODE none
- BAD_CERT_VERIFICATION bad_hostname_verifier
- BAD_CERT_VERIFICATION bad_revocation_check
- BAD_CERT_VERIFICATION bad_ssl_session
- BAD_CERT_VERIFICATION bad_trust_manager
- CONFIG.ANDROID_BACKUPS_ALLOWED android
- EXPOSED_PREFERENCES none
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HEADER_INJECTION none
- IMPLICIT_INTENT none
- INSECURE_COMMUNICATION none
- INSECURE_RANDOM insecure_random_used
- INSECURE_RANDOM insecure_random_value
- MISSING_PERMISSION_FOR_BROADCAST none
- MOBILE_ID_MISUSE none
- OS_CMD_INJECTION command_as_array_of_args
- OS_CMD_INJECTION command_as_one_string
- PATH_MANIPULATION none
- PREDICTABLE_RANDOM_SEED random_seed
- PREDICTABLE_RANDOM_SEED secure_random_seed_const
- PREDICTABLE_RANDOM_SEED secure_random_seed_sys_time
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_clipboard
- SENSITIVE_DATA_LEAK cleartext_storage_in_content_provider
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_intent
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_access
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_read
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_write
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_access
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_read
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_write
- UNSAFE_DESERIALIZATION none
- URL_MANIPULATION bad_content_uri
- URL_MANIPULATION bad_intent_uri
- URL_MANIPULATION bad_web_uri
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
- XML_EXTERNAL_ENTITY entity_expansion
- XML_EXTERNAL_ENTITY external_entities
- XML_EXTERNAL_ENTITY unrestricted_dtds
|
- ALLOC_FREE_MISMATCH none
- ARRAY_VS_SINGLETON none
- ATOMICITY none
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK nested_memory_access
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK sensitive_data_comparison
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_execution_data_leak
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_uninitialized_use
- BAD_ALLOC_ARITHMETIC none
- BAD_ALLOC_STRLEN none
- BAD_COMPARE comparator_misuse
- BAD_COMPARE none
- BAD_COMPARE string_lit_comparison
- BAD_FREE address
- BAD_FREE alloca
- BAD_FREE array
- BAD_FREE first_field_address
- BAD_FREE function_pointer
- BAD_FREE none
- BAD_SIZEOF none
- BAD_SIZEOF sizeof_ptr_expr
- BUFFER_SIZE fixed_size_dest
- BUFFER_SIZE likely_overflow
- BUFFER_SIZE no_null_terminator
- BUFFER_SIZE no_null_terminator_warn
- BUFFER_SIZE none
- BUFFER_SIZE overflow
- BUFFER_SIZE overlapping_buffer
- CHAR_IO none
- CHECKED_RETURN library_function
- CHECKED_RETURN none
- CHECKED_RETURN short_read
- CHECKED_RETURN unchecked_arg
- CHECKED_RETURN user_required
- CHROOT none
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- CTOR_DTOR_LEAK none
- DC.PREDICTABLE_KEY_PASSWORD none
- DC.STREAM_BUFFER none
- DC.STRING_BUFFER none
- DC.WEAK_CRYPTO none
- DELETE_ARRAY non_array_delete
- DELETE_ARRAY none
- DELETE_ARRAY object
- DELETE_ARRAY scalar
- DELETE_VOID none
- DIVIDE_BY_ZERO float_divisor
- DIVIDE_BY_ZERO none
- EVALUATION_ORDER none
- FORMAT_STRING_INJECTION none
- FORMAT_STRING_INJECTION paranoid
- FORWARD_NULL deref_constant_null
- FORWARD_NULL dynamic_cast
- FORWARD_NULL none
- FORWARD_NULL throws_on_null
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HEADER_INJECTION none
- INCOMPATIBLE_CAST endianness
- INCOMPATIBLE_CAST float_vs_integral
- INCOMPATIBLE_CAST none
- INCOMPATIBLE_CAST overrun
- INTEGER_OVERFLOW array_index_read
- INTEGER_OVERFLOW array_index_write
- INTEGER_OVERFLOW const_overflow
- INTEGER_OVERFLOW critical_argument
- INTEGER_OVERFLOW none
- INTEGER_OVERFLOW pointer_deref_read
- INTEGER_OVERFLOW pointer_deref_write
- INTEGER_OVERFLOW return_value_error
- INVALIDATE_ITERATOR none
- LOCK double_lock
- LOCK missing_unlock
- LOCK none
- MISMATCHED_ITERATOR none
- MISMATCHED_ITERATOR splice_iterator_mismatch
- MISRA_CAST bitwise_op_bad_cast
- MISRA_CAST bitwise_op_no_cast
- MISRA_CAST float_complex_conversion
- MISRA_CAST float_narrowing_conversion
- MISRA_CAST float_non_constant_arg_conversion
- MISRA_CAST float_non_constant_conversion
- MISRA_CAST float_non_constant_rtn_conversion
- MISRA_CAST float_to_integer_cast
- MISRA_CAST float_to_integer_conversion
- MISRA_CAST float_widening_cast
- MISRA_CAST integer_complex_conversion
- MISRA_CAST integer_narrowing_conversion
- MISRA_CAST integer_non_constant_arg_conversion
- MISRA_CAST integer_non_constant_conversion
- MISRA_CAST integer_non_constant_rtn_conversion
- MISRA_CAST integer_signedness_changing_cast
- MISRA_CAST integer_signedness_changing_conversion
- MISRA_CAST integer_to_float_cast
- MISRA_CAST integer_to_float_conversion
- MISRA_CAST integer_widening_cast
- MISRA_CAST none
- MISSING_ASSIGN none
- MISSING_ASSIGN uncalled
- MISSING_COPY none
- MISSING_COPY uncalled
- MISSING_LOCK none
- MISSING_RESTORE likely
- MISSING_RESTORE none
- MISSING_RESTORE possible
- NEGATIVE_RETURNS array_index_read
- NEGATIVE_RETURNS array_index_write
- NEGATIVE_RETURNS critical_argument
- NEGATIVE_RETURNS loop_bound
- NO_EFFECT bad_memset_fill_value
- NO_EFFECT bad_memset_truncated_fill
- NO_EFFECT bad_memset_zero_size
- NO_EFFECT extra_comma
- NO_EFFECT incomplete_delete
- NO_EFFECT no_effect_test
- NO_EFFECT self_assign
- NULL_RETURNS none
- NULL_RETURNS unimpl
- OPEN_ARGS none
- ORDER_REVERSAL none
- OS_CMD_INJECTION none
- OVERFLOW_BEFORE_WIDEN none
- OVERRUN illegal_address
- OVERRUN none
- OVERRUN read
- OVERRUN strlen
- OVERRUN write
- PATH_MANIPULATION none
- PRINTF_ARGS extra_printf_arg
- PRINTF_ARGS invalid_printf_format_string
- PRINTF_ARGS invalid_type_printf_arg
- PRINTF_ARGS missing_printf_arg
- READLINK none
- RESOURCE_LEAK exceptional_path
- RESOURCE_LEAK fds_handles
- RESOURCE_LEAK none
- RETURN_LOCAL escape_local_addr_to_fields_or_globals
- RETURN_LOCAL none
- REVERSE_INULL none
- REVERSE_NEGATIVE array_index_read
- REVERSE_NEGATIVE array_index_write
- REVERSE_NEGATIVE critical_argument
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SECURE_CODING none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SIGN_EXTENSION none
- SIZECHECK ampersand_in_size
- SIZECHECK improper_new
- SIZECHECK incorrect_multiplication
- SIZECHECK likely_overflow
- SIZECHECK no_null_terminator
- SIZECHECK none
- SIZEOF_MISMATCH sizeof_punning
- SLEEP none
- SQLI none
- STACK_USE none
- STRING_NULL none
- STRING_OVERFLOW fixed_size_dest
- STRING_OVERFLOW likely_overflow
- STRING_OVERFLOW none
- STRING_SIZE none
- SWAPPED_ARGUMENTS none
- TAINTED_SCALAR allocation
- TAINTED_SCALAR array_index_read
- TAINTED_SCALAR array_index_write
- TAINTED_SCALAR critical_argument
- TAINTED_SCALAR divisor
- TAINTED_SCALAR loop_bound
- TAINTED_SCALAR none
- TAINTED_SCALAR pointer_deref_read
- TAINTED_SCALAR pointer_deref_write
- TAINTED_STRING none
- UNCAUGHT_EXCEPT none
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- UNINIT array_index_read
- UNINIT array_index_write
- UNINIT none
- UNINIT pointer_deref_read
- UNINIT pointer_deref_write
- UNINIT_CTOR none
- UNINIT_CTOR pointer
- URL_MANIPULATION none
- USER_POINTER none
- USE_AFTER_FREE deref_read_after_free
- USE_AFTER_FREE deref_write_after_free
- USE_AFTER_FREE double_close
- USE_AFTER_FREE double_free
- USE_AFTER_FREE none
- USE_AFTER_FREE use_after_close
- VARARGS none
- VIRTUAL_DTOR empty_dtor
- VIRTUAL_DTOR none
- WEAK_GUARD dns
- WEAK_GUARD dns_sensitive_op
- WEAK_GUARD http_referer
- WEAK_GUARD http_referer_sensitive_op
- WEAK_GUARD ip_address
- WEAK_GUARD ip_address_sensitive_op
- WEAK_GUARD none
- WEAK_GUARD os_login
- WEAK_GUARD os_login_sensitive_op
- WEAK_GUARD principal_name
- WEAK_GUARD principal_name_sensitive_op
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
- WRAPPER_ESCAPE COM_deref_read_after_free
- WRAPPER_ESCAPE COM_deref_write_after_free
- WRAPPER_ESCAPE COM_use_after_free
- WRAPPER_ESCAPE deref_read_after_free
- WRAPPER_ESCAPE deref_write_after_free
- WRAPPER_ESCAPE none
- XPATH_INJECTION none
|
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- FORWARD_NULL bad_null_value_use
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HEADER_INJECTION none
- IDENTIFIER_TYPO none
- MISSING_AUTHZ none
- NOSQL_QUERY_INJECTION none
- NO_EFFECT self_assign
- OPEN_REDIRECT none
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- SYMFONY_EL_INJECTION none
- UNSAFE_DESERIALIZATION none
- UNSAFE_REFLECTION none
- XML_EXTERNAL_ENTITY external_entities
- XSS none
|
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- FORWARD_NULL bad_null_value_use
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- IDENTIFIER_TYPO none
- MISSING_AUTHZ none
- NOSQL_QUERY_INJECTION none
- OPEN_REDIRECT none
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- REVERSE_INULL none
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- UNSAFE_DESERIALIZATION none
- XML_EXTERNAL_ENTITY external_entities
- XSS none
|
- BAD_CERT_VERIFICATION ssl_verification_bypass_hi
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- COOKIE_SERIALIZER_CONFIG unsafe_cookie_serialization_med
- DIVIDE_BY_ZERO divide_by_zero_low
- DIVIDE_BY_ZERO divide_by_zero_med
- DYNAMIC_OBJECT_ATTRIBUTES attr_protected_used_med
- DYNAMIC_OBJECT_ATTRIBUTES cve_2013_0276_hi
- DYNAMIC_OBJECT_ATTRIBUTES dangerous_attr_accessible_hi
- DYNAMIC_OBJECT_ATTRIBUTES dangerous_attr_accessible_low
- DYNAMIC_OBJECT_ATTRIBUTES dangerous_attr_accessible_med
- DYNAMIC_OBJECT_ATTRIBUTES dangerous_permit_key_hi
- DYNAMIC_OBJECT_ATTRIBUTES dangerous_permit_key_med
- DYNAMIC_OBJECT_ATTRIBUTES mass_assign_call_hi
- DYNAMIC_OBJECT_ATTRIBUTES mass_assign_call_low
- DYNAMIC_OBJECT_ATTRIBUTES mass_assign_call_med
- DYNAMIC_OBJECT_ATTRIBUTES mass_assign_permit_all_hi
- DYNAMIC_OBJECT_ATTRIBUTES mass_assign_permit_all_med
- DYNAMIC_OBJECT_ATTRIBUTES mass_assign_without_protection_hi
- DYNAMIC_OBJECT_ATTRIBUTES mass_assign_without_protection_med
- DYNAMIC_OBJECT_ATTRIBUTES no_attr_accessible_hi
- FORWARD_NULL bad_null_value_use
- HARDCODED_CREDENTIALS secret_in_source_med
- IDENTIFIER_TYPO none
- INSECURE_COOKIE missing_httponly_low
- INSECURE_DIRECT_OBJECT_REFERENCE unscoped_find_low
- NO_EFFECT self_assign
- OPEN_REDIRECT open_redirect_hi
- OPEN_REDIRECT open_redirect_low
- OS_CMD_INJECTION command_injection_hi
- OS_CMD_INJECTION command_injection_med
- PATH_MANIPULATION dynamic_render_path_hi
- PATH_MANIPULATION dynamic_render_path_low
- PATH_MANIPULATION dynamic_render_path_med
- PATH_MANIPULATION dynamic_render_path_rce_hi
- PATH_MANIPULATION file_access_hi
- PATH_MANIPULATION file_access_low
- PATH_MANIPULATION file_access_med
- RAILS_DEFAULT_ROUTES all_default_routes_hi
- RAILS_DEFAULT_ROUTES controller_default_routes_med
- RAILS_DEFAULT_ROUTES cve_2014_0130_hi
- RAILS_DEFAULT_ROUTES cve_2014_0130_med
- RAILS_DEVISE_CONFIG devise_encryptor_hi
- RAILS_DEVISE_CONFIG devise_lock_strategy_low
- RAILS_DEVISE_CONFIG devise_password_length_max_low
- RAILS_DEVISE_CONFIG devise_password_length_max_med
- RAILS_DEVISE_CONFIG devise_password_length_min_low
- RAILS_DEVISE_CONFIG devise_password_length_min_med
- RAILS_DEVISE_CONFIG devise_reset_timeout_hi
- RAILS_MISSING_FILTER_ACTION missing_action_filter_low
- REGEX_INJECTION regex_dos_hi
- REGEX_INJECTION regex_dos_low
- REGEX_INJECTION regex_dos_med
- RESOURCE_LEAK unsafe_symbol_creation_low
- REVERSE_INULL none
- REVERSE_TABNABBING reverse_tabnabbing_low
- RUBY_VULNERABLE_LIBRARY cve_2010_3933_hi
- RUBY_VULNERABLE_LIBRARY cve_2011_2929_hi
- RUBY_VULNERABLE_LIBRARY cve_2011_2930_med
- RUBY_VULNERABLE_LIBRARY cve_2011_2931_hi
- RUBY_VULNERABLE_LIBRARY cve_2011_2932_hi
- RUBY_VULNERABLE_LIBRARY cve_2011_3186_med
- RUBY_VULNERABLE_LIBRARY cve_2012_2660_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_2661_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_2695_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_3424_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_3424_low
- RUBY_VULNERABLE_LIBRARY cve_2012_3463_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_3465_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_5664_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_0155_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_0156_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_0269_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_0269_low
- RUBY_VULNERABLE_LIBRARY cve_2013_0269_med
- RUBY_VULNERABLE_LIBRARY cve_2013_0277_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_0277_med
- RUBY_VULNERABLE_LIBRARY cve_2013_0333_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_1854_med
- RUBY_VULNERABLE_LIBRARY cve_2013_1855_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_1857_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_4491_med
- RUBY_VULNERABLE_LIBRARY cve_2013_6414_med
- RUBY_VULNERABLE_LIBRARY cve_2013_6416_call_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_6416_med
- RUBY_VULNERABLE_LIBRARY cve_2013_6417_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_0080_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_0081_call_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_0081_med
- RUBY_VULNERABLE_LIBRARY cve_2014_0082_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_3482_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_3483_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_low
- RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_med
- RUBY_VULNERABLE_LIBRARY cve_2014_3514_med
- RUBY_VULNERABLE_LIBRARY cve_2014_7829_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_3226_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_3226_med
- RUBY_VULNERABLE_LIBRARY cve_2015_3227_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7576_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_7577_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7578_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_7578_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7579_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_7579_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7580_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_7580_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7581_med
- RUBY_VULNERABLE_LIBRARY cve_2016_0751_med
- RUBY_VULNERABLE_LIBRARY cve_2016_6317_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_3741_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_3741_med
- RUBY_VULNERABLE_LIBRARY cve_2018_3760_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_3760_low
- RUBY_VULNERABLE_LIBRARY cve_2018_8048_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_8048_med
- RUBY_VULNERABLE_LIBRARY safe_buffer_vuln_med
- RUBY_VULNERABLE_LIBRARY select_options_vuln_low
- RUBY_VULNERABLE_LIBRARY select_options_vuln_med
- RUBY_VULNERABLE_LIBRARY translate_vuln_hi
- RUBY_VULNERABLE_LIBRARY translate_vuln_med
- SCRIPT_CODE_INJECTION code_eval_hi
- SCRIPT_CODE_INJECTION code_eval_low
- SENSITIVE_DATA_LEAK detailed_exceptions_hi
- SENSITIVE_DATA_LEAK detailed_exceptions_med
- SENSITIVE_DATA_LEAK local_request_config_hi
- SESSION_MANIPULATION session_key_manipulation_hi
- SESSION_MANIPULATION session_key_manipulation_med
- SQLI sql_injection_calculate_hi
- SQLI sql_injection_calculate_low
- SQLI sql_injection_calculate_med
- SQLI sql_injection_connection_hi
- SQLI sql_injection_connection_low
- SQLI sql_injection_connection_med
- SQLI sql_injection_delete_hi
- SQLI sql_injection_delete_low
- SQLI sql_injection_delete_med
- SQLI sql_injection_dynamic_finder_med
- SQLI sql_injection_exists_hi
- SQLI sql_injection_find_by_hi
- SQLI sql_injection_find_hi
- SQLI sql_injection_find_low
- SQLI sql_injection_find_med
- SQLI sql_injection_from_hi
- SQLI sql_injection_from_low
- SQLI sql_injection_from_med
- SQLI sql_injection_group_low
- SQLI sql_injection_group_med
- SQLI sql_injection_having_low
- SQLI sql_injection_having_med
- SQLI sql_injection_hi
- SQLI sql_injection_interp_hi
- SQLI sql_injection_interp_low
- SQLI sql_injection_interp_med
- SQLI sql_injection_joins_hi
- SQLI sql_injection_joins_low
- SQLI sql_injection_joins_med
- SQLI sql_injection_limit_offset_hi
- SQLI sql_injection_limit_offset_low
- SQLI sql_injection_low
- SQLI sql_injection_med
- SQLI sql_injection_not_low
- SQLI sql_injection_order_hi
- SQLI sql_injection_order_low
- SQLI sql_injection_order_med
- SQLI sql_injection_pluck_hi
- SQLI sql_injection_pluck_low
- SQLI sql_injection_pluck_med
- SQLI sql_injection_reorder_hi
- SQLI sql_injection_reorder_low
- SQLI sql_injection_reorder_med
- SQLI sql_injection_select_hi
- SQLI sql_injection_select_med
- SQLI sql_injection_where_hi
- SQLI sql_injection_where_low
- SQLI sql_injection_where_med
- STRICT_TRANSPORT_SECURITY force_ssl_disabled_med
- UNESCAPED_HTML unescaped_output_low
- UNSAFE_BASIC_AUTH basic_auth_password_hi
- UNSAFE_BASIC_AUTH basic_auth_timing_attack_low
- UNSAFE_BASIC_AUTH basic_auth_usage_low
- UNSAFE_DESERIALIZATION unsafe_deserialize_hi
- UNSAFE_DESERIALIZATION unsafe_deserialize_med
- UNSAFE_REFLECTION dangerous_send_hi
- UNSAFE_REFLECTION unsafe_constantize_hi
- UNSAFE_REFLECTION unsafe_constantize_med
- UNSAFE_SESSION_SETTING http_cookies_hi
- UNSAFE_SESSION_SETTING session_secret_hi
- WEAK_PASSWORD_HASH weak_hash_digest_hi
- WEAK_PASSWORD_HASH weak_hash_digest_med
- WEAK_PASSWORD_HASH weak_hash_hmac_med
- XSS cross_site_scripting_hi
- XSS cross_site_scripting_inline_hi
- XSS cross_site_scripting_inline_med
- XSS cross_site_scripting_low
- XSS cross_site_scripting_med
- XSS cve_2011_0446_hi
- XSS cve_2012_3464_med
- XSS cve_2016_6316_hi
- XSS cve_2016_6316_med
- XSS unquoted_attribute_hi
- XSS unquoted_attribute_low
- XSS unquoted_attribute_med
- XSS xss_content_tag_hi
- XSS xss_content_tag_med
- XSS xss_link_to_hi
- XSS xss_link_to_href_hi
- XSS xss_link_to_href_low
- XSS xss_link_to_med
- XSS xss_to_json_hi
- XSS xss_to_json_med
|
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- FORWARD_NULL deref_constant_null
- FORWARD_NULL none
- NO_EFFECT self_assign
- OVERFLOW_BEFORE_WIDEN none
- REVERSE_INULL none
|
- BAD_CERT_VERIFICATION bad_trust_manager
- BAD_CERT_VERIFICATION none
- CONFIG.ATS_INSECURE none
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- CUSTOM_KEYBOARD_DATA_LEAK none
- FORWARD_NULL deref_constant_null
- FORWARD_NULL none
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- INSECURE_COMMUNICATION none
- INSECURE_MULTIPEER_CONNECTION none
- PATH_MANIPULATION none
- REGEX_INJECTION none
- REVERSE_INULL none
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- UNEXPECTED_CONTROL_FLOW ignored_exception_to_optional
- WEAK_BIOMETRIC_AUTH none
- XML_EXTERNAL_ENTITY external_entities
- XPATH_INJECTION none
|
- ANGULAR_BYPASS_SECURITY none
- ANGULAR_ELEMENT_REFERENCE none
- ANGULAR_EXPRESSION_INJECTION none
- ANGULAR_SCE_DISABLED angular_sce_disabled
- AWS_SSL_DISABLED aws_ssl_disabled
- AWS_VALIDATION_DISABLED aws_credentials_validation
- AWS_VALIDATION_DISABLED aws_parameters_validation
- BAD_CERT_VERIFICATION bad_cert_verification
- BAD_CERT_VERIFICATION certificate_validation_disabled
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_fields
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_filesize
- CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
- CONFIG.CORDOVA_EXCESSIVE_LOGGING cordova
- CONFIG.ENABLED_DEBUG_MODE debug_mode_enabled
- CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
- CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
- CONFIG.JSONWEBTOKEN_NON_EXPIRING_TOKEN jwt_non_expiring_token
- CONFIG.MYSQL_SSL_VERIFY_DISABLED mysql_ssl_verify_disabled
- CONFIG.REQUEST_STRICTSSL_DISABLED request_strictssl_disabled
- CONFIG.SEQUELIZE_ENABLED_LOGGING sequelize_logging_enabled
- CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
- CONFIG.SOCKETIO_MAXHTTPBUFFERSIZE_SET_TOO_LARGE socketio_max_buffer_size
- CONFIG.SOCKETIO_ORIGINS_ACCEPT_ALL socketio_all_origins
- CONFIG.UNSAFE_SESSION_TIMEOUT client_sessions_unsafe_session_timeout
- CONFIG.UNSAFE_SESSION_TIMEOUT connect_mongo_session_timeout_too_long
- CONFIG.UNSAFE_SESSION_TIMEOUT connect_redis_session_timeout_too_long
- CONFIG.UNSAFE_SESSION_TIMEOUT google_cloud_connect_datastore_unsafe_session_timeout
- CONFIG.VUE_ROUTER_PARAMS_EXPOSED_TO_PROPS vuerouter_exposed_params
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- COOKIE_INJECTION none
- CORS_MISCONFIGURATION cors_configured_globally
- CORS_MISCONFIGURATION cors_origin_string
- CORS_MISCONFIGURATION cors_with_credentials_all_origin
- CORS_MISCONFIGURATION cors_with_credentials_http_origin
- CORS_MISCONFIGURATION cors_with_credentials_null_origin
- CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
- CORS_MISCONFIGURATION_AUDIT cors_expose_sensitive_header
- CORS_MISCONFIGURATION_AUDIT cors_headers_allowed
- CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
- CORS_MISCONFIGURATION_AUDIT cors_origin_string
- CORS_MISCONFIGURATION_AUDIT cors_preflight_age_too_long
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_all_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_http_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_null_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
- CSS_INJECTION none
- DNS_PREFETCHING helmet_dns_prefetching
- DOM_XSS none
- EXPLICIT_THIS_EXPECTED none
- EXPRESS_SESSION_UNSAFE_MEMORYSTORE express_session_unsafe_memorystore
- EXPRESS_WINSTON_SENSITIVE_LOGGING error_logger
- EXPRESS_WINSTON_SENSITIVE_LOGGING meta_data
- EXPRESS_WINSTON_SENSITIVE_LOGGING request_logger
- EXPRESS_X_POWERED_BY_ENABLED x_powered_by_http_header
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_fields
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_filesize
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_use_temp_files
- FORWARD_NULL bad_null_value_use
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HEADER_INJECTION none
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_max_age
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_report_uri
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_set_if
- IDENTIFIER_TYPO none
- INSECURE_ACL insecure_acl
- INSECURE_COMMUNICATION insecure_connection
- INSECURE_COOKIE client_sessions_express_session
- INSECURE_COOKIE hapi_server_session
- INSECURE_RANDOM insecure_random_used
- INSECURE_RANDOM insecure_random_value
- INSECURE_REFERRER_POLICY insecure_referrer_policy
- INSECURE_SALT hardcoded
- INSUFFICIENT_LOGGING logging_obligation
- INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_aws
- INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_google
- JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_exipration
- JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_not_before
- LOCALSTORAGE_MANIPULATION none
- LOCALSTORAGE_WRITE none
- MISSING_AUTHZ none
- MISSING_IFRAME_SANDBOX none
- MULTER_MISCONFIGURATION multer_applied_globally
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_count
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
- MULTER_MISCONFIGURATION multer_misconfiguration_of_limits
- MULTER_MISCONFIGURATION multer_misconfiguration_of_storage
- NOSQL_QUERY_INJECTION none
- NO_EFFECT self_assign
- NULL_RETURNS none
- OPEN_REDIRECT none
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- REACT_DANGEROUS_INNERHTML react_set_unsafe_html
- REGEX_INJECTION none
- REVERSE_INULL none
- REVERSE_TABNABBING react_target_blank
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO insecure_cipher
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SA.RISKY_CRYPTO ssl_protocol
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SESSIONSTORAGE_MANIPULATION none
- SQLI none
- SQLI nosink
- SQLI sink
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
- TEMPLATE_INJECTION none
- TEMPORARY_CREDENTIALS_DURATION temporary_credentials_duration
- UNCHECKED_ORIGIN none
- UNLESS_CASE_SENSITIVE_ROUTE_MATCHING express_unless_case_sensitive_route_matching
- UNRESTRICTED_MESSAGE_TARGET none
- UNSAFE_BUFFER_METHOD unsafe_buffer_method
- UNSAFE_DESERIALIZATION none
- URL_MANIPULATION none
- VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
- WEAK_URL_SANITIZATION hostname_regular_expression
- WEAK_URL_SANITIZATION regular_expression_anchor
- WEAK_URL_SANITIZATION url_substring
- XML_EXTERNAL_ENTITY entity_expansion
- XML_EXTERNAL_ENTITY external_entities
- XSS none
|
- ASPNET_MVC_VERSION_HEADER none
- CALL_SUPER none
- CONFIG.DYNAMIC_DATA_HTML_COMMENT none
- DIVIDE_BY_ZERO float_divisor
- DIVIDE_BY_ZERO none
- FORWARD_NULL deref_constant_null
- FORWARD_NULL deref_constant_zero
- FORWARD_NULL dynamic_cast
- FORWARD_NULL none
- FORWARD_NULL null_from_as
- FORWARD_NULL throws_on_null
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HEADER_INJECTION none
- INSECURE_RANDOM insecure_random_used
- INSECURE_RANDOM insecure_random_value
- LDAP_INJECTION none
- LDAP_NOT_CONSTANT none
- LOCK_EVASION none
- LOG_INJECTION none
- MISSING_AUTHZ none
- NULL_RETURNS none
- OPEN_REDIRECT none
- OS_CMD_INJECTION command_argument
- OS_CMD_INJECTION executable_file
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- REGEX_INJECTION none
- RESOURCE_LEAK channel
- RESOURCE_LEAK database
- RESOURCE_LEAK exceptional_path
- RESOURCE_LEAK none
- RESOURCE_LEAK socket
- RESOURCE_LEAK stream
- REVERSE_INULL none
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
- SWAPPED_ARGUMENTS none
- UNLOGGED_SECURITY_EXCEPTION unlogged_security_exception
- UNRESTRICTED_DISPATCH none
- UNSAFE_DESERIALIZATION none
- UNSAFE_NAMED_QUERY none
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
- XML_EXTERNAL_ENTITY entity_expansion
- XML_EXTERNAL_ENTITY external_entities
- XML_EXTERNAL_ENTITY unrestricted_dtds
- XML_INJECTION none
- XPATH_INJECTION none
- XSS none
- XSS stored_xss
|
| 1155 SEI CERT C Coding Standard - Guidelines 01. Preprocessor (PRE) |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1156 SEI CERT C Coding Standard - Guidelines 02. Declarations and Initialization (DCL) |
|
- PW.RETURN_PTR_TO_LOCAL_TEMP none
- RETURN_LOCAL escape_local_addr_to_fields_or_globals
- RETURN_LOCAL none
|
- PW.RETURN_PTR_TO_LOCAL_TEMP none
- RETURN_LOCAL escape_local_addr_to_fields_or_globals
- RETURN_LOCAL none
|
|
|
|
|
- RETURN_LOCAL escape_local_addr_to_fields_or_globals
- RETURN_LOCAL none
|
|
|
|
|
|
|
|
| 1157 SEI CERT C Coding Standard - Guidelines 03. Expressions (EXP) |
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- FORWARD_NULL deref_constant_null
- FORWARD_NULL deref_constant_zero
- FORWARD_NULL dynamic_cast
- FORWARD_NULL none
- FORWARD_NULL null_from_as
- FORWARD_NULL throws_on_null
- NULL_RETURNS none
- NULL_RETURNS unimpl
- REVERSE_INULL none
- SWAPPED_ARGUMENTS none
|
- ARRAY_VS_SINGLETON none
- BAD_ALLOC_ARITHMETIC none
- BAD_COMPARE none
- BAD_COMPARE string_lit_comparison
- BUFFER_SIZE fixed_size_dest
- BUFFER_SIZE likely_overflow
- BUFFER_SIZE none
- BUFFER_SIZE overflow
- BUFFER_SIZE overlapping_buffer
- CHAR_IO none
- COM.BAD_FREE none
- COM.BSTR.ALLOC double_free
- COM.BSTR.ALLOC free_uninit
- COM.BSTR.ALLOC none
- COM.BSTR.ALLOC use_after_free
- COM.BSTR.ALLOC use_uninit
- COM.BSTR.CONV none
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- DELETE_VOID none
- EVALUATION_ORDER none
- FORWARD_NULL deref_constant_null
- FORWARD_NULL dynamic_cast
- FORWARD_NULL none
- FORWARD_NULL throws_on_null
- INCOMPATIBLE_CAST endianness
- INCOMPATIBLE_CAST float_vs_integral
- INCOMPATIBLE_CAST none
- INCOMPATIBLE_CAST overrun
- INTEGER_OVERFLOW array_index_read
- INTEGER_OVERFLOW array_index_write
- INTEGER_OVERFLOW pointer_deref_read
- INTEGER_OVERFLOW pointer_deref_write
- INVALIDATE_ITERATOR none
- MISMATCHED_ITERATOR none
- MISMATCHED_ITERATOR splice_iterator_mismatch
- MISRA_CAST bitwise_op_bad_cast
- MISRA_CAST bitwise_op_no_cast
- MISRA_CAST float_complex_conversion
- MISRA_CAST float_narrowing_conversion
- MISRA_CAST float_non_constant_arg_conversion
- MISRA_CAST float_non_constant_conversion
- MISRA_CAST float_non_constant_rtn_conversion
- MISRA_CAST float_to_integer_cast
- MISRA_CAST float_to_integer_conversion
- MISRA_CAST float_widening_cast
- MISRA_CAST integer_complex_conversion
- MISRA_CAST integer_narrowing_conversion
- MISRA_CAST integer_non_constant_arg_conversion
- MISRA_CAST integer_non_constant_conversion
- MISRA_CAST integer_non_constant_rtn_conversion
- MISRA_CAST integer_signedness_changing_cast
- MISRA_CAST integer_signedness_changing_conversion
- MISRA_CAST integer_to_float_cast
- MISRA_CAST integer_to_float_conversion
- MISRA_CAST integer_widening_cast
- MISRA_CAST none
- MISSING_ASSIGN none
- MISSING_ASSIGN uncalled
- MISSING_COPY none
- MISSING_COPY uncalled
- NEGATIVE_RETURNS critical_argument
- NO_EFFECT bad_memset_truncated_fill
- NO_EFFECT extra_comma
- NO_EFFECT no_effect_test
- NULL_RETURNS none
- NULL_RETURNS unimpl
- OVERRUN illegal_address
- OVERRUN none
- OVERRUN read
- OVERRUN strlen
- OVERRUN write
- PRINTF_ARGS extra_printf_arg
- PRINTF_ARGS invalid_type_printf_arg
- PRINTF_ARGS missing_printf_arg
- PW.ASSIGN_WHERE_COMPARE_MEANT none
- PW.BAD_CAST none
- PW.BAD_PRINTF_FORMAT_STRING none
- PW.CONVERSION_TO_POINTER_LOSES_BITS none
- PW.TOO_FEW_PRINTF_ARGS none
- PW.TOO_MANY_PRINTF_ARGS none
- REVERSE_INULL none
- REVERSE_NEGATIVE critical_argument
- SIGN_EXTENSION none
- SIZECHECK likely_overflow
- STRING_OVERFLOW fixed_size_dest
- STRING_OVERFLOW likely_overflow
- STRING_OVERFLOW none
- STRING_SIZE none
- SWAPPED_ARGUMENTS none
- TAINTED_SCALAR allocation
- TAINTED_SCALAR array_index_read
- TAINTED_SCALAR array_index_write
- TAINTED_SCALAR critical_argument
- TAINTED_SCALAR divisor
- TAINTED_SCALAR loop_bound
- TAINTED_SCALAR none
- TAINTED_SCALAR pointer_deref_read
- TAINTED_SCALAR pointer_deref_write
- USE_AFTER_FREE deref_read_after_free
- USE_AFTER_FREE deref_write_after_free
- USE_AFTER_FREE double_free
- USE_AFTER_FREE none
- WRAPPER_ESCAPE COM_deref_read_after_free
- WRAPPER_ESCAPE COM_deref_write_after_free
- WRAPPER_ESCAPE COM_use_after_free
- WRAPPER_ESCAPE deref_read_after_free
- WRAPPER_ESCAPE deref_write_after_free
- WRAPPER_ESCAPE none
- Y2K38_SAFETY declaration_with_small_time_t
- Y2K38_SAFETY truncation_of_time_t
|
- ARRAY_VS_SINGLETON none
- BAD_ALLOC_ARITHMETIC none
- BAD_COMPARE none
- BAD_COMPARE string_lit_comparison
- BUFFER_SIZE fixed_size_dest
- BUFFER_SIZE likely_overflow
- BUFFER_SIZE none
- BUFFER_SIZE overflow
- BUFFER_SIZE overlapping_buffer
- CHAR_IO none
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- DELETE_VOID none
- EVALUATION_ORDER none
- FORWARD_NULL deref_constant_null
- FORWARD_NULL dynamic_cast
- FORWARD_NULL none
- FORWARD_NULL throws_on_null
- INCOMPATIBLE_CAST endianness
- INCOMPATIBLE_CAST float_vs_integral
- INCOMPATIBLE_CAST none
- INCOMPATIBLE_CAST overrun
- INTEGER_OVERFLOW array_index_read
- INTEGER_OVERFLOW array_index_write
- INTEGER_OVERFLOW pointer_deref_read
- INTEGER_OVERFLOW pointer_deref_write
- INVALIDATE_ITERATOR none
- MISMATCHED_ITERATOR none
- MISMATCHED_ITERATOR splice_iterator_mismatch
- MISRA_CAST bitwise_op_bad_cast
- MISRA_CAST bitwise_op_no_cast
- MISRA_CAST float_complex_conversion
- MISRA_CAST float_narrowing_conversion
- MISRA_CAST float_non_constant_arg_conversion
- MISRA_CAST float_non_constant_conversion
- MISRA_CAST float_non_constant_rtn_conversion
- MISRA_CAST float_to_integer_cast
- MISRA_CAST float_to_integer_conversion
- MISRA_CAST float_widening_cast
- MISRA_CAST integer_complex_conversion
- MISRA_CAST integer_narrowing_conversion
- MISRA_CAST integer_non_constant_arg_conversion
- MISRA_CAST integer_non_constant_conversion
- MISRA_CAST integer_non_constant_rtn_conversion
- MISRA_CAST integer_signedness_changing_cast
- MISRA_CAST integer_signedness_changing_conversion
- MISRA_CAST integer_to_float_cast
- MISRA_CAST integer_to_float_conversion
- MISRA_CAST integer_widening_cast
- MISRA_CAST none
- MISSING_ASSIGN none
- MISSING_ASSIGN uncalled
- MISSING_COPY none
- MISSING_COPY uncalled
- NEGATIVE_RETURNS critical_argument
- NO_EFFECT bad_memset_truncated_fill
- NO_EFFECT extra_comma
- NO_EFFECT no_effect_test
- NULL_RETURNS none
- NULL_RETURNS unimpl
- OVERRUN illegal_address
- OVERRUN none
- OVERRUN read
- OVERRUN strlen
- OVERRUN write
- PRINTF_ARGS extra_printf_arg
- PRINTF_ARGS invalid_type_printf_arg
- PRINTF_ARGS missing_printf_arg
- PW.ASSIGN_WHERE_COMPARE_MEANT none
- PW.BAD_CAST none
- PW.BAD_PRINTF_FORMAT_STRING none
- PW.CONVERSION_TO_POINTER_LOSES_BITS none
- PW.TOO_FEW_PRINTF_ARGS none
- PW.TOO_MANY_PRINTF_ARGS none
- REVERSE_INULL none
- REVERSE_NEGATIVE critical_argument
- SIGN_EXTENSION none
- SIZECHECK likely_overflow
- STRING_OVERFLOW fixed_size_dest
- STRING_OVERFLOW likely_overflow
- STRING_OVERFLOW none
- STRING_SIZE none
- SWAPPED_ARGUMENTS none
- TAINTED_SCALAR allocation
- TAINTED_SCALAR array_index_read
- TAINTED_SCALAR array_index_write
- TAINTED_SCALAR critical_argument
- TAINTED_SCALAR divisor
- TAINTED_SCALAR loop_bound
- TAINTED_SCALAR none
- TAINTED_SCALAR pointer_deref_read
- TAINTED_SCALAR pointer_deref_write
- USE_AFTER_FREE deref_read_after_free
- USE_AFTER_FREE deref_write_after_free
- USE_AFTER_FREE double_free
- USE_AFTER_FREE none
- WRAPPER_ESCAPE COM_deref_read_after_free
- WRAPPER_ESCAPE COM_deref_write_after_free
- WRAPPER_ESCAPE COM_use_after_free
- WRAPPER_ESCAPE deref_read_after_free
- WRAPPER_ESCAPE deref_write_after_free
- WRAPPER_ESCAPE none
|
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- FORWARD_NULL deref_constant_null
- FORWARD_NULL none
- NULL_RETURNS none
- NULL_RETURNS unimpl
- REVERSE_INULL none
|
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- FB.BC_NULL_INSTANCEOF none
- FB.BX_BOXING_IMMEDIATELY_UNBOXED_TO_PERFORM_COERCION none
- FB.ES_COMPARING_PARAMETER_STRING_WITH_EQ none
- FB.ES_COMPARING_STRINGS_WITH_EQ none
- FB.ICAST_BAD_SHIFT_AMOUNT none
- FB.ICAST_IDIV_CAST_TO_DOUBLE none
- FB.ICAST_INTEGER_MULTIPLY_CAST_TO_LONG none
- FB.ICAST_INT_2_LONG_AS_INSTANT none
- FB.ICAST_INT_CAST_TO_DOUBLE_PASSED_TO_CEIL none
- FB.ICAST_INT_CAST_TO_FLOAT_PASSED_TO_ROUND none
- FB.ICAST_QUESTIONABLE_UNSIGNED_RIGHT_SHIFT none
- FB.NP_ALWAYS_NULL none
- FB.NP_ALWAYS_NULL_EXCEPTION none
- FB.NP_ARGUMENT_MIGHT_BE_NULL none
- FB.NP_BOOLEAN_RETURN_NULL none
- FB.NP_CLONE_COULD_RETURN_NULL none
- FB.NP_CLOSING_NULL none
- FB.NP_DEREFERENCE_OF_READLINE_VALUE none
- FB.NP_DOES_NOT_HANDLE_NULL none
- FB.NP_EQUALS_SHOULD_HANDLE_NULL_ARGUMENT none
- FB.NP_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR none
- FB.NP_GUARANTEED_DEREF none
- FB.NP_GUARANTEED_DEREF_ON_EXCEPTION_PATH none
- FB.NP_IMMEDIATE_DEREFERENCE_OF_READLINE none
- FB.NP_LOAD_OF_KNOWN_NULL_VALUE none
- FB.NP_METHOD_PARAMETER_RELAXING_ANNOTATION none
- FB.NP_METHOD_PARAMETER_TIGHTENS_ANNOTATION none
- FB.NP_METHOD_RETURN_RELAXING_ANNOTATION none
- FB.NP_NONNULL_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR none
- FB.NP_NONNULL_PARAM_VIOLATION none
- FB.NP_NONNULL_RETURN_VIOLATION none
- FB.NP_NULL_INSTANCEOF none
- FB.NP_NULL_ON_SOME_PATH none
- FB.NP_NULL_ON_SOME_PATH_EXCEPTION none
- FB.NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE none
- FB.NP_NULL_ON_SOME_PATH_MIGHT_BE_INFEASIBLE none
- FB.NP_NULL_PARAM_DEREF none
- FB.NP_NULL_PARAM_DEREF_ALL_TARGETS_DANGEROUS none
- FB.NP_NULL_PARAM_DEREF_NONVIRTUAL none
- FB.NP_OPTIONAL_RETURN_NULL none
- FB.NP_PARAMETER_MUST_BE_NONNULL_BUT_MARKED_AS_NULLABLE none
- FB.NP_STORE_INTO_NONNULL_FIELD none
- FB.NP_TOSTRING_COULD_RETURN_NULL none
- FB.NP_UNWRITTEN_FIELD none
- FB.NP_UNWRITTEN_PUBLIC_OR_PROTECTED_FIELD none
- FB.QBA_QUESTIONABLE_BOOLEAN_ASSIGNMENT none
- FB.RCN_REDUNDANT_COMPARISON_OF_NULL_AND_NONNULL_VALUE none
- FB.RCN_REDUNDANT_COMPARISON_TWO_NULL_VALUES none
- FB.RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE none
- FB.RCN_REDUNDANT_NULLCHECK_OF_NULL_VALUE none
- FB.RCN_REDUNDANT_NULLCHECK_WOULD_HAVE_BEEN_A_NPE none
- FORWARD_NULL deref_constant_null
- FORWARD_NULL deref_constant_zero
- FORWARD_NULL needs_null_check
- FORWARD_NULL none
- INVALIDATE_ITERATOR map_put
- INVALIDATE_ITERATOR none
- NULL_RETURNS none
- NULL_RETURNS unimpl
- REVERSE_INULL none
- SWAPPED_ARGUMENTS none
|
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- EXPLICIT_THIS_EXPECTED none
- FORWARD_NULL bad_null_value_use
- IDENTIFIER_TYPO none
- NULL_RETURNS none
- REVERSE_INULL none
|
|
- ARRAY_VS_SINGLETON none
- BAD_ALLOC_ARITHMETIC none
- BAD_COMPARE none
- BAD_COMPARE string_lit_comparison
- BUFFER_SIZE fixed_size_dest
- BUFFER_SIZE likely_overflow
- BUFFER_SIZE none
- BUFFER_SIZE overflow
- BUFFER_SIZE overlapping_buffer
- CHAR_IO none
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- DELETE_VOID none
- EVALUATION_ORDER none
- FORWARD_NULL deref_constant_null
- FORWARD_NULL dynamic_cast
- FORWARD_NULL none
- FORWARD_NULL throws_on_null
- INCOMPATIBLE_CAST endianness
- INCOMPATIBLE_CAST float_vs_integral
- INCOMPATIBLE_CAST none
- INCOMPATIBLE_CAST overrun
- INTEGER_OVERFLOW array_index_read
- INTEGER_OVERFLOW array_index_write
- INTEGER_OVERFLOW pointer_deref_read
- INTEGER_OVERFLOW pointer_deref_write
- INVALIDATE_ITERATOR none
- MISMATCHED_ITERATOR none
- MISMATCHED_ITERATOR splice_iterator_mismatch
- MISRA_CAST bitwise_op_bad_cast
- MISRA_CAST bitwise_op_no_cast
- MISRA_CAST float_complex_conversion
- MISRA_CAST float_narrowing_conversion
- MISRA_CAST float_non_constant_arg_conversion
- MISRA_CAST float_non_constant_conversion
- MISRA_CAST float_non_constant_rtn_conversion
- MISRA_CAST float_to_integer_cast
- MISRA_CAST float_to_integer_conversion
- MISRA_CAST float_widening_cast
- MISRA_CAST integer_complex_conversion
- MISRA_CAST integer_narrowing_conversion
- MISRA_CAST integer_non_constant_arg_conversion
- MISRA_CAST integer_non_constant_conversion
- MISRA_CAST integer_non_constant_rtn_conversion
- MISRA_CAST integer_signedness_changing_cast
- MISRA_CAST integer_signedness_changing_conversion
- MISRA_CAST integer_to_float_cast
- MISRA_CAST integer_to_float_conversion
- MISRA_CAST integer_widening_cast
- MISRA_CAST none
- MISSING_ASSIGN none
- MISSING_ASSIGN uncalled
- MISSING_COPY none
- MISSING_COPY uncalled
- NEGATIVE_RETURNS critical_argument
- NO_EFFECT bad_memset_truncated_fill
- NO_EFFECT extra_comma
- NO_EFFECT no_effect_test
- NULL_RETURNS none
- NULL_RETURNS unimpl
- OVERRUN illegal_address
- OVERRUN none
- OVERRUN read
- OVERRUN strlen
- OVERRUN write
- PRINTF_ARGS extra_printf_arg
- PRINTF_ARGS invalid_type_printf_arg
- PRINTF_ARGS missing_printf_arg
- REVERSE_INULL none
- REVERSE_NEGATIVE critical_argument
- SIGN_EXTENSION none
- SIZECHECK likely_overflow
- STRING_OVERFLOW fixed_size_dest
- STRING_OVERFLOW likely_overflow
- STRING_OVERFLOW none
- STRING_SIZE none
- SWAPPED_ARGUMENTS none
- TAINTED_SCALAR allocation
- TAINTED_SCALAR array_index_read
- TAINTED_SCALAR array_index_write
- TAINTED_SCALAR critical_argument
- TAINTED_SCALAR divisor
- TAINTED_SCALAR loop_bound
- TAINTED_SCALAR none
- TAINTED_SCALAR pointer_deref_read
- TAINTED_SCALAR pointer_deref_write
- USE_AFTER_FREE deref_read_after_free
- USE_AFTER_FREE deref_write_after_free
- USE_AFTER_FREE double_free
- USE_AFTER_FREE none
- WRAPPER_ESCAPE COM_deref_read_after_free
- WRAPPER_ESCAPE COM_deref_write_after_free
- WRAPPER_ESCAPE COM_use_after_free
- WRAPPER_ESCAPE deref_read_after_free
- WRAPPER_ESCAPE deref_write_after_free
- WRAPPER_ESCAPE none
|
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- FORWARD_NULL bad_null_value_use
- IDENTIFIER_TYPO none
|
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- FORWARD_NULL bad_null_value_use
- IDENTIFIER_TYPO none
- REVERSE_INULL none
|
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- FORWARD_NULL bad_null_value_use
- IDENTIFIER_TYPO none
- REVERSE_INULL none
- SQLI sql_injection_dynamic_finder_med
|
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- FORWARD_NULL deref_constant_null
- FORWARD_NULL none
- REVERSE_INULL none
|
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- FORWARD_NULL deref_constant_null
- FORWARD_NULL none
- REVERSE_INULL none
|
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- EXPLICIT_THIS_EXPECTED none
- FORWARD_NULL bad_null_value_use
- IDENTIFIER_TYPO none
- NULL_RETURNS none
- REVERSE_INULL none
|
- FORWARD_NULL deref_constant_null
- FORWARD_NULL deref_constant_zero
- FORWARD_NULL dynamic_cast
- FORWARD_NULL none
- FORWARD_NULL null_from_as
- FORWARD_NULL throws_on_null
- NULL_RETURNS none
- REVERSE_INULL none
- SWAPPED_ARGUMENTS none
|
| 1158 SEI CERT C Coding Standard - Guidelines 04. Integers (INT) |
- DIVIDE_BY_ZERO float_divisor
- DIVIDE_BY_ZERO none
- OVERFLOW_BEFORE_WIDEN none
|
- BAD_ALLOC_STRLEN none
- BAD_SIZEOF none
- BAD_SIZEOF sizeof_ptr_expr
- CHAR_IO none
- COM.BSTR.CONV none
- DELETE_VOID none
- DIVIDE_BY_ZERO float_divisor
- DIVIDE_BY_ZERO none
- EVALUATION_ORDER none
- INCOMPATIBLE_CAST endianness
- INCOMPATIBLE_CAST float_vs_integral
- INCOMPATIBLE_CAST none
- INTEGER_OVERFLOW array_index_read
- INTEGER_OVERFLOW array_index_write
- INTEGER_OVERFLOW const_overflow
- INTEGER_OVERFLOW critical_argument
- INTEGER_OVERFLOW none
- INTEGER_OVERFLOW pointer_deref_read
- INTEGER_OVERFLOW pointer_deref_write
- INTEGER_OVERFLOW return_value_error
- MISRA_CAST bitwise_op_bad_cast
- MISRA_CAST bitwise_op_no_cast
- MISRA_CAST float_complex_conversion
- MISRA_CAST float_narrowing_conversion
- MISRA_CAST float_non_constant_arg_conversion
- MISRA_CAST float_non_constant_conversion
- MISRA_CAST float_non_constant_rtn_conversion
- MISRA_CAST float_to_integer_cast
- MISRA_CAST float_to_integer_conversion
- MISRA_CAST float_widening_cast
- MISRA_CAST integer_complex_conversion
- MISRA_CAST integer_narrowing_conversion
- MISRA_CAST integer_non_constant_arg_conversion
- MISRA_CAST integer_non_constant_conversion
- MISRA_CAST integer_non_constant_rtn_conversion
- MISRA_CAST integer_signedness_changing_cast
- MISRA_CAST integer_signedness_changing_conversion
- MISRA_CAST integer_to_float_cast
- MISRA_CAST integer_to_float_conversion
- MISRA_CAST integer_widening_cast
- MISRA_CAST none
- NO_EFFECT bad_memset_truncated_fill
- OVERFLOW_BEFORE_WIDEN none
- PW.BAD_CAST none
- PW.CONVERSION_TO_POINTER_LOSES_BITS none
- PW.DIVIDE_BY_ZERO none
- PW.INTEGER_OVERFLOW none
- PW.INTEGER_TOO_LARGE none
- PW.SHIFT_COUNT_TOO_LARGE none
- SIGN_EXTENSION none
- SIZECHECK ampersand_in_size
- SIZECHECK improper_new
- SIZECHECK incorrect_multiplication
- SIZECHECK likely_overflow
- SIZECHECK none
- SIZEOF_MISMATCH sizeof_punning
- TAINTED_SCALAR divisor
- Y2K38_SAFETY declaration_with_small_time_t
- Y2K38_SAFETY truncation_of_time_t
|
- BAD_ALLOC_STRLEN none
- BAD_SIZEOF none
- BAD_SIZEOF sizeof_ptr_expr
- CHAR_IO none
- DELETE_VOID none
- DIVIDE_BY_ZERO float_divisor
- DIVIDE_BY_ZERO none
- EVALUATION_ORDER none
- INCOMPATIBLE_CAST endianness
- INCOMPATIBLE_CAST float_vs_integral
- INCOMPATIBLE_CAST none
- INTEGER_OVERFLOW array_index_read
- INTEGER_OVERFLOW array_index_write
- INTEGER_OVERFLOW const_overflow
- INTEGER_OVERFLOW critical_argument
- INTEGER_OVERFLOW none
- INTEGER_OVERFLOW pointer_deref_read
- INTEGER_OVERFLOW pointer_deref_write
- INTEGER_OVERFLOW return_value_error
- MISRA_CAST bitwise_op_bad_cast
- MISRA_CAST bitwise_op_no_cast
- MISRA_CAST float_complex_conversion
- MISRA_CAST float_narrowing_conversion
- MISRA_CAST float_non_constant_arg_conversion
- MISRA_CAST float_non_constant_conversion
- MISRA_CAST float_non_constant_rtn_conversion
- MISRA_CAST float_to_integer_cast
- MISRA_CAST float_to_integer_conversion
- MISRA_CAST float_widening_cast
- MISRA_CAST integer_complex_conversion
- MISRA_CAST integer_narrowing_conversion
- MISRA_CAST integer_non_constant_arg_conversion
- MISRA_CAST integer_non_constant_conversion
- MISRA_CAST integer_non_constant_rtn_conversion
- MISRA_CAST integer_signedness_changing_cast
- MISRA_CAST integer_signedness_changing_conversion
- MISRA_CAST integer_to_float_cast
- MISRA_CAST integer_to_float_conversion
- MISRA_CAST integer_widening_cast
- MISRA_CAST none
- NO_EFFECT bad_memset_truncated_fill
- OVERFLOW_BEFORE_WIDEN none
- PW.BAD_CAST none
- PW.CONVERSION_TO_POINTER_LOSES_BITS none
- PW.DIVIDE_BY_ZERO none
- PW.INTEGER_OVERFLOW none
- PW.INTEGER_TOO_LARGE none
- PW.SHIFT_COUNT_TOO_LARGE none
- SIGN_EXTENSION none
- SIZECHECK ampersand_in_size
- SIZECHECK improper_new
- SIZECHECK incorrect_multiplication
- SIZECHECK likely_overflow
- SIZECHECK none
- SIZEOF_MISMATCH sizeof_punning
- TAINTED_SCALAR divisor
|
- DIVIDE_BY_ZERO float_divisor
- DIVIDE_BY_ZERO none
|
- DIVIDE_BY_ZERO float_divisor
- DIVIDE_BY_ZERO none
- FB.BX_BOXING_IMMEDIATELY_UNBOXED_TO_PERFORM_COERCION none
- FB.ICAST_BAD_SHIFT_AMOUNT none
- FB.ICAST_IDIV_CAST_TO_DOUBLE none
- FB.ICAST_INTEGER_MULTIPLY_CAST_TO_LONG none
- FB.ICAST_INT_2_LONG_AS_INSTANT none
- FB.ICAST_INT_CAST_TO_DOUBLE_PASSED_TO_CEIL none
- FB.ICAST_INT_CAST_TO_FLOAT_PASSED_TO_ROUND none
- FB.ICAST_QUESTIONABLE_UNSIGNED_RIGHT_SHIFT none
- OVERFLOW_BEFORE_WIDEN none
|
|
|
- BAD_ALLOC_STRLEN none
- BAD_SIZEOF none
- BAD_SIZEOF sizeof_ptr_expr
- CHAR_IO none
- DELETE_VOID none
- DIVIDE_BY_ZERO float_divisor
- DIVIDE_BY_ZERO none
- EVALUATION_ORDER none
- INCOMPATIBLE_CAST endianness
- INCOMPATIBLE_CAST float_vs_integral
- INCOMPATIBLE_CAST none
- INTEGER_OVERFLOW array_index_read
- INTEGER_OVERFLOW array_index_write
- INTEGER_OVERFLOW const_overflow
- INTEGER_OVERFLOW critical_argument
- INTEGER_OVERFLOW none
- INTEGER_OVERFLOW pointer_deref_read
- INTEGER_OVERFLOW pointer_deref_write
- INTEGER_OVERFLOW return_value_error
- MISRA_CAST bitwise_op_bad_cast
- MISRA_CAST bitwise_op_no_cast
- MISRA_CAST float_complex_conversion
- MISRA_CAST float_narrowing_conversion
- MISRA_CAST float_non_constant_arg_conversion
- MISRA_CAST float_non_constant_conversion
- MISRA_CAST float_non_constant_rtn_conversion
- MISRA_CAST float_to_integer_cast
- MISRA_CAST float_to_integer_conversion
- MISRA_CAST float_widening_cast
- MISRA_CAST integer_complex_conversion
- MISRA_CAST integer_narrowing_conversion
- MISRA_CAST integer_non_constant_arg_conversion
- MISRA_CAST integer_non_constant_conversion
- MISRA_CAST integer_non_constant_rtn_conversion
- MISRA_CAST integer_signedness_changing_cast
- MISRA_CAST integer_signedness_changing_conversion
- MISRA_CAST integer_to_float_cast
- MISRA_CAST integer_to_float_conversion
- MISRA_CAST integer_widening_cast
- MISRA_CAST none
- NO_EFFECT bad_memset_truncated_fill
- OVERFLOW_BEFORE_WIDEN none
- SIGN_EXTENSION none
- SIZECHECK ampersand_in_size
- SIZECHECK improper_new
- SIZECHECK incorrect_multiplication
- SIZECHECK likely_overflow
- SIZECHECK none
- SIZEOF_MISMATCH sizeof_punning
- TAINTED_SCALAR divisor
|
|
|
- DIVIDE_BY_ZERO divide_by_zero_low
- DIVIDE_BY_ZERO divide_by_zero_med
- SQLI sql_injection_dynamic_finder_med
|
- OVERFLOW_BEFORE_WIDEN none
|
|
|
- DIVIDE_BY_ZERO float_divisor
- DIVIDE_BY_ZERO none
|
| 1159 SEI CERT C Coding Standard - Guidelines 05. Floating Point (FLP) |
- DIVIDE_BY_ZERO float_divisor
- DIVIDE_BY_ZERO none
- OVERFLOW_BEFORE_WIDEN none
|
- BAD_ALLOC_STRLEN none
- BAD_SIZEOF none
- BAD_SIZEOF sizeof_ptr_expr
- CHAR_IO none
- COM.BSTR.CONV none
- DIVIDE_BY_ZERO float_divisor
- DIVIDE_BY_ZERO none
- INTEGER_OVERFLOW array_index_read
- INTEGER_OVERFLOW array_index_write
- INTEGER_OVERFLOW const_overflow
- INTEGER_OVERFLOW critical_argument
- INTEGER_OVERFLOW none
- INTEGER_OVERFLOW pointer_deref_read
- INTEGER_OVERFLOW pointer_deref_write
- INTEGER_OVERFLOW return_value_error
- MISRA_CAST bitwise_op_bad_cast
- MISRA_CAST bitwise_op_no_cast
- MISRA_CAST float_complex_conversion
- MISRA_CAST float_narrowing_conversion
- MISRA_CAST float_non_constant_arg_conversion
- MISRA_CAST float_non_constant_conversion
- MISRA_CAST float_non_constant_rtn_conversion
- MISRA_CAST float_to_integer_cast
- MISRA_CAST float_to_integer_conversion
- MISRA_CAST float_widening_cast
- MISRA_CAST integer_complex_conversion
- MISRA_CAST integer_narrowing_conversion
- MISRA_CAST integer_non_constant_arg_conversion
- MISRA_CAST integer_non_constant_conversion
- MISRA_CAST integer_non_constant_rtn_conversion
- MISRA_CAST integer_signedness_changing_cast
- MISRA_CAST integer_signedness_changing_conversion
- MISRA_CAST integer_to_float_cast
- MISRA_CAST integer_to_float_conversion
- MISRA_CAST integer_widening_cast
- MISRA_CAST none
- NO_EFFECT bad_memset_truncated_fill
- OVERFLOW_BEFORE_WIDEN none
- PW.DIVIDE_BY_ZERO none
- PW.INTEGER_OVERFLOW none
- PW.INTEGER_TOO_LARGE none
- PW.SHIFT_COUNT_TOO_LARGE none
- SIGN_EXTENSION none
- SIZECHECK ampersand_in_size
- SIZECHECK improper_new
- SIZECHECK incorrect_multiplication
- SIZECHECK likely_overflow
- SIZECHECK none
- SIZEOF_MISMATCH sizeof_punning
- TAINTED_SCALAR divisor
- Y2K38_SAFETY declaration_with_small_time_t
- Y2K38_SAFETY truncation_of_time_t
|
- BAD_ALLOC_STRLEN none
- BAD_SIZEOF none
- BAD_SIZEOF sizeof_ptr_expr
- CHAR_IO none
- DIVIDE_BY_ZERO float_divisor
- DIVIDE_BY_ZERO none
- INTEGER_OVERFLOW array_index_read
- INTEGER_OVERFLOW array_index_write
- INTEGER_OVERFLOW const_overflow
- INTEGER_OVERFLOW critical_argument
- INTEGER_OVERFLOW none
- INTEGER_OVERFLOW pointer_deref_read
- INTEGER_OVERFLOW pointer_deref_write
- INTEGER_OVERFLOW return_value_error
- MISRA_CAST bitwise_op_bad_cast
- MISRA_CAST bitwise_op_no_cast
- MISRA_CAST float_complex_conversion
- MISRA_CAST float_narrowing_conversion
- MISRA_CAST float_non_constant_arg_conversion
- MISRA_CAST float_non_constant_conversion
- MISRA_CAST float_non_constant_rtn_conversion
- MISRA_CAST float_to_integer_cast
- MISRA_CAST float_to_integer_conversion
- MISRA_CAST float_widening_cast
- MISRA_CAST integer_complex_conversion
- MISRA_CAST integer_narrowing_conversion
- MISRA_CAST integer_non_constant_arg_conversion
- MISRA_CAST integer_non_constant_conversion
- MISRA_CAST integer_non_constant_rtn_conversion
- MISRA_CAST integer_signedness_changing_cast
- MISRA_CAST integer_signedness_changing_conversion
- MISRA_CAST integer_to_float_cast
- MISRA_CAST integer_to_float_conversion
- MISRA_CAST integer_widening_cast
- MISRA_CAST none
- NO_EFFECT bad_memset_truncated_fill
- OVERFLOW_BEFORE_WIDEN none
- PW.DIVIDE_BY_ZERO none
- PW.INTEGER_OVERFLOW none
- PW.INTEGER_TOO_LARGE none
- PW.SHIFT_COUNT_TOO_LARGE none
- SIGN_EXTENSION none
- SIZECHECK ampersand_in_size
- SIZECHECK improper_new
- SIZECHECK incorrect_multiplication
- SIZECHECK likely_overflow
- SIZECHECK none
- SIZEOF_MISMATCH sizeof_punning
- TAINTED_SCALAR divisor
|
- DIVIDE_BY_ZERO float_divisor
- DIVIDE_BY_ZERO none
|
- DIVIDE_BY_ZERO float_divisor
- DIVIDE_BY_ZERO none
- FB.BX_BOXING_IMMEDIATELY_UNBOXED_TO_PERFORM_COERCION none
- FB.DE_MIGHT_DROP none
- FB.DE_MIGHT_IGNORE none
- FB.ICAST_BAD_SHIFT_AMOUNT none
- FB.ICAST_IDIV_CAST_TO_DOUBLE none
- FB.ICAST_INTEGER_MULTIPLY_CAST_TO_LONG none
- FB.ICAST_INT_2_LONG_AS_INSTANT none
- FB.ICAST_INT_CAST_TO_DOUBLE_PASSED_TO_CEIL none
- FB.ICAST_INT_CAST_TO_FLOAT_PASSED_TO_ROUND none
- FB.ICAST_QUESTIONABLE_UNSIGNED_RIGHT_SHIFT none
- OVERFLOW_BEFORE_WIDEN none
|
|
|
- BAD_ALLOC_STRLEN none
- BAD_SIZEOF none
- BAD_SIZEOF sizeof_ptr_expr
- CHAR_IO none
- DIVIDE_BY_ZERO float_divisor
- DIVIDE_BY_ZERO none
- INTEGER_OVERFLOW array_index_read
- INTEGER_OVERFLOW array_index_write
- INTEGER_OVERFLOW const_overflow
- INTEGER_OVERFLOW critical_argument
- INTEGER_OVERFLOW none
- INTEGER_OVERFLOW pointer_deref_read
- INTEGER_OVERFLOW pointer_deref_write
- INTEGER_OVERFLOW return_value_error
- MISRA_CAST bitwise_op_bad_cast
- MISRA_CAST bitwise_op_no_cast
- MISRA_CAST float_complex_conversion
- MISRA_CAST float_narrowing_conversion
- MISRA_CAST float_non_constant_arg_conversion
- MISRA_CAST float_non_constant_conversion
- MISRA_CAST float_non_constant_rtn_conversion
- MISRA_CAST float_to_integer_cast
- MISRA_CAST float_to_integer_conversion
- MISRA_CAST float_widening_cast
- MISRA_CAST integer_complex_conversion
- MISRA_CAST integer_narrowing_conversion
- MISRA_CAST integer_non_constant_arg_conversion
- MISRA_CAST integer_non_constant_conversion
- MISRA_CAST integer_non_constant_rtn_conversion
- MISRA_CAST integer_signedness_changing_cast
- MISRA_CAST integer_signedness_changing_conversion
- MISRA_CAST integer_to_float_cast
- MISRA_CAST integer_to_float_conversion
- MISRA_CAST integer_widening_cast
- MISRA_CAST none
- NO_EFFECT bad_memset_truncated_fill
- OVERFLOW_BEFORE_WIDEN none
- SIGN_EXTENSION none
- SIZECHECK ampersand_in_size
- SIZECHECK improper_new
- SIZECHECK incorrect_multiplication
- SIZECHECK likely_overflow
- SIZECHECK none
- SIZEOF_MISMATCH sizeof_punning
- TAINTED_SCALAR divisor
|
|
|
- DIVIDE_BY_ZERO divide_by_zero_low
- DIVIDE_BY_ZERO divide_by_zero_med
|
- OVERFLOW_BEFORE_WIDEN none
|
- UNEXPECTED_CONTROL_FLOW ignored_exception_to_optional
|
|
- DIVIDE_BY_ZERO float_divisor
- DIVIDE_BY_ZERO none
|
| 1160 SEI CERT C Coding Standard - Guidelines 06. Arrays (ARR) |
|
- ARRAY_VS_SINGLETON none
- BAD_ALLOC_ARITHMETIC none
- BUFFER_SIZE fixed_size_dest
- BUFFER_SIZE likely_overflow
- BUFFER_SIZE none
- BUFFER_SIZE overflow
- BUFFER_SIZE overlapping_buffer
- COM.BAD_FREE none
- COM.BSTR.ALLOC double_free
- COM.BSTR.ALLOC free_uninit
- COM.BSTR.ALLOC none
- COM.BSTR.ALLOC use_after_free
- COM.BSTR.ALLOC use_uninit
- COM.BSTR.CONV none
- DELETE_VOID none
- EVALUATION_ORDER none
- INCOMPATIBLE_CAST endianness
- INCOMPATIBLE_CAST overrun
- INTEGER_OVERFLOW array_index_read
- INTEGER_OVERFLOW array_index_write
- INTEGER_OVERFLOW pointer_deref_read
- INTEGER_OVERFLOW pointer_deref_write
- INVALIDATE_ITERATOR none
- MISMATCHED_ITERATOR none
- MISMATCHED_ITERATOR splice_iterator_mismatch
- MISSING_ASSIGN none
- MISSING_ASSIGN uncalled
- MISSING_COPY none
- MISSING_COPY uncalled
- NEGATIVE_RETURNS array_index_read
- NEGATIVE_RETURNS array_index_write
- OVERRUN illegal_address
- OVERRUN none
- OVERRUN read
- OVERRUN strlen
- OVERRUN write
- REVERSE_NEGATIVE array_index_read
- REVERSE_NEGATIVE array_index_write
- REVERSE_NEGATIVE critical_argument
- SIZECHECK likely_overflow
- STRING_OVERFLOW fixed_size_dest
- STRING_OVERFLOW likely_overflow
- STRING_OVERFLOW none
- STRING_SIZE none
- TAINTED_SCALAR allocation
- TAINTED_SCALAR array_index_read
- TAINTED_SCALAR array_index_write
- TAINTED_SCALAR critical_argument
- TAINTED_SCALAR divisor
- TAINTED_SCALAR loop_bound
- TAINTED_SCALAR none
- TAINTED_SCALAR pointer_deref_read
- TAINTED_SCALAR pointer_deref_write
- USE_AFTER_FREE deref_read_after_free
- USE_AFTER_FREE deref_write_after_free
- USE_AFTER_FREE double_free
- USE_AFTER_FREE none
- WRAPPER_ESCAPE COM_deref_read_after_free
- WRAPPER_ESCAPE COM_deref_write_after_free
- WRAPPER_ESCAPE COM_use_after_free
- WRAPPER_ESCAPE deref_read_after_free
- WRAPPER_ESCAPE deref_write_after_free
- WRAPPER_ESCAPE none
|
- ARRAY_VS_SINGLETON none
- BAD_ALLOC_ARITHMETIC none
- BUFFER_SIZE fixed_size_dest
- BUFFER_SIZE likely_overflow
- BUFFER_SIZE none
- BUFFER_SIZE overflow
- BUFFER_SIZE overlapping_buffer
- DELETE_VOID none
- EVALUATION_ORDER none
- INCOMPATIBLE_CAST endianness
- INCOMPATIBLE_CAST overrun
- INTEGER_OVERFLOW array_index_read
- INTEGER_OVERFLOW array_index_write
- INTEGER_OVERFLOW pointer_deref_read
- INTEGER_OVERFLOW pointer_deref_write
- INVALIDATE_ITERATOR none
- MISMATCHED_ITERATOR none
- MISMATCHED_ITERATOR splice_iterator_mismatch
- MISSING_ASSIGN none
- MISSING_ASSIGN uncalled
- MISSING_COPY none
- MISSING_COPY uncalled
- NEGATIVE_RETURNS array_index_read
- NEGATIVE_RETURNS array_index_write
- OVERRUN illegal_address
- OVERRUN none
- OVERRUN read
- OVERRUN strlen
- OVERRUN write
- REVERSE_NEGATIVE array_index_read
- REVERSE_NEGATIVE array_index_write
- REVERSE_NEGATIVE critical_argument
- SIZECHECK likely_overflow
- STRING_OVERFLOW fixed_size_dest
- STRING_OVERFLOW likely_overflow
- STRING_OVERFLOW none
- STRING_SIZE none
- TAINTED_SCALAR allocation
- TAINTED_SCALAR array_index_read
- TAINTED_SCALAR array_index_write
- TAINTED_SCALAR critical_argument
- TAINTED_SCALAR divisor
- TAINTED_SCALAR loop_bound
- TAINTED_SCALAR none
- TAINTED_SCALAR pointer_deref_read
- TAINTED_SCALAR pointer_deref_write
- USE_AFTER_FREE deref_read_after_free
- USE_AFTER_FREE deref_write_after_free
- USE_AFTER_FREE double_free
- USE_AFTER_FREE none
- WRAPPER_ESCAPE COM_deref_read_after_free
- WRAPPER_ESCAPE COM_deref_write_after_free
- WRAPPER_ESCAPE COM_use_after_free
- WRAPPER_ESCAPE deref_read_after_free
- WRAPPER_ESCAPE deref_write_after_free
- WRAPPER_ESCAPE none
|
|
- INVALIDATE_ITERATOR map_put
- INVALIDATE_ITERATOR none
|
|
|
- ARRAY_VS_SINGLETON none
- BAD_ALLOC_ARITHMETIC none
- BUFFER_SIZE fixed_size_dest
- BUFFER_SIZE likely_overflow
- BUFFER_SIZE none
- BUFFER_SIZE overflow
- BUFFER_SIZE overlapping_buffer
- DELETE_VOID none
- EVALUATION_ORDER none
- INCOMPATIBLE_CAST endianness
- INCOMPATIBLE_CAST overrun
- INTEGER_OVERFLOW array_index_read
- INTEGER_OVERFLOW array_index_write
- INTEGER_OVERFLOW pointer_deref_read
- INTEGER_OVERFLOW pointer_deref_write
- INVALIDATE_ITERATOR none
- MISMATCHED_ITERATOR none
- MISMATCHED_ITERATOR splice_iterator_mismatch
- MISSING_ASSIGN none
- MISSING_ASSIGN uncalled
- MISSING_COPY none
- MISSING_COPY uncalled
- NEGATIVE_RETURNS array_index_read
- NEGATIVE_RETURNS array_index_write
- OVERRUN illegal_address
- OVERRUN none
- OVERRUN read
- OVERRUN strlen
- OVERRUN write
- REVERSE_NEGATIVE array_index_read
- REVERSE_NEGATIVE array_index_write
- REVERSE_NEGATIVE critical_argument
- SIZECHECK likely_overflow
- STRING_OVERFLOW fixed_size_dest
- STRING_OVERFLOW likely_overflow
- STRING_OVERFLOW none
- STRING_SIZE none
- TAINTED_SCALAR allocation
- TAINTED_SCALAR array_index_read
- TAINTED_SCALAR array_index_write
- TAINTED_SCALAR critical_argument
- TAINTED_SCALAR divisor
- TAINTED_SCALAR loop_bound
- TAINTED_SCALAR none
- TAINTED_SCALAR pointer_deref_read
- TAINTED_SCALAR pointer_deref_write
- USE_AFTER_FREE deref_read_after_free
- USE_AFTER_FREE deref_write_after_free
- USE_AFTER_FREE double_free
- USE_AFTER_FREE none
- WRAPPER_ESCAPE COM_deref_read_after_free
- WRAPPER_ESCAPE COM_deref_write_after_free
- WRAPPER_ESCAPE COM_use_after_free
- WRAPPER_ESCAPE deref_read_after_free
- WRAPPER_ESCAPE deref_write_after_free
- WRAPPER_ESCAPE none
|
|
|
|
|
|
|
|
| 1161 SEI CERT C Coding Standard - Guidelines 07. Characters and Strings (STR) |
|
- ARRAY_VS_SINGLETON none
- BAD_ALLOC_ARITHMETIC none
- BUFFER_SIZE fixed_size_dest
- BUFFER_SIZE likely_overflow
- BUFFER_SIZE no_null_terminator
- BUFFER_SIZE no_null_terminator_warn
- BUFFER_SIZE none
- BUFFER_SIZE overflow
- BUFFER_SIZE overlapping_buffer
- CHAR_IO none
- COM.BAD_FREE none
- COM.BSTR.ALLOC double_free
- COM.BSTR.ALLOC free_uninit
- COM.BSTR.ALLOC none
- COM.BSTR.ALLOC use_after_free
- COM.BSTR.ALLOC use_uninit
- COM.BSTR.CONV none
- DC.PREDICTABLE_KEY_PASSWORD none
- DC.STREAM_BUFFER none
- DC.STRING_BUFFER none
- DC.WEAK_CRYPTO none
- INCOMPATIBLE_CAST float_vs_integral
- INCOMPATIBLE_CAST none
- INCOMPATIBLE_CAST overrun
- INTEGER_OVERFLOW array_index_read
- INTEGER_OVERFLOW array_index_write
- INTEGER_OVERFLOW pointer_deref_read
- INTEGER_OVERFLOW pointer_deref_write
- INVALIDATE_ITERATOR none
- MISMATCHED_ITERATOR none
- MISMATCHED_ITERATOR splice_iterator_mismatch
- MISRA_CAST bitwise_op_bad_cast
- MISRA_CAST bitwise_op_no_cast
- MISRA_CAST float_complex_conversion
- MISRA_CAST float_narrowing_conversion
- MISRA_CAST float_non_constant_arg_conversion
- MISRA_CAST float_non_constant_conversion
- MISRA_CAST float_non_constant_rtn_conversion
- MISRA_CAST float_to_integer_cast
- MISRA_CAST float_to_integer_conversion
- MISRA_CAST float_widening_cast
- MISRA_CAST integer_complex_conversion
- MISRA_CAST integer_narrowing_conversion
- MISRA_CAST integer_non_constant_arg_conversion
- MISRA_CAST integer_non_constant_conversion
- MISRA_CAST integer_non_constant_rtn_conversion
- MISRA_CAST integer_signedness_changing_cast
- MISRA_CAST integer_signedness_changing_conversion
- MISRA_CAST integer_to_float_cast
- MISRA_CAST integer_to_float_conversion
- MISRA_CAST integer_widening_cast
- MISRA_CAST none
- MISSING_ASSIGN none
- MISSING_ASSIGN uncalled
- MISSING_COPY none
- MISSING_COPY uncalled
- NO_EFFECT bad_memset_truncated_fill
- OVERRUN illegal_address
- OVERRUN none
- OVERRUN read
- OVERRUN strlen
- OVERRUN write
- PW.BAD_CAST none
- PW.CONVERSION_TO_POINTER_LOSES_BITS none
- READLINK none
- REVERSE_NEGATIVE critical_argument
- SECURE_CODING none
- SIGN_EXTENSION none
- SIZECHECK likely_overflow
- SIZECHECK no_null_terminator
- STRING_NULL none
- STRING_OVERFLOW fixed_size_dest
- STRING_OVERFLOW likely_overflow
- STRING_OVERFLOW none
- STRING_SIZE none
- TAINTED_SCALAR allocation
- TAINTED_SCALAR array_index_read
- TAINTED_SCALAR array_index_write
- TAINTED_SCALAR critical_argument
- TAINTED_SCALAR divisor
- TAINTED_SCALAR loop_bound
- TAINTED_SCALAR none
- TAINTED_SCALAR pointer_deref_read
- TAINTED_SCALAR pointer_deref_write
- USE_AFTER_FREE deref_read_after_free
- USE_AFTER_FREE deref_write_after_free
- USE_AFTER_FREE double_free
- USE_AFTER_FREE none
- WRAPPER_ESCAPE COM_deref_read_after_free
- WRAPPER_ESCAPE COM_deref_write_after_free
- WRAPPER_ESCAPE COM_use_after_free
- WRAPPER_ESCAPE deref_read_after_free
- WRAPPER_ESCAPE deref_write_after_free
- WRAPPER_ESCAPE none
- Y2K38_SAFETY declaration_with_small_time_t
- Y2K38_SAFETY truncation_of_time_t
|
- ARRAY_VS_SINGLETON none
- BAD_ALLOC_ARITHMETIC none
- BUFFER_SIZE fixed_size_dest
- BUFFER_SIZE likely_overflow
- BUFFER_SIZE no_null_terminator
- BUFFER_SIZE no_null_terminator_warn
- BUFFER_SIZE none
- BUFFER_SIZE overflow
- BUFFER_SIZE overlapping_buffer
- CHAR_IO none
- DC.PREDICTABLE_KEY_PASSWORD none
- DC.STREAM_BUFFER none
- DC.STRING_BUFFER none
- DC.WEAK_CRYPTO none
- INCOMPATIBLE_CAST float_vs_integral
- INCOMPATIBLE_CAST none
- INCOMPATIBLE_CAST overrun
- INTEGER_OVERFLOW array_index_read
- INTEGER_OVERFLOW array_index_write
- INTEGER_OVERFLOW pointer_deref_read
- INTEGER_OVERFLOW pointer_deref_write
- INVALIDATE_ITERATOR none
- MISMATCHED_ITERATOR none
- MISMATCHED_ITERATOR splice_iterator_mismatch
- MISRA_CAST bitwise_op_bad_cast
- MISRA_CAST bitwise_op_no_cast
- MISRA_CAST float_complex_conversion
- MISRA_CAST float_narrowing_conversion
- MISRA_CAST float_non_constant_arg_conversion
- MISRA_CAST float_non_constant_conversion
- MISRA_CAST float_non_constant_rtn_conversion
- MISRA_CAST float_to_integer_cast
- MISRA_CAST float_to_integer_conversion
- MISRA_CAST float_widening_cast
- MISRA_CAST integer_complex_conversion
- MISRA_CAST integer_narrowing_conversion
- MISRA_CAST integer_non_constant_arg_conversion
- MISRA_CAST integer_non_constant_conversion
- MISRA_CAST integer_non_constant_rtn_conversion
- MISRA_CAST integer_signedness_changing_cast
- MISRA_CAST integer_signedness_changing_conversion
- MISRA_CAST integer_to_float_cast
- MISRA_CAST integer_to_float_conversion
- MISRA_CAST integer_widening_cast
- MISRA_CAST none
- MISSING_ASSIGN none
- MISSING_ASSIGN uncalled
- MISSING_COPY none
- MISSING_COPY uncalled
- NO_EFFECT bad_memset_truncated_fill
- OVERRUN illegal_address
- OVERRUN none
- OVERRUN read
- OVERRUN strlen
- OVERRUN write
- PW.BAD_CAST none
- PW.CONVERSION_TO_POINTER_LOSES_BITS none
- READLINK none
- REVERSE_NEGATIVE critical_argument
- SECURE_CODING none
- SIGN_EXTENSION none
- SIZECHECK likely_overflow
- SIZECHECK no_null_terminator
- STRING_NULL none
- STRING_OVERFLOW fixed_size_dest
- STRING_OVERFLOW likely_overflow
- STRING_OVERFLOW none
- STRING_SIZE none
- TAINTED_SCALAR allocation
- TAINTED_SCALAR array_index_read
- TAINTED_SCALAR array_index_write
- TAINTED_SCALAR critical_argument
- TAINTED_SCALAR divisor
- TAINTED_SCALAR loop_bound
- TAINTED_SCALAR none
- TAINTED_SCALAR pointer_deref_read
- TAINTED_SCALAR pointer_deref_write
- USE_AFTER_FREE deref_read_after_free
- USE_AFTER_FREE deref_write_after_free
- USE_AFTER_FREE double_free
- USE_AFTER_FREE none
- WRAPPER_ESCAPE COM_deref_read_after_free
- WRAPPER_ESCAPE COM_deref_write_after_free
- WRAPPER_ESCAPE COM_use_after_free
- WRAPPER_ESCAPE deref_read_after_free
- WRAPPER_ESCAPE deref_write_after_free
- WRAPPER_ESCAPE none
|
|
- DC.DANGEROUS none
- FB.BX_BOXING_IMMEDIATELY_UNBOXED_TO_PERFORM_COERCION none
- FB.ICAST_BAD_SHIFT_AMOUNT none
- FB.ICAST_IDIV_CAST_TO_DOUBLE none
- FB.ICAST_INTEGER_MULTIPLY_CAST_TO_LONG none
- FB.ICAST_INT_2_LONG_AS_INSTANT none
- FB.ICAST_INT_CAST_TO_DOUBLE_PASSED_TO_CEIL none
- FB.ICAST_INT_CAST_TO_FLOAT_PASSED_TO_ROUND none
- FB.ICAST_QUESTIONABLE_UNSIGNED_RIGHT_SHIFT none
- INVALIDATE_ITERATOR map_put
- INVALIDATE_ITERATOR none
|
|
|
- ARRAY_VS_SINGLETON none
- BAD_ALLOC_ARITHMETIC none
- BUFFER_SIZE fixed_size_dest
- BUFFER_SIZE likely_overflow
- BUFFER_SIZE no_null_terminator
- BUFFER_SIZE no_null_terminator_warn
- BUFFER_SIZE none
- BUFFER_SIZE overflow
- BUFFER_SIZE overlapping_buffer
- CHAR_IO none
- DC.PREDICTABLE_KEY_PASSWORD none
- DC.STREAM_BUFFER none
- DC.STRING_BUFFER none
- DC.WEAK_CRYPTO none
- INCOMPATIBLE_CAST float_vs_integral
- INCOMPATIBLE_CAST none
- INCOMPATIBLE_CAST overrun
- INTEGER_OVERFLOW array_index_read
- INTEGER_OVERFLOW array_index_write
- INTEGER_OVERFLOW pointer_deref_read
- INTEGER_OVERFLOW pointer_deref_write
- INVALIDATE_ITERATOR none
- MISMATCHED_ITERATOR none
- MISMATCHED_ITERATOR splice_iterator_mismatch
- MISRA_CAST bitwise_op_bad_cast
- MISRA_CAST bitwise_op_no_cast
- MISRA_CAST float_complex_conversion
- MISRA_CAST float_narrowing_conversion
- MISRA_CAST float_non_constant_arg_conversion
- MISRA_CAST float_non_constant_conversion
- MISRA_CAST float_non_constant_rtn_conversion
- MISRA_CAST float_to_integer_cast
- MISRA_CAST float_to_integer_conversion
- MISRA_CAST float_widening_cast
- MISRA_CAST integer_complex_conversion
- MISRA_CAST integer_narrowing_conversion
- MISRA_CAST integer_non_constant_arg_conversion
- MISRA_CAST integer_non_constant_conversion
- MISRA_CAST integer_non_constant_rtn_conversion
- MISRA_CAST integer_signedness_changing_cast
- MISRA_CAST integer_signedness_changing_conversion
- MISRA_CAST integer_to_float_cast
- MISRA_CAST integer_to_float_conversion
- MISRA_CAST integer_widening_cast
- MISRA_CAST none
- MISSING_ASSIGN none
- MISSING_ASSIGN uncalled
- MISSING_COPY none
- MISSING_COPY uncalled
- NO_EFFECT bad_memset_truncated_fill
- OVERRUN illegal_address
- OVERRUN none
- OVERRUN read
- OVERRUN strlen
- OVERRUN write
- READLINK none
- REVERSE_NEGATIVE critical_argument
- SECURE_CODING none
- SIGN_EXTENSION none
- SIZECHECK likely_overflow
- SIZECHECK no_null_terminator
- STRING_NULL none
- STRING_OVERFLOW fixed_size_dest
- STRING_OVERFLOW likely_overflow
- STRING_OVERFLOW none
- STRING_SIZE none
- TAINTED_SCALAR allocation
- TAINTED_SCALAR array_index_read
- TAINTED_SCALAR array_index_write
- TAINTED_SCALAR critical_argument
- TAINTED_SCALAR divisor
- TAINTED_SCALAR loop_bound
- TAINTED_SCALAR none
- TAINTED_SCALAR pointer_deref_read
- TAINTED_SCALAR pointer_deref_write
- USE_AFTER_FREE deref_read_after_free
- USE_AFTER_FREE deref_write_after_free
- USE_AFTER_FREE double_free
- USE_AFTER_FREE none
- WRAPPER_ESCAPE COM_deref_read_after_free
- WRAPPER_ESCAPE COM_deref_write_after_free
- WRAPPER_ESCAPE COM_use_after_free
- WRAPPER_ESCAPE deref_read_after_free
- WRAPPER_ESCAPE deref_write_after_free
- WRAPPER_ESCAPE none
|
|
|
- SQLI sql_injection_dynamic_finder_med
|
|
|
|
|
| 1162 SEI CERT C Coding Standard - Guidelines 08. Memory Management (MEM) |
- OVERFLOW_BEFORE_WIDEN none
- RESOURCE_LEAK channel
- RESOURCE_LEAK database
- RESOURCE_LEAK exceptional_path
- RESOURCE_LEAK none
- RESOURCE_LEAK socket
- RESOURCE_LEAK stream
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
|
- ALLOC_FREE_MISMATCH none
- BAD_ALLOC_STRLEN none
- BAD_FREE address
- BAD_FREE alloca
- BAD_FREE array
- BAD_FREE first_field_address
- BAD_FREE function_pointer
- BAD_FREE none
- BAD_SIZEOF none
- BAD_SIZEOF sizeof_ptr_expr
- COM.ADDROF_LEAK none
- COM.BAD_FREE none
- COM.BSTR.ALLOC double_free
- COM.BSTR.ALLOC free_uninit
- COM.BSTR.ALLOC leak
- COM.BSTR.ALLOC none
- COM.BSTR.ALLOC use_after_free
- COM.BSTR.ALLOC use_uninit
- CTOR_DTOR_LEAK none
- DELETE_ARRAY non_array_delete
- DELETE_ARRAY none
- DELETE_ARRAY object
- DELETE_ARRAY scalar
- DELETE_VOID none
- EVALUATION_ORDER none
- INCOMPATIBLE_CAST endianness
- INTEGER_OVERFLOW array_index_read
- INTEGER_OVERFLOW array_index_write
- INTEGER_OVERFLOW const_overflow
- INTEGER_OVERFLOW critical_argument
- INTEGER_OVERFLOW none
- INTEGER_OVERFLOW pointer_deref_read
- INTEGER_OVERFLOW pointer_deref_write
- INTEGER_OVERFLOW return_value_error
- MISSING_ASSIGN none
- MISSING_ASSIGN uncalled
- MISSING_COPY none
- MISSING_COPY uncalled
- NO_EFFECT incomplete_delete
- OVERFLOW_BEFORE_WIDEN none
- PW.INTEGER_OVERFLOW none
- PW.INTEGER_TOO_LARGE none
- PW.RETURN_PTR_TO_LOCAL_TEMP none
- PW.SHIFT_COUNT_TOO_LARGE none
- RESOURCE_LEAK exceptional_path
- RESOURCE_LEAK fds_handles
- RESOURCE_LEAK none
- RETURN_LOCAL escape_local_addr_to_fields_or_globals
- RETURN_LOCAL none
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SIZECHECK ampersand_in_size
- SIZECHECK improper_new
- SIZECHECK incorrect_multiplication
- SIZECHECK likely_overflow
- SIZECHECK none
- SIZEOF_MISMATCH sizeof_punning
- USE_AFTER_FREE deref_read_after_free
- USE_AFTER_FREE deref_write_after_free
- USE_AFTER_FREE double_close
- USE_AFTER_FREE double_free
- USE_AFTER_FREE none
- USE_AFTER_FREE use_after_close
- VIRTUAL_DTOR empty_dtor
- VIRTUAL_DTOR none
- WRAPPER_ESCAPE COM_deref_read_after_free
- WRAPPER_ESCAPE COM_deref_write_after_free
- WRAPPER_ESCAPE COM_use_after_free
- WRAPPER_ESCAPE deref_read_after_free
- WRAPPER_ESCAPE deref_write_after_free
- WRAPPER_ESCAPE none
|
- ALLOC_FREE_MISMATCH none
- BAD_ALLOC_STRLEN none
- BAD_FREE address
- BAD_FREE alloca
- BAD_FREE array
- BAD_FREE first_field_address
- BAD_FREE function_pointer
- BAD_FREE none
- BAD_SIZEOF none
- BAD_SIZEOF sizeof_ptr_expr
- CTOR_DTOR_LEAK none
- DELETE_ARRAY non_array_delete
- DELETE_ARRAY none
- DELETE_ARRAY object
- DELETE_ARRAY scalar
- DELETE_VOID none
- EVALUATION_ORDER none
- INCOMPATIBLE_CAST endianness
- INTEGER_OVERFLOW array_index_read
- INTEGER_OVERFLOW array_index_write
- INTEGER_OVERFLOW const_overflow
- INTEGER_OVERFLOW critical_argument
- INTEGER_OVERFLOW none
- INTEGER_OVERFLOW pointer_deref_read
- INTEGER_OVERFLOW pointer_deref_write
- INTEGER_OVERFLOW return_value_error
- MISSING_ASSIGN none
- MISSING_ASSIGN uncalled
- MISSING_COPY none
- MISSING_COPY uncalled
- NO_EFFECT incomplete_delete
- OVERFLOW_BEFORE_WIDEN none
- PW.INTEGER_OVERFLOW none
- PW.INTEGER_TOO_LARGE none
- PW.RETURN_PTR_TO_LOCAL_TEMP none
- PW.SHIFT_COUNT_TOO_LARGE none
- RESOURCE_LEAK exceptional_path
- RESOURCE_LEAK fds_handles
- RESOURCE_LEAK none
- RETURN_LOCAL escape_local_addr_to_fields_or_globals
- RETURN_LOCAL none
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SIZECHECK ampersand_in_size
- SIZECHECK improper_new
- SIZECHECK incorrect_multiplication
- SIZECHECK likely_overflow
- SIZECHECK none
- SIZEOF_MISMATCH sizeof_punning
- USE_AFTER_FREE deref_read_after_free
- USE_AFTER_FREE deref_write_after_free
- USE_AFTER_FREE double_close
- USE_AFTER_FREE double_free
- USE_AFTER_FREE none
- USE_AFTER_FREE use_after_close
- VIRTUAL_DTOR empty_dtor
- VIRTUAL_DTOR none
- WRAPPER_ESCAPE COM_deref_read_after_free
- WRAPPER_ESCAPE COM_deref_write_after_free
- WRAPPER_ESCAPE COM_use_after_free
- WRAPPER_ESCAPE deref_read_after_free
- WRAPPER_ESCAPE deref_write_after_free
- WRAPPER_ESCAPE none
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
|
- BAD_CERT_VERIFICATION bad_revocation_check
- CALL_SUPER finalize
- CONFIG.UNSAFE_SESSION_TIMEOUT none
- OVERFLOW_BEFORE_WIDEN none
- RESOURCE_LEAK exceptional_path
- RESOURCE_LEAK none
- RESOURCE_LEAK socket
- RESOURCE_LEAK stream
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- USE_AFTER_FREE none
|
- CONFIG.JSONWEBTOKEN_NON_EXPIRING_TOKEN jwt_non_expiring_token
- CONFIG.UNSAFE_SESSION_TIMEOUT client_sessions_unsafe_session_timeout
- CONFIG.UNSAFE_SESSION_TIMEOUT connect_mongo_session_timeout_too_long
- CONFIG.UNSAFE_SESSION_TIMEOUT connect_redis_session_timeout_too_long
- CONFIG.UNSAFE_SESSION_TIMEOUT google_cloud_connect_datastore_unsafe_session_timeout
- CORS_MISCONFIGURATION_AUDIT cors_preflight_age_too_long
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_max_age
- INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_aws
- INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_google
- JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_exipration
- JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_not_before
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- TEMPORARY_CREDENTIALS_DURATION temporary_credentials_duration
|
- BAD_CERT_VERIFICATION bad_revocation_check
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
|
- ALLOC_FREE_MISMATCH none
- BAD_ALLOC_STRLEN none
- BAD_FREE address
- BAD_FREE alloca
- BAD_FREE array
- BAD_FREE first_field_address
- BAD_FREE function_pointer
- BAD_FREE none
- BAD_SIZEOF none
- BAD_SIZEOF sizeof_ptr_expr
- CTOR_DTOR_LEAK none
- DELETE_ARRAY non_array_delete
- DELETE_ARRAY none
- DELETE_ARRAY object
- DELETE_ARRAY scalar
- DELETE_VOID none
- EVALUATION_ORDER none
- INCOMPATIBLE_CAST endianness
- INTEGER_OVERFLOW array_index_read
- INTEGER_OVERFLOW array_index_write
- INTEGER_OVERFLOW const_overflow
- INTEGER_OVERFLOW critical_argument
- INTEGER_OVERFLOW none
- INTEGER_OVERFLOW pointer_deref_read
- INTEGER_OVERFLOW pointer_deref_write
- INTEGER_OVERFLOW return_value_error
- MISSING_ASSIGN none
- MISSING_ASSIGN uncalled
- MISSING_COPY none
- MISSING_COPY uncalled
- NO_EFFECT incomplete_delete
- OVERFLOW_BEFORE_WIDEN none
- RESOURCE_LEAK exceptional_path
- RESOURCE_LEAK fds_handles
- RESOURCE_LEAK none
- RETURN_LOCAL escape_local_addr_to_fields_or_globals
- RETURN_LOCAL none
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SIZECHECK ampersand_in_size
- SIZECHECK improper_new
- SIZECHECK incorrect_multiplication
- SIZECHECK likely_overflow
- SIZECHECK none
- SIZEOF_MISMATCH sizeof_punning
- USE_AFTER_FREE deref_read_after_free
- USE_AFTER_FREE deref_write_after_free
- USE_AFTER_FREE double_close
- USE_AFTER_FREE double_free
- USE_AFTER_FREE none
- USE_AFTER_FREE use_after_close
- VIRTUAL_DTOR empty_dtor
- VIRTUAL_DTOR none
- WRAPPER_ESCAPE COM_deref_read_after_free
- WRAPPER_ESCAPE COM_deref_write_after_free
- WRAPPER_ESCAPE COM_use_after_free
- WRAPPER_ESCAPE deref_read_after_free
- WRAPPER_ESCAPE deref_write_after_free
- WRAPPER_ESCAPE none
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
|
- RAILS_DEVISE_CONFIG devise_reset_timeout_hi
- RESOURCE_LEAK unsafe_symbol_creation_low
|
- OVERFLOW_BEFORE_WIDEN none
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
|
- CONFIG.JSONWEBTOKEN_NON_EXPIRING_TOKEN jwt_non_expiring_token
- CONFIG.UNSAFE_SESSION_TIMEOUT client_sessions_unsafe_session_timeout
- CONFIG.UNSAFE_SESSION_TIMEOUT connect_mongo_session_timeout_too_long
- CONFIG.UNSAFE_SESSION_TIMEOUT connect_redis_session_timeout_too_long
- CONFIG.UNSAFE_SESSION_TIMEOUT google_cloud_connect_datastore_unsafe_session_timeout
- CORS_MISCONFIGURATION_AUDIT cors_preflight_age_too_long
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_max_age
- INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_aws
- INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_google
- JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_exipration
- JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_not_before
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- TEMPORARY_CREDENTIALS_DURATION temporary_credentials_duration
|
- RESOURCE_LEAK channel
- RESOURCE_LEAK database
- RESOURCE_LEAK exceptional_path
- RESOURCE_LEAK none
- RESOURCE_LEAK socket
- RESOURCE_LEAK stream
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
|
| 1163 SEI CERT C Coding Standard - Guidelines 09. Input Output (FIO) |
- ASPNET_MVC_VERSION_HEADER none
- BAD_LOCK_OBJECT boxed_lock
- BAD_LOCK_OBJECT interned_string_lock
- BAD_LOCK_OBJECT none
- BAD_LOCK_OBJECT single_thread_lock
- BAD_LOCK_OBJECT unsafe_assign_to_locked_field
- CONFIG.ASPNET_VERSION_HEADER none
- CONFIG.CONNECTION_STRING_PASSWORD none
- CONFIG.COOKIES_MISSING_HTTPONLY none
- CONFIG.DEAD_AUTHORIZATION_RULE dead_allow_rule
- CONFIG.DEAD_AUTHORIZATION_RULE dead_deny_rule
- CONFIG.DYNAMIC_DATA_HTML_COMMENT none
- CONFIG.ENABLED_DEBUG_MODE none
- CONFIG.ENABLED_TRACE_MODE none
- GUARDED_BY_VIOLATION none
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HEADER_INJECTION none
- INSECURE_COOKIE dotnet
- LDAP_INJECTION none
- LDAP_NOT_CONSTANT none
- LOCK_EVASION none
- LOCK_INVERSION none
- LOG_INJECTION none
- MISSING_AUTHZ none
- NON_STATIC_GUARDING_STATIC none
- NOSQL_QUERY_INJECTION none
- OPEN_REDIRECT none
- OS_CMD_INJECTION command_argument
- OS_CMD_INJECTION executable_file
- OS_CMD_INJECTION none
- OVERFLOW_BEFORE_WIDEN none
- PATH_MANIPULATION none
- REGEX_INJECTION none
- RESOURCE_LEAK channel
- RESOURCE_LEAK database
- RESOURCE_LEAK exceptional_path
- RESOURCE_LEAK none
- RESOURCE_LEAK socket
- RESOURCE_LEAK stream
- RISKY_CRYPTO ssl_protocol
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- UNKNOWN_LANGUAGE_INJECTION none
- UNLOGGED_SECURITY_EXCEPTION unlogged_security_exception
- UNRESTRICTED_DISPATCH none
- UNSAFE_DESERIALIZATION none
- UNSAFE_NAMED_QUERY none
- XML_EXTERNAL_ENTITY entity_expansion
- XML_EXTERNAL_ENTITY external_entities
- XML_EXTERNAL_ENTITY unrestricted_dtds
- XML_INJECTION none
- XPATH_INJECTION none
- XSS none
- XSS stored_xss
|
- ALLOC_FREE_MISMATCH none
- ARRAY_VS_SINGLETON none
- ATOMICITY none
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK nested_memory_access
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK sensitive_data_comparison
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_execution_data_leak
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_uninitialized_use
- AUTOSAR C++14 A15-3-3 none
- BAD_ALLOC_ARITHMETIC none
- BAD_FREE address
- BAD_FREE alloca
- BAD_FREE array
- BAD_FREE first_field_address
- BAD_FREE function_pointer
- BAD_FREE none
- BUFFER_SIZE fixed_size_dest
- BUFFER_SIZE likely_overflow
- BUFFER_SIZE no_null_terminator
- BUFFER_SIZE no_null_terminator_warn
- BUFFER_SIZE none
- BUFFER_SIZE overflow
- BUFFER_SIZE overlapping_buffer
- CHAR_IO none
- CHROOT none
- COM.ADDROF_LEAK none
- COM.BAD_FREE none
- COM.BSTR.ALLOC double_free
- COM.BSTR.ALLOC free_uninit
- COM.BSTR.ALLOC leak
- COM.BSTR.ALLOC none
- COM.BSTR.ALLOC use_after_free
- COM.BSTR.ALLOC use_uninit
- COM.BSTR.CONV none
- CTOR_DTOR_LEAK none
- DELETE_ARRAY non_array_delete
- DELETE_ARRAY none
- DELETE_ARRAY object
- DELETE_ARRAY scalar
- DELETE_VOID none
- EVALUATION_ORDER none
- FORMAT_STRING_INJECTION none
- FORMAT_STRING_INJECTION paranoid
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HEADER_INJECTION none
- INCOMPATIBLE_CAST endianness
- INCOMPATIBLE_CAST float_vs_integral
- INCOMPATIBLE_CAST none
- INCOMPATIBLE_CAST overrun
- INTEGER_OVERFLOW array_index_read
- INTEGER_OVERFLOW array_index_write
- INTEGER_OVERFLOW const_overflow
- INTEGER_OVERFLOW critical_argument
- INTEGER_OVERFLOW none
- INTEGER_OVERFLOW pointer_deref_read
- INTEGER_OVERFLOW pointer_deref_write
- INTEGER_OVERFLOW return_value_error
- INVALIDATE_ITERATOR none
- LOCK double_lock
- LOCK missing_unlock
- LOCK none
- MISMATCHED_ITERATOR none
- MISMATCHED_ITERATOR splice_iterator_mismatch
- MISRA C++-2008 Rule 15-3-2 none
- MISRA_CAST bitwise_op_bad_cast
- MISRA_CAST bitwise_op_no_cast
- MISRA_CAST float_complex_conversion
- MISRA_CAST float_narrowing_conversion
- MISRA_CAST float_non_constant_arg_conversion
- MISRA_CAST float_non_constant_conversion
- MISRA_CAST float_non_constant_rtn_conversion
- MISRA_CAST float_to_integer_cast
- MISRA_CAST float_to_integer_conversion
- MISRA_CAST float_widening_cast
- MISRA_CAST integer_complex_conversion
- MISRA_CAST integer_narrowing_conversion
- MISRA_CAST integer_non_constant_arg_conversion
- MISRA_CAST integer_non_constant_conversion
- MISRA_CAST integer_non_constant_rtn_conversion
- MISRA_CAST integer_signedness_changing_cast
- MISRA_CAST integer_signedness_changing_conversion
- MISRA_CAST integer_to_float_cast
- MISRA_CAST integer_to_float_conversion
- MISRA_CAST integer_widening_cast
- MISRA_CAST none
- MISSING_ASSIGN none
- MISSING_ASSIGN uncalled
- MISSING_COPY none
- MISSING_COPY uncalled
- MISSING_LOCK none
- NEGATIVE_RETURNS array_index_read
- NEGATIVE_RETURNS array_index_write
- NEGATIVE_RETURNS loop_bound
- NO_EFFECT bad_memset_fill_value
- NO_EFFECT bad_memset_truncated_fill
- NO_EFFECT bad_memset_zero_size
- NO_EFFECT incomplete_delete
- NO_EFFECT self_assign
- ORDER_REVERSAL none
- OS_CMD_INJECTION none
- OVERFLOW_BEFORE_WIDEN none
- OVERRUN illegal_address
- OVERRUN none
- OVERRUN read
- OVERRUN strlen
- OVERRUN write
- PATH_MANIPULATION none
- PRINTF_ARGS extra_printf_arg
- PRINTF_ARGS invalid_type_printf_arg
- PRINTF_ARGS missing_printf_arg
- PW.BAD_CAST none
- PW.BRANCH_PAST_INITIALIZATION none
- PW.CONVERSION_TO_POINTER_LOSES_BITS none
- PW.INTEGER_OVERFLOW none
- PW.INTEGER_TOO_LARGE none
- PW.NON_CONST_PRINTF_FORMAT_STRING none
- PW.RETURN_PTR_TO_LOCAL_TEMP none
- PW.SHIFT_COUNT_TOO_LARGE none
- PW.TOO_FEW_PRINTF_ARGS none
- PW.TOO_MANY_PRINTF_ARGS none
- READLINK none
- RESOURCE_LEAK exceptional_path
- RESOURCE_LEAK fds_handles
- RESOURCE_LEAK none
- RETURN_LOCAL escape_local_addr_to_fields_or_globals
- RETURN_LOCAL none
- REVERSE_NEGATIVE array_index_read
- REVERSE_NEGATIVE array_index_write
- REVERSE_NEGATIVE critical_argument
- RISKY_CRYPTO ssl_protocol
- SECURE_TEMP none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SIGN_EXTENSION none
- SIZECHECK likely_overflow
- SIZECHECK no_null_terminator
- SLEEP none
- SQLI none
- STACK_USE none
- STRING_NULL none
- STRING_OVERFLOW fixed_size_dest
- STRING_OVERFLOW likely_overflow
- STRING_OVERFLOW none
- STRING_SIZE none
- TAINTED_SCALAR allocation
- TAINTED_SCALAR array_index_read
- TAINTED_SCALAR array_index_write
- TAINTED_SCALAR critical_argument
- TAINTED_SCALAR divisor
- TAINTED_SCALAR loop_bound
- TAINTED_SCALAR none
- TAINTED_SCALAR pointer_deref_read
- TAINTED_SCALAR pointer_deref_write
- TAINTED_STRING none
- UNCAUGHT_EXCEPT none
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- UNINIT array_index_read
- UNINIT array_index_write
- UNINIT none
- UNINIT pointer_deref_read
- UNINIT pointer_deref_write
- UNINIT_CTOR none
- UNINIT_CTOR pointer
- URL_MANIPULATION none
- USER_POINTER none
- USE_AFTER_FREE deref_read_after_free
- USE_AFTER_FREE deref_write_after_free
- USE_AFTER_FREE double_close
- USE_AFTER_FREE double_free
- USE_AFTER_FREE none
- USE_AFTER_FREE use_after_close
- VIRTUAL_DTOR empty_dtor
- VIRTUAL_DTOR none
- WEAK_GUARD dns
- WEAK_GUARD dns_sensitive_op
- WEAK_GUARD http_referer
- WEAK_GUARD http_referer_sensitive_op
- WEAK_GUARD ip_address
- WEAK_GUARD ip_address_sensitive_op
- WEAK_GUARD none
- WEAK_GUARD os_login
- WEAK_GUARD os_login_sensitive_op
- WEAK_GUARD principal_name
- WEAK_GUARD principal_name_sensitive_op
- WRAPPER_ESCAPE COM_deref_read_after_free
- WRAPPER_ESCAPE COM_deref_write_after_free
- WRAPPER_ESCAPE COM_use_after_free
- WRAPPER_ESCAPE deref_read_after_free
- WRAPPER_ESCAPE deref_write_after_free
- WRAPPER_ESCAPE none
- XPATH_INJECTION none
- Y2K38_SAFETY declaration_with_small_time_t
- Y2K38_SAFETY truncation_of_time_t
|
- ALLOC_FREE_MISMATCH none
- ARRAY_VS_SINGLETON none
- ATOMICITY none
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK nested_memory_access
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK sensitive_data_comparison
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_execution_data_leak
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_uninitialized_use
- AUTOSAR C++14 A15-3-3 none
- BAD_ALLOC_ARITHMETIC none
- BAD_FREE address
- BAD_FREE alloca
- BAD_FREE array
- BAD_FREE first_field_address
- BAD_FREE function_pointer
- BAD_FREE none
- BUFFER_SIZE fixed_size_dest
- BUFFER_SIZE likely_overflow
- BUFFER_SIZE no_null_terminator
- BUFFER_SIZE no_null_terminator_warn
- BUFFER_SIZE none
- BUFFER_SIZE overflow
- BUFFER_SIZE overlapping_buffer
- CHAR_IO none
- CHROOT none
- CTOR_DTOR_LEAK none
- DELETE_ARRAY non_array_delete
- DELETE_ARRAY none
- DELETE_ARRAY object
- DELETE_ARRAY scalar
- DELETE_VOID none
- EVALUATION_ORDER none
- FORMAT_STRING_INJECTION none
- FORMAT_STRING_INJECTION paranoid
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HEADER_INJECTION none
- INCOMPATIBLE_CAST endianness
- INCOMPATIBLE_CAST float_vs_integral
- INCOMPATIBLE_CAST none
- INCOMPATIBLE_CAST overrun
- INTEGER_OVERFLOW array_index_read
- INTEGER_OVERFLOW array_index_write
- INTEGER_OVERFLOW const_overflow
- INTEGER_OVERFLOW critical_argument
- INTEGER_OVERFLOW none
- INTEGER_OVERFLOW pointer_deref_read
- INTEGER_OVERFLOW pointer_deref_write
- INTEGER_OVERFLOW return_value_error
- INVALIDATE_ITERATOR none
- LOCK double_lock
- LOCK missing_unlock
- LOCK none
- MISMATCHED_ITERATOR none
- MISMATCHED_ITERATOR splice_iterator_mismatch
- MISRA C++-2008 Rule 15-3-2 none
- MISRA_CAST bitwise_op_bad_cast
- MISRA_CAST bitwise_op_no_cast
- MISRA_CAST float_complex_conversion
- MISRA_CAST float_narrowing_conversion
- MISRA_CAST float_non_constant_arg_conversion
- MISRA_CAST float_non_constant_conversion
- MISRA_CAST float_non_constant_rtn_conversion
- MISRA_CAST float_to_integer_cast
- MISRA_CAST float_to_integer_conversion
- MISRA_CAST float_widening_cast
- MISRA_CAST integer_complex_conversion
- MISRA_CAST integer_narrowing_conversion
- MISRA_CAST integer_non_constant_arg_conversion
- MISRA_CAST integer_non_constant_conversion
- MISRA_CAST integer_non_constant_rtn_conversion
- MISRA_CAST integer_signedness_changing_cast
- MISRA_CAST integer_signedness_changing_conversion
- MISRA_CAST integer_to_float_cast
- MISRA_CAST integer_to_float_conversion
- MISRA_CAST integer_widening_cast
- MISRA_CAST none
- MISSING_ASSIGN none
- MISSING_ASSIGN uncalled
- MISSING_COPY none
- MISSING_COPY uncalled
- MISSING_LOCK none
- NEGATIVE_RETURNS array_index_read
- NEGATIVE_RETURNS array_index_write
- NEGATIVE_RETURNS loop_bound
- NO_EFFECT bad_memset_fill_value
- NO_EFFECT bad_memset_truncated_fill
- NO_EFFECT bad_memset_zero_size
- NO_EFFECT incomplete_delete
- NO_EFFECT self_assign
- ORDER_REVERSAL none
- OS_CMD_INJECTION none
- OVERFLOW_BEFORE_WIDEN none
- OVERRUN illegal_address
- OVERRUN none
- OVERRUN read
- OVERRUN strlen
- OVERRUN write
- PATH_MANIPULATION none
- PRINTF_ARGS extra_printf_arg
- PRINTF_ARGS invalid_type_printf_arg
- PRINTF_ARGS missing_printf_arg
- PW.BAD_CAST none
- PW.BRANCH_PAST_INITIALIZATION none
- PW.CONVERSION_TO_POINTER_LOSES_BITS none
- PW.INTEGER_OVERFLOW none
- PW.INTEGER_TOO_LARGE none
- PW.NON_CONST_PRINTF_FORMAT_STRING none
- PW.RETURN_PTR_TO_LOCAL_TEMP none
- PW.SHIFT_COUNT_TOO_LARGE none
- PW.TOO_FEW_PRINTF_ARGS none
- PW.TOO_MANY_PRINTF_ARGS none
- READLINK none
- RESOURCE_LEAK exceptional_path
- RESOURCE_LEAK fds_handles
- RESOURCE_LEAK none
- RETURN_LOCAL escape_local_addr_to_fields_or_globals
- RETURN_LOCAL none
- REVERSE_NEGATIVE array_index_read
- REVERSE_NEGATIVE array_index_write
- REVERSE_NEGATIVE critical_argument
- RISKY_CRYPTO ssl_protocol
- SECURE_TEMP none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SIGN_EXTENSION none
- SIZECHECK likely_overflow
- SIZECHECK no_null_terminator
- SLEEP none
- SQLI none
- STACK_USE none
- STRING_NULL none
- STRING_OVERFLOW fixed_size_dest
- STRING_OVERFLOW likely_overflow
- STRING_OVERFLOW none
- STRING_SIZE none
- TAINTED_SCALAR allocation
- TAINTED_SCALAR array_index_read
- TAINTED_SCALAR array_index_write
- TAINTED_SCALAR critical_argument
- TAINTED_SCALAR divisor
- TAINTED_SCALAR loop_bound
- TAINTED_SCALAR none
- TAINTED_SCALAR pointer_deref_read
- TAINTED_SCALAR pointer_deref_write
- TAINTED_STRING none
- UNCAUGHT_EXCEPT none
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- UNINIT array_index_read
- UNINIT array_index_write
- UNINIT none
- UNINIT pointer_deref_read
- UNINIT pointer_deref_write
- UNINIT_CTOR none
- UNINIT_CTOR pointer
- URL_MANIPULATION none
- USER_POINTER none
- USE_AFTER_FREE deref_read_after_free
- USE_AFTER_FREE deref_write_after_free
- USE_AFTER_FREE double_close
- USE_AFTER_FREE double_free
- USE_AFTER_FREE none
- USE_AFTER_FREE use_after_close
- VIRTUAL_DTOR empty_dtor
- VIRTUAL_DTOR none
- WEAK_GUARD dns
- WEAK_GUARD dns_sensitive_op
- WEAK_GUARD http_referer
- WEAK_GUARD http_referer_sensitive_op
- WEAK_GUARD ip_address
- WEAK_GUARD ip_address_sensitive_op
- WEAK_GUARD none
- WEAK_GUARD os_login
- WEAK_GUARD os_login_sensitive_op
- WEAK_GUARD principal_name
- WEAK_GUARD principal_name_sensitive_op
- WRAPPER_ESCAPE COM_deref_read_after_free
- WRAPPER_ESCAPE COM_deref_write_after_free
- WRAPPER_ESCAPE COM_use_after_free
- WRAPPER_ESCAPE deref_read_after_free
- WRAPPER_ESCAPE deref_write_after_free
- WRAPPER_ESCAPE none
- XPATH_INJECTION none
|
- ATOMICITY none
- DISTRUSTED_DATA_DESERIALIZATION none
- GUARDED_BY_VIOLATION none
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HEADER_INJECTION none
- INSUFFICIENT_LOGGING logging_obligation
- LOCK double_lock
- LOCK missing_unlock
- LOCK none
- LOCK_INVERSION none
- NOSQL_QUERY_INJECTION none
- OPEN_REDIRECT none
- OS_CMD_INJECTION command_as_one_string
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SLEEP none
- SQLI none
- SQLI nosink
- SQLI sink
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
- TEMPLATE_INJECTION none
- URL_MANIPULATION none
- XML_EXTERNAL_ENTITY entity_expansion
- XML_EXTERNAL_ENTITY external_entities
- XSS none
|
- ANDROID_CAPABILITY_LEAK none
- ANDROID_DEBUG_MODE none
- ANDROID_WEBVIEW_FILEACCESS android_webview_file_access
- ATOMICITY none
- BAD_CERT_VERIFICATION bad_hostname_verifier
- BAD_CERT_VERIFICATION bad_revocation_check
- BAD_CERT_VERIFICATION bad_ssl_session
- BAD_CERT_VERIFICATION bad_trust_manager
- BAD_LOCK_OBJECT boxed_lock
- BAD_LOCK_OBJECT interned_string_lock
- BAD_LOCK_OBJECT none
- BAD_LOCK_OBJECT single_thread_lock
- BAD_LOCK_OBJECT unsafe_assign_to_locked_field
- CALL_SUPER clone
- CALL_SUPER finalize
- CONFIG.ANDROID_BACKUPS_ALLOWED android
- CONFIG.DWR_DEBUG_MODE none
- CONFIG.DYNAMIC_DATA_HTML_COMMENT none
- CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
- CONFIG.JAVAEE_MISSING_HTTPONLY none
- CONFIG.JAVAEE_MISSING_SERVLET_MAPPING javaee
- CONFIG.MISSING_JSF2_SECURITY_CONSTRAINT none
- CONFIG.MYBATIS_MAPPER_SQLI none
- CONFIG.SPRING_BOOT_SENSITIVE_LOGGING spring_boot_logging
- CONFIG.SPRING_BOOT_SSL_DISABLED spring_boot_certificate_validation_skipped
- CONFIG.SPRING_BOOT_SSL_DISABLED spring_boot_ssl_disabled
- CONFIG.SPRING_SECURITY_DEBUG_MODE spring_debug_mode_enabled
- CONFIG.SPRING_SECURITY_DEPRECATED_XSS_HEADER deprecated_xss_header
- CONFIG.SPRING_SECURITY_DISABLE_AUTH_TAGS none
- CONFIG.SPRING_SECURITY_EXPOSED_SESSIONID session_id_in_url
- CONFIG.SPRING_SECURITY_HARDCODED_CREDENTIALS none
- CONFIG.SPRING_SECURITY_LOGIN_OVER_HTTP spring_security_login_over_http
- CONFIG.SPRING_SECURITY_REMEMBER_ME_HARDCODED_KEY none
- CONFIG.SPRING_SECURITY_SESSION_FIXATION none
- CONFIG.SPRING_SECURITY_SESSION_FIXATION spring_security_source_code
- CONFIG.SPRING_SECURITY_UNSAFE_AUTHENTICATION_FILTER authentication_filter
- CONFIG.SPRING_SECURITY_WEAK_PASSWORD_HASH weak_encoding_for_password
- CONFIG.STRUTS2_CONFIG_BROWSER_PLUGIN none
- CONFIG.STRUTS2_DYNAMIC_METHOD_INVOCATION none
- CONFIG.STRUTS2_ENABLED_DEV_MODE none
- CONFIG.UNSAFE_SESSION_TIMEOUT none
- CORS_MISCONFIGURATION cors_with_credentials_http_origin
- CORS_MISCONFIGURATION cors_with_credentials_null_origin
- CORS_MISCONFIGURATION_AUDIT cors_expose_sensitive_header
- CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
- CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
- DC.DEADLOCK none
- DISABLED_ENCRYPTION text_encryptor
- EL_INJECTION none
- EXPOSED_PREFERENCES none
- FB.BX_BOXING_IMMEDIATELY_UNBOXED_TO_PERFORM_COERCION none
- FB.CN_IDIOM none
- FB.CN_IDIOM_NO_SUPER_CALL none
- FB.CN_IMPLEMENTS_CLONE_BUT_NOT_CLONEABLE none
- FB.DC_DOUBLECHECK none
- FB.DC_PARTIALLY_CONSTRUCTED none
- FB.DMI_CONSTANT_DB_PASSWORD none
- FB.DMI_EMPTY_DB_PASSWORD none
- FB.EI_EXPOSE_REP none
- FB.EI_EXPOSE_REP2 none
- FB.FI_PUBLIC_SHOULD_BE_PROTECTED none
- FB.HRS_REQUEST_PARAMETER_TO_COOKIE none
- FB.HRS_REQUEST_PARAMETER_TO_HTTP_HEADER none
- FB.ICAST_BAD_SHIFT_AMOUNT none
- FB.ICAST_IDIV_CAST_TO_DOUBLE none
- FB.ICAST_INTEGER_MULTIPLY_CAST_TO_LONG none
- FB.ICAST_INT_2_LONG_AS_INSTANT none
- FB.ICAST_INT_CAST_TO_DOUBLE_PASSED_TO_CEIL none
- FB.ICAST_INT_CAST_TO_FLOAT_PASSED_TO_ROUND none
- FB.ICAST_QUESTIONABLE_UNSIGNED_RIGHT_SHIFT none
- FB.LI_LAZY_INIT_STATIC none
- FB.LI_LAZY_INIT_UPDATE_STATIC none
- FB.MS_CANNOT_BE_FINAL none
- FB.PT_ABSOLUTE_PATH_TRAVERSAL none
- FB.PT_RELATIVE_PATH_TRAVERSAL none
- FB.REC_CATCH_EXCEPTION none
- FB.RU_INVOKE_RUN none
- FB.SQL_NONCONSTANT_STRING_PASSED_TO_EXECUTE none
- FB.SQL_PREPARED_STATEMENT_GENERATED_FROM_NONCONSTANT_STRING none
- FB.XSS_REQUEST_PARAMETER_TO_JSP_WRITER none
- FB.XSS_REQUEST_PARAMETER_TO_SEND_ERROR none
- FB.XSS_REQUEST_PARAMETER_TO_SERVLET_WRITER none
- GUARDED_BY_VIOLATION none
- GUARDED_BY_VIOLATION unlocked_read
- GUARDED_BY_VIOLATION unlocked_write
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HEADER_INJECTION none
- IMPLICIT_INTENT none
- INSECURE_COMMUNICATION insecure_communication
- INSECURE_COMMUNICATION none
- INSECURE_COMMUNICATION unencrypted_connection
- INSECURE_REMEMBER_ME_COOKIE remember_me_cookie
- INVALIDATE_ITERATOR map_put
- INVALIDATE_ITERATOR none
- JAVA_CODE_INJECTION none
- JCR_INJECTION none
- JSP_DYNAMIC_INCLUDE none
- JSP_SQL_INJECTION none
- LDAP_INJECTION none
- LDAP_NOT_CONSTANT none
- LOCK_EVASION none
- LOCK_INVERSION none
- LOG_INJECTION none
- MISSING_AUTHZ none
- MISSING_HEADER_VALIDATION missing_header_validation
- MISSING_PERMISSION_FOR_BROADCAST none
- MISSING_PERMISSION_ON_EXPORTED_COMPONENT none
- NON_STATIC_GUARDING_STATIC none
- NOSQL_QUERY_INJECTION none
- OGNL_INJECTION none
- OPEN_REDIRECT none
- OS_CMD_INJECTION command_as_array_of_args
- OS_CMD_INJECTION command_as_one_string
- OS_CMD_INJECTION none
- OVERFLOW_BEFORE_WIDEN none
- PATH_MANIPULATION none
- REGEX_INJECTION none
- RESOURCE_LEAK exceptional_path
- RESOURCE_LEAK none
- RESOURCE_LEAK socket
- RESOURCE_LEAK stream
- RISKY_CRYPTO ssl_protocol
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_clipboard
- SENSITIVE_DATA_LEAK cleartext_storage_in_content_provider
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_intent
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SERVLET_ATOMICITY attribute_init_race
- SERVLET_ATOMICITY none
- SERVLET_ATOMICITY violation_on_session_object
- SESSION_FIXATION none
- SINGLETON_RACE none
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
- TRUST_BOUNDARY_VIOLATION none
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- UNKNOWN_LANGUAGE_INJECTION none
- UNLIMITED_CONCURRENT_SESSIONS unlimited_concurrent_sessions
- UNLOGGED_SECURITY_EXCEPTION unlogged_security_exception
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_access
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_read
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_write
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_access
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_read
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_write
- UNRESTRICTED_DISPATCH none
- UNSAFE_DESERIALIZATION none
- UNSAFE_JNI none
- UNSAFE_NAMED_QUERY none
- UNSAFE_REFLECTION none
- URL_MANIPULATION bad_content_uri
- URL_MANIPULATION bad_intent_uri
- URL_MANIPULATION bad_web_uri
- USE_AFTER_FREE none
- VERBOSE_ERROR_REPORTING exception_information
- VERBOSE_ERROR_REPORTING stack_trace
- WEAK_GUARD dns
- WEAK_GUARD dns_sensitive_op
- WEAK_GUARD http_referer
- WEAK_GUARD http_referer_sensitive_op
- WEAK_GUARD ip_address
- WEAK_GUARD ip_address_sensitive_op
- WEAK_GUARD none
- WEAK_GUARD os_login
- WEAK_GUARD os_login_sensitive_op
- WEAK_GUARD principal_name
- WEAK_GUARD principal_name_sensitive_op
- XML_EXTERNAL_ENTITY entity_expansion
- XML_EXTERNAL_ENTITY external_entities
- XML_EXTERNAL_ENTITY unrestricted_dtds
- XML_INJECTION none
- XPATH_INJECTION none
- XSS none
- XSS stored_xss
|
- ANGULAR_BYPASS_SECURITY none
- ANGULAR_ELEMENT_REFERENCE none
- ANGULAR_EXPRESSION_INJECTION none
- ANGULAR_SCE_DISABLED angular_sce_disabled
- AWS_SSL_DISABLED aws_ssl_disabled
- AWS_VALIDATION_DISABLED aws_credentials_validation
- AWS_VALIDATION_DISABLED aws_parameters_validation
- BAD_CERT_VERIFICATION bad_cert_verification
- BAD_CERT_VERIFICATION certificate_validation_disabled
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_fields
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_filesize
- CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
- CONFIG.CORDOVA_EXCESSIVE_LOGGING cordova
- CONFIG.ENABLED_DEBUG_MODE debug_mode_enabled
- CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
- CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
- CONFIG.JSONWEBTOKEN_NON_EXPIRING_TOKEN jwt_non_expiring_token
- CONFIG.MYSQL_SSL_VERIFY_DISABLED mysql_ssl_verify_disabled
- CONFIG.REQUEST_STRICTSSL_DISABLED request_strictssl_disabled
- CONFIG.SEQUELIZE_ENABLED_LOGGING sequelize_logging_enabled
- CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
- CONFIG.SOCKETIO_MAXHTTPBUFFERSIZE_SET_TOO_LARGE socketio_max_buffer_size
- CONFIG.SOCKETIO_ORIGINS_ACCEPT_ALL socketio_all_origins
- CONFIG.UNSAFE_SESSION_TIMEOUT client_sessions_unsafe_session_timeout
- CONFIG.UNSAFE_SESSION_TIMEOUT connect_mongo_session_timeout_too_long
- CONFIG.UNSAFE_SESSION_TIMEOUT connect_redis_session_timeout_too_long
- CONFIG.UNSAFE_SESSION_TIMEOUT google_cloud_connect_datastore_unsafe_session_timeout
- CONFIG.VUE_ROUTER_PARAMS_EXPOSED_TO_PROPS vuerouter_exposed_params
- COOKIE_INJECTION none
- CORS_MISCONFIGURATION cors_configured_globally
- CORS_MISCONFIGURATION cors_origin_string
- CORS_MISCONFIGURATION cors_with_credentials_all_origin
- CORS_MISCONFIGURATION cors_with_credentials_http_origin
- CORS_MISCONFIGURATION cors_with_credentials_null_origin
- CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
- CORS_MISCONFIGURATION_AUDIT cors_expose_sensitive_header
- CORS_MISCONFIGURATION_AUDIT cors_headers_allowed
- CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
- CORS_MISCONFIGURATION_AUDIT cors_origin_string
- CORS_MISCONFIGURATION_AUDIT cors_preflight_age_too_long
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_all_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_http_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_null_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
- CSS_INJECTION none
- DNS_PREFETCHING helmet_dns_prefetching
- DOM_XSS none
- EXPRESS_SESSION_UNSAFE_MEMORYSTORE express_session_unsafe_memorystore
- EXPRESS_WINSTON_SENSITIVE_LOGGING error_logger
- EXPRESS_WINSTON_SENSITIVE_LOGGING meta_data
- EXPRESS_WINSTON_SENSITIVE_LOGGING request_logger
- EXPRESS_X_POWERED_BY_ENABLED x_powered_by_http_header
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_fields
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_filesize
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_use_temp_files
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HEADER_INJECTION none
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_max_age
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_report_uri
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_set_if
- INSECURE_ACL insecure_acl
- INSECURE_COMMUNICATION insecure_connection
- INSECURE_COOKIE client_sessions_express_session
- INSECURE_COOKIE hapi_server_session
- INSECURE_REFERRER_POLICY insecure_referrer_policy
- INSUFFICIENT_LOGGING logging_obligation
- INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_aws
- INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_google
- JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_exipration
- JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_not_before
- LOCALSTORAGE_MANIPULATION none
- LOCALSTORAGE_WRITE none
- MISSING_AUTHZ none
- MISSING_IFRAME_SANDBOX none
- MULTER_MISCONFIGURATION multer_applied_globally
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_count
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
- MULTER_MISCONFIGURATION multer_misconfiguration_of_limits
- MULTER_MISCONFIGURATION multer_misconfiguration_of_storage
- NOSQL_QUERY_INJECTION none
- NO_EFFECT self_assign
- OPEN_REDIRECT none
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- REACT_DANGEROUS_INNERHTML react_set_unsafe_html
- REGEX_INJECTION none
- REVERSE_TABNABBING react_target_blank
- RISKY_CRYPTO ssl_protocol
- SA.RISKY_CRYPTO ssl_protocol
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SESSIONSTORAGE_MANIPULATION none
- SQLI none
- SQLI nosink
- SQLI sink
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
- TEMPLATE_INJECTION none
- TEMPORARY_CREDENTIALS_DURATION temporary_credentials_duration
- UNCHECKED_ORIGIN none
- UNLESS_CASE_SENSITIVE_ROUTE_MATCHING express_unless_case_sensitive_route_matching
- UNRESTRICTED_MESSAGE_TARGET none
- UNSAFE_BUFFER_METHOD unsafe_buffer_method
- UNSAFE_DESERIALIZATION none
- URL_MANIPULATION none
- VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
- WEAK_URL_SANITIZATION hostname_regular_expression
- WEAK_URL_SANITIZATION regular_expression_anchor
- WEAK_URL_SANITIZATION url_substring
- XML_EXTERNAL_ENTITY entity_expansion
- XML_EXTERNAL_ENTITY external_entities
- XSS none
|
- ANDROID_CAPABILITY_LEAK none
- ANDROID_DEBUG_MODE none
- BAD_CERT_VERIFICATION bad_hostname_verifier
- BAD_CERT_VERIFICATION bad_revocation_check
- BAD_CERT_VERIFICATION bad_ssl_session
- BAD_CERT_VERIFICATION bad_trust_manager
- CONFIG.ANDROID_BACKUPS_ALLOWED android
- EXPOSED_PREFERENCES none
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HEADER_INJECTION none
- IMPLICIT_INTENT none
- INSECURE_COMMUNICATION none
- MISSING_PERMISSION_FOR_BROADCAST none
- OS_CMD_INJECTION command_as_array_of_args
- OS_CMD_INJECTION command_as_one_string
- PATH_MANIPULATION none
- RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_clipboard
- SENSITIVE_DATA_LEAK cleartext_storage_in_content_provider
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_intent
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_access
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_read
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_write
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_access
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_read
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_write
- UNSAFE_DESERIALIZATION none
- URL_MANIPULATION bad_content_uri
- URL_MANIPULATION bad_intent_uri
- URL_MANIPULATION bad_web_uri
- XML_EXTERNAL_ENTITY entity_expansion
- XML_EXTERNAL_ENTITY external_entities
- XML_EXTERNAL_ENTITY unrestricted_dtds
|
- ALLOC_FREE_MISMATCH none
- ARRAY_VS_SINGLETON none
- ATOMICITY none
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK nested_memory_access
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK sensitive_data_comparison
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_execution_data_leak
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_uninitialized_use
- BAD_ALLOC_ARITHMETIC none
- BAD_FREE address
- BAD_FREE alloca
- BAD_FREE array
- BAD_FREE first_field_address
- BAD_FREE function_pointer
- BAD_FREE none
- BUFFER_SIZE fixed_size_dest
- BUFFER_SIZE likely_overflow
- BUFFER_SIZE no_null_terminator
- BUFFER_SIZE no_null_terminator_warn
- BUFFER_SIZE none
- BUFFER_SIZE overflow
- BUFFER_SIZE overlapping_buffer
- CHAR_IO none
- CHROOT none
- CTOR_DTOR_LEAK none
- DELETE_ARRAY non_array_delete
- DELETE_ARRAY none
- DELETE_ARRAY object
- DELETE_ARRAY scalar
- DELETE_VOID none
- EVALUATION_ORDER none
- FORMAT_STRING_INJECTION none
- FORMAT_STRING_INJECTION paranoid
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HEADER_INJECTION none
- INCOMPATIBLE_CAST endianness
- INCOMPATIBLE_CAST float_vs_integral
- INCOMPATIBLE_CAST none
- INCOMPATIBLE_CAST overrun
- INTEGER_OVERFLOW array_index_read
- INTEGER_OVERFLOW array_index_write
- INTEGER_OVERFLOW const_overflow
- INTEGER_OVERFLOW critical_argument
- INTEGER_OVERFLOW none
- INTEGER_OVERFLOW pointer_deref_read
- INTEGER_OVERFLOW pointer_deref_write
- INTEGER_OVERFLOW return_value_error
- INVALIDATE_ITERATOR none
- LOCK double_lock
- LOCK missing_unlock
- LOCK none
- MISMATCHED_ITERATOR none
- MISMATCHED_ITERATOR splice_iterator_mismatch
- MISRA_CAST bitwise_op_bad_cast
- MISRA_CAST bitwise_op_no_cast
- MISRA_CAST float_complex_conversion
- MISRA_CAST float_narrowing_conversion
- MISRA_CAST float_non_constant_arg_conversion
- MISRA_CAST float_non_constant_conversion
- MISRA_CAST float_non_constant_rtn_conversion
- MISRA_CAST float_to_integer_cast
- MISRA_CAST float_to_integer_conversion
- MISRA_CAST float_widening_cast
- MISRA_CAST integer_complex_conversion
- MISRA_CAST integer_narrowing_conversion
- MISRA_CAST integer_non_constant_arg_conversion
- MISRA_CAST integer_non_constant_conversion
- MISRA_CAST integer_non_constant_rtn_conversion
- MISRA_CAST integer_signedness_changing_cast
- MISRA_CAST integer_signedness_changing_conversion
- MISRA_CAST integer_to_float_cast
- MISRA_CAST integer_to_float_conversion
- MISRA_CAST integer_widening_cast
- MISRA_CAST none
- MISSING_ASSIGN none
- MISSING_ASSIGN uncalled
- MISSING_COPY none
- MISSING_COPY uncalled
- MISSING_LOCK none
- NEGATIVE_RETURNS array_index_read
- NEGATIVE_RETURNS array_index_write
- NEGATIVE_RETURNS loop_bound
- NO_EFFECT bad_memset_fill_value
- NO_EFFECT bad_memset_truncated_fill
- NO_EFFECT bad_memset_zero_size
- NO_EFFECT incomplete_delete
- NO_EFFECT self_assign
- ORDER_REVERSAL none
- OS_CMD_INJECTION none
- OVERFLOW_BEFORE_WIDEN none
- OVERRUN illegal_address
- OVERRUN none
- OVERRUN read
- OVERRUN strlen
- OVERRUN write
- PATH_MANIPULATION none
- PRINTF_ARGS extra_printf_arg
- PRINTF_ARGS invalid_type_printf_arg
- PRINTF_ARGS missing_printf_arg
- READLINK none
- RESOURCE_LEAK exceptional_path
- RESOURCE_LEAK fds_handles
- RESOURCE_LEAK none
- RETURN_LOCAL escape_local_addr_to_fields_or_globals
- RETURN_LOCAL none
- REVERSE_NEGATIVE array_index_read
- REVERSE_NEGATIVE array_index_write
- REVERSE_NEGATIVE critical_argument
- RISKY_CRYPTO ssl_protocol
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SIGN_EXTENSION none
- SIZECHECK likely_overflow
- SIZECHECK no_null_terminator
- SLEEP none
- SQLI none
- STACK_USE none
- STRING_NULL none
- STRING_OVERFLOW fixed_size_dest
- STRING_OVERFLOW likely_overflow
- STRING_OVERFLOW none
- STRING_SIZE none
- TAINTED_SCALAR allocation
- TAINTED_SCALAR array_index_read
- TAINTED_SCALAR array_index_write
- TAINTED_SCALAR critical_argument
- TAINTED_SCALAR divisor
- TAINTED_SCALAR loop_bound
- TAINTED_SCALAR none
- TAINTED_SCALAR pointer_deref_read
- TAINTED_SCALAR pointer_deref_write
- TAINTED_STRING none
- UNCAUGHT_EXCEPT none
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- UNINIT array_index_read
- UNINIT array_index_write
- UNINIT none
- UNINIT pointer_deref_read
- UNINIT pointer_deref_write
- UNINIT_CTOR none
- UNINIT_CTOR pointer
- URL_MANIPULATION none
- USER_POINTER none
- USE_AFTER_FREE deref_read_after_free
- USE_AFTER_FREE deref_write_after_free
- USE_AFTER_FREE double_close
- USE_AFTER_FREE double_free
- USE_AFTER_FREE none
- USE_AFTER_FREE use_after_close
- VIRTUAL_DTOR empty_dtor
- VIRTUAL_DTOR none
- WEAK_GUARD dns
- WEAK_GUARD dns_sensitive_op
- WEAK_GUARD http_referer
- WEAK_GUARD http_referer_sensitive_op
- WEAK_GUARD ip_address
- WEAK_GUARD ip_address_sensitive_op
- WEAK_GUARD none
- WEAK_GUARD os_login
- WEAK_GUARD os_login_sensitive_op
- WEAK_GUARD principal_name
- WEAK_GUARD principal_name_sensitive_op
- WRAPPER_ESCAPE COM_deref_read_after_free
- WRAPPER_ESCAPE COM_deref_write_after_free
- WRAPPER_ESCAPE COM_use_after_free
- WRAPPER_ESCAPE deref_read_after_free
- WRAPPER_ESCAPE deref_write_after_free
- WRAPPER_ESCAPE none
- XPATH_INJECTION none
|
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HEADER_INJECTION none
- MISSING_AUTHZ none
- NOSQL_QUERY_INJECTION none
- NO_EFFECT self_assign
- OPEN_REDIRECT none
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- SYMFONY_EL_INJECTION none
- UNSAFE_DESERIALIZATION none
- UNSAFE_REFLECTION none
- XML_EXTERNAL_ENTITY external_entities
- XSS none
|
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- MISSING_AUTHZ none
- NOSQL_QUERY_INJECTION none
- OPEN_REDIRECT none
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- UNSAFE_DESERIALIZATION none
- XML_EXTERNAL_ENTITY external_entities
- XSS none
|
- BAD_CERT_VERIFICATION ssl_verification_bypass_hi
- COOKIE_SERIALIZER_CONFIG unsafe_cookie_serialization_med
- DYNAMIC_OBJECT_ATTRIBUTES attr_protected_used_med
- DYNAMIC_OBJECT_ATTRIBUTES cve_2013_0276_hi
- DYNAMIC_OBJECT_ATTRIBUTES dangerous_attr_accessible_hi
- DYNAMIC_OBJECT_ATTRIBUTES dangerous_attr_accessible_low
- DYNAMIC_OBJECT_ATTRIBUTES dangerous_attr_accessible_med
- DYNAMIC_OBJECT_ATTRIBUTES dangerous_permit_key_hi
- DYNAMIC_OBJECT_ATTRIBUTES dangerous_permit_key_med
- DYNAMIC_OBJECT_ATTRIBUTES mass_assign_call_hi
- DYNAMIC_OBJECT_ATTRIBUTES mass_assign_call_low
- DYNAMIC_OBJECT_ATTRIBUTES mass_assign_call_med
- DYNAMIC_OBJECT_ATTRIBUTES mass_assign_permit_all_hi
- DYNAMIC_OBJECT_ATTRIBUTES mass_assign_permit_all_med
- DYNAMIC_OBJECT_ATTRIBUTES mass_assign_without_protection_hi
- DYNAMIC_OBJECT_ATTRIBUTES mass_assign_without_protection_med
- DYNAMIC_OBJECT_ATTRIBUTES no_attr_accessible_hi
- HARDCODED_CREDENTIALS secret_in_source_med
- INSECURE_COOKIE missing_httponly_low
- INSECURE_DIRECT_OBJECT_REFERENCE unscoped_find_low
- NO_EFFECT self_assign
- OPEN_REDIRECT open_redirect_hi
- OPEN_REDIRECT open_redirect_low
- OS_CMD_INJECTION command_injection_hi
- OS_CMD_INJECTION command_injection_med
- PATH_MANIPULATION dynamic_render_path_hi
- PATH_MANIPULATION dynamic_render_path_low
- PATH_MANIPULATION dynamic_render_path_med
- PATH_MANIPULATION dynamic_render_path_rce_hi
- PATH_MANIPULATION file_access_hi
- PATH_MANIPULATION file_access_low
- PATH_MANIPULATION file_access_med
- RAILS_DEFAULT_ROUTES all_default_routes_hi
- RAILS_DEFAULT_ROUTES controller_default_routes_med
- RAILS_DEFAULT_ROUTES cve_2014_0130_hi
- RAILS_DEFAULT_ROUTES cve_2014_0130_med
- RAILS_DEVISE_CONFIG devise_lock_strategy_low
- RAILS_DEVISE_CONFIG devise_password_length_max_low
- RAILS_DEVISE_CONFIG devise_password_length_max_med
- RAILS_DEVISE_CONFIG devise_password_length_min_low
- RAILS_DEVISE_CONFIG devise_password_length_min_med
- RAILS_DEVISE_CONFIG devise_reset_timeout_hi
- RAILS_MISSING_FILTER_ACTION missing_action_filter_low
- REGEX_INJECTION regex_dos_hi
- REGEX_INJECTION regex_dos_low
- REGEX_INJECTION regex_dos_med
- RESOURCE_LEAK unsafe_symbol_creation_low
- REVERSE_TABNABBING reverse_tabnabbing_low
- RUBY_VULNERABLE_LIBRARY cve_2010_3933_hi
- RUBY_VULNERABLE_LIBRARY cve_2011_2929_hi
- RUBY_VULNERABLE_LIBRARY cve_2011_2930_med
- RUBY_VULNERABLE_LIBRARY cve_2011_2931_hi
- RUBY_VULNERABLE_LIBRARY cve_2011_2932_hi
- RUBY_VULNERABLE_LIBRARY cve_2011_3186_med
- RUBY_VULNERABLE_LIBRARY cve_2012_2660_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_2661_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_2695_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_3424_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_3424_low
- RUBY_VULNERABLE_LIBRARY cve_2012_3463_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_3465_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_5664_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_0155_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_0156_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_0269_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_0269_low
- RUBY_VULNERABLE_LIBRARY cve_2013_0269_med
- RUBY_VULNERABLE_LIBRARY cve_2013_0277_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_0277_med
- RUBY_VULNERABLE_LIBRARY cve_2013_0333_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_1854_med
- RUBY_VULNERABLE_LIBRARY cve_2013_1855_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_1857_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_4491_med
- RUBY_VULNERABLE_LIBRARY cve_2013_6414_med
- RUBY_VULNERABLE_LIBRARY cve_2013_6416_call_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_6416_med
- RUBY_VULNERABLE_LIBRARY cve_2013_6417_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_0080_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_0081_call_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_0081_med
- RUBY_VULNERABLE_LIBRARY cve_2014_0082_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_3482_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_3483_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_low
- RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_med
- RUBY_VULNERABLE_LIBRARY cve_2014_3514_med
- RUBY_VULNERABLE_LIBRARY cve_2014_7829_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_3226_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_3226_med
- RUBY_VULNERABLE_LIBRARY cve_2015_3227_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7576_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_7577_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7578_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_7578_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7579_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_7579_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7580_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_7580_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7581_med
- RUBY_VULNERABLE_LIBRARY cve_2016_0751_med
- RUBY_VULNERABLE_LIBRARY cve_2016_6317_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_3741_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_3741_med
- RUBY_VULNERABLE_LIBRARY cve_2018_3760_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_3760_low
- RUBY_VULNERABLE_LIBRARY cve_2018_8048_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_8048_med
- RUBY_VULNERABLE_LIBRARY safe_buffer_vuln_med
- RUBY_VULNERABLE_LIBRARY select_options_vuln_low
- RUBY_VULNERABLE_LIBRARY select_options_vuln_med
- RUBY_VULNERABLE_LIBRARY translate_vuln_hi
- RUBY_VULNERABLE_LIBRARY translate_vuln_med
- SCRIPT_CODE_INJECTION code_eval_hi
- SCRIPT_CODE_INJECTION code_eval_low
- SENSITIVE_DATA_LEAK detailed_exceptions_hi
- SENSITIVE_DATA_LEAK detailed_exceptions_med
- SENSITIVE_DATA_LEAK local_request_config_hi
- SESSION_MANIPULATION session_key_manipulation_hi
- SESSION_MANIPULATION session_key_manipulation_med
- SQLI sql_injection_calculate_hi
- SQLI sql_injection_calculate_low
- SQLI sql_injection_calculate_med
- SQLI sql_injection_connection_hi
- SQLI sql_injection_connection_low
- SQLI sql_injection_connection_med
- SQLI sql_injection_delete_hi
- SQLI sql_injection_delete_low
- SQLI sql_injection_delete_med
- SQLI sql_injection_dynamic_finder_med
- SQLI sql_injection_exists_hi
- SQLI sql_injection_find_by_hi
- SQLI sql_injection_find_hi
- SQLI sql_injection_find_low
- SQLI sql_injection_find_med
- SQLI sql_injection_from_hi
- SQLI sql_injection_from_low
- SQLI sql_injection_from_med
- SQLI sql_injection_group_low
- SQLI sql_injection_group_med
- SQLI sql_injection_having_low
- SQLI sql_injection_having_med
- SQLI sql_injection_hi
- SQLI sql_injection_interp_hi
- SQLI sql_injection_interp_low
- SQLI sql_injection_interp_med
- SQLI sql_injection_joins_hi
- SQLI sql_injection_joins_low
- SQLI sql_injection_joins_med
- SQLI sql_injection_limit_offset_hi
- SQLI sql_injection_limit_offset_low
- SQLI sql_injection_low
- SQLI sql_injection_med
- SQLI sql_injection_not_low
- SQLI sql_injection_order_hi
- SQLI sql_injection_order_low
- SQLI sql_injection_order_med
- SQLI sql_injection_pluck_hi
- SQLI sql_injection_pluck_low
- SQLI sql_injection_pluck_med
- SQLI sql_injection_reorder_hi
- SQLI sql_injection_reorder_low
- SQLI sql_injection_reorder_med
- SQLI sql_injection_select_hi
- SQLI sql_injection_select_med
- SQLI sql_injection_where_hi
- SQLI sql_injection_where_low
- SQLI sql_injection_where_med
- STRICT_TRANSPORT_SECURITY force_ssl_disabled_med
- UNESCAPED_HTML unescaped_output_low
- UNSAFE_BASIC_AUTH basic_auth_password_hi
- UNSAFE_BASIC_AUTH basic_auth_timing_attack_low
- UNSAFE_BASIC_AUTH basic_auth_usage_low
- UNSAFE_DESERIALIZATION unsafe_deserialize_hi
- UNSAFE_DESERIALIZATION unsafe_deserialize_med
- UNSAFE_REFLECTION dangerous_send_hi
- UNSAFE_REFLECTION unsafe_constantize_hi
- UNSAFE_REFLECTION unsafe_constantize_med
- UNSAFE_SESSION_SETTING http_cookies_hi
- UNSAFE_SESSION_SETTING session_secret_hi
- XSS cross_site_scripting_hi
- XSS cross_site_scripting_inline_hi
- XSS cross_site_scripting_inline_med
- XSS cross_site_scripting_low
- XSS cross_site_scripting_med
- XSS cve_2011_0446_hi
- XSS cve_2012_3464_med
- XSS cve_2016_6316_hi
- XSS cve_2016_6316_med
- XSS unquoted_attribute_hi
- XSS unquoted_attribute_low
- XSS unquoted_attribute_med
- XSS xss_content_tag_hi
- XSS xss_content_tag_med
- XSS xss_link_to_hi
- XSS xss_link_to_href_hi
- XSS xss_link_to_href_low
- XSS xss_link_to_med
- XSS xss_to_json_hi
- XSS xss_to_json_med
|
- NO_EFFECT self_assign
- OVERFLOW_BEFORE_WIDEN none
|
- BAD_CERT_VERIFICATION bad_trust_manager
- BAD_CERT_VERIFICATION none
- CONFIG.ATS_INSECURE none
- CUSTOM_KEYBOARD_DATA_LEAK none
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- INSECURE_COMMUNICATION none
- INSECURE_MULTIPEER_CONNECTION none
- PATH_MANIPULATION none
- REGEX_INJECTION none
- RISKY_CRYPTO ssl_protocol
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- WEAK_BIOMETRIC_AUTH none
- XML_EXTERNAL_ENTITY external_entities
- XPATH_INJECTION none
|
- ANGULAR_BYPASS_SECURITY none
- ANGULAR_ELEMENT_REFERENCE none
- ANGULAR_EXPRESSION_INJECTION none
- ANGULAR_SCE_DISABLED angular_sce_disabled
- AWS_SSL_DISABLED aws_ssl_disabled
- AWS_VALIDATION_DISABLED aws_credentials_validation
- AWS_VALIDATION_DISABLED aws_parameters_validation
- BAD_CERT_VERIFICATION bad_cert_verification
- BAD_CERT_VERIFICATION certificate_validation_disabled
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_fields
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_filesize
- CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
- CONFIG.CORDOVA_EXCESSIVE_LOGGING cordova
- CONFIG.ENABLED_DEBUG_MODE debug_mode_enabled
- CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
- CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
- CONFIG.JSONWEBTOKEN_NON_EXPIRING_TOKEN jwt_non_expiring_token
- CONFIG.MYSQL_SSL_VERIFY_DISABLED mysql_ssl_verify_disabled
- CONFIG.REQUEST_STRICTSSL_DISABLED request_strictssl_disabled
- CONFIG.SEQUELIZE_ENABLED_LOGGING sequelize_logging_enabled
- CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
- CONFIG.SOCKETIO_MAXHTTPBUFFERSIZE_SET_TOO_LARGE socketio_max_buffer_size
- CONFIG.SOCKETIO_ORIGINS_ACCEPT_ALL socketio_all_origins
- CONFIG.UNSAFE_SESSION_TIMEOUT client_sessions_unsafe_session_timeout
- CONFIG.UNSAFE_SESSION_TIMEOUT connect_mongo_session_timeout_too_long
- CONFIG.UNSAFE_SESSION_TIMEOUT connect_redis_session_timeout_too_long
- CONFIG.UNSAFE_SESSION_TIMEOUT google_cloud_connect_datastore_unsafe_session_timeout
- CONFIG.VUE_ROUTER_PARAMS_EXPOSED_TO_PROPS vuerouter_exposed_params
- COOKIE_INJECTION none
- CORS_MISCONFIGURATION cors_configured_globally
- CORS_MISCONFIGURATION cors_origin_string
- CORS_MISCONFIGURATION cors_with_credentials_all_origin
- CORS_MISCONFIGURATION cors_with_credentials_http_origin
- CORS_MISCONFIGURATION cors_with_credentials_null_origin
- CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
- CORS_MISCONFIGURATION_AUDIT cors_expose_sensitive_header
- CORS_MISCONFIGURATION_AUDIT cors_headers_allowed
- CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
- CORS_MISCONFIGURATION_AUDIT cors_origin_string
- CORS_MISCONFIGURATION_AUDIT cors_preflight_age_too_long
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_all_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_http_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_null_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
- CSS_INJECTION none
- DNS_PREFETCHING helmet_dns_prefetching
- DOM_XSS none
- EXPRESS_SESSION_UNSAFE_MEMORYSTORE express_session_unsafe_memorystore
- EXPRESS_WINSTON_SENSITIVE_LOGGING error_logger
- EXPRESS_WINSTON_SENSITIVE_LOGGING meta_data
- EXPRESS_WINSTON_SENSITIVE_LOGGING request_logger
- EXPRESS_X_POWERED_BY_ENABLED x_powered_by_http_header
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_fields
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_filesize
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_use_temp_files
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HEADER_INJECTION none
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_max_age
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_report_uri
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_set_if
- INSECURE_ACL insecure_acl
- INSECURE_COMMUNICATION insecure_connection
- INSECURE_COOKIE client_sessions_express_session
- INSECURE_COOKIE hapi_server_session
- INSECURE_REFERRER_POLICY insecure_referrer_policy
- INSUFFICIENT_LOGGING logging_obligation
- INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_aws
- INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_google
- JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_exipration
- JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_not_before
- LOCALSTORAGE_MANIPULATION none
- LOCALSTORAGE_WRITE none
- MISSING_AUTHZ none
- MISSING_IFRAME_SANDBOX none
- MULTER_MISCONFIGURATION multer_applied_globally
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_count
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
- MULTER_MISCONFIGURATION multer_misconfiguration_of_limits
- MULTER_MISCONFIGURATION multer_misconfiguration_of_storage
- NOSQL_QUERY_INJECTION none
- NO_EFFECT self_assign
- OPEN_REDIRECT none
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- REACT_DANGEROUS_INNERHTML react_set_unsafe_html
- REGEX_INJECTION none
- REVERSE_TABNABBING react_target_blank
- RISKY_CRYPTO ssl_protocol
- SA.RISKY_CRYPTO ssl_protocol
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SESSIONSTORAGE_MANIPULATION none
- SQLI none
- SQLI nosink
- SQLI sink
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
- TEMPLATE_INJECTION none
- TEMPORARY_CREDENTIALS_DURATION temporary_credentials_duration
- UNCHECKED_ORIGIN none
- UNLESS_CASE_SENSITIVE_ROUTE_MATCHING express_unless_case_sensitive_route_matching
- UNRESTRICTED_MESSAGE_TARGET none
- UNSAFE_BUFFER_METHOD unsafe_buffer_method
- UNSAFE_DESERIALIZATION none
- URL_MANIPULATION none
- VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
- WEAK_URL_SANITIZATION hostname_regular_expression
- WEAK_URL_SANITIZATION regular_expression_anchor
- WEAK_URL_SANITIZATION url_substring
- XML_EXTERNAL_ENTITY entity_expansion
- XML_EXTERNAL_ENTITY external_entities
- XSS none
|
- ASPNET_MVC_VERSION_HEADER none
- CONFIG.DYNAMIC_DATA_HTML_COMMENT none
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HEADER_INJECTION none
- LDAP_INJECTION none
- LDAP_NOT_CONSTANT none
- LOCK_EVASION none
- LOG_INJECTION none
- MISSING_AUTHZ none
- OPEN_REDIRECT none
- OS_CMD_INJECTION command_argument
- OS_CMD_INJECTION executable_file
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- REGEX_INJECTION none
- RESOURCE_LEAK channel
- RESOURCE_LEAK database
- RESOURCE_LEAK exceptional_path
- RESOURCE_LEAK none
- RESOURCE_LEAK socket
- RESOURCE_LEAK stream
- RISKY_CRYPTO ssl_protocol
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
- UNLOGGED_SECURITY_EXCEPTION unlogged_security_exception
- UNRESTRICTED_DISPATCH none
- UNSAFE_DESERIALIZATION none
- UNSAFE_NAMED_QUERY none
- XML_EXTERNAL_ENTITY entity_expansion
- XML_EXTERNAL_ENTITY external_entities
- XML_EXTERNAL_ENTITY unrestricted_dtds
- XML_INJECTION none
- XPATH_INJECTION none
- XSS none
- XSS stored_xss
|
| 1164 Irrelevant Code |
- CONFIG.DEAD_AUTHORIZATION_RULE dead_allow_rule
- CONFIG.DEAD_AUTHORIZATION_RULE dead_deny_rule
- DEADCODE dead_case_in_switch
- DEADCODE dead_default_in_switch
- DEADCODE effectively_constant
- DEADCODE none
- DEADCODE redundant_test
- UNREACHABLE none
- USELESS_CALL none
|
- AUTOSAR C++14 M0-1-1 none
- DEADCODE dead_case_in_switch
- DEADCODE dead_default_in_switch
- DEADCODE effectively_constant
- DEADCODE none
- DEADCODE redundant_test
- MISRA C++-2008 Rule 0-1-1 none
- UNREACHABLE none
- USELESS_CALL none
|
- AUTOSAR C++14 M0-1-1 none
- DEADCODE dead_case_in_switch
- DEADCODE dead_default_in_switch
- DEADCODE effectively_constant
- DEADCODE none
- DEADCODE redundant_test
- MISRA C++-2008 Rule 0-1-1 none
- UNREACHABLE none
- USELESS_CALL none
|
- DEADCODE dead_case_in_switch
- DEADCODE dead_default_in_switch
- DEADCODE effectively_constant
- DEADCODE none
- DEADCODE redundant_test
|
- DEADCODE dead_case_in_switch
- DEADCODE dead_default_in_switch
- DEADCODE effectively_constant
- DEADCODE none
- DEADCODE redundant_test
- UNREACHABLE none
- USELESS_CALL none
|
- DEADCODE none
- DEADCODE redundant_test
- UNREACHABLE none
|
|
- DEADCODE dead_case_in_switch
- DEADCODE dead_default_in_switch
- DEADCODE effectively_constant
- DEADCODE none
- DEADCODE redundant_test
- UNREACHABLE none
- USELESS_CALL none
|
- DEADCODE none
- DEADCODE redundant_test
- UNREACHABLE none
|
- DEADCODE none
- DEADCODE redundant_test
- UNREACHABLE none
|
- DEADCODE none
- DEADCODE redundant_test
- UNREACHABLE none
|
- DEADCODE dead_case_in_switch
- DEADCODE dead_default_in_switch
- DEADCODE effectively_constant
- DEADCODE none
- DEADCODE redundant_test
- UNREACHABLE none
|
- DEADCODE dead_case_in_switch
- DEADCODE dead_default_in_switch
- DEADCODE effectively_constant
- DEADCODE none
- DEADCODE redundant_test
|
- DEADCODE none
- DEADCODE redundant_test
- UNREACHABLE none
|
- DEADCODE dead_case_in_switch
- DEADCODE dead_default_in_switch
- DEADCODE effectively_constant
- DEADCODE none
- DEADCODE redundant_test
- UNREACHABLE none
|
| 1165 SEI CERT C Coding Standard - Guidelines 10. Environment (ENV) |
- HEADER_INJECTION none
- OS_CMD_INJECTION command_argument
- OS_CMD_INJECTION executable_file
- OS_CMD_INJECTION none
|
- DC.PREDICTABLE_KEY_PASSWORD none
- DC.STREAM_BUFFER none
- DC.STRING_BUFFER none
- DC.WEAK_CRYPTO none
- HEADER_INJECTION none
- OS_CMD_INJECTION none
- SECURE_CODING none
- UNCAUGHT_EXCEPT none
|
- DC.PREDICTABLE_KEY_PASSWORD none
- DC.STREAM_BUFFER none
- DC.STRING_BUFFER none
- DC.WEAK_CRYPTO none
- HEADER_INJECTION none
- OS_CMD_INJECTION none
- SECURE_CODING none
- UNCAUGHT_EXCEPT none
|
- HEADER_INJECTION none
- OS_CMD_INJECTION command_as_one_string
- OS_CMD_INJECTION none
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
|
- DC.DANGEROUS none
- FB.DM_EXIT none
- FB.REC_CATCH_EXCEPTION none
- HEADER_INJECTION none
- MISSING_HEADER_VALIDATION missing_header_validation
- OS_CMD_INJECTION command_as_array_of_args
- OS_CMD_INJECTION command_as_one_string
- OS_CMD_INJECTION none
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
|
- HEADER_INJECTION none
- OS_CMD_INJECTION none
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
|
- HEADER_INJECTION none
- OS_CMD_INJECTION command_as_array_of_args
- OS_CMD_INJECTION command_as_one_string
|
- DC.PREDICTABLE_KEY_PASSWORD none
- DC.STREAM_BUFFER none
- DC.STRING_BUFFER none
- DC.WEAK_CRYPTO none
- HEADER_INJECTION none
- OS_CMD_INJECTION none
- SECURE_CODING none
- UNCAUGHT_EXCEPT none
|
- HEADER_INJECTION none
- OS_CMD_INJECTION none
|
|
- OS_CMD_INJECTION command_injection_hi
- OS_CMD_INJECTION command_injection_med
|
|
|
- HEADER_INJECTION none
- OS_CMD_INJECTION none
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
|
- HEADER_INJECTION none
- OS_CMD_INJECTION command_argument
- OS_CMD_INJECTION executable_file
- OS_CMD_INJECTION none
|
| 1166 SEI CERT C Coding Standard - Guidelines 11. Signals (SIG) |
- BAD_LOCK_OBJECT boxed_lock
- BAD_LOCK_OBJECT interned_string_lock
- BAD_LOCK_OBJECT none
- BAD_LOCK_OBJECT single_thread_lock
- BAD_LOCK_OBJECT unsafe_assign_to_locked_field
- GUARDED_BY_VIOLATION none
- LOCK_EVASION none
- LOCK_INVERSION none
- NON_STATIC_GUARDING_STATIC none
|
- ATOMICITY none
- LOCK double_lock
- LOCK missing_unlock
- LOCK none
- MISSING_LOCK none
- ORDER_REVERSAL none
- SLEEP none
|
- ATOMICITY none
- LOCK double_lock
- LOCK missing_unlock
- LOCK none
- MISSING_LOCK none
- ORDER_REVERSAL none
- SLEEP none
|
- ATOMICITY none
- GUARDED_BY_VIOLATION none
- LOCK double_lock
- LOCK missing_unlock
- LOCK none
- LOCK_INVERSION none
- SLEEP none
|
- ATOMICITY none
- BAD_LOCK_OBJECT boxed_lock
- BAD_LOCK_OBJECT interned_string_lock
- BAD_LOCK_OBJECT none
- BAD_LOCK_OBJECT single_thread_lock
- BAD_LOCK_OBJECT unsafe_assign_to_locked_field
- DC.DEADLOCK none
- FB.DC_DOUBLECHECK none
- FB.DC_PARTIALLY_CONSTRUCTED none
- FB.LI_LAZY_INIT_STATIC none
- FB.LI_LAZY_INIT_UPDATE_STATIC none
- FB.RU_INVOKE_RUN none
- GUARDED_BY_VIOLATION none
- GUARDED_BY_VIOLATION unlocked_read
- GUARDED_BY_VIOLATION unlocked_write
- LOCK_EVASION none
- LOCK_INVERSION none
- NON_STATIC_GUARDING_STATIC none
- SERVLET_ATOMICITY attribute_init_race
- SERVLET_ATOMICITY none
- SERVLET_ATOMICITY violation_on_session_object
- SINGLETON_RACE none
|
|
|
- ATOMICITY none
- LOCK double_lock
- LOCK missing_unlock
- LOCK none
- MISSING_LOCK none
- ORDER_REVERSAL none
- SLEEP none
|
|
|
|
|
|
|
|
| 1167 SEI CERT C Coding Standard - Guidelines 12. Error Handling (ERR) |
|
- BAD_COMPARE comparator_misuse
- CHECKED_RETURN library_function
- CHECKED_RETURN none
- CHECKED_RETURN returns_error_info
- CHECKED_RETURN short_read
- CHECKED_RETURN unchecked_arg
- CHECKED_RETURN user_required
- DC.PREDICTABLE_KEY_PASSWORD none
- DC.STREAM_BUFFER none
- DC.STRING_BUFFER none
- DC.WEAK_CRYPTO none
- DELETE_VOID none
- EVALUATION_ORDER none
- INCOMPATIBLE_CAST endianness
- NO_EFFECT bad_memset_zero_size
- SECURE_CODING none
|
- BAD_COMPARE comparator_misuse
- CHECKED_RETURN library_function
- CHECKED_RETURN none
- CHECKED_RETURN returns_error_info
- CHECKED_RETURN short_read
- CHECKED_RETURN unchecked_arg
- CHECKED_RETURN user_required
- DC.PREDICTABLE_KEY_PASSWORD none
- DC.STREAM_BUFFER none
- DC.STRING_BUFFER none
- DC.WEAK_CRYPTO none
- DELETE_VOID none
- EVALUATION_ORDER none
- INCOMPATIBLE_CAST endianness
- NO_EFFECT bad_memset_zero_size
- SECURE_CODING none
|
- CHECKED_RETURN none
- CHECKED_RETURN unchecked_arg
|
- CHECKED_RETURN library_function
- CHECKED_RETURN none
- CHECKED_RETURN short_read
- CHECKED_RETURN user_required
- DC.DANGEROUS none
- FB.DE_MIGHT_DROP none
- FB.DE_MIGHT_IGNORE none
- FB.RV_RETURN_VALUE_IGNORED_BAD_PRACTICE none
- ORM_LOAD_NULL_CHECK none
|
|
|
- BAD_COMPARE comparator_misuse
- CHECKED_RETURN library_function
- CHECKED_RETURN none
- CHECKED_RETURN short_read
- CHECKED_RETURN unchecked_arg
- CHECKED_RETURN user_required
- DC.PREDICTABLE_KEY_PASSWORD none
- DC.STREAM_BUFFER none
- DC.STRING_BUFFER none
- DC.WEAK_CRYPTO none
- DELETE_VOID none
- EVALUATION_ORDER none
- INCOMPATIBLE_CAST endianness
- NO_EFFECT bad_memset_zero_size
- SECURE_CODING none
|
|
|
|
|
- UNEXPECTED_CONTROL_FLOW ignored_exception_to_optional
|
|
|
| 1168 SEI CERT C Coding Standard - Guidelines 13. Application Programming Interfaces (API) |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1169 SEI CERT C Coding Standard - Guidelines 14. Concurrency (CON) |
- CONFIG.CONNECTION_STRING_PASSWORD none
- GUARDED_BY_VIOLATION none
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- INSECURE_RANDOM insecure_random_used
- INSECURE_RANDOM insecure_random_value
- LOCK_INVERSION none
- NON_STATIC_GUARDING_STATIC none
- VOLATILE_ATOMICITY compare
- VOLATILE_ATOMICITY none
- VOLATILE_ATOMICITY semantic
- VOLATILE_ATOMICITY threshold
|
- DC.PREDICTABLE_KEY_PASSWORD none
- DC.STREAM_BUFFER none
- DC.STRING_BUFFER none
- DC.WEAK_CRYPTO none
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- LOCK double_lock
- LOCK missing_unlock
- LOCK none
- MISSING_LOCK none
- ORDER_REVERSAL none
- SECURE_CODING none
- SECURE_TEMP none
- SLEEP none
|
- DC.PREDICTABLE_KEY_PASSWORD none
- DC.STREAM_BUFFER none
- DC.STRING_BUFFER none
- DC.WEAK_CRYPTO none
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- LOCK double_lock
- LOCK missing_unlock
- LOCK none
- MISSING_LOCK none
- ORDER_REVERSAL none
- SECURE_CODING none
- SECURE_TEMP none
- SLEEP none
|
- GUARDED_BY_VIOLATION none
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- LOCK double_lock
- LOCK missing_unlock
- LOCK none
- LOCK_INVERSION none
- SLEEP none
|
- CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
- CONFIG.SPRING_SECURITY_HARDCODED_CREDENTIALS none
- CONFIG.SPRING_SECURITY_REMEMBER_ME_HARDCODED_KEY none
- DC.DANGEROUS none
- DC.DEADLOCK none
- FB.DC_DOUBLECHECK none
- FB.DC_PARTIALLY_CONSTRUCTED none
- FB.DMI_CONSTANT_DB_PASSWORD none
- FB.DMI_EMPTY_DB_PASSWORD none
- FB.IS2_INCONSISTENT_SYNC none
- FB.IS_FIELD_NOT_GUARDED none
- FB.IS_INCONSISTENT_SYNC none
- FB.STCAL_INVOKE_ON_STATIC_CALENDAR_INSTANCE none
- FB.STCAL_INVOKE_ON_STATIC_DATE_FORMAT_INSTANCE none
- FB.STCAL_STATIC_CALENDAR_INSTANCE none
- FB.STCAL_STATIC_SIMPLE_DATE_FORMAT_INSTANCE none
- GUARDED_BY_VIOLATION none
- GUARDED_BY_VIOLATION unlocked_read
- GUARDED_BY_VIOLATION unlocked_write
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- INSECURE_RANDOM insecure_random_used
- INSECURE_RANDOM insecure_random_value
- LOCK_INVERSION none
- MOBILE_ID_MISUSE none
- NON_STATIC_GUARDING_STATIC none
- PREDICTABLE_RANDOM_SEED random_seed
- PREDICTABLE_RANDOM_SEED secure_random_seed_const
- PREDICTABLE_RANDOM_SEED secure_random_seed_sys_time
- VOLATILE_ATOMICITY compare
- VOLATILE_ATOMICITY none
- VOLATILE_ATOMICITY semantic
- VOLATILE_ATOMICITY threshold
|
- CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
- CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- INSECURE_RANDOM insecure_random_used
- INSECURE_RANDOM insecure_random_value
|
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- INSECURE_RANDOM insecure_random_used
- INSECURE_RANDOM insecure_random_value
- MOBILE_ID_MISUSE none
- PREDICTABLE_RANDOM_SEED random_seed
- PREDICTABLE_RANDOM_SEED secure_random_seed_const
- PREDICTABLE_RANDOM_SEED secure_random_seed_sys_time
|
- DC.PREDICTABLE_KEY_PASSWORD none
- DC.STREAM_BUFFER none
- DC.STRING_BUFFER none
- DC.WEAK_CRYPTO none
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- LOCK double_lock
- LOCK missing_unlock
- LOCK none
- MISSING_LOCK none
- ORDER_REVERSAL none
- SECURE_CODING none
- SLEEP none
|
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
|
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
|
- HARDCODED_CREDENTIALS secret_in_source_med
- UNSAFE_BASIC_AUTH basic_auth_password_hi
- UNSAFE_SESSION_SETTING session_secret_hi
|
|
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
|
- CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
- CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- INSECURE_RANDOM insecure_random_used
- INSECURE_RANDOM insecure_random_value
|
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- INSECURE_RANDOM insecure_random_used
- INSECURE_RANDOM insecure_random_value
|
| 1170 SEI CERT C Coding Standard - Guidelines 48. Miscellaneous (MSC) |
- CONFIG.CONNECTION_STRING_PASSWORD none
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- INSECURE_RANDOM insecure_random_used
- INSECURE_RANDOM insecure_random_value
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
|
- DC.PREDICTABLE_KEY_PASSWORD none
- DC.STREAM_BUFFER none
- DC.STRING_BUFFER none
- DC.WEAK_CRYPTO none
- DELETE_VOID none
- EVALUATION_ORDER none
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- INCOMPATIBLE_CAST endianness
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SECURE_CODING none
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
|
- DC.PREDICTABLE_KEY_PASSWORD none
- DC.STREAM_BUFFER none
- DC.STRING_BUFFER none
- DC.WEAK_CRYPTO none
- DELETE_VOID none
- EVALUATION_ORDER none
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- INCOMPATIBLE_CAST endianness
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SECURE_CODING none
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
|
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
|
- CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
- CONFIG.SPRING_SECURITY_HARDCODED_CREDENTIALS none
- CONFIG.SPRING_SECURITY_REMEMBER_ME_HARDCODED_KEY none
- CONFIG.SPRING_SECURITY_WEAK_PASSWORD_HASH weak_encoding_for_password
- DC.DANGEROUS none
- FB.DMI_CONSTANT_DB_PASSWORD none
- FB.DMI_EMPTY_DB_PASSWORD none
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- INSECURE_RANDOM insecure_random_used
- INSECURE_RANDOM insecure_random_value
- MOBILE_ID_MISUSE none
- PREDICTABLE_RANDOM_SEED random_seed
- PREDICTABLE_RANDOM_SEED secure_random_seed_const
- PREDICTABLE_RANDOM_SEED secure_random_seed_sys_time
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
|
- CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
- CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- INSECURE_RANDOM insecure_random_used
- INSECURE_RANDOM insecure_random_value
- INSECURE_SALT hardcoded
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO insecure_cipher
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SA.RISKY_CRYPTO ssl_protocol
|
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- INSECURE_RANDOM insecure_random_used
- INSECURE_RANDOM insecure_random_value
- MOBILE_ID_MISUSE none
- PREDICTABLE_RANDOM_SEED random_seed
- PREDICTABLE_RANDOM_SEED secure_random_seed_const
- PREDICTABLE_RANDOM_SEED secure_random_seed_sys_time
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
|
- DC.PREDICTABLE_KEY_PASSWORD none
- DC.STREAM_BUFFER none
- DC.STRING_BUFFER none
- DC.WEAK_CRYPTO none
- DELETE_VOID none
- EVALUATION_ORDER none
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- INCOMPATIBLE_CAST endianness
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SECURE_CODING none
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
|
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
|
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
|
- HARDCODED_CREDENTIALS secret_in_source_med
- RAILS_DEVISE_CONFIG devise_encryptor_hi
- UNSAFE_BASIC_AUTH basic_auth_password_hi
- UNSAFE_SESSION_SETTING session_secret_hi
- WEAK_PASSWORD_HASH weak_hash_digest_hi
- WEAK_PASSWORD_HASH weak_hash_digest_med
- WEAK_PASSWORD_HASH weak_hash_hmac_med
|
|
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
|
- CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
- CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- INSECURE_RANDOM insecure_random_used
- INSECURE_RANDOM insecure_random_value
- INSECURE_SALT hardcoded
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO insecure_cipher
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- SA.RISKY_CRYPTO ssl_protocol
|
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- INSECURE_RANDOM insecure_random_used
- INSECURE_RANDOM insecure_random_value
- RISKY_CRYPTO custom
- RISKY_CRYPTO hashing
- RISKY_CRYPTO none
- RISKY_CRYPTO ssl_protocol
- WEAK_PASSWORD_HASH weak_hash
- WEAK_PASSWORD_HASH weak_hash_no_salt
- WEAK_PASSWORD_HASH weak_hash_weak_salt
- WEAK_PASSWORD_HASH weak_salt
|
| 1171 SEI CERT C Coding Standard - Guidelines 50. POSIX (POS) |
|
- BAD_COMPARE comparator_misuse
- BUFFER_SIZE no_null_terminator
- BUFFER_SIZE no_null_terminator_warn
- CHECKED_RETURN library_function
- CHECKED_RETURN none
- CHECKED_RETURN returns_error_info
- CHECKED_RETURN short_read
- CHECKED_RETURN unchecked_arg
- CHECKED_RETURN user_required
- LOCK double_lock
- LOCK missing_unlock
- LOCK none
- ORDER_REVERSAL none
- READLINK none
- SIZECHECK no_null_terminator
- SLEEP none
- STRING_NULL none
|
- BAD_COMPARE comparator_misuse
- BUFFER_SIZE no_null_terminator
- BUFFER_SIZE no_null_terminator_warn
- CHECKED_RETURN library_function
- CHECKED_RETURN none
- CHECKED_RETURN returns_error_info
- CHECKED_RETURN short_read
- CHECKED_RETURN unchecked_arg
- CHECKED_RETURN user_required
- LOCK double_lock
- LOCK missing_unlock
- LOCK none
- ORDER_REVERSAL none
- READLINK none
- SIZECHECK no_null_terminator
- SLEEP none
- STRING_NULL none
|
- CHECKED_RETURN none
- CHECKED_RETURN unchecked_arg
- LOCK double_lock
- LOCK missing_unlock
- LOCK none
- LOCK_INVERSION none
- SLEEP none
|
- CHECKED_RETURN library_function
- CHECKED_RETURN none
- CHECKED_RETURN short_read
- CHECKED_RETURN user_required
- DC.DANGEROUS none
- DC.DEADLOCK none
- FB.DC_DOUBLECHECK none
- FB.DC_PARTIALLY_CONSTRUCTED none
- FB.DE_MIGHT_DROP none
- FB.DE_MIGHT_IGNORE none
- FB.RV_RETURN_VALUE_IGNORED_BAD_PRACTICE none
- LOCK_INVERSION none
- ORM_LOAD_NULL_CHECK none
|
|
|
- BAD_COMPARE comparator_misuse
- BUFFER_SIZE no_null_terminator
- BUFFER_SIZE no_null_terminator_warn
- CHECKED_RETURN library_function
- CHECKED_RETURN none
- CHECKED_RETURN short_read
- CHECKED_RETURN unchecked_arg
- CHECKED_RETURN user_required
- LOCK double_lock
- LOCK missing_unlock
- LOCK none
- ORDER_REVERSAL none
- READLINK none
- SIZECHECK no_null_terminator
- SLEEP none
- STRING_NULL none
|
|
|
|
|
- UNEXPECTED_CONTROL_FLOW ignored_exception_to_optional
|
|
|
| 1172 SEI CERT C Coding Standard - Guidelines 51. Microsoft Windows (WIN) |
- CALL_SUPER none
- MISSING_RESTORE likely
- MISSING_RESTORE none
- MISSING_RESTORE possible
- SWAPPED_ARGUMENTS none
|
- ALLOC_FREE_MISMATCH none
- BAD_COMPARE comparator_misuse
- BAD_COMPARE none
- BAD_FREE address
- BAD_FREE alloca
- BAD_FREE array
- BAD_FREE first_field_address
- BAD_FREE function_pointer
- BAD_FREE none
- CHECKED_RETURN library_function
- CHECKED_RETURN none
- CHECKED_RETURN returns_error_info
- CHECKED_RETURN short_read
- CHECKED_RETURN unchecked_arg
- CHECKED_RETURN user_required
- CHROOT none
- COM.BAD_FREE none
- COM.BSTR.ALLOC double_free
- INVALIDATE_ITERATOR none
- LOCK double_lock
- MISSING_RESTORE likely
- MISSING_RESTORE none
- MISSING_RESTORE possible
- NEGATIVE_RETURNS critical_argument
- OPEN_ARGS none
- PRINTF_ARGS extra_printf_arg
- PRINTF_ARGS invalid_printf_format_string
- PRINTF_ARGS invalid_type_printf_arg
- PRINTF_ARGS missing_printf_arg
- PW.BAD_PRINTF_FORMAT_STRING none
- PW.TOO_FEW_PRINTF_ARGS none
- PW.TOO_MANY_PRINTF_ARGS none
- SWAPPED_ARGUMENTS none
- UNCAUGHT_EXCEPT none
- USE_AFTER_FREE double_free
- VARARGS none
- WEAK_GUARD dns
- WEAK_GUARD dns_sensitive_op
|
- ALLOC_FREE_MISMATCH none
- BAD_COMPARE comparator_misuse
- BAD_COMPARE none
- BAD_FREE address
- BAD_FREE alloca
- BAD_FREE array
- BAD_FREE first_field_address
- BAD_FREE function_pointer
- BAD_FREE none
- CHECKED_RETURN library_function
- CHECKED_RETURN none
- CHECKED_RETURN returns_error_info
- CHECKED_RETURN short_read
- CHECKED_RETURN unchecked_arg
- CHECKED_RETURN user_required
- CHROOT none
- INVALIDATE_ITERATOR none
- LOCK double_lock
- MISSING_RESTORE likely
- MISSING_RESTORE none
- MISSING_RESTORE possible
- NEGATIVE_RETURNS critical_argument
- OPEN_ARGS none
- PRINTF_ARGS extra_printf_arg
- PRINTF_ARGS invalid_printf_format_string
- PRINTF_ARGS invalid_type_printf_arg
- PRINTF_ARGS missing_printf_arg
- PW.BAD_PRINTF_FORMAT_STRING none
- PW.TOO_FEW_PRINTF_ARGS none
- PW.TOO_MANY_PRINTF_ARGS none
- SWAPPED_ARGUMENTS none
- UNCAUGHT_EXCEPT none
- USE_AFTER_FREE double_free
- VARARGS none
- WEAK_GUARD dns
- WEAK_GUARD dns_sensitive_op
|
- CHECKED_RETURN none
- CHECKED_RETURN unchecked_arg
- LOCK double_lock
|
- ATTRIBUTE_NAME_CONFLICT jsp_tag
- BAD_CERT_VERIFICATION bad_trust_manager
- CALL_SUPER clone
- CALL_SUPER finalize
- CALL_SUPER none
- CHECKED_RETURN library_function
- CHECKED_RETURN none
- CHECKED_RETURN short_read
- CHECKED_RETURN user_required
- CONFIG.HTTP_VERB_TAMPERING none
- DC.DANGEROUS none
- FB.AM_CREATES_EMPTY_JAR_FILE_ENTRY none
- FB.AM_CREATES_EMPTY_ZIP_FILE_ENTRY none
- FB.CN_IDIOM none
- FB.CN_IDIOM_NO_SUPER_CALL none
- FB.CN_IMPLEMENTS_CLONE_BUT_NOT_CLONEABLE none
- FB.DMI_ANNOTATION_IS_NOT_VISIBLE_TO_REFLECTION none
- FB.DMI_ARGUMENTS_WRONG_ORDER none
- FB.DMI_BAD_MONTH none
- FB.DMI_BIGDECIMAL_CONSTRUCTED_FROM_DOUBLE none
- FB.DMI_BLOCKING_METHODS_ON_URL none
- FB.DMI_CALLING_NEXT_FROM_HASNEXT none
- FB.DMI_COLLECTIONS_SHOULD_NOT_CONTAIN_THEMSELVES none
- FB.DMI_COLLECTION_OF_URLS none
- FB.DMI_DOH none
- FB.DMI_ENTRY_SETS_MAY_REUSE_ENTRY_OBJECTS none
- FB.DMI_FUTILE_ATTEMPT_TO_CHANGE_MAXPOOL_SIZE_OF_SCHEDULED_THREAD none
- FB.DMI_HARDCODED_ABSOLUTE_FILENAME none
- FB.DMI_INVOKING_HASHCODE_ON_ARRAY none
- FB.DMI_INVOKING_TOSTRING_ON_ANONYMOUS_ARRAY none
- FB.DMI_INVOKING_TOSTRING_ON_ARRAY none
- FB.DMI_LONG_BITS_TO_DOUBLE_INVOKED_ON_INT none
- FB.DMI_NONSERIALIZABLE_OBJECT_WRITTEN none
- FB.DMI_RANDOM_USED_ONLY_ONCE none
- FB.DMI_SCHEDULED_THREAD_POOL_EXECUTOR_WITH_ZERO_CORE_THREADS none
- FB.DMI_THREAD_PASSED_WHERE_RUNNABLE_EXPECTED none
- FB.DMI_UNSUPPORTED_METHOD none
- FB.DMI_USELESS_SUBSTRING none
- FB.DMI_USING_REMOVEALL_TO_CLEAR_COLLECTION none
- FB.DMI_VACUOUS_CALL_TO_EASYMOCK_METHOD none
- FB.DMI_VACUOUS_SELF_COLLECTION_CALL none
- FB.DM_EXIT none
- FB.FI_EMPTY none
- FB.FI_EXPLICIT_INVOCATION none
- FB.FI_FINALIZER_NULLS_FIELDS none
- FB.FI_FINALIZER_ONLY_NULLS_FIELDS none
- FB.FI_MISSING_SUPER_CALL none
- FB.FI_NULLIFY_SUPER none
- FB.FI_USELESS none
- FB.J2EE_STORE_OF_NON_SERIALIZABLE_OBJECT_INTO_SESSION none
- FB.RV_01_TO_INT none
- FB.RV_ABSOLUTE_VALUE_OF_HASHCODE none
- FB.RV_ABSOLUTE_VALUE_OF_RANDOM_INT none
- FB.RV_CHECK_COMPARETO_FOR_SPECIFIC_RETURN_VALUE none
- FB.RV_CHECK_FOR_POSITIVE_INDEXOF none
- FB.RV_DONT_JUST_NULL_CHECK_READLINE none
- FB.RV_EXCEPTION_NOT_THROWN none
- FB.RV_NEGATING_RESULT_OF_COMPARETO none
- FB.RV_REM_OF_HASHCODE none
- FB.RV_REM_OF_RANDOM_INT none
- FB.RV_RETURN_VALUE_IGNORED none
- FB.RV_RETURN_VALUE_IGNORED2 none
- FB.RV_RETURN_VALUE_IGNORED_BAD_PRACTICE none
- FB.RV_RETURN_VALUE_IGNORED_INFERRED none
- FB.RV_RETURN_VALUE_IGNORED_NO_SIDE_EFFECT none
- FB.RV_RETURN_VALUE_OF_PUTIFABSENT_IGNORED none
- INSECURE_HTTP_FIREWALL spring_security
- INVALIDATE_ITERATOR map_put
- INVALIDATE_ITERATOR none
- MISSING_RESTORE likely
- MISSING_RESTORE none
- MISSING_RESTORE possible
- ORM_LOAD_NULL_CHECK none
- SWAPPED_ARGUMENTS none
- WEAK_GUARD dns
- WEAK_GUARD dns_sensitive_op
|
- EXPLICIT_THIS_EXPECTED none
- IDENTIFIER_TYPO none
|
- BAD_CERT_VERIFICATION bad_trust_manager
|
- ALLOC_FREE_MISMATCH none
- BAD_COMPARE comparator_misuse
- BAD_COMPARE none
- BAD_FREE address
- BAD_FREE alloca
- BAD_FREE array
- BAD_FREE first_field_address
- BAD_FREE function_pointer
- BAD_FREE none
- CHECKED_RETURN library_function
- CHECKED_RETURN none
- CHECKED_RETURN short_read
- CHECKED_RETURN unchecked_arg
- CHECKED_RETURN user_required
- CHROOT none
- INVALIDATE_ITERATOR none
- LOCK double_lock
- MISSING_RESTORE likely
- MISSING_RESTORE none
- MISSING_RESTORE possible
- NEGATIVE_RETURNS critical_argument
- OPEN_ARGS none
- PRINTF_ARGS extra_printf_arg
- PRINTF_ARGS invalid_printf_format_string
- PRINTF_ARGS invalid_type_printf_arg
- PRINTF_ARGS missing_printf_arg
- SWAPPED_ARGUMENTS none
- UNCAUGHT_EXCEPT none
- USE_AFTER_FREE double_free
- VARARGS none
- WEAK_GUARD dns
- WEAK_GUARD dns_sensitive_op
|
|
|
|
|
- BAD_CERT_VERIFICATION bad_trust_manager
|
- EXPLICIT_THIS_EXPECTED none
- IDENTIFIER_TYPO none
|
- CALL_SUPER none
- SWAPPED_ARGUMENTS none
|
| 1173 Improper Use of Validation Framework |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1174 ASP.NET Misconfiguration: Improper Model Validation |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1175 SEI CERT Oracle Secure Coding Standard for Java - Guidelines 18. Concurrency (CON) |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1176 Inefficient CPU Computation |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1177 Use of Prohibited Code |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1178 Weaknesses Addressed by the SEI CERT Perl Coding Standard |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1179 SEI CERT Perl Coding Standard - Guidelines 01. Input Validation and Data Sanitization (IDS) |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1180 SEI CERT Perl Coding Standard - Guidelines 02. Declarations and Initialization (DCL) |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1181 SEI CERT Perl Coding Standard - Guidelines 03. Expressions (EXP) |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1182 SEI CERT Perl Coding Standard - Guidelines 04. Integers (INT) |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1183 SEI CERT Perl Coding Standard - Guidelines 05. Strings (STR) |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1184 SEI CERT Perl Coding Standard - Guidelines 06. Object-Oriented Programming (OOP) |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1185 SEI CERT Perl Coding Standard - Guidelines 07. File Input and Output (FIO) |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1186 SEI CERT Perl Coding Standard - Guidelines 50. Miscellaneous (MSC) |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1187 DEPRECATED: Use of Uninitialized Resource |
|
|
|
|
|
- UNSAFE_BUFFER_METHOD unsafe_buffer_method
|
|
|
|
|
|
|
|
- UNSAFE_BUFFER_METHOD unsafe_buffer_method
|
|
| 1188 Insecure Default Initialization of Resource |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1189 Improper Isolation of Shared Resources on System-on-a-Chip (SoC) |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1190 DMA Device Enabled Too Early in Boot Phase |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1191 Exposed Chip Debug and Test Interface With Insufficient or Missing Authorization |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1192 System-on-Chip (SoC) Using Components without Unique, Immutable Identifiers |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1193 Power-On of Untrusted Execution Core Before Enabling Fabric Access Control |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1194 Hardware Design |
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- URL_MANIPULATION none
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- URL_MANIPULATION none
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- URL_MANIPULATION none
|
- FB.DMI_ANNOTATION_IS_NOT_VISIBLE_TO_REFLECTION none
- FB.DMI_ARGUMENTS_WRONG_ORDER none
- FB.DMI_BAD_MONTH none
- FB.DMI_BIGDECIMAL_CONSTRUCTED_FROM_DOUBLE none
- FB.DMI_BLOCKING_METHODS_ON_URL none
- FB.DMI_CALLING_NEXT_FROM_HASNEXT none
- FB.DMI_COLLECTIONS_SHOULD_NOT_CONTAIN_THEMSELVES none
- FB.DMI_COLLECTION_OF_URLS none
- FB.DMI_DOH none
- FB.DMI_ENTRY_SETS_MAY_REUSE_ENTRY_OBJECTS none
- FB.DMI_FUTILE_ATTEMPT_TO_CHANGE_MAXPOOL_SIZE_OF_SCHEDULED_THREAD none
- FB.DMI_HARDCODED_ABSOLUTE_FILENAME none
- FB.DMI_INVOKING_HASHCODE_ON_ARRAY none
- FB.DMI_INVOKING_TOSTRING_ON_ANONYMOUS_ARRAY none
- FB.DMI_INVOKING_TOSTRING_ON_ARRAY none
- FB.DMI_LONG_BITS_TO_DOUBLE_INVOKED_ON_INT none
- FB.DMI_NONSERIALIZABLE_OBJECT_WRITTEN none
- FB.DMI_RANDOM_USED_ONLY_ONCE none
- FB.DMI_SCHEDULED_THREAD_POOL_EXECUTOR_WITH_ZERO_CORE_THREADS none
- FB.DMI_THREAD_PASSED_WHERE_RUNNABLE_EXPECTED none
- FB.DMI_UNSUPPORTED_METHOD none
- FB.DMI_USELESS_SUBSTRING none
- FB.DMI_USING_REMOVEALL_TO_CLEAR_COLLECTION none
- FB.DMI_VACUOUS_CALL_TO_EASYMOCK_METHOD none
- FB.DMI_VACUOUS_SELF_COLLECTION_CALL none
- FB.RV_01_TO_INT none
- FB.RV_ABSOLUTE_VALUE_OF_HASHCODE none
- FB.RV_ABSOLUTE_VALUE_OF_RANDOM_INT none
- FB.RV_CHECK_COMPARETO_FOR_SPECIFIC_RETURN_VALUE none
- FB.RV_CHECK_FOR_POSITIVE_INDEXOF none
- FB.RV_DONT_JUST_NULL_CHECK_READLINE none
- FB.RV_EXCEPTION_NOT_THROWN none
- FB.RV_NEGATING_RESULT_OF_COMPARETO none
- FB.RV_REM_OF_HASHCODE none
- FB.RV_REM_OF_RANDOM_INT none
- FB.RV_RETURN_VALUE_IGNORED none
- FB.RV_RETURN_VALUE_IGNORED2 none
- FB.RV_RETURN_VALUE_IGNORED_INFERRED none
- FB.RV_RETURN_VALUE_IGNORED_NO_SIDE_EFFECT none
- FB.RV_RETURN_VALUE_OF_PUTIFABSENT_IGNORED none
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- URL_MANIPULATION bad_content_uri
- URL_MANIPULATION bad_intent_uri
- URL_MANIPULATION bad_web_uri
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- URL_MANIPULATION none
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- URL_MANIPULATION bad_content_uri
- URL_MANIPULATION bad_intent_uri
- URL_MANIPULATION bad_web_uri
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- URL_MANIPULATION none
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
|
|
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- URL_MANIPULATION none
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
|
| 1195 Manufacturing and Life Cycle Management Concerns |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1196 Security Flow Issues |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1197 Integration Issues |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1198 Privilege Separation and Access Control Issues |
|
|
|
|
- URL_MANIPULATION bad_content_uri
- URL_MANIPULATION bad_intent_uri
- URL_MANIPULATION bad_web_uri
|
|
- URL_MANIPULATION bad_content_uri
- URL_MANIPULATION bad_intent_uri
- URL_MANIPULATION bad_web_uri
|
|
|
|
|
|
|
|
|
| 1199 General Circuit and Logic Design Concerns |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1200 Weaknesses in the 2019 CWE Top 25 Most Dangerous Software Errors |
- ASPNET_MVC_VERSION_HEADER none
- CONFIG.ASPNET_VERSION_HEADER none
- CONFIG.CONNECTION_STRING_PASSWORD none
- CONFIG.COOKIES_MISSING_HTTPONLY none
- CONFIG.DYNAMIC_DATA_HTML_COMMENT none
- CONFIG.ENABLED_DEBUG_MODE none
- CONFIG.ENABLED_TRACE_MODE none
- CSRF database_update
- CSRF filesystem_modification
- CSRF none
- FORWARD_NULL deref_constant_null
- FORWARD_NULL deref_constant_zero
- FORWARD_NULL dynamic_cast
- FORWARD_NULL none
- FORWARD_NULL null_from_as
- FORWARD_NULL throws_on_null
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HEADER_INJECTION none
- INSECURE_COOKIE dotnet
- LDAP_INJECTION none
- LDAP_NOT_CONSTANT none
- LOG_INJECTION none
- MISSING_AUTHZ none
- NOSQL_QUERY_INJECTION none
- NULL_RETURNS none
- NULL_RETURNS unimpl
- OPEN_REDIRECT none
- OS_CMD_INJECTION command_argument
- OS_CMD_INJECTION executable_file
- OS_CMD_INJECTION none
- OVERFLOW_BEFORE_WIDEN none
- PATH_MANIPULATION none
- REGEX_INJECTION none
- REVERSE_INULL none
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- UNKNOWN_LANGUAGE_INJECTION none
- UNRESTRICTED_DISPATCH none
- UNSAFE_DESERIALIZATION none
- UNSAFE_NAMED_QUERY none
- XML_EXTERNAL_ENTITY external_entities
- XML_EXTERNAL_ENTITY unrestricted_dtds
- XML_INJECTION none
- XPATH_INJECTION none
- XSS none
- XSS stored_xss
|
- ARRAY_VS_SINGLETON none
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK nested_memory_access
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK sensitive_data_comparison
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_execution_data_leak
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_uninitialized_use
- AUTOSAR C++14 A15-3-3 none
- BAD_ALLOC_ARITHMETIC none
- BUFFER_SIZE fixed_size_dest
- BUFFER_SIZE likely_overflow
- BUFFER_SIZE no_null_terminator
- BUFFER_SIZE no_null_terminator_warn
- BUFFER_SIZE none
- BUFFER_SIZE overflow
- BUFFER_SIZE overlapping_buffer
- COM.ADDROF_LEAK none
- COM.BAD_FREE none
- COM.BSTR.ALLOC double_free
- COM.BSTR.ALLOC free_uninit
- COM.BSTR.ALLOC leak
- COM.BSTR.ALLOC none
- COM.BSTR.ALLOC use_after_free
- COM.BSTR.ALLOC use_uninit
- COM.BSTR.CONV none
- CTOR_DTOR_LEAK none
- FORMAT_STRING_INJECTION none
- FORMAT_STRING_INJECTION paranoid
- FORWARD_NULL deref_constant_null
- FORWARD_NULL dynamic_cast
- FORWARD_NULL none
- FORWARD_NULL throws_on_null
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HEADER_INJECTION none
- INCOMPATIBLE_CAST overrun
- INTEGER_OVERFLOW array_index_read
- INTEGER_OVERFLOW array_index_write
- INTEGER_OVERFLOW const_overflow
- INTEGER_OVERFLOW critical_argument
- INTEGER_OVERFLOW none
- INTEGER_OVERFLOW pointer_deref_read
- INTEGER_OVERFLOW pointer_deref_write
- INTEGER_OVERFLOW return_value_error
- INVALIDATE_ITERATOR none
- MISMATCHED_ITERATOR none
- MISMATCHED_ITERATOR splice_iterator_mismatch
- MISRA C++-2008 Rule 15-3-2 none
- MISSING_ASSIGN none
- MISSING_ASSIGN uncalled
- MISSING_COPY none
- MISSING_COPY uncalled
- NEGATIVE_RETURNS array_index_read
- NEGATIVE_RETURNS array_index_write
- NEGATIVE_RETURNS loop_bound
- NO_EFFECT incomplete_delete
- NULL_RETURNS none
- NULL_RETURNS unimpl
- OS_CMD_INJECTION none
- OVERFLOW_BEFORE_WIDEN none
- OVERRUN illegal_address
- OVERRUN none
- OVERRUN read
- OVERRUN strlen
- OVERRUN write
- PATH_MANIPULATION none
- PW.INTEGER_OVERFLOW none
- PW.INTEGER_TOO_LARGE none
- PW.NON_CONST_PRINTF_FORMAT_STRING none
- PW.SHIFT_COUNT_TOO_LARGE none
- READLINK none
- RESOURCE_LEAK fds_handles
- REVERSE_INULL none
- REVERSE_NEGATIVE array_index_read
- REVERSE_NEGATIVE array_index_write
- REVERSE_NEGATIVE critical_argument
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SIZECHECK likely_overflow
- SIZECHECK no_null_terminator
- SQLI none
- STACK_USE none
- STRING_NULL none
- STRING_OVERFLOW fixed_size_dest
- STRING_OVERFLOW likely_overflow
- STRING_OVERFLOW none
- STRING_SIZE none
- TAINTED_SCALAR allocation
- TAINTED_SCALAR array_index_read
- TAINTED_SCALAR array_index_write
- TAINTED_SCALAR critical_argument
- TAINTED_SCALAR divisor
- TAINTED_SCALAR loop_bound
- TAINTED_SCALAR none
- TAINTED_SCALAR pointer_deref_read
- TAINTED_SCALAR pointer_deref_write
- TAINTED_STRING none
- UNCAUGHT_EXCEPT none
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- URL_MANIPULATION none
- USER_POINTER none
- USE_AFTER_FREE deref_read_after_free
- USE_AFTER_FREE deref_write_after_free
- USE_AFTER_FREE double_free
- USE_AFTER_FREE none
- VIRTUAL_DTOR empty_dtor
- VIRTUAL_DTOR none
- WEAK_GUARD dns
- WEAK_GUARD dns_sensitive_op
- WEAK_GUARD http_referer
- WEAK_GUARD http_referer_sensitive_op
- WEAK_GUARD ip_address
- WEAK_GUARD ip_address_sensitive_op
- WEAK_GUARD none
- WEAK_GUARD os_login
- WEAK_GUARD os_login_sensitive_op
- WEAK_GUARD principal_name
- WEAK_GUARD principal_name_sensitive_op
- WRAPPER_ESCAPE COM_deref_read_after_free
- WRAPPER_ESCAPE COM_deref_write_after_free
- WRAPPER_ESCAPE COM_use_after_free
- WRAPPER_ESCAPE deref_read_after_free
- WRAPPER_ESCAPE deref_write_after_free
- WRAPPER_ESCAPE none
- XPATH_INJECTION none
|
- ARRAY_VS_SINGLETON none
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK nested_memory_access
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK sensitive_data_comparison
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_execution_data_leak
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_uninitialized_use
- AUTOSAR C++14 A15-3-3 none
- BAD_ALLOC_ARITHMETIC none
- BUFFER_SIZE fixed_size_dest
- BUFFER_SIZE likely_overflow
- BUFFER_SIZE no_null_terminator
- BUFFER_SIZE no_null_terminator_warn
- BUFFER_SIZE none
- BUFFER_SIZE overflow
- BUFFER_SIZE overlapping_buffer
- CTOR_DTOR_LEAK none
- FORMAT_STRING_INJECTION none
- FORMAT_STRING_INJECTION paranoid
- FORWARD_NULL deref_constant_null
- FORWARD_NULL dynamic_cast
- FORWARD_NULL none
- FORWARD_NULL throws_on_null
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HEADER_INJECTION none
- INCOMPATIBLE_CAST overrun
- INTEGER_OVERFLOW array_index_read
- INTEGER_OVERFLOW array_index_write
- INTEGER_OVERFLOW const_overflow
- INTEGER_OVERFLOW critical_argument
- INTEGER_OVERFLOW none
- INTEGER_OVERFLOW pointer_deref_read
- INTEGER_OVERFLOW pointer_deref_write
- INTEGER_OVERFLOW return_value_error
- INVALIDATE_ITERATOR none
- MISMATCHED_ITERATOR none
- MISMATCHED_ITERATOR splice_iterator_mismatch
- MISRA C++-2008 Rule 15-3-2 none
- MISSING_ASSIGN none
- MISSING_ASSIGN uncalled
- MISSING_COPY none
- MISSING_COPY uncalled
- NEGATIVE_RETURNS array_index_read
- NEGATIVE_RETURNS array_index_write
- NEGATIVE_RETURNS loop_bound
- NO_EFFECT incomplete_delete
- NULL_RETURNS none
- NULL_RETURNS unimpl
- OS_CMD_INJECTION none
- OVERFLOW_BEFORE_WIDEN none
- OVERRUN illegal_address
- OVERRUN none
- OVERRUN read
- OVERRUN strlen
- OVERRUN write
- PATH_MANIPULATION none
- PW.INTEGER_OVERFLOW none
- PW.INTEGER_TOO_LARGE none
- PW.NON_CONST_PRINTF_FORMAT_STRING none
- PW.SHIFT_COUNT_TOO_LARGE none
- READLINK none
- RESOURCE_LEAK fds_handles
- REVERSE_INULL none
- REVERSE_NEGATIVE array_index_read
- REVERSE_NEGATIVE array_index_write
- REVERSE_NEGATIVE critical_argument
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SIZECHECK likely_overflow
- SIZECHECK no_null_terminator
- SQLI none
- STACK_USE none
- STRING_NULL none
- STRING_OVERFLOW fixed_size_dest
- STRING_OVERFLOW likely_overflow
- STRING_OVERFLOW none
- STRING_SIZE none
- TAINTED_SCALAR allocation
- TAINTED_SCALAR array_index_read
- TAINTED_SCALAR array_index_write
- TAINTED_SCALAR critical_argument
- TAINTED_SCALAR divisor
- TAINTED_SCALAR loop_bound
- TAINTED_SCALAR none
- TAINTED_SCALAR pointer_deref_read
- TAINTED_SCALAR pointer_deref_write
- TAINTED_STRING none
- UNCAUGHT_EXCEPT none
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- URL_MANIPULATION none
- USER_POINTER none
- USE_AFTER_FREE deref_read_after_free
- USE_AFTER_FREE deref_write_after_free
- USE_AFTER_FREE double_free
- USE_AFTER_FREE none
- VIRTUAL_DTOR empty_dtor
- VIRTUAL_DTOR none
- WEAK_GUARD dns
- WEAK_GUARD dns_sensitive_op
- WEAK_GUARD http_referer
- WEAK_GUARD http_referer_sensitive_op
- WEAK_GUARD ip_address
- WEAK_GUARD ip_address_sensitive_op
- WEAK_GUARD none
- WEAK_GUARD os_login
- WEAK_GUARD os_login_sensitive_op
- WEAK_GUARD principal_name
- WEAK_GUARD principal_name_sensitive_op
- WRAPPER_ESCAPE COM_deref_read_after_free
- WRAPPER_ESCAPE COM_deref_write_after_free
- WRAPPER_ESCAPE COM_use_after_free
- WRAPPER_ESCAPE deref_read_after_free
- WRAPPER_ESCAPE deref_write_after_free
- WRAPPER_ESCAPE none
- XPATH_INJECTION none
|
- DISTRUSTED_DATA_DESERIALIZATION none
- FORWARD_NULL deref_constant_null
- FORWARD_NULL none
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HEADER_INJECTION none
- NOSQL_QUERY_INJECTION none
- NULL_RETURNS none
- NULL_RETURNS unimpl
- OPEN_REDIRECT none
- OS_CMD_INJECTION command_as_one_string
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- REVERSE_INULL none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
- TEMPLATE_INJECTION none
- URL_MANIPULATION none
- XML_EXTERNAL_ENTITY external_entities
- XSS none
|
- ANDROID_DEBUG_MODE none
- BAD_CERT_VERIFICATION bad_hostname_verifier
- BAD_CERT_VERIFICATION bad_revocation_check
- BAD_CERT_VERIFICATION bad_ssl_session
- BAD_CERT_VERIFICATION bad_trust_manager
- CONFIG.ANDROID_BACKUPS_ALLOWED android
- CONFIG.DWR_DEBUG_MODE none
- CONFIG.DYNAMIC_DATA_HTML_COMMENT none
- CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
- CONFIG.JAVAEE_MISSING_HTTPONLY none
- CONFIG.MISSING_JSF2_SECURITY_CONSTRAINT none
- CONFIG.MYBATIS_MAPPER_SQLI none
- CONFIG.SPRING_BOOT_SENSITIVE_LOGGING spring_boot_logging
- CONFIG.SPRING_BOOT_SSL_DISABLED spring_boot_certificate_validation_skipped
- CONFIG.SPRING_BOOT_SSL_DISABLED spring_boot_ssl_disabled
- CONFIG.SPRING_SECURITY_CSRF_PROTECTION_DISABLED spring_security
- CONFIG.SPRING_SECURITY_DEBUG_MODE spring_debug_mode_enabled
- CONFIG.SPRING_SECURITY_DEPRECATED_XSS_HEADER deprecated_xss_header
- CONFIG.SPRING_SECURITY_EXPOSED_SESSIONID session_id_in_url
- CONFIG.SPRING_SECURITY_HARDCODED_CREDENTIALS none
- CONFIG.SPRING_SECURITY_LOGIN_OVER_HTTP spring_security_login_over_http
- CONFIG.SPRING_SECURITY_REMEMBER_ME_HARDCODED_KEY none
- CONFIG.SPRING_SECURITY_SESSION_FIXATION none
- CONFIG.SPRING_SECURITY_SESSION_FIXATION spring_security_source_code
- CONFIG.SPRING_SECURITY_UNSAFE_AUTHENTICATION_FILTER authentication_filter
- CONFIG.SPRING_SECURITY_WEAK_PASSWORD_HASH weak_encoding_for_password
- CONFIG.STRUTS2_CONFIG_BROWSER_PLUGIN none
- CONFIG.STRUTS2_DYNAMIC_METHOD_INVOCATION none
- CONFIG.STRUTS2_ENABLED_DEV_MODE none
- CORS_MISCONFIGURATION cors_with_credentials_null_origin
- CORS_MISCONFIGURATION_AUDIT cors_expose_sensitive_header
- CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
- CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
- CSRF database_update
- CSRF filesystem_modification
- CSRF none
- DISABLED_ENCRYPTION text_encryptor
- EL_INJECTION none
- EXPOSED_PREFERENCES none
- FB.BC_NULL_INSTANCEOF none
- FB.DMI_CONSTANT_DB_PASSWORD none
- FB.DMI_EMPTY_DB_PASSWORD none
- FB.HRS_REQUEST_PARAMETER_TO_COOKIE none
- FB.HRS_REQUEST_PARAMETER_TO_HTTP_HEADER none
- FB.NP_ALWAYS_NULL none
- FB.NP_ALWAYS_NULL_EXCEPTION none
- FB.NP_ARGUMENT_MIGHT_BE_NULL none
- FB.NP_BOOLEAN_RETURN_NULL none
- FB.NP_CLONE_COULD_RETURN_NULL none
- FB.NP_CLOSING_NULL none
- FB.NP_DEREFERENCE_OF_READLINE_VALUE none
- FB.NP_DOES_NOT_HANDLE_NULL none
- FB.NP_EQUALS_SHOULD_HANDLE_NULL_ARGUMENT none
- FB.NP_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR none
- FB.NP_GUARANTEED_DEREF none
- FB.NP_GUARANTEED_DEREF_ON_EXCEPTION_PATH none
- FB.NP_IMMEDIATE_DEREFERENCE_OF_READLINE none
- FB.NP_LOAD_OF_KNOWN_NULL_VALUE none
- FB.NP_METHOD_PARAMETER_RELAXING_ANNOTATION none
- FB.NP_METHOD_PARAMETER_TIGHTENS_ANNOTATION none
- FB.NP_METHOD_RETURN_RELAXING_ANNOTATION none
- FB.NP_NONNULL_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR none
- FB.NP_NONNULL_PARAM_VIOLATION none
- FB.NP_NONNULL_RETURN_VIOLATION none
- FB.NP_NULL_INSTANCEOF none
- FB.NP_NULL_ON_SOME_PATH none
- FB.NP_NULL_ON_SOME_PATH_EXCEPTION none
- FB.NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE none
- FB.NP_NULL_ON_SOME_PATH_MIGHT_BE_INFEASIBLE none
- FB.NP_NULL_PARAM_DEREF none
- FB.NP_NULL_PARAM_DEREF_ALL_TARGETS_DANGEROUS none
- FB.NP_NULL_PARAM_DEREF_NONVIRTUAL none
- FB.NP_OPTIONAL_RETURN_NULL none
- FB.NP_PARAMETER_MUST_BE_NONNULL_BUT_MARKED_AS_NULLABLE none
- FB.NP_STORE_INTO_NONNULL_FIELD none
- FB.NP_TOSTRING_COULD_RETURN_NULL none
- FB.NP_UNWRITTEN_FIELD none
- FB.NP_UNWRITTEN_PUBLIC_OR_PROTECTED_FIELD none
- FB.PT_ABSOLUTE_PATH_TRAVERSAL none
- FB.PT_RELATIVE_PATH_TRAVERSAL none
- FB.RCN_REDUNDANT_COMPARISON_OF_NULL_AND_NONNULL_VALUE none
- FB.RCN_REDUNDANT_COMPARISON_TWO_NULL_VALUES none
- FB.RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE none
- FB.RCN_REDUNDANT_NULLCHECK_OF_NULL_VALUE none
- FB.RCN_REDUNDANT_NULLCHECK_WOULD_HAVE_BEEN_A_NPE none
- FB.SQL_NONCONSTANT_STRING_PASSED_TO_EXECUTE none
- FB.SQL_PREPARED_STATEMENT_GENERATED_FROM_NONCONSTANT_STRING none
- FB.XSS_REQUEST_PARAMETER_TO_JSP_WRITER none
- FB.XSS_REQUEST_PARAMETER_TO_SEND_ERROR none
- FB.XSS_REQUEST_PARAMETER_TO_SERVLET_WRITER none
- FORWARD_NULL deref_constant_null
- FORWARD_NULL deref_constant_zero
- FORWARD_NULL needs_null_check
- FORWARD_NULL none
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HEADER_INJECTION none
- INSECURE_COMMUNICATION insecure_communication
- INSECURE_COMMUNICATION none
- INSECURE_COMMUNICATION unencrypted_connection
- INVALIDATE_ITERATOR map_put
- INVALIDATE_ITERATOR none
- JAVA_CODE_INJECTION none
- JCR_INJECTION none
- JSP_DYNAMIC_INCLUDE none
- JSP_SQL_INJECTION none
- LDAP_INJECTION none
- LDAP_NOT_CONSTANT none
- LOG_INJECTION none
- MISSING_AUTHZ none
- MISSING_HEADER_VALIDATION missing_header_validation
- NOSQL_QUERY_INJECTION none
- NULL_RETURNS none
- NULL_RETURNS unimpl
- OGNL_INJECTION none
- OPEN_REDIRECT none
- OS_CMD_INJECTION command_as_array_of_args
- OS_CMD_INJECTION command_as_one_string
- OS_CMD_INJECTION none
- OVERFLOW_BEFORE_WIDEN none
- PATH_MANIPULATION none
- REGEX_INJECTION none
- REVERSE_INULL none
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_clipboard
- SENSITIVE_DATA_LEAK cleartext_storage_in_content_provider
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_intent
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SESSION_FIXATION none
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- UNKNOWN_LANGUAGE_INJECTION none
- UNLIMITED_CONCURRENT_SESSIONS unlimited_concurrent_sessions
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_access
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_read
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_write
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_access
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_read
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_write
- UNRESTRICTED_DISPATCH none
- UNSAFE_DESERIALIZATION none
- UNSAFE_JNI none
- UNSAFE_NAMED_QUERY none
- UNSAFE_REFLECTION none
- URL_MANIPULATION bad_content_uri
- URL_MANIPULATION bad_intent_uri
- URL_MANIPULATION bad_web_uri
- VERBOSE_ERROR_REPORTING exception_information
- VERBOSE_ERROR_REPORTING stack_trace
- WEAK_GUARD dns
- WEAK_GUARD dns_sensitive_op
- WEAK_GUARD http_referer
- WEAK_GUARD http_referer_sensitive_op
- WEAK_GUARD ip_address
- WEAK_GUARD ip_address_sensitive_op
- WEAK_GUARD none
- WEAK_GUARD os_login
- WEAK_GUARD os_login_sensitive_op
- WEAK_GUARD principal_name
- WEAK_GUARD principal_name_sensitive_op
- XML_EXTERNAL_ENTITY external_entities
- XML_EXTERNAL_ENTITY unrestricted_dtds
- XML_INJECTION none
- XPATH_INJECTION none
- XSS none
- XSS stored_xss
|
- ANGULAR_BYPASS_SECURITY none
- ANGULAR_ELEMENT_REFERENCE none
- ANGULAR_EXPRESSION_INJECTION none
- ANGULAR_SCE_DISABLED angular_sce_disabled
- AWS_SSL_DISABLED aws_ssl_disabled
- AWS_VALIDATION_DISABLED aws_credentials_validation
- AWS_VALIDATION_DISABLED aws_parameters_validation
- BAD_CERT_VERIFICATION bad_cert_verification
- BAD_CERT_VERIFICATION certificate_validation_disabled
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_fields
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_filesize
- CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
- CONFIG.CORDOVA_EXCESSIVE_LOGGING cordova
- CONFIG.CSURF_IGNORE_METHODS csurf_ignore_methods
- CONFIG.ENABLED_DEBUG_MODE debug_mode_enabled
- CONFIG.HANA_XS_PREVENT_XSRF_DISABLED none
- CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
- CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
- CONFIG.MYSQL_SSL_VERIFY_DISABLED mysql_ssl_verify_disabled
- CONFIG.REQUEST_STRICTSSL_DISABLED request_strictssl_disabled
- CONFIG.SEQUELIZE_ENABLED_LOGGING sequelize_logging_enabled
- CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
- CONFIG.SOCKETIO_MAXHTTPBUFFERSIZE_SET_TOO_LARGE socketio_max_buffer_size
- CONFIG.SOCKETIO_ORIGINS_ACCEPT_ALL socketio_all_origins
- CONFIG.VUE_ROUTER_PARAMS_EXPOSED_TO_PROPS vuerouter_exposed_params
- COOKIE_INJECTION none
- CORS_MISCONFIGURATION cors_configured_globally
- CORS_MISCONFIGURATION cors_origin_string
- CORS_MISCONFIGURATION cors_with_credentials_all_origin
- CORS_MISCONFIGURATION cors_with_credentials_null_origin
- CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
- CORS_MISCONFIGURATION_AUDIT cors_expose_sensitive_header
- CORS_MISCONFIGURATION_AUDIT cors_headers_allowed
- CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
- CORS_MISCONFIGURATION_AUDIT cors_origin_string
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_all_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_null_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
- CSRF database_update
- CSRF filesystem_modification
- CSRF none
- CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_cookie_name
- CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_no_validation
- CSRF_MISCONFIGURATION_HAPI_CRUMB insecure_cookie
- CSRF_MISCONFIGURATION_HAPI_CRUMB insufficient_token_entropy
- CSS_INJECTION none
- DNS_PREFETCHING helmet_dns_prefetching
- DOM_XSS none
- EXPRESS_SESSION_UNSAFE_MEMORYSTORE express_session_unsafe_memorystore
- EXPRESS_WINSTON_SENSITIVE_LOGGING error_logger
- EXPRESS_WINSTON_SENSITIVE_LOGGING meta_data
- EXPRESS_WINSTON_SENSITIVE_LOGGING request_logger
- EXPRESS_X_POWERED_BY_ENABLED x_powered_by_http_header
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_fields
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_filesize
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_use_temp_files
- FORWARD_NULL bad_null_value_use
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HEADER_INJECTION none
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_max_age
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_report_uri
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_set_if
- INSECURE_ACL insecure_acl
- INSECURE_COMMUNICATION insecure_connection
- INSECURE_COOKIE client_sessions_express_session
- INSECURE_COOKIE hapi_server_session
- INSECURE_REFERRER_POLICY insecure_referrer_policy
- LOCALSTORAGE_MANIPULATION none
- MISSING_AUTHZ none
- MULTER_MISCONFIGURATION multer_applied_globally
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_count
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
- MULTER_MISCONFIGURATION multer_misconfiguration_of_limits
- MULTER_MISCONFIGURATION multer_misconfiguration_of_storage
- NOSQL_QUERY_INJECTION none
- NULL_RETURNS none
- OPEN_REDIRECT none
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- REACT_DANGEROUS_INNERHTML react_set_unsafe_html
- REGEX_INJECTION none
- REVERSE_INULL none
- REVERSE_TABNABBING react_target_blank
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SESSIONSTORAGE_MANIPULATION none
- SQLI none
- SQLI nosink
- SQLI sink
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
- TEMPLATE_INJECTION none
- UNLESS_CASE_SENSITIVE_ROUTE_MATCHING express_unless_case_sensitive_route_matching
- UNSAFE_BUFFER_METHOD unsafe_buffer_method
- UNSAFE_DESERIALIZATION none
- URL_MANIPULATION none
- VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
- WEAK_URL_SANITIZATION hostname_regular_expression
- WEAK_URL_SANITIZATION regular_expression_anchor
- WEAK_URL_SANITIZATION url_substring
- XML_EXTERNAL_ENTITY external_entities
- XSS none
|
- ANDROID_DEBUG_MODE none
- BAD_CERT_VERIFICATION bad_hostname_verifier
- BAD_CERT_VERIFICATION bad_revocation_check
- BAD_CERT_VERIFICATION bad_ssl_session
- BAD_CERT_VERIFICATION bad_trust_manager
- CONFIG.ANDROID_BACKUPS_ALLOWED android
- EXPOSED_PREFERENCES none
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HEADER_INJECTION none
- INSECURE_COMMUNICATION none
- OS_CMD_INJECTION command_as_array_of_args
- OS_CMD_INJECTION command_as_one_string
- PATH_MANIPULATION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_clipboard
- SENSITIVE_DATA_LEAK cleartext_storage_in_content_provider
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_intent
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_access
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_read
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_write
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_access
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_read
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_write
- UNSAFE_DESERIALIZATION none
- URL_MANIPULATION bad_content_uri
- URL_MANIPULATION bad_intent_uri
- URL_MANIPULATION bad_web_uri
- XML_EXTERNAL_ENTITY external_entities
- XML_EXTERNAL_ENTITY unrestricted_dtds
|
- ARRAY_VS_SINGLETON none
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK nested_memory_access
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK sensitive_data_comparison
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_execution_data_leak
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_uninitialized_use
- BAD_ALLOC_ARITHMETIC none
- BUFFER_SIZE fixed_size_dest
- BUFFER_SIZE likely_overflow
- BUFFER_SIZE no_null_terminator
- BUFFER_SIZE no_null_terminator_warn
- BUFFER_SIZE none
- BUFFER_SIZE overflow
- BUFFER_SIZE overlapping_buffer
- CTOR_DTOR_LEAK none
- FORMAT_STRING_INJECTION none
- FORMAT_STRING_INJECTION paranoid
- FORWARD_NULL deref_constant_null
- FORWARD_NULL dynamic_cast
- FORWARD_NULL none
- FORWARD_NULL throws_on_null
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HEADER_INJECTION none
- INCOMPATIBLE_CAST overrun
- INTEGER_OVERFLOW array_index_read
- INTEGER_OVERFLOW array_index_write
- INTEGER_OVERFLOW const_overflow
- INTEGER_OVERFLOW critical_argument
- INTEGER_OVERFLOW none
- INTEGER_OVERFLOW pointer_deref_read
- INTEGER_OVERFLOW pointer_deref_write
- INTEGER_OVERFLOW return_value_error
- INVALIDATE_ITERATOR none
- MISMATCHED_ITERATOR none
- MISMATCHED_ITERATOR splice_iterator_mismatch
- MISSING_ASSIGN none
- MISSING_ASSIGN uncalled
- MISSING_COPY none
- MISSING_COPY uncalled
- NEGATIVE_RETURNS array_index_read
- NEGATIVE_RETURNS array_index_write
- NEGATIVE_RETURNS loop_bound
- NO_EFFECT incomplete_delete
- NULL_RETURNS none
- NULL_RETURNS unimpl
- OS_CMD_INJECTION none
- OVERFLOW_BEFORE_WIDEN none
- OVERRUN illegal_address
- OVERRUN none
- OVERRUN read
- OVERRUN strlen
- OVERRUN write
- PATH_MANIPULATION none
- READLINK none
- RESOURCE_LEAK fds_handles
- REVERSE_INULL none
- REVERSE_NEGATIVE array_index_read
- REVERSE_NEGATIVE array_index_write
- REVERSE_NEGATIVE critical_argument
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SIZECHECK likely_overflow
- SIZECHECK no_null_terminator
- SQLI none
- STACK_USE none
- STRING_NULL none
- STRING_OVERFLOW fixed_size_dest
- STRING_OVERFLOW likely_overflow
- STRING_OVERFLOW none
- STRING_SIZE none
- TAINTED_SCALAR allocation
- TAINTED_SCALAR array_index_read
- TAINTED_SCALAR array_index_write
- TAINTED_SCALAR critical_argument
- TAINTED_SCALAR divisor
- TAINTED_SCALAR loop_bound
- TAINTED_SCALAR none
- TAINTED_SCALAR pointer_deref_read
- TAINTED_SCALAR pointer_deref_write
- TAINTED_STRING none
- UNCAUGHT_EXCEPT none
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- URL_MANIPULATION none
- USER_POINTER none
- USE_AFTER_FREE deref_read_after_free
- USE_AFTER_FREE deref_write_after_free
- USE_AFTER_FREE double_free
- USE_AFTER_FREE none
- VIRTUAL_DTOR empty_dtor
- VIRTUAL_DTOR none
- WEAK_GUARD dns
- WEAK_GUARD dns_sensitive_op
- WEAK_GUARD http_referer
- WEAK_GUARD http_referer_sensitive_op
- WEAK_GUARD ip_address
- WEAK_GUARD ip_address_sensitive_op
- WEAK_GUARD none
- WEAK_GUARD os_login
- WEAK_GUARD os_login_sensitive_op
- WEAK_GUARD principal_name
- WEAK_GUARD principal_name_sensitive_op
- WRAPPER_ESCAPE COM_deref_read_after_free
- WRAPPER_ESCAPE COM_deref_write_after_free
- WRAPPER_ESCAPE COM_use_after_free
- WRAPPER_ESCAPE deref_read_after_free
- WRAPPER_ESCAPE deref_write_after_free
- WRAPPER_ESCAPE none
- XPATH_INJECTION none
|
- CONFIG.SYMFONY_CSRF_PROTECTION_DISABLED none
- FORWARD_NULL bad_null_value_use
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HEADER_INJECTION none
- MISSING_AUTHZ none
- NOSQL_QUERY_INJECTION none
- OPEN_REDIRECT none
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- SYMFONY_EL_INJECTION none
- UNSAFE_DESERIALIZATION none
- UNSAFE_REFLECTION none
- XML_EXTERNAL_ENTITY external_entities
- XSS none
|
- CSRF database_update
- CSRF none
- FORWARD_NULL bad_null_value_use
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- MISSING_AUTHZ none
- NOSQL_QUERY_INJECTION none
- OPEN_REDIRECT none
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- REVERSE_INULL none
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- UNSAFE_DESERIALIZATION none
- XML_EXTERNAL_ENTITY external_entities
- XSS none
|
- BAD_CERT_VERIFICATION ssl_verification_bypass_hi
- COOKIE_SERIALIZER_CONFIG unsafe_cookie_serialization_med
- CSRF csrf_not_protected_by_raising_exception_med
- CSRF csrf_protection_disabled_hi
- CSRF csrf_protection_missing_hi
- CSRF cve_2011_0447_hi
- DYNAMIC_OBJECT_ATTRIBUTES cve_2013_0276_hi
- FORWARD_NULL bad_null_value_use
- HARDCODED_CREDENTIALS secret_in_source_med
- INSECURE_COOKIE missing_httponly_low
- OPEN_REDIRECT open_redirect_hi
- OPEN_REDIRECT open_redirect_low
- OS_CMD_INJECTION command_injection_hi
- OS_CMD_INJECTION command_injection_med
- PATH_MANIPULATION dynamic_render_path_hi
- PATH_MANIPULATION dynamic_render_path_low
- PATH_MANIPULATION dynamic_render_path_med
- PATH_MANIPULATION dynamic_render_path_rce_hi
- PATH_MANIPULATION file_access_hi
- PATH_MANIPULATION file_access_low
- PATH_MANIPULATION file_access_med
- RAILS_DEFAULT_ROUTES cve_2014_0130_hi
- RAILS_DEFAULT_ROUTES cve_2014_0130_med
- RAILS_DEVISE_CONFIG devise_lock_strategy_low
- RAILS_DEVISE_CONFIG devise_password_length_max_low
- RAILS_DEVISE_CONFIG devise_password_length_max_med
- RAILS_DEVISE_CONFIG devise_password_length_min_low
- RAILS_DEVISE_CONFIG devise_password_length_min_med
- RAILS_DEVISE_CONFIG devise_reset_timeout_hi
- REGEX_INJECTION regex_dos_hi
- REGEX_INJECTION regex_dos_low
- REGEX_INJECTION regex_dos_med
- RESOURCE_LEAK unsafe_symbol_creation_low
- REVERSE_INULL none
- REVERSE_TABNABBING reverse_tabnabbing_low
- RUBY_VULNERABLE_LIBRARY cve_2010_3933_hi
- RUBY_VULNERABLE_LIBRARY cve_2011_2929_hi
- RUBY_VULNERABLE_LIBRARY cve_2011_2930_med
- RUBY_VULNERABLE_LIBRARY cve_2011_2931_hi
- RUBY_VULNERABLE_LIBRARY cve_2011_2932_hi
- RUBY_VULNERABLE_LIBRARY cve_2011_3186_med
- RUBY_VULNERABLE_LIBRARY cve_2012_2660_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_2661_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_2695_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_3424_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_3424_low
- RUBY_VULNERABLE_LIBRARY cve_2012_3463_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_3465_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_5664_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_0155_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_0156_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_0269_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_0269_low
- RUBY_VULNERABLE_LIBRARY cve_2013_0269_med
- RUBY_VULNERABLE_LIBRARY cve_2013_0277_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_0277_med
- RUBY_VULNERABLE_LIBRARY cve_2013_0333_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_1854_med
- RUBY_VULNERABLE_LIBRARY cve_2013_1855_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_1857_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_4491_med
- RUBY_VULNERABLE_LIBRARY cve_2013_6414_med
- RUBY_VULNERABLE_LIBRARY cve_2013_6416_call_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_6416_med
- RUBY_VULNERABLE_LIBRARY cve_2013_6417_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_0080_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_0081_call_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_0081_med
- RUBY_VULNERABLE_LIBRARY cve_2014_0082_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_3482_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_3483_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_low
- RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_med
- RUBY_VULNERABLE_LIBRARY cve_2014_3514_med
- RUBY_VULNERABLE_LIBRARY cve_2014_7829_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_3226_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_3226_med
- RUBY_VULNERABLE_LIBRARY cve_2015_3227_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7576_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_7577_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7578_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_7578_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7579_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_7579_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7580_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_7580_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7581_med
- RUBY_VULNERABLE_LIBRARY cve_2016_0751_med
- RUBY_VULNERABLE_LIBRARY cve_2016_6317_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_3741_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_3741_med
- RUBY_VULNERABLE_LIBRARY cve_2018_3760_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_3760_low
- RUBY_VULNERABLE_LIBRARY cve_2018_8048_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_8048_med
- RUBY_VULNERABLE_LIBRARY safe_buffer_vuln_med
- RUBY_VULNERABLE_LIBRARY select_options_vuln_low
- RUBY_VULNERABLE_LIBRARY select_options_vuln_med
- RUBY_VULNERABLE_LIBRARY translate_vuln_hi
- RUBY_VULNERABLE_LIBRARY translate_vuln_med
- SCRIPT_CODE_INJECTION code_eval_hi
- SCRIPT_CODE_INJECTION code_eval_low
- SENSITIVE_DATA_LEAK detailed_exceptions_hi
- SENSITIVE_DATA_LEAK detailed_exceptions_med
- SENSITIVE_DATA_LEAK local_request_config_hi
- SQLI sql_injection_calculate_hi
- SQLI sql_injection_calculate_low
- SQLI sql_injection_calculate_med
- SQLI sql_injection_connection_hi
- SQLI sql_injection_connection_low
- SQLI sql_injection_connection_med
- SQLI sql_injection_delete_hi
- SQLI sql_injection_delete_low
- SQLI sql_injection_delete_med
- SQLI sql_injection_dynamic_finder_med
- SQLI sql_injection_exists_hi
- SQLI sql_injection_find_by_hi
- SQLI sql_injection_find_hi
- SQLI sql_injection_find_low
- SQLI sql_injection_find_med
- SQLI sql_injection_from_hi
- SQLI sql_injection_from_low
- SQLI sql_injection_from_med
- SQLI sql_injection_group_low
- SQLI sql_injection_group_med
- SQLI sql_injection_having_low
- SQLI sql_injection_having_med
- SQLI sql_injection_hi
- SQLI sql_injection_interp_hi
- SQLI sql_injection_interp_low
- SQLI sql_injection_interp_med
- SQLI sql_injection_joins_hi
- SQLI sql_injection_joins_low
- SQLI sql_injection_joins_med
- SQLI sql_injection_limit_offset_hi
- SQLI sql_injection_limit_offset_low
- SQLI sql_injection_low
- SQLI sql_injection_med
- SQLI sql_injection_not_low
- SQLI sql_injection_order_hi
- SQLI sql_injection_order_low
- SQLI sql_injection_order_med
- SQLI sql_injection_pluck_hi
- SQLI sql_injection_pluck_low
- SQLI sql_injection_pluck_med
- SQLI sql_injection_reorder_hi
- SQLI sql_injection_reorder_low
- SQLI sql_injection_reorder_med
- SQLI sql_injection_select_hi
- SQLI sql_injection_select_med
- SQLI sql_injection_where_hi
- SQLI sql_injection_where_low
- SQLI sql_injection_where_med
- STRICT_TRANSPORT_SECURITY force_ssl_disabled_med
- UNESCAPED_HTML unescaped_output_low
- UNSAFE_BASIC_AUTH basic_auth_password_hi
- UNSAFE_BASIC_AUTH basic_auth_timing_attack_low
- UNSAFE_BASIC_AUTH basic_auth_usage_low
- UNSAFE_DESERIALIZATION unsafe_deserialize_hi
- UNSAFE_DESERIALIZATION unsafe_deserialize_med
- UNSAFE_REFLECTION dangerous_send_hi
- UNSAFE_REFLECTION unsafe_constantize_hi
- UNSAFE_REFLECTION unsafe_constantize_med
- UNSAFE_SESSION_SETTING http_cookies_hi
- UNSAFE_SESSION_SETTING session_secret_hi
- XSS cross_site_scripting_hi
- XSS cross_site_scripting_inline_hi
- XSS cross_site_scripting_inline_med
- XSS cross_site_scripting_low
- XSS cross_site_scripting_med
- XSS cve_2011_0446_hi
- XSS cve_2012_3464_med
- XSS cve_2016_6316_hi
- XSS cve_2016_6316_med
- XSS unquoted_attribute_hi
- XSS unquoted_attribute_low
- XSS unquoted_attribute_med
- XSS xss_content_tag_hi
- XSS xss_content_tag_med
- XSS xss_link_to_hi
- XSS xss_link_to_href_hi
- XSS xss_link_to_href_low
- XSS xss_link_to_med
- XSS xss_to_json_hi
- XSS xss_to_json_med
|
- FORWARD_NULL deref_constant_null
- FORWARD_NULL none
- OVERFLOW_BEFORE_WIDEN none
- REVERSE_INULL none
|
- BAD_CERT_VERIFICATION bad_trust_manager
- BAD_CERT_VERIFICATION none
- CONFIG.ATS_INSECURE none
- FORWARD_NULL deref_constant_null
- FORWARD_NULL none
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- INSECURE_COMMUNICATION none
- INSECURE_MULTIPEER_CONNECTION none
- PATH_MANIPULATION none
- REGEX_INJECTION none
- REVERSE_INULL none
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- WEAK_BIOMETRIC_AUTH none
- XML_EXTERNAL_ENTITY external_entities
- XPATH_INJECTION none
|
- ANGULAR_BYPASS_SECURITY none
- ANGULAR_ELEMENT_REFERENCE none
- ANGULAR_EXPRESSION_INJECTION none
- ANGULAR_SCE_DISABLED angular_sce_disabled
- AWS_SSL_DISABLED aws_ssl_disabled
- AWS_VALIDATION_DISABLED aws_credentials_validation
- AWS_VALIDATION_DISABLED aws_parameters_validation
- BAD_CERT_VERIFICATION bad_cert_verification
- BAD_CERT_VERIFICATION certificate_validation_disabled
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_fields
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_filesize
- CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
- CONFIG.CORDOVA_EXCESSIVE_LOGGING cordova
- CONFIG.CSURF_IGNORE_METHODS csurf_ignore_methods
- CONFIG.ENABLED_DEBUG_MODE debug_mode_enabled
- CONFIG.HANA_XS_PREVENT_XSRF_DISABLED none
- CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
- CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
- CONFIG.MYSQL_SSL_VERIFY_DISABLED mysql_ssl_verify_disabled
- CONFIG.REQUEST_STRICTSSL_DISABLED request_strictssl_disabled
- CONFIG.SEQUELIZE_ENABLED_LOGGING sequelize_logging_enabled
- CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
- CONFIG.SOCKETIO_MAXHTTPBUFFERSIZE_SET_TOO_LARGE socketio_max_buffer_size
- CONFIG.SOCKETIO_ORIGINS_ACCEPT_ALL socketio_all_origins
- CONFIG.VUE_ROUTER_PARAMS_EXPOSED_TO_PROPS vuerouter_exposed_params
- COOKIE_INJECTION none
- CORS_MISCONFIGURATION cors_configured_globally
- CORS_MISCONFIGURATION cors_origin_string
- CORS_MISCONFIGURATION cors_with_credentials_all_origin
- CORS_MISCONFIGURATION cors_with_credentials_null_origin
- CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
- CORS_MISCONFIGURATION_AUDIT cors_expose_sensitive_header
- CORS_MISCONFIGURATION_AUDIT cors_headers_allowed
- CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
- CORS_MISCONFIGURATION_AUDIT cors_origin_string
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_all_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_null_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
- CSRF database_update
- CSRF filesystem_modification
- CSRF none
- CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_cookie_name
- CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_no_validation
- CSRF_MISCONFIGURATION_HAPI_CRUMB insecure_cookie
- CSRF_MISCONFIGURATION_HAPI_CRUMB insufficient_token_entropy
- CSS_INJECTION none
- DNS_PREFETCHING helmet_dns_prefetching
- DOM_XSS none
- EXPRESS_SESSION_UNSAFE_MEMORYSTORE express_session_unsafe_memorystore
- EXPRESS_WINSTON_SENSITIVE_LOGGING error_logger
- EXPRESS_WINSTON_SENSITIVE_LOGGING meta_data
- EXPRESS_WINSTON_SENSITIVE_LOGGING request_logger
- EXPRESS_X_POWERED_BY_ENABLED x_powered_by_http_header
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_fields
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_filesize
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_use_temp_files
- FORWARD_NULL bad_null_value_use
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HEADER_INJECTION none
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_max_age
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_report_uri
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_set_if
- INSECURE_ACL insecure_acl
- INSECURE_COMMUNICATION insecure_connection
- INSECURE_COOKIE client_sessions_express_session
- INSECURE_COOKIE hapi_server_session
- INSECURE_REFERRER_POLICY insecure_referrer_policy
- LOCALSTORAGE_MANIPULATION none
- MISSING_AUTHZ none
- MULTER_MISCONFIGURATION multer_applied_globally
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_count
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
- MULTER_MISCONFIGURATION multer_misconfiguration_of_limits
- MULTER_MISCONFIGURATION multer_misconfiguration_of_storage
- NOSQL_QUERY_INJECTION none
- NULL_RETURNS none
- OPEN_REDIRECT none
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- REACT_DANGEROUS_INNERHTML react_set_unsafe_html
- REGEX_INJECTION none
- REVERSE_INULL none
- REVERSE_TABNABBING react_target_blank
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SESSIONSTORAGE_MANIPULATION none
- SQLI none
- SQLI nosink
- SQLI sink
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
- TEMPLATE_INJECTION none
- UNLESS_CASE_SENSITIVE_ROUTE_MATCHING express_unless_case_sensitive_route_matching
- UNSAFE_BUFFER_METHOD unsafe_buffer_method
- UNSAFE_DESERIALIZATION none
- URL_MANIPULATION none
- VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
- WEAK_URL_SANITIZATION hostname_regular_expression
- WEAK_URL_SANITIZATION regular_expression_anchor
- WEAK_URL_SANITIZATION url_substring
- XML_EXTERNAL_ENTITY external_entities
- XSS none
|
- ASPNET_MVC_VERSION_HEADER none
- CONFIG.DYNAMIC_DATA_HTML_COMMENT none
- CSRF database_update
- CSRF filesystem_modification
- CSRF none
- FORWARD_NULL deref_constant_null
- FORWARD_NULL deref_constant_zero
- FORWARD_NULL dynamic_cast
- FORWARD_NULL none
- FORWARD_NULL null_from_as
- FORWARD_NULL throws_on_null
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HEADER_INJECTION none
- LDAP_INJECTION none
- LDAP_NOT_CONSTANT none
- LOG_INJECTION none
- MISSING_AUTHZ none
- NULL_RETURNS none
- OPEN_REDIRECT none
- OS_CMD_INJECTION command_argument
- OS_CMD_INJECTION executable_file
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- REGEX_INJECTION none
- REVERSE_INULL none
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
- UNRESTRICTED_DISPATCH none
- UNSAFE_DESERIALIZATION none
- UNSAFE_NAMED_QUERY none
- XML_EXTERNAL_ENTITY external_entities
- XML_EXTERNAL_ENTITY unrestricted_dtds
- XML_INJECTION none
- XPATH_INJECTION none
- XSS none
- XSS stored_xss
|
| 1201 Core and Compute Issues |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1202 Memory and Storage Issues |
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
|
|
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
|
| 1203 Peripherals, On-chip Fabric, and Interface/IO Problems |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1205 Security Primitives and Cryptography Issues |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1206 Power, Clock, and Reset Concerns |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1207 Debug and Test Problems |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1208 Cross-Cutting Problems |
|
|
|
|
- FB.DMI_ANNOTATION_IS_NOT_VISIBLE_TO_REFLECTION none
- FB.DMI_ARGUMENTS_WRONG_ORDER none
- FB.DMI_BAD_MONTH none
- FB.DMI_BIGDECIMAL_CONSTRUCTED_FROM_DOUBLE none
- FB.DMI_BLOCKING_METHODS_ON_URL none
- FB.DMI_CALLING_NEXT_FROM_HASNEXT none
- FB.DMI_COLLECTIONS_SHOULD_NOT_CONTAIN_THEMSELVES none
- FB.DMI_COLLECTION_OF_URLS none
- FB.DMI_DOH none
- FB.DMI_ENTRY_SETS_MAY_REUSE_ENTRY_OBJECTS none
- FB.DMI_FUTILE_ATTEMPT_TO_CHANGE_MAXPOOL_SIZE_OF_SCHEDULED_THREAD none
- FB.DMI_HARDCODED_ABSOLUTE_FILENAME none
- FB.DMI_INVOKING_HASHCODE_ON_ARRAY none
- FB.DMI_INVOKING_TOSTRING_ON_ANONYMOUS_ARRAY none
- FB.DMI_INVOKING_TOSTRING_ON_ARRAY none
- FB.DMI_LONG_BITS_TO_DOUBLE_INVOKED_ON_INT none
- FB.DMI_NONSERIALIZABLE_OBJECT_WRITTEN none
- FB.DMI_RANDOM_USED_ONLY_ONCE none
- FB.DMI_SCHEDULED_THREAD_POOL_EXECUTOR_WITH_ZERO_CORE_THREADS none
- FB.DMI_THREAD_PASSED_WHERE_RUNNABLE_EXPECTED none
- FB.DMI_UNSUPPORTED_METHOD none
- FB.DMI_USELESS_SUBSTRING none
- FB.DMI_USING_REMOVEALL_TO_CLEAR_COLLECTION none
- FB.DMI_VACUOUS_CALL_TO_EASYMOCK_METHOD none
- FB.DMI_VACUOUS_SELF_COLLECTION_CALL none
- FB.RV_01_TO_INT none
- FB.RV_ABSOLUTE_VALUE_OF_HASHCODE none
- FB.RV_ABSOLUTE_VALUE_OF_RANDOM_INT none
- FB.RV_CHECK_COMPARETO_FOR_SPECIFIC_RETURN_VALUE none
- FB.RV_CHECK_FOR_POSITIVE_INDEXOF none
- FB.RV_DONT_JUST_NULL_CHECK_READLINE none
- FB.RV_EXCEPTION_NOT_THROWN none
- FB.RV_NEGATING_RESULT_OF_COMPARETO none
- FB.RV_REM_OF_HASHCODE none
- FB.RV_REM_OF_RANDOM_INT none
- FB.RV_RETURN_VALUE_IGNORED none
- FB.RV_RETURN_VALUE_IGNORED2 none
- FB.RV_RETURN_VALUE_IGNORED_INFERRED none
- FB.RV_RETURN_VALUE_IGNORED_NO_SIDE_EFFECT none
- FB.RV_RETURN_VALUE_OF_PUTIFABSENT_IGNORED none
|
|
|
|
|
|
|
|
|
|
|
| 1209 Failure to Disable Reserved Bits |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1210 Audit / Logging Errors |
- LOG_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- UNLOGGED_SECURITY_EXCEPTION unlogged_security_exception
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
|
- INSUFFICIENT_LOGGING logging_obligation
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
|
- CONFIG.SPRING_BOOT_SENSITIVE_LOGGING spring_boot_logging
- LOG_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- UNLOGGED_SECURITY_EXCEPTION unlogged_security_exception
|
- CONFIG.CORDOVA_EXCESSIVE_LOGGING cordova
- CONFIG.SEQUELIZE_ENABLED_LOGGING sequelize_logging_enabled
- EXPRESS_WINSTON_SENSITIVE_LOGGING error_logger
- EXPRESS_WINSTON_SENSITIVE_LOGGING meta_data
- EXPRESS_WINSTON_SENSITIVE_LOGGING request_logger
- INSUFFICIENT_LOGGING logging_obligation
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
|
|
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
|
- CONFIG.CORDOVA_EXCESSIVE_LOGGING cordova
- CONFIG.SEQUELIZE_ENABLED_LOGGING sequelize_logging_enabled
- EXPRESS_WINSTON_SENSITIVE_LOGGING error_logger
- EXPRESS_WINSTON_SENSITIVE_LOGGING meta_data
- EXPRESS_WINSTON_SENSITIVE_LOGGING request_logger
- INSUFFICIENT_LOGGING logging_obligation
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
|
- LOG_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- UNLOGGED_SECURITY_EXCEPTION unlogged_security_exception
|
| 1211 Authentication Errors |
|
- WEAK_GUARD dns
- WEAK_GUARD dns_sensitive_op
- WEAK_GUARD http_referer
- WEAK_GUARD http_referer_sensitive_op
- WEAK_GUARD ip_address
- WEAK_GUARD ip_address_sensitive_op
- WEAK_GUARD none
- WEAK_GUARD os_login
- WEAK_GUARD os_login_sensitive_op
- WEAK_GUARD principal_name
- WEAK_GUARD principal_name_sensitive_op
|
- WEAK_GUARD dns
- WEAK_GUARD dns_sensitive_op
- WEAK_GUARD http_referer
- WEAK_GUARD http_referer_sensitive_op
- WEAK_GUARD ip_address
- WEAK_GUARD ip_address_sensitive_op
- WEAK_GUARD none
- WEAK_GUARD os_login
- WEAK_GUARD os_login_sensitive_op
- WEAK_GUARD principal_name
- WEAK_GUARD principal_name_sensitive_op
|
|
- BAD_CERT_VERIFICATION bad_hostname_verifier
- BAD_CERT_VERIFICATION bad_revocation_check
- BAD_CERT_VERIFICATION bad_ssl_session
- BAD_CERT_VERIFICATION bad_trust_manager
- CONFIG.MISSING_JSF2_SECURITY_CONSTRAINT none
- CONFIG.SPRING_BOOT_SSL_DISABLED spring_boot_certificate_validation_skipped
- CORS_MISCONFIGURATION cors_with_credentials_null_origin
- CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
- CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
- MISSING_AUTHZ none
- WEAK_GUARD dns
- WEAK_GUARD dns_sensitive_op
- WEAK_GUARD http_referer
- WEAK_GUARD http_referer_sensitive_op
- WEAK_GUARD ip_address
- WEAK_GUARD ip_address_sensitive_op
- WEAK_GUARD none
- WEAK_GUARD os_login
- WEAK_GUARD os_login_sensitive_op
- WEAK_GUARD principal_name
- WEAK_GUARD principal_name_sensitive_op
|
- AWS_VALIDATION_DISABLED aws_credentials_validation
- AWS_VALIDATION_DISABLED aws_parameters_validation
- BAD_CERT_VERIFICATION bad_cert_verification
- BAD_CERT_VERIFICATION certificate_validation_disabled
- CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
- CONFIG.MYSQL_SSL_VERIFY_DISABLED mysql_ssl_verify_disabled
- CONFIG.REQUEST_STRICTSSL_DISABLED request_strictssl_disabled
- CORS_MISCONFIGURATION cors_with_credentials_all_origin
- CORS_MISCONFIGURATION cors_with_credentials_null_origin
- CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
- CORS_MISCONFIGURATION_AUDIT cors_headers_allowed
- CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_all_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_null_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_max_age
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_report_uri
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_set_if
- MISSING_AUTHZ none
- MULTER_MISCONFIGURATION multer_applied_globally
- WEAK_URL_SANITIZATION hostname_regular_expression
- WEAK_URL_SANITIZATION regular_expression_anchor
- WEAK_URL_SANITIZATION url_substring
|
- BAD_CERT_VERIFICATION bad_hostname_verifier
- BAD_CERT_VERIFICATION bad_revocation_check
- BAD_CERT_VERIFICATION bad_ssl_session
- BAD_CERT_VERIFICATION bad_trust_manager
|
- WEAK_GUARD dns
- WEAK_GUARD dns_sensitive_op
- WEAK_GUARD http_referer
- WEAK_GUARD http_referer_sensitive_op
- WEAK_GUARD ip_address
- WEAK_GUARD ip_address_sensitive_op
- WEAK_GUARD none
- WEAK_GUARD os_login
- WEAK_GUARD os_login_sensitive_op
- WEAK_GUARD principal_name
- WEAK_GUARD principal_name_sensitive_op
|
|
|
- BAD_CERT_VERIFICATION ssl_verification_bypass_hi
- RAILS_DEVISE_CONFIG devise_lock_strategy_low
|
|
- BAD_CERT_VERIFICATION bad_trust_manager
- BAD_CERT_VERIFICATION none
|
- AWS_VALIDATION_DISABLED aws_credentials_validation
- AWS_VALIDATION_DISABLED aws_parameters_validation
- BAD_CERT_VERIFICATION bad_cert_verification
- BAD_CERT_VERIFICATION certificate_validation_disabled
- CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
- CONFIG.MYSQL_SSL_VERIFY_DISABLED mysql_ssl_verify_disabled
- CONFIG.REQUEST_STRICTSSL_DISABLED request_strictssl_disabled
- CORS_MISCONFIGURATION cors_with_credentials_all_origin
- CORS_MISCONFIGURATION cors_with_credentials_null_origin
- CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
- CORS_MISCONFIGURATION_AUDIT cors_headers_allowed
- CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_all_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_null_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_max_age
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_report_uri
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_set_if
- MISSING_AUTHZ none
- MULTER_MISCONFIGURATION multer_applied_globally
- WEAK_URL_SANITIZATION hostname_regular_expression
- WEAK_URL_SANITIZATION regular_expression_anchor
- WEAK_URL_SANITIZATION url_substring
|
|
| 1212 Authorization Errors |
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
|
|
|
- SQLI none
- SQLI nosink
- SQLI sink
|
- CONFIG.MISSING_JSF2_SECURITY_CONSTRAINT none
- CONFIG.MYBATIS_MAPPER_SQLI none
- JSP_SQL_INJECTION none
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
|
- SQLI none
- SQLI nosink
- SQLI sink
|
- SQLI none
- SQLI nosink
- SQLI sink
|
|
- SQLI none
- SQLI nosink
- SQLI sink
|
- SQLI none
- SQLI nosink
- SQLI sink
|
- INSECURE_DIRECT_OBJECT_REFERENCE unscoped_find_low
|
|
- SQLI none
- SQLI nosink
- SQLI sink
|
- SQLI none
- SQLI nosink
- SQLI sink
|
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
|
| 1213 Random Number Issues |
- INSECURE_RANDOM insecure_random_used
- INSECURE_RANDOM insecure_random_value
|
|
|
|
- INSECURE_RANDOM insecure_random_used
- INSECURE_RANDOM insecure_random_value
- PREDICTABLE_RANDOM_SEED random_seed
- PREDICTABLE_RANDOM_SEED secure_random_seed_const
- PREDICTABLE_RANDOM_SEED secure_random_seed_sys_time
|
- INSECURE_RANDOM insecure_random_used
- INSECURE_RANDOM insecure_random_value
|
- INSECURE_RANDOM insecure_random_used
- INSECURE_RANDOM insecure_random_value
- PREDICTABLE_RANDOM_SEED random_seed
- PREDICTABLE_RANDOM_SEED secure_random_seed_const
- PREDICTABLE_RANDOM_SEED secure_random_seed_sys_time
|
|
|
|
|
|
|
- INSECURE_RANDOM insecure_random_used
- INSECURE_RANDOM insecure_random_value
|
- INSECURE_RANDOM insecure_random_used
- INSECURE_RANDOM insecure_random_value
|
| 1214 Data Integrity Issues |
- XML_EXTERNAL_ENTITY unrestricted_dtds
|
|
|
|
- CONFIG.UNSAFE_SESSION_TIMEOUT none
- JAVA_CODE_INJECTION none
- XML_EXTERNAL_ENTITY unrestricted_dtds
|
- CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
- CONFIG.UNSAFE_SESSION_TIMEOUT client_sessions_unsafe_session_timeout
- CONFIG.UNSAFE_SESSION_TIMEOUT connect_mongo_session_timeout_too_long
- CONFIG.UNSAFE_SESSION_TIMEOUT connect_redis_session_timeout_too_long
- CONFIG.UNSAFE_SESSION_TIMEOUT google_cloud_connect_datastore_unsafe_session_timeout
- CORS_MISCONFIGURATION_AUDIT cors_preflight_age_too_long
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_max_age
- INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_aws
- INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_google
- MISSING_IFRAME_SANDBOX none
- TEMPORARY_CREDENTIALS_DURATION temporary_credentials_duration
- UNCHECKED_ORIGIN none
|
- XML_EXTERNAL_ENTITY unrestricted_dtds
|
|
|
|
|
|
- CUSTOM_KEYBOARD_DATA_LEAK none
|
- CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
- CONFIG.UNSAFE_SESSION_TIMEOUT client_sessions_unsafe_session_timeout
- CONFIG.UNSAFE_SESSION_TIMEOUT connect_mongo_session_timeout_too_long
- CONFIG.UNSAFE_SESSION_TIMEOUT connect_redis_session_timeout_too_long
- CONFIG.UNSAFE_SESSION_TIMEOUT google_cloud_connect_datastore_unsafe_session_timeout
- CORS_MISCONFIGURATION_AUDIT cors_preflight_age_too_long
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_max_age
- INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_aws
- INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_google
- MISSING_IFRAME_SANDBOX none
- TEMPORARY_CREDENTIALS_DURATION temporary_credentials_duration
- UNCHECKED_ORIGIN none
|
- XML_EXTERNAL_ENTITY unrestricted_dtds
|
| 1215 Data Validation Issues |
|
- NEGATIVE_RETURNS array_index_read
- NEGATIVE_RETURNS array_index_write
- NEGATIVE_RETURNS loop_bound
- REVERSE_NEGATIVE array_index_read
- REVERSE_NEGATIVE array_index_write
- TAINTED_SCALAR array_index_read
- TAINTED_SCALAR array_index_write
- TAINTED_SCALAR loop_bound
- TAINTED_SCALAR pointer_deref_read
- TAINTED_SCALAR pointer_deref_write
|
- NEGATIVE_RETURNS array_index_read
- NEGATIVE_RETURNS array_index_write
- NEGATIVE_RETURNS loop_bound
- REVERSE_NEGATIVE array_index_read
- REVERSE_NEGATIVE array_index_write
- TAINTED_SCALAR array_index_read
- TAINTED_SCALAR array_index_write
- TAINTED_SCALAR loop_bound
- TAINTED_SCALAR pointer_deref_read
- TAINTED_SCALAR pointer_deref_write
|
|
- CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
- INSECURE_HTTP_FIREWALL spring_security
- INSECURE_REMEMBER_ME_COOKIE remember_me_cookie
|
- CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_intent_whitelist
- CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_navigation_whitelist
- CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_network_request_whitelist
- CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
- INSECURE_COOKIE client_sessions_express_session
- INSECURE_COOKIE hapi_server_session
|
|
- NEGATIVE_RETURNS array_index_read
- NEGATIVE_RETURNS array_index_write
- NEGATIVE_RETURNS loop_bound
- REVERSE_NEGATIVE array_index_read
- REVERSE_NEGATIVE array_index_write
- TAINTED_SCALAR array_index_read
- TAINTED_SCALAR array_index_write
- TAINTED_SCALAR loop_bound
- TAINTED_SCALAR pointer_deref_read
- TAINTED_SCALAR pointer_deref_write
|
|
|
- BLACKLIST_FOR_AUTHN auth_blacklist_med
- BLACKLIST_FOR_AUTHN csrf_blacklist_med
- DYNAMIC_OBJECT_ATTRIBUTES dangerous_attr_accessible_hi
- DYNAMIC_OBJECT_ATTRIBUTES dangerous_attr_accessible_low
- DYNAMIC_OBJECT_ATTRIBUTES dangerous_attr_accessible_med
- DYNAMIC_OBJECT_ATTRIBUTES dangerous_permit_key_hi
- DYNAMIC_OBJECT_ATTRIBUTES dangerous_permit_key_med
|
|
|
- CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_intent_whitelist
- CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_navigation_whitelist
- CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_network_request_whitelist
- CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
- INSECURE_COOKIE client_sessions_express_session
- INSECURE_COOKIE hapi_server_session
|
|
| 1216 Lockout Mechanism Errors |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1217 User Session Errors |
|
|
|
|
- CONFIG.UNSAFE_SESSION_TIMEOUT none
|
- CONFIG.JSONWEBTOKEN_NON_EXPIRING_TOKEN jwt_non_expiring_token
- CONFIG.UNSAFE_SESSION_TIMEOUT client_sessions_unsafe_session_timeout
- CONFIG.UNSAFE_SESSION_TIMEOUT connect_mongo_session_timeout_too_long
- CONFIG.UNSAFE_SESSION_TIMEOUT connect_redis_session_timeout_too_long
- CONFIG.UNSAFE_SESSION_TIMEOUT google_cloud_connect_datastore_unsafe_session_timeout
- CORS_MISCONFIGURATION_AUDIT cors_preflight_age_too_long
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_max_age
- INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_aws
- INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_google
- JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_exipration
- JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_not_before
- TEMPORARY_CREDENTIALS_DURATION temporary_credentials_duration
|
|
|
|
|
|
|
|
- CONFIG.JSONWEBTOKEN_NON_EXPIRING_TOKEN jwt_non_expiring_token
- CONFIG.UNSAFE_SESSION_TIMEOUT client_sessions_unsafe_session_timeout
- CONFIG.UNSAFE_SESSION_TIMEOUT connect_mongo_session_timeout_too_long
- CONFIG.UNSAFE_SESSION_TIMEOUT connect_redis_session_timeout_too_long
- CONFIG.UNSAFE_SESSION_TIMEOUT google_cloud_connect_datastore_unsafe_session_timeout
- CORS_MISCONFIGURATION_AUDIT cors_preflight_age_too_long
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_max_age
- INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_aws
- INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_google
- JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_exipration
- JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_not_before
- TEMPORARY_CREDENTIALS_DURATION temporary_credentials_duration
|
|
| 1218 Memory Buffer Errors |
|
- ARRAY_VS_SINGLETON none
- BAD_ALLOC_ARITHMETIC none
- BAD_ALLOC_STRLEN none
- BUFFER_SIZE fixed_size_dest
- BUFFER_SIZE likely_overflow
- BUFFER_SIZE none
- BUFFER_SIZE overflow
- BUFFER_SIZE overlapping_buffer
- INTEGER_OVERFLOW array_index_read
- INTEGER_OVERFLOW pointer_deref_read
- OVERRUN illegal_address
- OVERRUN none
- OVERRUN read
- OVERRUN strlen
- OVERRUN write
- SIZECHECK ampersand_in_size
- SIZECHECK improper_new
- SIZECHECK incorrect_multiplication
- SIZECHECK likely_overflow
- SIZECHECK none
- STRING_OVERFLOW fixed_size_dest
- STRING_OVERFLOW likely_overflow
- STRING_OVERFLOW none
- STRING_SIZE none
|
- ARRAY_VS_SINGLETON none
- BAD_ALLOC_ARITHMETIC none
- BAD_ALLOC_STRLEN none
- BUFFER_SIZE fixed_size_dest
- BUFFER_SIZE likely_overflow
- BUFFER_SIZE none
- BUFFER_SIZE overflow
- BUFFER_SIZE overlapping_buffer
- INTEGER_OVERFLOW array_index_read
- INTEGER_OVERFLOW pointer_deref_read
- OVERRUN illegal_address
- OVERRUN none
- OVERRUN read
- OVERRUN strlen
- OVERRUN write
- SIZECHECK ampersand_in_size
- SIZECHECK improper_new
- SIZECHECK incorrect_multiplication
- SIZECHECK likely_overflow
- SIZECHECK none
- STRING_OVERFLOW fixed_size_dest
- STRING_OVERFLOW likely_overflow
- STRING_OVERFLOW none
- STRING_SIZE none
|
|
|
|
|
- ARRAY_VS_SINGLETON none
- BAD_ALLOC_ARITHMETIC none
- BAD_ALLOC_STRLEN none
- BUFFER_SIZE fixed_size_dest
- BUFFER_SIZE likely_overflow
- BUFFER_SIZE none
- BUFFER_SIZE overflow
- BUFFER_SIZE overlapping_buffer
- INTEGER_OVERFLOW array_index_read
- INTEGER_OVERFLOW pointer_deref_read
- OVERRUN illegal_address
- OVERRUN none
- OVERRUN read
- OVERRUN strlen
- OVERRUN write
- SIZECHECK ampersand_in_size
- SIZECHECK improper_new
- SIZECHECK incorrect_multiplication
- SIZECHECK likely_overflow
- SIZECHECK none
- STRING_OVERFLOW fixed_size_dest
- STRING_OVERFLOW likely_overflow
- STRING_OVERFLOW none
- STRING_SIZE none
|
|
|
|
|
|
|
|
| 1219 File Handling Issues |
|
|
|
|
- FB.PT_ABSOLUTE_PATH_TRAVERSAL none
- FB.PT_RELATIVE_PATH_TRAVERSAL none
- PATH_MANIPULATION none
- UNSAFE_JNI none
|
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
- PATH_MANIPULATION none
|
|
|
|
|
- PATH_MANIPULATION dynamic_render_path_hi
- PATH_MANIPULATION dynamic_render_path_low
- PATH_MANIPULATION dynamic_render_path_med
- PATH_MANIPULATION dynamic_render_path_rce_hi
- PATH_MANIPULATION file_access_hi
- PATH_MANIPULATION file_access_low
- PATH_MANIPULATION file_access_med
|
|
|
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
- PATH_MANIPULATION none
|
|
| 1220 Insufficient Granularity of Access Control |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1221 Incorrect Register Defaults or Module Parameters |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1222 Insufficient Granularity of Address Regions Protected by Register Locks |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1223 Race Condition for Write-Once Attributes |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1224 Improper Restriction of Write-Once Bit Fields |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1225 Documentation Issues |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1226 Complexity Issues |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1227 Encapsulation Issues |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1228 API / Function Errors |
|
- DC.PREDICTABLE_KEY_PASSWORD none
- DC.STREAM_BUFFER none
- DC.STRING_BUFFER none
- DC.WEAK_CRYPTO none
- PRINTF_ARGS invalid_printf_format_string
- SECURE_CODING none
|
- DC.PREDICTABLE_KEY_PASSWORD none
- DC.STREAM_BUFFER none
- DC.STRING_BUFFER none
- DC.WEAK_CRYPTO none
- PRINTF_ARGS invalid_printf_format_string
- SECURE_CODING none
|
|
|
|
|
- DC.PREDICTABLE_KEY_PASSWORD none
- DC.STREAM_BUFFER none
- DC.STRING_BUFFER none
- DC.WEAK_CRYPTO none
- PRINTF_ARGS invalid_printf_format_string
- SECURE_CODING none
|
|
|
|
|
|
|
|
| 1229 Creation of Emergent Resource |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1230 Exposure of Sensitive Information Through Metadata |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1231 Improper Implementation of Lock Protection Registers |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1232 Improper Lock Behavior After Power State Transition |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1233 Improper Hardware Lock Protection for Security Sensitive Controls |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1234 Hardware Internal or Debug Modes Allow Override of Locks |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1235 Incorrect Use of Autoboxing and Unboxing for Performance Critical Operations |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1236 Improper Neutralization of Formula Elements in a CSV File |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1237 SFP Primary Cluster: Faulty Resource Release |
|
- ALLOC_FREE_MISMATCH none
- BAD_FREE address
- BAD_FREE alloca
- BAD_FREE array
- BAD_FREE first_field_address
- BAD_FREE function_pointer
- BAD_FREE none
- COM.BAD_FREE none
- COM.BSTR.ALLOC double_free
- USE_AFTER_FREE double_free
|
- ALLOC_FREE_MISMATCH none
- BAD_FREE address
- BAD_FREE alloca
- BAD_FREE array
- BAD_FREE first_field_address
- BAD_FREE function_pointer
- BAD_FREE none
- USE_AFTER_FREE double_free
|
|
|
|
|
- ALLOC_FREE_MISMATCH none
- BAD_FREE address
- BAD_FREE alloca
- BAD_FREE array
- BAD_FREE first_field_address
- BAD_FREE function_pointer
- BAD_FREE none
- USE_AFTER_FREE double_free
|
|
|
|
|
|
|
|
| 1238 SFP Primary Cluster: Failure to Release Memory |
|
- COM.ADDROF_LEAK none
- COM.BSTR.ALLOC leak
- CTOR_DTOR_LEAK none
- NO_EFFECT incomplete_delete
|
- CTOR_DTOR_LEAK none
- NO_EFFECT incomplete_delete
|
|
|
|
|
- CTOR_DTOR_LEAK none
- NO_EFFECT incomplete_delete
|
|
|
|
|
|
|
|
| 1239 Improper Zeroization of Hardware Register |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1240 Use of a Risky Cryptographic Primitive |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1241 Use of Predictable Algorithm in Random Number Generator |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1242 Inclusion of Undocumented Features or Chicken Bits |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1243 Sensitive Non-Volatile Information Not Protected During Debug |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1244 Improper Access to Sensitive Information Using Debug and Test Interfaces |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1245 Improper Finite State Machines (FSMs) in Hardware Logic |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1246 Improper Write Handling in Limited-write Non-Volatile Memories |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1247 Missing or Improperly Implemented Protection Against Voltage and Clock Glitches |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1248 Semiconductor Defects in Hardware Logic with Security-Sensitive Implications |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1249 Application-Level Admin Tool with Inconsistent View of Underlying Operating System |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1250 Improper Preservation of Consistency Between Independent Representations of Shared State |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1251 Mirrored Regions with Different Values |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1252 CPU Hardware Not Configured to Support Exclusivity of Write and Execute Operations |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1253 Incorrect Selection of Fuse Values |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1254 Incorrect Comparison Logic Granularity |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1255 Comparison Logic is Vulnerable to Power Side-Channel Attacks |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1256 Hardware Features Enable Physical Attacks from Software |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1257 Improper Access Control Applied to Mirrored or Aliased Memory Regions |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1258 Exposure of Sensitive System Information Due to Uncleared Debug Information |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1259 Improper Restriction of Security Token Assignment |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1260 Improper Handling of Overlap Between Protected Memory Ranges |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1261 Improper Handling of Single Event Upsets |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1262 Register Interface Allows Software Access to Sensitive Data or Security Settings |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1263 Improper Physical Access Control |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1264 Hardware Logic with Insecure De-Synchronization between Control and Data Channels |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1265 Unintended Reentrant Invocation of Non-reentrant Code Via Nested Calls |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1266 Improper Scrubbing of Sensitive Data from Decommissioned Device |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1267 Policy Uses Obsolete Encoding |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1268 Policy Privileges are not Assigned Consistently Between Control and Data Agents |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1269 Product Released in Non-Release Configuration |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1270 Generation of Incorrect Security Tokens |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1271 Unitialized Value on Reset for Registers Holding Security Settings |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1272 Sensitive Information Uncleared Before Debug/Power State Transition |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1273 Device Unlock Credential Sharing |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1274 Insufficient Protections on the Volatile Memory Containing Boot Code |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1275 Sensitive Cookie with Improper SameSite Attribute |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1276 Hardware Child Block Incorrectly Connected to Parent System |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1277 Firmware Not Updateable |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1278 Missing Protection Against Hardware Reverse Engineering Using Integrated Circuit (IC) Imaging Techniques |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1279 Cryptographic Operations are run Before Supporting Units are Ready |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1280 Access Control Check Implemented After Asset is Accessed |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1281 Sequence of Processor Instructions Leads to Unexpected Behavior (Halt and Catch Fire) |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1282 Assumed-Immutable Data is Stored in Writable Memory |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1283 Mutable Attestation or Measurement Reporting Data |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1284 Improper Validation of Specified Quantity in Input |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1285 Improper Validation of Specified Index, Position, or Offset in Input |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1286 Improper Validation of Syntactic Correctness of Input |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1287 Improper Validation of Specified Type of Input |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1288 Improper Validation of Consistency within Input |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1289 Improper Validation of Unsafe Equivalence in Input |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1290 Incorrect Decoding of Security Identifiers |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1291 Public Key Re-Use for Signing both Debug and Production Code |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1292 Incorrect Conversion of Security Identifiers |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1293 Missing Source Correlation of Multiple Independent Data |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1294 Insecure Security Identifier Mechanism |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1295 Debug Messages Revealing Unnecessary Information |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1296 Incorrect Chaining or Granularity of Debug Components |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1297 Unprotected Confidential Information on Device is Accessible by OSAT Vendors |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1298 Hardware Logic Contains Race Conditions |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1299 Missing Protection Mechanism for Alternate Hardware Interface |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1300 Improper Protection Against Physical Side Channels |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1301 Insufficient or Incomplete Data Removal within Hardware Component |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1302 Missing Security Identifier |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1303 Non-Transparent Sharing of Microarchitectural Resources |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1304 Improperly Preserved Integrity of Hardware Configuration State During a Power Save/Restore Operation |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1305 CISQ Quality Measures (2020) |
- BAD_EQ referential
- BAD_EQ_TYPES none
- BAD_LOCK_OBJECT boxed_lock
- BAD_LOCK_OBJECT interned_string_lock
- BAD_LOCK_OBJECT none
- BAD_LOCK_OBJECT single_thread_lock
- BAD_LOCK_OBJECT unsafe_assign_to_locked_field
- CONFIG.CONNECTION_STRING_PASSWORD none
- CONFIG.MISSING_CUSTOM_ERROR_PAGE none
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT missing_parentheses
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- DEADCODE dead_case_in_switch
- DEADCODE dead_default_in_switch
- DEADCODE effectively_constant
- DEADCODE none
- DEADCODE redundant_test
- DIVIDE_BY_ZERO float_divisor
- DIVIDE_BY_ZERO none
- FORWARD_NULL deref_constant_null
- FORWARD_NULL deref_constant_zero
- FORWARD_NULL dynamic_cast
- FORWARD_NULL none
- FORWARD_NULL null_from_as
- FORWARD_NULL throws_on_null
- GUARDED_BY_VIOLATION none
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HEADER_INJECTION none
- IDENTICAL_BRANCHES case
- IDENTICAL_BRANCHES chain
- IDENTICAL_BRANCHES if
- IDENTICAL_BRANCHES ternary
- INFINITE_LOOP no_escape
- INFINITE_LOOP none
- INSECURE_COOKIE dotnet
- LDAP_INJECTION none
- LDAP_NOT_CONSTANT none
- LOCK_EVASION none
- LOCK_INVERSION none
- MISSING_THROW none
- NON_STATIC_GUARDING_STATIC none
- NULL_RETURNS none
- NULL_RETURNS unimpl
- OS_CMD_INJECTION command_argument
- OS_CMD_INJECTION executable_file
- OS_CMD_INJECTION none
- OVERFLOW_BEFORE_WIDEN none
- PATH_MANIPULATION none
- RESOURCE_LEAK channel
- RESOURCE_LEAK database
- RESOURCE_LEAK exceptional_path
- RESOURCE_LEAK none
- RESOURCE_LEAK socket
- RESOURCE_LEAK stream
- REVERSE_INULL none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
- UNLOGGED_SECURITY_EXCEPTION unlogged_security_exception
- UNREACHABLE none
- UNSAFE_DESERIALIZATION none
- XML_EXTERNAL_ENTITY external_entities
- XML_EXTERNAL_ENTITY unrestricted_dtds
- XML_INJECTION none
- XPATH_INJECTION none
- XSS none
- XSS stored_xss
|
- ALLOC_FREE_MISMATCH none
- ARRAY_VS_SINGLETON none
- ATOMICITY none
- AUTOSAR C++14 A15-3-3 none
- BAD_ALLOC_ARITHMETIC none
- BAD_ALLOC_STRLEN none
- BAD_COMPARE comparator_misuse
- BAD_COMPARE misuse_of_not
- BAD_COMPARE string_lit_comparison
- BAD_FREE address
- BAD_FREE alloca
- BAD_FREE array
- BAD_FREE first_field_address
- BAD_FREE function_pointer
- BAD_FREE none
- BAD_SIZEOF none
- BAD_SIZEOF sizeof_ptr_expr
- BUFFER_SIZE fixed_size_dest
- BUFFER_SIZE likely_overflow
- BUFFER_SIZE no_null_terminator
- BUFFER_SIZE no_null_terminator_warn
- BUFFER_SIZE none
- BUFFER_SIZE overflow
- BUFFER_SIZE overlapping_buffer
- CHAR_IO none
- CHECKED_RETURN library_function
- CHECKED_RETURN none
- CHECKED_RETURN returns_error_info
- CHECKED_RETURN short_read
- CHECKED_RETURN unchecked_arg
- CHECKED_RETURN user_required
- COM.ADDROF_LEAK none
- COM.BAD_FREE none
- COM.BSTR.ALLOC double_free
- COM.BSTR.ALLOC free_uninit
- COM.BSTR.ALLOC leak
- COM.BSTR.ALLOC none
- COM.BSTR.ALLOC use_after_free
- COM.BSTR.ALLOC use_uninit
- COM.BSTR.CONV none
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT missing_parentheses
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- CTOR_DTOR_LEAK none
- DEADCODE dead_case_in_switch
- DEADCODE dead_default_in_switch
- DEADCODE effectively_constant
- DEADCODE none
- DEADCODE redundant_test
- DELETE_ARRAY non_array_delete
- DELETE_ARRAY none
- DELETE_ARRAY object
- DELETE_ARRAY scalar
- DELETE_VOID none
- DIVIDE_BY_ZERO float_divisor
- DIVIDE_BY_ZERO none
- EVALUATION_ORDER none
- FLOATING_POINT_EQUALITY none
- FORMAT_STRING_INJECTION none
- FORMAT_STRING_INJECTION paranoid
- FORWARD_NULL deref_constant_null
- FORWARD_NULL dynamic_cast
- FORWARD_NULL none
- FORWARD_NULL throws_on_null
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HEADER_INJECTION none
- IDENTICAL_BRANCHES case
- IDENTICAL_BRANCHES chain
- IDENTICAL_BRANCHES if
- IDENTICAL_BRANCHES ternary
- INCOMPATIBLE_CAST endianness
- INCOMPATIBLE_CAST float_vs_integral
- INCOMPATIBLE_CAST none
- INCOMPATIBLE_CAST overrun
- INFINITE_LOOP no_escape
- INFINITE_LOOP none
- INTEGER_OVERFLOW array_index_read
- INTEGER_OVERFLOW array_index_write
- INTEGER_OVERFLOW const_overflow
- INTEGER_OVERFLOW critical_argument
- INTEGER_OVERFLOW none
- INTEGER_OVERFLOW pointer_deref_read
- INTEGER_OVERFLOW pointer_deref_write
- INTEGER_OVERFLOW return_value_error
- INVALIDATE_ITERATOR none
- LOCK double_lock
- LOCK missing_unlock
- LOCK none
- MISMATCHED_ITERATOR none
- MISMATCHED_ITERATOR splice_iterator_mismatch
- MISRA C++-2008 Rule 15-3-2 none
- MISRA_CAST bitwise_op_bad_cast
- MISRA_CAST bitwise_op_no_cast
- MISRA_CAST float_complex_conversion
- MISRA_CAST float_narrowing_conversion
- MISRA_CAST float_non_constant_arg_conversion
- MISRA_CAST float_non_constant_conversion
- MISRA_CAST float_non_constant_rtn_conversion
- MISRA_CAST float_to_integer_cast
- MISRA_CAST float_to_integer_conversion
- MISRA_CAST float_widening_cast
- MISRA_CAST integer_complex_conversion
- MISRA_CAST integer_narrowing_conversion
- MISRA_CAST integer_non_constant_arg_conversion
- MISRA_CAST integer_non_constant_conversion
- MISRA_CAST integer_non_constant_rtn_conversion
- MISRA_CAST integer_signedness_changing_cast
- MISRA_CAST integer_signedness_changing_conversion
- MISRA_CAST integer_to_float_cast
- MISRA_CAST integer_to_float_conversion
- MISRA_CAST integer_widening_cast
- MISRA_CAST none
- MISSING_ASSIGN none
- MISSING_ASSIGN uncalled
- MISSING_BREAK none
- MISSING_COPY none
- MISSING_COPY uncalled
- MISSING_LOCK none
- NEGATIVE_RETURNS array_index_read
- NEGATIVE_RETURNS array_index_write
- NEGATIVE_RETURNS loop_bound
- NEGATIVE_RETURNS none
- NO_EFFECT bad_memset_fill_value
- NO_EFFECT bad_memset_truncated_fill
- NO_EFFECT bad_memset_zero_size
- NO_EFFECT extra_comma
- NO_EFFECT incomplete_delete
- NO_EFFECT no_effect_test
- NO_EFFECT self_assign
- NO_EFFECT unsigned_compare
- NO_EFFECT unsigned_compare_macros
- NO_EFFECT unsigned_enums
- NULL_RETURNS none
- NULL_RETURNS unimpl
- ORDER_REVERSAL none
- OS_CMD_INJECTION none
- OVERFLOW_BEFORE_WIDEN none
- OVERRUN illegal_address
- OVERRUN none
- OVERRUN read
- OVERRUN strlen
- OVERRUN write
- PATH_MANIPULATION none
- PW.ASSIGN_WHERE_COMPARE_MEANT none
- PW.BAD_CAST none
- PW.BRANCH_PAST_INITIALIZATION none
- PW.CONVERSION_TO_POINTER_LOSES_BITS none
- PW.DIVIDE_BY_ZERO none
- PW.INTEGER_OVERFLOW none
- PW.INTEGER_TOO_LARGE none
- PW.NON_CONST_PRINTF_FORMAT_STRING none
- PW.RETURN_PTR_TO_LOCAL_TEMP none
- PW.SHIFT_COUNT_TOO_LARGE none
- PW.UNSIGNED_COMPARE_WITH_NEGATIVE none
- READLINK none
- RESOURCE_LEAK exceptional_path
- RESOURCE_LEAK fds_handles
- RESOURCE_LEAK none
- RETURN_LOCAL escape_local_addr_to_fields_or_globals
- RETURN_LOCAL none
- REVERSE_INULL none
- REVERSE_NEGATIVE array_index_read
- REVERSE_NEGATIVE array_index_write
- REVERSE_NEGATIVE critical_argument
- REVERSE_NEGATIVE none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SIGN_EXTENSION none
- SIZECHECK ampersand_in_size
- SIZECHECK improper_new
- SIZECHECK incorrect_multiplication
- SIZECHECK likely_overflow
- SIZECHECK no_null_terminator
- SIZECHECK none
- SIZEOF_MISMATCH missing_parentheses
- SIZEOF_MISMATCH sizeof_punning
- SLEEP none
- SQLI none
- STRING_NULL none
- STRING_OVERFLOW fixed_size_dest
- STRING_OVERFLOW likely_overflow
- STRING_OVERFLOW none
- STRING_SIZE none
- TAINTED_SCALAR allocation
- TAINTED_SCALAR array_index_read
- TAINTED_SCALAR array_index_write
- TAINTED_SCALAR critical_argument
- TAINTED_SCALAR divisor
- TAINTED_SCALAR loop_bound
- TAINTED_SCALAR none
- TAINTED_SCALAR pointer_deref_read
- TAINTED_SCALAR pointer_deref_write
- UNCAUGHT_EXCEPT none
- UNINIT array_index_read
- UNINIT array_index_write
- UNINIT none
- UNINIT pointer_deref_read
- UNINIT pointer_deref_write
- UNINIT_CTOR none
- UNINIT_CTOR pointer
- UNREACHABLE none
- URL_MANIPULATION none
- USE_AFTER_FREE deref_read_after_free
- USE_AFTER_FREE deref_write_after_free
- USE_AFTER_FREE double_close
- USE_AFTER_FREE double_free
- USE_AFTER_FREE none
- USE_AFTER_FREE use_after_close
- VIRTUAL_DTOR empty_dtor
- VIRTUAL_DTOR none
- WRAPPER_ESCAPE COM_deref_read_after_free
- WRAPPER_ESCAPE COM_deref_write_after_free
- WRAPPER_ESCAPE COM_use_after_free
- WRAPPER_ESCAPE deref_read_after_free
- WRAPPER_ESCAPE deref_write_after_free
- WRAPPER_ESCAPE none
- XPATH_INJECTION none
- Y2K38_SAFETY declaration_with_small_time_t
- Y2K38_SAFETY truncation_of_time_t
|
- ALLOC_FREE_MISMATCH none
- ARRAY_VS_SINGLETON none
- ATOMICITY none
- AUTOSAR C++14 A15-3-3 none
- BAD_ALLOC_ARITHMETIC none
- BAD_ALLOC_STRLEN none
- BAD_COMPARE comparator_misuse
- BAD_COMPARE misuse_of_not
- BAD_COMPARE string_lit_comparison
- BAD_FREE address
- BAD_FREE alloca
- BAD_FREE array
- BAD_FREE first_field_address
- BAD_FREE function_pointer
- BAD_FREE none
- BAD_SIZEOF none
- BAD_SIZEOF sizeof_ptr_expr
- BUFFER_SIZE fixed_size_dest
- BUFFER_SIZE likely_overflow
- BUFFER_SIZE no_null_terminator
- BUFFER_SIZE no_null_terminator_warn
- BUFFER_SIZE none
- BUFFER_SIZE overflow
- BUFFER_SIZE overlapping_buffer
- CHAR_IO none
- CHECKED_RETURN library_function
- CHECKED_RETURN none
- CHECKED_RETURN returns_error_info
- CHECKED_RETURN short_read
- CHECKED_RETURN unchecked_arg
- CHECKED_RETURN user_required
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT missing_parentheses
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- CTOR_DTOR_LEAK none
- DEADCODE dead_case_in_switch
- DEADCODE dead_default_in_switch
- DEADCODE effectively_constant
- DEADCODE none
- DEADCODE redundant_test
- DELETE_ARRAY non_array_delete
- DELETE_ARRAY none
- DELETE_ARRAY object
- DELETE_ARRAY scalar
- DELETE_VOID none
- DIVIDE_BY_ZERO float_divisor
- DIVIDE_BY_ZERO none
- EVALUATION_ORDER none
- FORMAT_STRING_INJECTION none
- FORMAT_STRING_INJECTION paranoid
- FORWARD_NULL deref_constant_null
- FORWARD_NULL dynamic_cast
- FORWARD_NULL none
- FORWARD_NULL throws_on_null
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HEADER_INJECTION none
- IDENTICAL_BRANCHES case
- IDENTICAL_BRANCHES chain
- IDENTICAL_BRANCHES if
- IDENTICAL_BRANCHES ternary
- INCOMPATIBLE_CAST endianness
- INCOMPATIBLE_CAST float_vs_integral
- INCOMPATIBLE_CAST none
- INCOMPATIBLE_CAST overrun
- INFINITE_LOOP no_escape
- INFINITE_LOOP none
- INTEGER_OVERFLOW array_index_read
- INTEGER_OVERFLOW array_index_write
- INTEGER_OVERFLOW const_overflow
- INTEGER_OVERFLOW critical_argument
- INTEGER_OVERFLOW none
- INTEGER_OVERFLOW pointer_deref_read
- INTEGER_OVERFLOW pointer_deref_write
- INTEGER_OVERFLOW return_value_error
- INVALIDATE_ITERATOR none
- LOCK double_lock
- LOCK missing_unlock
- LOCK none
- MISMATCHED_ITERATOR none
- MISMATCHED_ITERATOR splice_iterator_mismatch
- MISRA C++-2008 Rule 15-3-2 none
- MISRA_CAST bitwise_op_bad_cast
- MISRA_CAST bitwise_op_no_cast
- MISRA_CAST float_complex_conversion
- MISRA_CAST float_narrowing_conversion
- MISRA_CAST float_non_constant_arg_conversion
- MISRA_CAST float_non_constant_conversion
- MISRA_CAST float_non_constant_rtn_conversion
- MISRA_CAST float_to_integer_cast
- MISRA_CAST float_to_integer_conversion
- MISRA_CAST float_widening_cast
- MISRA_CAST integer_complex_conversion
- MISRA_CAST integer_narrowing_conversion
- MISRA_CAST integer_non_constant_arg_conversion
- MISRA_CAST integer_non_constant_conversion
- MISRA_CAST integer_non_constant_rtn_conversion
- MISRA_CAST integer_signedness_changing_cast
- MISRA_CAST integer_signedness_changing_conversion
- MISRA_CAST integer_to_float_cast
- MISRA_CAST integer_to_float_conversion
- MISRA_CAST integer_widening_cast
- MISRA_CAST none
- MISSING_ASSIGN none
- MISSING_ASSIGN uncalled
- MISSING_BREAK none
- MISSING_COPY none
- MISSING_COPY uncalled
- MISSING_LOCK none
- NEGATIVE_RETURNS array_index_read
- NEGATIVE_RETURNS array_index_write
- NEGATIVE_RETURNS loop_bound
- NEGATIVE_RETURNS none
- NO_EFFECT bad_memset_fill_value
- NO_EFFECT bad_memset_truncated_fill
- NO_EFFECT bad_memset_zero_size
- NO_EFFECT extra_comma
- NO_EFFECT incomplete_delete
- NO_EFFECT no_effect_test
- NO_EFFECT self_assign
- NO_EFFECT unsigned_compare
- NO_EFFECT unsigned_compare_macros
- NO_EFFECT unsigned_enums
- NULL_RETURNS none
- NULL_RETURNS unimpl
- ORDER_REVERSAL none
- OS_CMD_INJECTION none
- OVERFLOW_BEFORE_WIDEN none
- OVERRUN illegal_address
- OVERRUN none
- OVERRUN read
- OVERRUN strlen
- OVERRUN write
- PATH_MANIPULATION none
- PW.ASSIGN_WHERE_COMPARE_MEANT none
- PW.BAD_CAST none
- PW.BRANCH_PAST_INITIALIZATION none
- PW.CONVERSION_TO_POINTER_LOSES_BITS none
- PW.DIVIDE_BY_ZERO none
- PW.INTEGER_OVERFLOW none
- PW.INTEGER_TOO_LARGE none
- PW.NON_CONST_PRINTF_FORMAT_STRING none
- PW.RETURN_PTR_TO_LOCAL_TEMP none
- PW.SHIFT_COUNT_TOO_LARGE none
- PW.UNSIGNED_COMPARE_WITH_NEGATIVE none
- READLINK none
- RESOURCE_LEAK exceptional_path
- RESOURCE_LEAK fds_handles
- RESOURCE_LEAK none
- RETURN_LOCAL escape_local_addr_to_fields_or_globals
- RETURN_LOCAL none
- REVERSE_INULL none
- REVERSE_NEGATIVE array_index_read
- REVERSE_NEGATIVE array_index_write
- REVERSE_NEGATIVE critical_argument
- REVERSE_NEGATIVE none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SIGN_EXTENSION none
- SIZECHECK ampersand_in_size
- SIZECHECK improper_new
- SIZECHECK incorrect_multiplication
- SIZECHECK likely_overflow
- SIZECHECK no_null_terminator
- SIZECHECK none
- SIZEOF_MISMATCH missing_parentheses
- SIZEOF_MISMATCH sizeof_punning
- SLEEP none
- SQLI none
- STRING_NULL none
- STRING_OVERFLOW fixed_size_dest
- STRING_OVERFLOW likely_overflow
- STRING_OVERFLOW none
- STRING_SIZE none
- TAINTED_SCALAR allocation
- TAINTED_SCALAR array_index_read
- TAINTED_SCALAR array_index_write
- TAINTED_SCALAR critical_argument
- TAINTED_SCALAR divisor
- TAINTED_SCALAR loop_bound
- TAINTED_SCALAR none
- TAINTED_SCALAR pointer_deref_read
- TAINTED_SCALAR pointer_deref_write
- UNCAUGHT_EXCEPT none
- UNINIT array_index_read
- UNINIT array_index_write
- UNINIT none
- UNINIT pointer_deref_read
- UNINIT pointer_deref_write
- UNINIT_CTOR none
- UNINIT_CTOR pointer
- UNREACHABLE none
- URL_MANIPULATION none
- USE_AFTER_FREE deref_read_after_free
- USE_AFTER_FREE deref_write_after_free
- USE_AFTER_FREE double_close
- USE_AFTER_FREE double_free
- USE_AFTER_FREE none
- USE_AFTER_FREE use_after_close
- VIRTUAL_DTOR empty_dtor
- VIRTUAL_DTOR none
- WRAPPER_ESCAPE COM_deref_read_after_free
- WRAPPER_ESCAPE COM_deref_write_after_free
- WRAPPER_ESCAPE COM_use_after_free
- WRAPPER_ESCAPE deref_read_after_free
- WRAPPER_ESCAPE deref_write_after_free
- WRAPPER_ESCAPE none
- XPATH_INJECTION none
|
- ATOMICITY none
- CHECKED_RETURN none
- CHECKED_RETURN unchecked_arg
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT missing_parentheses
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- DEADCODE dead_case_in_switch
- DEADCODE dead_default_in_switch
- DEADCODE effectively_constant
- DEADCODE none
- DEADCODE redundant_test
- DISTRUSTED_DATA_DESERIALIZATION none
- DIVIDE_BY_ZERO float_divisor
- DIVIDE_BY_ZERO none
- FORWARD_NULL deref_constant_null
- FORWARD_NULL none
- GUARDED_BY_VIOLATION none
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HEADER_INJECTION none
- IDENTICAL_BRANCHES case
- IDENTICAL_BRANCHES chain
- IDENTICAL_BRANCHES if
- IDENTICAL_BRANCHES ternary
- INFINITE_LOOP no_escape
- INFINITE_LOOP none
- INSUFFICIENT_LOGGING logging_obligation
- LOCK double_lock
- LOCK missing_unlock
- LOCK none
- LOCK_INVERSION none
- NULL_RETURNS none
- NULL_RETURNS unimpl
- OS_CMD_INJECTION command_as_one_string
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- REVERSE_INULL none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SLEEP none
- SQLI none
- SQLI nosink
- SQLI sink
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
- URL_MANIPULATION none
- XML_EXTERNAL_ENTITY external_entities
- XSS none
|
- ATOMICITY none
- BAD_CERT_VERIFICATION bad_revocation_check
- BAD_LOCK_OBJECT boxed_lock
- BAD_LOCK_OBJECT interned_string_lock
- BAD_LOCK_OBJECT none
- BAD_LOCK_OBJECT single_thread_lock
- BAD_LOCK_OBJECT unsafe_assign_to_locked_field
- CALL_SUPER finalize
- CHECKED_RETURN library_function
- CHECKED_RETURN none
- CHECKED_RETURN short_read
- CHECKED_RETURN user_required
- CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
- CONFIG.MISSING_GLOBAL_EXCEPTION_HANDLER none
- CONFIG.MISSING_JSF2_SECURITY_CONSTRAINT none
- CONFIG.MYBATIS_MAPPER_SQLI none
- CONFIG.SPRING_SECURITY_DEPRECATED_XSS_HEADER deprecated_xss_header
- CONFIG.SPRING_SECURITY_HARDCODED_CREDENTIALS none
- CONFIG.SPRING_SECURITY_REMEMBER_ME_HARDCODED_KEY none
- CONFIG.UNSAFE_SESSION_TIMEOUT none
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT missing_parentheses
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- DC.DEADLOCK none
- DEADCODE dead_case_in_switch
- DEADCODE dead_default_in_switch
- DEADCODE effectively_constant
- DEADCODE none
- DEADCODE redundant_test
- DIVIDE_BY_ZERO float_divisor
- DIVIDE_BY_ZERO none
- EL_INJECTION none
- FB.BC_IMPOSSIBLE_CAST none
- FB.BC_IMPOSSIBLE_DOWNCAST none
- FB.BC_IMPOSSIBLE_DOWNCAST_OF_TOARRAY none
- FB.BC_IMPOSSIBLE_INSTANCEOF none
- FB.BC_NULL_INSTANCEOF none
- FB.BC_VACUOUS_INSTANCEOF none
- FB.BX_BOXING_IMMEDIATELY_UNBOXED_TO_PERFORM_COERCION none
- FB.DC_DOUBLECHECK none
- FB.DC_PARTIALLY_CONSTRUCTED none
- FB.DE_MIGHT_DROP none
- FB.DE_MIGHT_IGNORE none
- FB.DMI_CONSTANT_DB_PASSWORD none
- FB.DMI_EMPTY_DB_PASSWORD none
- FB.EQ_ABSTRACT_SELF none
- FB.EQ_ALWAYS_FALSE none
- FB.EQ_ALWAYS_TRUE none
- FB.EQ_CHECK_FOR_OPERAND_NOT_COMPATIBLE_WITH_THIS none
- FB.EQ_COMPARETO_USE_OBJECT_EQUALS none
- FB.EQ_COMPARING_CLASS_NAMES none
- FB.EQ_DOESNT_OVERRIDE_EQUALS none
- FB.EQ_DONT_DEFINE_EQUALS_FOR_ENUM none
- FB.EQ_GETCLASS_AND_CLASS_CONSTANT none
- FB.EQ_OTHER_NO_OBJECT none
- FB.EQ_OTHER_USE_OBJECT none
- FB.EQ_OVERRIDING_EQUALS_NOT_SYMMETRIC none
- FB.EQ_SELF_NO_OBJECT none
- FB.EQ_SELF_USE_OBJECT none
- FB.EQ_UNUSUAL none
- FB.ES_COMPARING_PARAMETER_STRING_WITH_EQ none
- FB.ES_COMPARING_STRINGS_WITH_EQ none
- FB.ICAST_BAD_SHIFT_AMOUNT none
- FB.ICAST_IDIV_CAST_TO_DOUBLE none
- FB.ICAST_INTEGER_MULTIPLY_CAST_TO_LONG none
- FB.ICAST_INT_2_LONG_AS_INSTANT none
- FB.ICAST_INT_CAST_TO_DOUBLE_PASSED_TO_CEIL none
- FB.ICAST_INT_CAST_TO_FLOAT_PASSED_TO_ROUND none
- FB.ICAST_QUESTIONABLE_UNSIGNED_RIGHT_SHIFT none
- FB.LI_LAZY_INIT_STATIC none
- FB.LI_LAZY_INIT_UPDATE_STATIC none
- FB.NP_ALWAYS_NULL none
- FB.NP_ALWAYS_NULL_EXCEPTION none
- FB.NP_ARGUMENT_MIGHT_BE_NULL none
- FB.NP_BOOLEAN_RETURN_NULL none
- FB.NP_CLONE_COULD_RETURN_NULL none
- FB.NP_CLOSING_NULL none
- FB.NP_DEREFERENCE_OF_READLINE_VALUE none
- FB.NP_DOES_NOT_HANDLE_NULL none
- FB.NP_EQUALS_SHOULD_HANDLE_NULL_ARGUMENT none
- FB.NP_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR none
- FB.NP_GUARANTEED_DEREF none
- FB.NP_GUARANTEED_DEREF_ON_EXCEPTION_PATH none
- FB.NP_IMMEDIATE_DEREFERENCE_OF_READLINE none
- FB.NP_LOAD_OF_KNOWN_NULL_VALUE none
- FB.NP_METHOD_PARAMETER_RELAXING_ANNOTATION none
- FB.NP_METHOD_PARAMETER_TIGHTENS_ANNOTATION none
- FB.NP_METHOD_RETURN_RELAXING_ANNOTATION none
- FB.NP_NONNULL_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR none
- FB.NP_NONNULL_PARAM_VIOLATION none
- FB.NP_NONNULL_RETURN_VIOLATION none
- FB.NP_NULL_INSTANCEOF none
- FB.NP_NULL_ON_SOME_PATH none
- FB.NP_NULL_ON_SOME_PATH_EXCEPTION none
- FB.NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE none
- FB.NP_NULL_ON_SOME_PATH_MIGHT_BE_INFEASIBLE none
- FB.NP_NULL_PARAM_DEREF none
- FB.NP_NULL_PARAM_DEREF_ALL_TARGETS_DANGEROUS none
- FB.NP_NULL_PARAM_DEREF_NONVIRTUAL none
- FB.NP_OPTIONAL_RETURN_NULL none
- FB.NP_PARAMETER_MUST_BE_NONNULL_BUT_MARKED_AS_NULLABLE none
- FB.NP_STORE_INTO_NONNULL_FIELD none
- FB.NP_TOSTRING_COULD_RETURN_NULL none
- FB.NP_UNWRITTEN_FIELD none
- FB.NP_UNWRITTEN_PUBLIC_OR_PROTECTED_FIELD none
- FB.PT_ABSOLUTE_PATH_TRAVERSAL none
- FB.PT_RELATIVE_PATH_TRAVERSAL none
- FB.QBA_QUESTIONABLE_BOOLEAN_ASSIGNMENT none
- FB.RCN_REDUNDANT_COMPARISON_OF_NULL_AND_NONNULL_VALUE none
- FB.RCN_REDUNDANT_COMPARISON_TWO_NULL_VALUES none
- FB.RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE none
- FB.RCN_REDUNDANT_NULLCHECK_OF_NULL_VALUE none
- FB.RCN_REDUNDANT_NULLCHECK_WOULD_HAVE_BEEN_A_NPE none
- FB.REC_CATCH_EXCEPTION none
- FB.RU_INVOKE_RUN none
- FB.RV_RETURN_VALUE_IGNORED_BAD_PRACTICE none
- FB.SF_DEAD_STORE_DUE_TO_SWITCH_FALLTHROUGH none
- FB.SF_DEAD_STORE_DUE_TO_SWITCH_FALLTHROUGH_TO_THROW none
- FB.SF_SWITCH_FALLTHROUGH none
- FB.SQL_NONCONSTANT_STRING_PASSED_TO_EXECUTE none
- FB.SQL_PREPARED_STATEMENT_GENERATED_FROM_NONCONSTANT_STRING none
- FB.XSS_REQUEST_PARAMETER_TO_JSP_WRITER none
- FB.XSS_REQUEST_PARAMETER_TO_SEND_ERROR none
- FB.XSS_REQUEST_PARAMETER_TO_SERVLET_WRITER none
- FORWARD_NULL deref_constant_null
- FORWARD_NULL deref_constant_zero
- FORWARD_NULL needs_null_check
- FORWARD_NULL none
- GUARDED_BY_VIOLATION none
- GUARDED_BY_VIOLATION unlocked_read
- GUARDED_BY_VIOLATION unlocked_write
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HEADER_INJECTION none
- IDENTICAL_BRANCHES case
- IDENTICAL_BRANCHES chain
- IDENTICAL_BRANCHES if
- IDENTICAL_BRANCHES ternary
- INFINITE_LOOP no_escape
- INFINITE_LOOP none
- INVALIDATE_ITERATOR map_put
- INVALIDATE_ITERATOR none
- JSP_DYNAMIC_INCLUDE none
- JSP_SQL_INJECTION none
- LDAP_INJECTION none
- LDAP_NOT_CONSTANT none
- LOCK_EVASION none
- LOCK_INVERSION none
- MISSING_BREAK none
- MISSING_HEADER_VALIDATION missing_header_validation
- MISSING_THROW none
- NON_STATIC_GUARDING_STATIC none
- NULL_RETURNS none
- NULL_RETURNS unimpl
- ORM_LOAD_NULL_CHECK none
- OS_CMD_INJECTION command_as_array_of_args
- OS_CMD_INJECTION command_as_one_string
- OS_CMD_INJECTION none
- OVERFLOW_BEFORE_WIDEN none
- PATH_MANIPULATION none
- RESOURCE_LEAK exceptional_path
- RESOURCE_LEAK none
- RESOURCE_LEAK socket
- RESOURCE_LEAK stream
- REVERSE_INULL none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SERVLET_ATOMICITY attribute_init_race
- SERVLET_ATOMICITY none
- SERVLET_ATOMICITY violation_on_session_object
- SINGLETON_RACE none
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
- UNLOGGED_SECURITY_EXCEPTION unlogged_security_exception
- UNREACHABLE none
- UNSAFE_DESERIALIZATION none
- URL_MANIPULATION bad_content_uri
- URL_MANIPULATION bad_intent_uri
- URL_MANIPULATION bad_web_uri
- USE_AFTER_FREE none
- VERBOSE_ERROR_REPORTING exception_information
- VERBOSE_ERROR_REPORTING stack_trace
- XML_EXTERNAL_ENTITY external_entities
- XML_EXTERNAL_ENTITY unrestricted_dtds
- XML_INJECTION none
- XPATH_INJECTION none
- XSS none
- XSS stored_xss
|
- ANGULAR_BYPASS_SECURITY none
- ANGULAR_ELEMENT_REFERENCE none
- ANGULAR_SCE_DISABLED angular_sce_disabled
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
- CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
- CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
- CONFIG.JSONWEBTOKEN_NON_EXPIRING_TOKEN jwt_non_expiring_token
- CONFIG.MISSING_GLOBAL_EXCEPTION_HANDLER winston_exception_handling
- CONFIG.UNSAFE_SESSION_TIMEOUT client_sessions_unsafe_session_timeout
- CONFIG.UNSAFE_SESSION_TIMEOUT connect_mongo_session_timeout_too_long
- CONFIG.UNSAFE_SESSION_TIMEOUT connect_redis_session_timeout_too_long
- CONFIG.UNSAFE_SESSION_TIMEOUT google_cloud_connect_datastore_unsafe_session_timeout
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT missing_parentheses
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- CORS_MISCONFIGURATION_AUDIT cors_preflight_age_too_long
- DEADCODE none
- DEADCODE redundant_test
- DOM_XSS none
- EXPRESS_SESSION_UNSAFE_MEMORYSTORE express_session_unsafe_memorystore
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
- FORWARD_NULL bad_null_value_use
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HEADER_INJECTION none
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_max_age
- IDENTICAL_BRANCHES case
- IDENTICAL_BRANCHES chain
- IDENTICAL_BRANCHES if
- IDENTICAL_BRANCHES ternary
- INSECURE_ACL insecure_acl
- INSECURE_COOKIE client_sessions_express_session
- INSECURE_COOKIE hapi_server_session
- INSUFFICIENT_LOGGING logging_obligation
- INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_aws
- INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_google
- JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_exipration
- JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_not_before
- LOCALSTORAGE_MANIPULATION none
- MISSING_BREAK none
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_count
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
- MULTER_MISCONFIGURATION multer_misconfiguration_of_limits
- NO_EFFECT self_assign
- NULL_RETURNS none
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- REACT_DANGEROUS_INNERHTML react_set_unsafe_html
- REVERSE_INULL none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SESSIONSTORAGE_MANIPULATION none
- SQLI none
- SQLI nosink
- SQLI sink
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
- TEMPORARY_CREDENTIALS_DURATION temporary_credentials_duration
- UNREACHABLE none
- UNSAFE_DESERIALIZATION none
- URL_MANIPULATION none
- VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
- XML_EXTERNAL_ENTITY external_entities
- XSS none
|
- BAD_CERT_VERIFICATION bad_revocation_check
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HEADER_INJECTION none
- OS_CMD_INJECTION command_as_array_of_args
- OS_CMD_INJECTION command_as_one_string
- PATH_MANIPULATION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SQLI none
- SQLI nosink
- SQLI sink
- UNSAFE_DESERIALIZATION none
- URL_MANIPULATION bad_content_uri
- URL_MANIPULATION bad_intent_uri
- URL_MANIPULATION bad_web_uri
- XML_EXTERNAL_ENTITY external_entities
- XML_EXTERNAL_ENTITY unrestricted_dtds
|
- ALLOC_FREE_MISMATCH none
- ARRAY_VS_SINGLETON none
- ATOMICITY none
- BAD_ALLOC_ARITHMETIC none
- BAD_ALLOC_STRLEN none
- BAD_COMPARE comparator_misuse
- BAD_COMPARE misuse_of_not
- BAD_COMPARE string_lit_comparison
- BAD_FREE address
- BAD_FREE alloca
- BAD_FREE array
- BAD_FREE first_field_address
- BAD_FREE function_pointer
- BAD_FREE none
- BAD_SIZEOF none
- BAD_SIZEOF sizeof_ptr_expr
- BUFFER_SIZE fixed_size_dest
- BUFFER_SIZE likely_overflow
- BUFFER_SIZE no_null_terminator
- BUFFER_SIZE no_null_terminator_warn
- BUFFER_SIZE none
- BUFFER_SIZE overflow
- BUFFER_SIZE overlapping_buffer
- CHAR_IO none
- CHECKED_RETURN library_function
- CHECKED_RETURN none
- CHECKED_RETURN short_read
- CHECKED_RETURN unchecked_arg
- CHECKED_RETURN user_required
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT missing_parentheses
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- CTOR_DTOR_LEAK none
- DEADCODE dead_case_in_switch
- DEADCODE dead_default_in_switch
- DEADCODE effectively_constant
- DEADCODE none
- DEADCODE redundant_test
- DELETE_ARRAY non_array_delete
- DELETE_ARRAY none
- DELETE_ARRAY object
- DELETE_ARRAY scalar
- DELETE_VOID none
- DIVIDE_BY_ZERO float_divisor
- DIVIDE_BY_ZERO none
- EVALUATION_ORDER none
- FORMAT_STRING_INJECTION none
- FORMAT_STRING_INJECTION paranoid
- FORWARD_NULL deref_constant_null
- FORWARD_NULL dynamic_cast
- FORWARD_NULL none
- FORWARD_NULL throws_on_null
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HEADER_INJECTION none
- IDENTICAL_BRANCHES case
- IDENTICAL_BRANCHES chain
- IDENTICAL_BRANCHES if
- IDENTICAL_BRANCHES ternary
- INCOMPATIBLE_CAST endianness
- INCOMPATIBLE_CAST float_vs_integral
- INCOMPATIBLE_CAST none
- INCOMPATIBLE_CAST overrun
- INFINITE_LOOP no_escape
- INFINITE_LOOP none
- INTEGER_OVERFLOW array_index_read
- INTEGER_OVERFLOW array_index_write
- INTEGER_OVERFLOW const_overflow
- INTEGER_OVERFLOW critical_argument
- INTEGER_OVERFLOW none
- INTEGER_OVERFLOW pointer_deref_read
- INTEGER_OVERFLOW pointer_deref_write
- INTEGER_OVERFLOW return_value_error
- INVALIDATE_ITERATOR none
- LOCK double_lock
- LOCK missing_unlock
- LOCK none
- MISMATCHED_ITERATOR none
- MISMATCHED_ITERATOR splice_iterator_mismatch
- MISRA_CAST bitwise_op_bad_cast
- MISRA_CAST bitwise_op_no_cast
- MISRA_CAST float_complex_conversion
- MISRA_CAST float_narrowing_conversion
- MISRA_CAST float_non_constant_arg_conversion
- MISRA_CAST float_non_constant_conversion
- MISRA_CAST float_non_constant_rtn_conversion
- MISRA_CAST float_to_integer_cast
- MISRA_CAST float_to_integer_conversion
- MISRA_CAST float_widening_cast
- MISRA_CAST integer_complex_conversion
- MISRA_CAST integer_narrowing_conversion
- MISRA_CAST integer_non_constant_arg_conversion
- MISRA_CAST integer_non_constant_conversion
- MISRA_CAST integer_non_constant_rtn_conversion
- MISRA_CAST integer_signedness_changing_cast
- MISRA_CAST integer_signedness_changing_conversion
- MISRA_CAST integer_to_float_cast
- MISRA_CAST integer_to_float_conversion
- MISRA_CAST integer_widening_cast
- MISRA_CAST none
- MISSING_ASSIGN none
- MISSING_ASSIGN uncalled
- MISSING_BREAK none
- MISSING_COPY none
- MISSING_COPY uncalled
- MISSING_LOCK none
- NEGATIVE_RETURNS array_index_read
- NEGATIVE_RETURNS array_index_write
- NEGATIVE_RETURNS loop_bound
- NEGATIVE_RETURNS none
- NO_EFFECT bad_memset_fill_value
- NO_EFFECT bad_memset_truncated_fill
- NO_EFFECT bad_memset_zero_size
- NO_EFFECT extra_comma
- NO_EFFECT incomplete_delete
- NO_EFFECT no_effect_test
- NO_EFFECT self_assign
- NO_EFFECT unsigned_compare
- NO_EFFECT unsigned_compare_macros
- NO_EFFECT unsigned_enums
- NULL_RETURNS none
- NULL_RETURNS unimpl
- ORDER_REVERSAL none
- OS_CMD_INJECTION none
- OVERFLOW_BEFORE_WIDEN none
- OVERRUN illegal_address
- OVERRUN none
- OVERRUN read
- OVERRUN strlen
- OVERRUN write
- PATH_MANIPULATION none
- READLINK none
- RESOURCE_LEAK exceptional_path
- RESOURCE_LEAK fds_handles
- RESOURCE_LEAK none
- RETURN_LOCAL escape_local_addr_to_fields_or_globals
- RETURN_LOCAL none
- REVERSE_INULL none
- REVERSE_NEGATIVE array_index_read
- REVERSE_NEGATIVE array_index_write
- REVERSE_NEGATIVE critical_argument
- REVERSE_NEGATIVE none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SIGN_EXTENSION none
- SIZECHECK ampersand_in_size
- SIZECHECK improper_new
- SIZECHECK incorrect_multiplication
- SIZECHECK likely_overflow
- SIZECHECK no_null_terminator
- SIZECHECK none
- SIZEOF_MISMATCH missing_parentheses
- SIZEOF_MISMATCH sizeof_punning
- SLEEP none
- SQLI none
- STRING_NULL none
- STRING_OVERFLOW fixed_size_dest
- STRING_OVERFLOW likely_overflow
- STRING_OVERFLOW none
- STRING_SIZE none
- TAINTED_SCALAR allocation
- TAINTED_SCALAR array_index_read
- TAINTED_SCALAR array_index_write
- TAINTED_SCALAR critical_argument
- TAINTED_SCALAR divisor
- TAINTED_SCALAR loop_bound
- TAINTED_SCALAR none
- TAINTED_SCALAR pointer_deref_read
- TAINTED_SCALAR pointer_deref_write
- UNCAUGHT_EXCEPT none
- UNINIT array_index_read
- UNINIT array_index_write
- UNINIT none
- UNINIT pointer_deref_read
- UNINIT pointer_deref_write
- UNINIT_CTOR none
- UNINIT_CTOR pointer
- UNREACHABLE none
- URL_MANIPULATION none
- USE_AFTER_FREE deref_read_after_free
- USE_AFTER_FREE deref_write_after_free
- USE_AFTER_FREE double_close
- USE_AFTER_FREE double_free
- USE_AFTER_FREE none
- USE_AFTER_FREE use_after_close
- VIRTUAL_DTOR empty_dtor
- VIRTUAL_DTOR none
- WRAPPER_ESCAPE COM_deref_read_after_free
- WRAPPER_ESCAPE COM_deref_write_after_free
- WRAPPER_ESCAPE COM_use_after_free
- WRAPPER_ESCAPE deref_read_after_free
- WRAPPER_ESCAPE deref_write_after_free
- WRAPPER_ESCAPE none
- XPATH_INJECTION none
|
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT missing_parentheses
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- DEADCODE none
- DEADCODE redundant_test
- FORWARD_NULL bad_null_value_use
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HEADER_INJECTION none
- IDENTICAL_BRANCHES case
- IDENTICAL_BRANCHES chain
- IDENTICAL_BRANCHES if
- IDENTICAL_BRANCHES ternary
- MISSING_BREAK none
- NO_EFFECT self_assign
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SQLI none
- SQLI nosink
- SQLI sink
- UNREACHABLE none
- UNSAFE_DESERIALIZATION none
- XML_EXTERNAL_ENTITY external_entities
- XSS none
|
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT missing_parentheses
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- DEADCODE none
- DEADCODE redundant_test
- FORWARD_NULL bad_null_value_use
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- IDENTICAL_BRANCHES chain
- IDENTICAL_BRANCHES if
- IDENTICAL_BRANCHES ternary
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- REVERSE_INULL none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SQLI none
- SQLI nosink
- SQLI sink
- UNREACHABLE none
- UNSAFE_DESERIALIZATION none
- XML_EXTERNAL_ENTITY external_entities
- XSS none
|
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT missing_parentheses
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- COOKIE_SERIALIZER_CONFIG unsafe_cookie_serialization_med
- DEADCODE none
- DEADCODE redundant_test
- DIVIDE_BY_ZERO divide_by_zero_low
- DIVIDE_BY_ZERO divide_by_zero_med
- DYNAMIC_OBJECT_ATTRIBUTES cve_2013_0276_hi
- FORWARD_NULL bad_null_value_use
- HARDCODED_CREDENTIALS secret_in_source_med
- IDENTICAL_BRANCHES chain
- IDENTICAL_BRANCHES if
- IDENTICAL_BRANCHES ternary
- INSECURE_COOKIE missing_httponly_low
- NO_EFFECT self_assign
- OS_CMD_INJECTION command_injection_hi
- OS_CMD_INJECTION command_injection_med
- PATH_MANIPULATION dynamic_render_path_hi
- PATH_MANIPULATION dynamic_render_path_low
- PATH_MANIPULATION dynamic_render_path_med
- PATH_MANIPULATION dynamic_render_path_rce_hi
- PATH_MANIPULATION file_access_hi
- PATH_MANIPULATION file_access_low
- PATH_MANIPULATION file_access_med
- RAILS_DEVISE_CONFIG devise_reset_timeout_hi
- RESOURCE_LEAK unsafe_symbol_creation_low
- REVERSE_INULL none
- RUBY_VULNERABLE_LIBRARY cve_2010_3933_hi
- RUBY_VULNERABLE_LIBRARY cve_2011_2929_hi
- RUBY_VULNERABLE_LIBRARY cve_2011_2930_med
- RUBY_VULNERABLE_LIBRARY cve_2011_2931_hi
- RUBY_VULNERABLE_LIBRARY cve_2011_2932_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_2660_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_2661_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_2695_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_3463_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_3465_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_5664_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_0155_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_0156_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_0269_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_0269_low
- RUBY_VULNERABLE_LIBRARY cve_2013_0269_med
- RUBY_VULNERABLE_LIBRARY cve_2013_0277_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_0277_med
- RUBY_VULNERABLE_LIBRARY cve_2013_0333_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_1855_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_1857_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_4491_med
- RUBY_VULNERABLE_LIBRARY cve_2013_6416_call_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_6416_med
- RUBY_VULNERABLE_LIBRARY cve_2013_6417_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_0080_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_0081_call_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_0081_med
- RUBY_VULNERABLE_LIBRARY cve_2014_3482_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_3483_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_low
- RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_med
- RUBY_VULNERABLE_LIBRARY cve_2014_3514_med
- RUBY_VULNERABLE_LIBRARY cve_2015_3226_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_3226_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7577_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7578_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_7578_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7579_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_7579_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7580_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_7580_med
- RUBY_VULNERABLE_LIBRARY cve_2016_6317_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_3741_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_3741_med
- RUBY_VULNERABLE_LIBRARY cve_2018_3760_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_3760_low
- RUBY_VULNERABLE_LIBRARY cve_2018_8048_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_8048_med
- RUBY_VULNERABLE_LIBRARY safe_buffer_vuln_med
- RUBY_VULNERABLE_LIBRARY select_options_vuln_low
- RUBY_VULNERABLE_LIBRARY select_options_vuln_med
- RUBY_VULNERABLE_LIBRARY translate_vuln_hi
- RUBY_VULNERABLE_LIBRARY translate_vuln_med
- SENSITIVE_DATA_LEAK detailed_exceptions_hi
- SENSITIVE_DATA_LEAK detailed_exceptions_med
- SQLI sql_injection_calculate_hi
- SQLI sql_injection_calculate_low
- SQLI sql_injection_calculate_med
- SQLI sql_injection_connection_hi
- SQLI sql_injection_connection_low
- SQLI sql_injection_connection_med
- SQLI sql_injection_delete_hi
- SQLI sql_injection_delete_low
- SQLI sql_injection_delete_med
- SQLI sql_injection_dynamic_finder_med
- SQLI sql_injection_exists_hi
- SQLI sql_injection_find_by_hi
- SQLI sql_injection_find_hi
- SQLI sql_injection_find_low
- SQLI sql_injection_find_med
- SQLI sql_injection_from_hi
- SQLI sql_injection_from_low
- SQLI sql_injection_from_med
- SQLI sql_injection_group_low
- SQLI sql_injection_group_med
- SQLI sql_injection_having_low
- SQLI sql_injection_having_med
- SQLI sql_injection_hi
- SQLI sql_injection_interp_hi
- SQLI sql_injection_interp_low
- SQLI sql_injection_interp_med
- SQLI sql_injection_joins_hi
- SQLI sql_injection_joins_low
- SQLI sql_injection_joins_med
- SQLI sql_injection_limit_offset_hi
- SQLI sql_injection_limit_offset_low
- SQLI sql_injection_low
- SQLI sql_injection_med
- SQLI sql_injection_not_low
- SQLI sql_injection_order_hi
- SQLI sql_injection_order_low
- SQLI sql_injection_order_med
- SQLI sql_injection_pluck_hi
- SQLI sql_injection_pluck_low
- SQLI sql_injection_pluck_med
- SQLI sql_injection_reorder_hi
- SQLI sql_injection_reorder_low
- SQLI sql_injection_reorder_med
- SQLI sql_injection_select_hi
- SQLI sql_injection_select_med
- SQLI sql_injection_where_hi
- SQLI sql_injection_where_low
- SQLI sql_injection_where_med
- UNESCAPED_HTML unescaped_output_low
- UNREACHABLE none
- UNSAFE_BASIC_AUTH basic_auth_password_hi
- UNSAFE_DESERIALIZATION unsafe_deserialize_hi
- UNSAFE_DESERIALIZATION unsafe_deserialize_med
- UNSAFE_SESSION_SETTING http_cookies_hi
- UNSAFE_SESSION_SETTING session_secret_hi
- XSS cross_site_scripting_hi
- XSS cross_site_scripting_inline_hi
- XSS cross_site_scripting_inline_med
- XSS cross_site_scripting_low
- XSS cross_site_scripting_med
- XSS cve_2011_0446_hi
- XSS cve_2012_3464_med
- XSS cve_2016_6316_hi
- XSS cve_2016_6316_med
- XSS unquoted_attribute_hi
- XSS unquoted_attribute_low
- XSS unquoted_attribute_med
- XSS xss_content_tag_hi
- XSS xss_content_tag_med
- XSS xss_link_to_hi
- XSS xss_link_to_href_hi
- XSS xss_link_to_href_low
- XSS xss_link_to_med
- XSS xss_to_json_hi
- XSS xss_to_json_med
|
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT missing_parentheses
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- DEADCODE dead_case_in_switch
- DEADCODE dead_default_in_switch
- DEADCODE effectively_constant
- DEADCODE none
- DEADCODE redundant_test
- FORWARD_NULL deref_constant_null
- FORWARD_NULL none
- IDENTICAL_BRANCHES case
- IDENTICAL_BRANCHES chain
- IDENTICAL_BRANCHES if
- IDENTICAL_BRANCHES ternary
- NO_EFFECT self_assign
- OVERFLOW_BEFORE_WIDEN none
- REVERSE_INULL none
- UNREACHABLE none
|
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- DEADCODE dead_case_in_switch
- DEADCODE dead_default_in_switch
- DEADCODE effectively_constant
- DEADCODE none
- DEADCODE redundant_test
- FORWARD_NULL deref_constant_null
- FORWARD_NULL none
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- IDENTICAL_BRANCHES case
- IDENTICAL_BRANCHES chain
- IDENTICAL_BRANCHES if
- IDENTICAL_BRANCHES ternary
- PATH_MANIPULATION none
- REVERSE_INULL none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SQLI none
- SQLI nosink
- SQLI sink
- UNEXPECTED_CONTROL_FLOW ignored_exception_to_optional
- XML_EXTERNAL_ENTITY external_entities
- XPATH_INJECTION none
|
- ANGULAR_BYPASS_SECURITY none
- ANGULAR_ELEMENT_REFERENCE none
- ANGULAR_SCE_DISABLED angular_sce_disabled
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
- CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
- CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
- CONFIG.JSONWEBTOKEN_NON_EXPIRING_TOKEN jwt_non_expiring_token
- CONFIG.MISSING_GLOBAL_EXCEPTION_HANDLER winston_exception_handling
- CONFIG.UNSAFE_SESSION_TIMEOUT client_sessions_unsafe_session_timeout
- CONFIG.UNSAFE_SESSION_TIMEOUT connect_mongo_session_timeout_too_long
- CONFIG.UNSAFE_SESSION_TIMEOUT connect_redis_session_timeout_too_long
- CONFIG.UNSAFE_SESSION_TIMEOUT google_cloud_connect_datastore_unsafe_session_timeout
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT missing_parentheses
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- CORS_MISCONFIGURATION_AUDIT cors_preflight_age_too_long
- DEADCODE none
- DEADCODE redundant_test
- DOM_XSS none
- EXPRESS_SESSION_UNSAFE_MEMORYSTORE express_session_unsafe_memorystore
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
- FORWARD_NULL bad_null_value_use
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HEADER_INJECTION none
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_max_age
- IDENTICAL_BRANCHES case
- IDENTICAL_BRANCHES chain
- IDENTICAL_BRANCHES if
- IDENTICAL_BRANCHES ternary
- INSECURE_ACL insecure_acl
- INSECURE_COOKIE client_sessions_express_session
- INSECURE_COOKIE hapi_server_session
- INSUFFICIENT_LOGGING logging_obligation
- INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_aws
- INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_google
- JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_exipration
- JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_not_before
- LOCALSTORAGE_MANIPULATION none
- MISSING_BREAK none
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_count
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
- MULTER_MISCONFIGURATION multer_misconfiguration_of_limits
- NO_EFFECT self_assign
- NULL_RETURNS none
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- REACT_DANGEROUS_INNERHTML react_set_unsafe_html
- REVERSE_INULL none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SESSIONSTORAGE_MANIPULATION none
- SQLI none
- SQLI nosink
- SQLI sink
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
- TEMPORARY_CREDENTIALS_DURATION temporary_credentials_duration
- UNREACHABLE none
- UNSAFE_DESERIALIZATION none
- URL_MANIPULATION none
- VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
- XML_EXTERNAL_ENTITY external_entities
- XSS none
|
- CONFIG.MISSING_CUSTOM_ERROR_PAGE none
- DEADCODE dead_case_in_switch
- DEADCODE dead_default_in_switch
- DEADCODE effectively_constant
- DEADCODE none
- DEADCODE redundant_test
- DIVIDE_BY_ZERO float_divisor
- DIVIDE_BY_ZERO none
- FORWARD_NULL deref_constant_null
- FORWARD_NULL deref_constant_zero
- FORWARD_NULL dynamic_cast
- FORWARD_NULL none
- FORWARD_NULL null_from_as
- FORWARD_NULL throws_on_null
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HEADER_INJECTION none
- IDENTICAL_BRANCHES case
- IDENTICAL_BRANCHES chain
- IDENTICAL_BRANCHES if
- IDENTICAL_BRANCHES ternary
- INFINITE_LOOP no_escape
- INFINITE_LOOP none
- LDAP_INJECTION none
- LDAP_NOT_CONSTANT none
- LOCK_EVASION none
- NULL_RETURNS none
- OS_CMD_INJECTION command_argument
- OS_CMD_INJECTION executable_file
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- RESOURCE_LEAK channel
- RESOURCE_LEAK database
- RESOURCE_LEAK exceptional_path
- RESOURCE_LEAK none
- RESOURCE_LEAK socket
- RESOURCE_LEAK stream
- REVERSE_INULL none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
- UNLOGGED_SECURITY_EXCEPTION unlogged_security_exception
- UNREACHABLE none
- UNSAFE_DESERIALIZATION none
- XML_EXTERNAL_ENTITY external_entities
- XML_EXTERNAL_ENTITY unrestricted_dtds
- XML_INJECTION none
- XPATH_INJECTION none
- XSS none
- XSS stored_xss
|
| 1306 CISQ Quality Measures - Reliability |
- BAD_EQ referential
- BAD_LOCK_OBJECT boxed_lock
- BAD_LOCK_OBJECT interned_string_lock
- BAD_LOCK_OBJECT none
- BAD_LOCK_OBJECT single_thread_lock
- BAD_LOCK_OBJECT unsafe_assign_to_locked_field
- CONFIG.MISSING_CUSTOM_ERROR_PAGE none
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- DIVIDE_BY_ZERO float_divisor
- DIVIDE_BY_ZERO none
- FORWARD_NULL deref_constant_null
- FORWARD_NULL deref_constant_zero
- FORWARD_NULL dynamic_cast
- FORWARD_NULL none
- FORWARD_NULL null_from_as
- FORWARD_NULL throws_on_null
- GUARDED_BY_VIOLATION none
- INFINITE_LOOP no_escape
- INFINITE_LOOP none
- LOCK_EVASION none
- LOCK_INVERSION none
- MISSING_THROW none
- NON_STATIC_GUARDING_STATIC none
- NULL_RETURNS none
- NULL_RETURNS unimpl
- OVERFLOW_BEFORE_WIDEN none
- RESOURCE_LEAK channel
- RESOURCE_LEAK database
- RESOURCE_LEAK exceptional_path
- RESOURCE_LEAK none
- RESOURCE_LEAK socket
- RESOURCE_LEAK stream
- REVERSE_INULL none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
|
- ALLOC_FREE_MISMATCH none
- ARRAY_VS_SINGLETON none
- ATOMICITY none
- AUTOSAR C++14 A15-3-3 none
- BAD_ALLOC_ARITHMETIC none
- BAD_ALLOC_STRLEN none
- BAD_COMPARE comparator_misuse
- BAD_COMPARE string_lit_comparison
- BAD_FREE address
- BAD_FREE alloca
- BAD_FREE array
- BAD_FREE first_field_address
- BAD_FREE function_pointer
- BAD_FREE none
- BAD_SIZEOF none
- BAD_SIZEOF sizeof_ptr_expr
- BUFFER_SIZE fixed_size_dest
- BUFFER_SIZE likely_overflow
- BUFFER_SIZE no_null_terminator
- BUFFER_SIZE no_null_terminator_warn
- BUFFER_SIZE none
- BUFFER_SIZE overflow
- BUFFER_SIZE overlapping_buffer
- CHAR_IO none
- CHECKED_RETURN library_function
- CHECKED_RETURN none
- CHECKED_RETURN returns_error_info
- CHECKED_RETURN short_read
- CHECKED_RETURN unchecked_arg
- CHECKED_RETURN user_required
- COM.ADDROF_LEAK none
- COM.BAD_FREE none
- COM.BSTR.ALLOC double_free
- COM.BSTR.ALLOC free_uninit
- COM.BSTR.ALLOC leak
- COM.BSTR.ALLOC none
- COM.BSTR.ALLOC use_after_free
- COM.BSTR.ALLOC use_uninit
- COM.BSTR.CONV none
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- CTOR_DTOR_LEAK none
- DELETE_ARRAY non_array_delete
- DELETE_ARRAY none
- DELETE_ARRAY object
- DELETE_ARRAY scalar
- DELETE_VOID none
- DIVIDE_BY_ZERO float_divisor
- DIVIDE_BY_ZERO none
- EVALUATION_ORDER none
- FLOATING_POINT_EQUALITY none
- FORWARD_NULL deref_constant_null
- FORWARD_NULL dynamic_cast
- FORWARD_NULL none
- FORWARD_NULL throws_on_null
- INCOMPATIBLE_CAST endianness
- INCOMPATIBLE_CAST float_vs_integral
- INCOMPATIBLE_CAST none
- INCOMPATIBLE_CAST overrun
- INFINITE_LOOP no_escape
- INFINITE_LOOP none
- INTEGER_OVERFLOW array_index_read
- INTEGER_OVERFLOW array_index_write
- INTEGER_OVERFLOW const_overflow
- INTEGER_OVERFLOW critical_argument
- INTEGER_OVERFLOW none
- INTEGER_OVERFLOW pointer_deref_read
- INTEGER_OVERFLOW pointer_deref_write
- INTEGER_OVERFLOW return_value_error
- INVALIDATE_ITERATOR none
- LOCK double_lock
- LOCK missing_unlock
- LOCK none
- MISMATCHED_ITERATOR none
- MISMATCHED_ITERATOR splice_iterator_mismatch
- MISRA C++-2008 Rule 15-3-2 none
- MISRA_CAST bitwise_op_bad_cast
- MISRA_CAST bitwise_op_no_cast
- MISRA_CAST float_complex_conversion
- MISRA_CAST float_narrowing_conversion
- MISRA_CAST float_non_constant_arg_conversion
- MISRA_CAST float_non_constant_conversion
- MISRA_CAST float_non_constant_rtn_conversion
- MISRA_CAST float_to_integer_cast
- MISRA_CAST float_to_integer_conversion
- MISRA_CAST float_widening_cast
- MISRA_CAST integer_complex_conversion
- MISRA_CAST integer_narrowing_conversion
- MISRA_CAST integer_non_constant_arg_conversion
- MISRA_CAST integer_non_constant_conversion
- MISRA_CAST integer_non_constant_rtn_conversion
- MISRA_CAST integer_signedness_changing_cast
- MISRA_CAST integer_signedness_changing_conversion
- MISRA_CAST integer_to_float_cast
- MISRA_CAST integer_to_float_conversion
- MISRA_CAST integer_widening_cast
- MISRA_CAST none
- MISSING_ASSIGN none
- MISSING_ASSIGN uncalled
- MISSING_BREAK none
- MISSING_COPY none
- MISSING_COPY uncalled
- MISSING_LOCK none
- NEGATIVE_RETURNS none
- NO_EFFECT bad_memset_fill_value
- NO_EFFECT bad_memset_truncated_fill
- NO_EFFECT bad_memset_zero_size
- NO_EFFECT extra_comma
- NO_EFFECT incomplete_delete
- NO_EFFECT no_effect_test
- NO_EFFECT self_assign
- NULL_RETURNS none
- NULL_RETURNS unimpl
- ORDER_REVERSAL none
- OVERFLOW_BEFORE_WIDEN none
- OVERRUN illegal_address
- OVERRUN none
- OVERRUN read
- OVERRUN strlen
- OVERRUN write
- PW.ASSIGN_WHERE_COMPARE_MEANT none
- PW.BAD_CAST none
- PW.BRANCH_PAST_INITIALIZATION none
- PW.CONVERSION_TO_POINTER_LOSES_BITS none
- PW.DIVIDE_BY_ZERO none
- PW.INTEGER_OVERFLOW none
- PW.INTEGER_TOO_LARGE none
- PW.RETURN_PTR_TO_LOCAL_TEMP none
- PW.SHIFT_COUNT_TOO_LARGE none
- READLINK none
- RESOURCE_LEAK exceptional_path
- RESOURCE_LEAK fds_handles
- RESOURCE_LEAK none
- RETURN_LOCAL escape_local_addr_to_fields_or_globals
- RETURN_LOCAL none
- REVERSE_INULL none
- REVERSE_NEGATIVE critical_argument
- REVERSE_NEGATIVE none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SIGN_EXTENSION none
- SIZECHECK ampersand_in_size
- SIZECHECK improper_new
- SIZECHECK incorrect_multiplication
- SIZECHECK likely_overflow
- SIZECHECK no_null_terminator
- SIZECHECK none
- SIZEOF_MISMATCH sizeof_punning
- SLEEP none
- STRING_NULL none
- STRING_OVERFLOW fixed_size_dest
- STRING_OVERFLOW likely_overflow
- STRING_OVERFLOW none
- STRING_SIZE none
- TAINTED_SCALAR allocation
- TAINTED_SCALAR array_index_read
- TAINTED_SCALAR array_index_write
- TAINTED_SCALAR critical_argument
- TAINTED_SCALAR divisor
- TAINTED_SCALAR loop_bound
- TAINTED_SCALAR none
- TAINTED_SCALAR pointer_deref_read
- TAINTED_SCALAR pointer_deref_write
- UNCAUGHT_EXCEPT none
- UNINIT array_index_read
- UNINIT array_index_write
- UNINIT none
- UNINIT pointer_deref_read
- UNINIT pointer_deref_write
- UNINIT_CTOR none
- UNINIT_CTOR pointer
- USE_AFTER_FREE deref_read_after_free
- USE_AFTER_FREE deref_write_after_free
- USE_AFTER_FREE double_close
- USE_AFTER_FREE double_free
- USE_AFTER_FREE none
- USE_AFTER_FREE use_after_close
- VIRTUAL_DTOR empty_dtor
- VIRTUAL_DTOR none
- WRAPPER_ESCAPE COM_deref_read_after_free
- WRAPPER_ESCAPE COM_deref_write_after_free
- WRAPPER_ESCAPE COM_use_after_free
- WRAPPER_ESCAPE deref_read_after_free
- WRAPPER_ESCAPE deref_write_after_free
- WRAPPER_ESCAPE none
- Y2K38_SAFETY declaration_with_small_time_t
- Y2K38_SAFETY truncation_of_time_t
|
- ALLOC_FREE_MISMATCH none
- ARRAY_VS_SINGLETON none
- ATOMICITY none
- AUTOSAR C++14 A15-3-3 none
- BAD_ALLOC_ARITHMETIC none
- BAD_ALLOC_STRLEN none
- BAD_COMPARE comparator_misuse
- BAD_COMPARE string_lit_comparison
- BAD_FREE address
- BAD_FREE alloca
- BAD_FREE array
- BAD_FREE first_field_address
- BAD_FREE function_pointer
- BAD_FREE none
- BAD_SIZEOF none
- BAD_SIZEOF sizeof_ptr_expr
- BUFFER_SIZE fixed_size_dest
- BUFFER_SIZE likely_overflow
- BUFFER_SIZE no_null_terminator
- BUFFER_SIZE no_null_terminator_warn
- BUFFER_SIZE none
- BUFFER_SIZE overflow
- BUFFER_SIZE overlapping_buffer
- CHAR_IO none
- CHECKED_RETURN library_function
- CHECKED_RETURN none
- CHECKED_RETURN returns_error_info
- CHECKED_RETURN short_read
- CHECKED_RETURN unchecked_arg
- CHECKED_RETURN user_required
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- CTOR_DTOR_LEAK none
- DELETE_ARRAY non_array_delete
- DELETE_ARRAY none
- DELETE_ARRAY object
- DELETE_ARRAY scalar
- DELETE_VOID none
- DIVIDE_BY_ZERO float_divisor
- DIVIDE_BY_ZERO none
- EVALUATION_ORDER none
- FORWARD_NULL deref_constant_null
- FORWARD_NULL dynamic_cast
- FORWARD_NULL none
- FORWARD_NULL throws_on_null
- INCOMPATIBLE_CAST endianness
- INCOMPATIBLE_CAST float_vs_integral
- INCOMPATIBLE_CAST none
- INCOMPATIBLE_CAST overrun
- INFINITE_LOOP no_escape
- INFINITE_LOOP none
- INTEGER_OVERFLOW array_index_read
- INTEGER_OVERFLOW array_index_write
- INTEGER_OVERFLOW const_overflow
- INTEGER_OVERFLOW critical_argument
- INTEGER_OVERFLOW none
- INTEGER_OVERFLOW pointer_deref_read
- INTEGER_OVERFLOW pointer_deref_write
- INTEGER_OVERFLOW return_value_error
- INVALIDATE_ITERATOR none
- LOCK double_lock
- LOCK missing_unlock
- LOCK none
- MISMATCHED_ITERATOR none
- MISMATCHED_ITERATOR splice_iterator_mismatch
- MISRA C++-2008 Rule 15-3-2 none
- MISRA_CAST bitwise_op_bad_cast
- MISRA_CAST bitwise_op_no_cast
- MISRA_CAST float_complex_conversion
- MISRA_CAST float_narrowing_conversion
- MISRA_CAST float_non_constant_arg_conversion
- MISRA_CAST float_non_constant_conversion
- MISRA_CAST float_non_constant_rtn_conversion
- MISRA_CAST float_to_integer_cast
- MISRA_CAST float_to_integer_conversion
- MISRA_CAST float_widening_cast
- MISRA_CAST integer_complex_conversion
- MISRA_CAST integer_narrowing_conversion
- MISRA_CAST integer_non_constant_arg_conversion
- MISRA_CAST integer_non_constant_conversion
- MISRA_CAST integer_non_constant_rtn_conversion
- MISRA_CAST integer_signedness_changing_cast
- MISRA_CAST integer_signedness_changing_conversion
- MISRA_CAST integer_to_float_cast
- MISRA_CAST integer_to_float_conversion
- MISRA_CAST integer_widening_cast
- MISRA_CAST none
- MISSING_ASSIGN none
- MISSING_ASSIGN uncalled
- MISSING_BREAK none
- MISSING_COPY none
- MISSING_COPY uncalled
- MISSING_LOCK none
- NEGATIVE_RETURNS none
- NO_EFFECT bad_memset_fill_value
- NO_EFFECT bad_memset_truncated_fill
- NO_EFFECT bad_memset_zero_size
- NO_EFFECT extra_comma
- NO_EFFECT incomplete_delete
- NO_EFFECT no_effect_test
- NO_EFFECT self_assign
- NULL_RETURNS none
- NULL_RETURNS unimpl
- ORDER_REVERSAL none
- OVERFLOW_BEFORE_WIDEN none
- OVERRUN illegal_address
- OVERRUN none
- OVERRUN read
- OVERRUN strlen
- OVERRUN write
- PW.ASSIGN_WHERE_COMPARE_MEANT none
- PW.BAD_CAST none
- PW.BRANCH_PAST_INITIALIZATION none
- PW.CONVERSION_TO_POINTER_LOSES_BITS none
- PW.DIVIDE_BY_ZERO none
- PW.INTEGER_OVERFLOW none
- PW.INTEGER_TOO_LARGE none
- PW.RETURN_PTR_TO_LOCAL_TEMP none
- PW.SHIFT_COUNT_TOO_LARGE none
- READLINK none
- RESOURCE_LEAK exceptional_path
- RESOURCE_LEAK fds_handles
- RESOURCE_LEAK none
- RETURN_LOCAL escape_local_addr_to_fields_or_globals
- RETURN_LOCAL none
- REVERSE_INULL none
- REVERSE_NEGATIVE critical_argument
- REVERSE_NEGATIVE none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SIGN_EXTENSION none
- SIZECHECK ampersand_in_size
- SIZECHECK improper_new
- SIZECHECK incorrect_multiplication
- SIZECHECK likely_overflow
- SIZECHECK no_null_terminator
- SIZECHECK none
- SIZEOF_MISMATCH sizeof_punning
- SLEEP none
- STRING_NULL none
- STRING_OVERFLOW fixed_size_dest
- STRING_OVERFLOW likely_overflow
- STRING_OVERFLOW none
- STRING_SIZE none
- TAINTED_SCALAR allocation
- TAINTED_SCALAR array_index_read
- TAINTED_SCALAR array_index_write
- TAINTED_SCALAR critical_argument
- TAINTED_SCALAR divisor
- TAINTED_SCALAR loop_bound
- TAINTED_SCALAR none
- TAINTED_SCALAR pointer_deref_read
- TAINTED_SCALAR pointer_deref_write
- UNCAUGHT_EXCEPT none
- UNINIT array_index_read
- UNINIT array_index_write
- UNINIT none
- UNINIT pointer_deref_read
- UNINIT pointer_deref_write
- UNINIT_CTOR none
- UNINIT_CTOR pointer
- USE_AFTER_FREE deref_read_after_free
- USE_AFTER_FREE deref_write_after_free
- USE_AFTER_FREE double_close
- USE_AFTER_FREE double_free
- USE_AFTER_FREE none
- USE_AFTER_FREE use_after_close
- VIRTUAL_DTOR empty_dtor
- VIRTUAL_DTOR none
- WRAPPER_ESCAPE COM_deref_read_after_free
- WRAPPER_ESCAPE COM_deref_write_after_free
- WRAPPER_ESCAPE COM_use_after_free
- WRAPPER_ESCAPE deref_read_after_free
- WRAPPER_ESCAPE deref_write_after_free
- WRAPPER_ESCAPE none
|
- ATOMICITY none
- CHECKED_RETURN none
- CHECKED_RETURN unchecked_arg
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- DIVIDE_BY_ZERO float_divisor
- DIVIDE_BY_ZERO none
- FORWARD_NULL deref_constant_null
- FORWARD_NULL none
- GUARDED_BY_VIOLATION none
- INFINITE_LOOP no_escape
- INFINITE_LOOP none
- LOCK double_lock
- LOCK missing_unlock
- LOCK none
- LOCK_INVERSION none
- NULL_RETURNS none
- NULL_RETURNS unimpl
- REVERSE_INULL none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SLEEP none
|
- ATOMICITY none
- BAD_CERT_VERIFICATION bad_revocation_check
- BAD_LOCK_OBJECT boxed_lock
- BAD_LOCK_OBJECT interned_string_lock
- BAD_LOCK_OBJECT none
- BAD_LOCK_OBJECT single_thread_lock
- BAD_LOCK_OBJECT unsafe_assign_to_locked_field
- CALL_SUPER finalize
- CHECKED_RETURN library_function
- CHECKED_RETURN none
- CHECKED_RETURN short_read
- CHECKED_RETURN user_required
- CONFIG.MISSING_GLOBAL_EXCEPTION_HANDLER none
- CONFIG.MISSING_JSF2_SECURITY_CONSTRAINT none
- CONFIG.UNSAFE_SESSION_TIMEOUT none
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- DC.DEADLOCK none
- DIVIDE_BY_ZERO float_divisor
- DIVIDE_BY_ZERO none
- FB.BC_NULL_INSTANCEOF none
- FB.BX_BOXING_IMMEDIATELY_UNBOXED_TO_PERFORM_COERCION none
- FB.DC_DOUBLECHECK none
- FB.DC_PARTIALLY_CONSTRUCTED none
- FB.DE_MIGHT_DROP none
- FB.DE_MIGHT_IGNORE none
- FB.EQ_ABSTRACT_SELF none
- FB.EQ_ALWAYS_FALSE none
- FB.EQ_ALWAYS_TRUE none
- FB.EQ_CHECK_FOR_OPERAND_NOT_COMPATIBLE_WITH_THIS none
- FB.EQ_COMPARETO_USE_OBJECT_EQUALS none
- FB.EQ_COMPARING_CLASS_NAMES none
- FB.EQ_DOESNT_OVERRIDE_EQUALS none
- FB.EQ_DONT_DEFINE_EQUALS_FOR_ENUM none
- FB.EQ_GETCLASS_AND_CLASS_CONSTANT none
- FB.EQ_OTHER_NO_OBJECT none
- FB.EQ_OTHER_USE_OBJECT none
- FB.EQ_OVERRIDING_EQUALS_NOT_SYMMETRIC none
- FB.EQ_SELF_NO_OBJECT none
- FB.EQ_SELF_USE_OBJECT none
- FB.EQ_UNUSUAL none
- FB.ES_COMPARING_PARAMETER_STRING_WITH_EQ none
- FB.ES_COMPARING_STRINGS_WITH_EQ none
- FB.ICAST_BAD_SHIFT_AMOUNT none
- FB.ICAST_IDIV_CAST_TO_DOUBLE none
- FB.ICAST_INTEGER_MULTIPLY_CAST_TO_LONG none
- FB.ICAST_INT_2_LONG_AS_INSTANT none
- FB.ICAST_INT_CAST_TO_DOUBLE_PASSED_TO_CEIL none
- FB.ICAST_INT_CAST_TO_FLOAT_PASSED_TO_ROUND none
- FB.ICAST_QUESTIONABLE_UNSIGNED_RIGHT_SHIFT none
- FB.LI_LAZY_INIT_STATIC none
- FB.LI_LAZY_INIT_UPDATE_STATIC none
- FB.NP_ALWAYS_NULL none
- FB.NP_ALWAYS_NULL_EXCEPTION none
- FB.NP_ARGUMENT_MIGHT_BE_NULL none
- FB.NP_BOOLEAN_RETURN_NULL none
- FB.NP_CLONE_COULD_RETURN_NULL none
- FB.NP_CLOSING_NULL none
- FB.NP_DEREFERENCE_OF_READLINE_VALUE none
- FB.NP_DOES_NOT_HANDLE_NULL none
- FB.NP_EQUALS_SHOULD_HANDLE_NULL_ARGUMENT none
- FB.NP_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR none
- FB.NP_GUARANTEED_DEREF none
- FB.NP_GUARANTEED_DEREF_ON_EXCEPTION_PATH none
- FB.NP_IMMEDIATE_DEREFERENCE_OF_READLINE none
- FB.NP_LOAD_OF_KNOWN_NULL_VALUE none
- FB.NP_METHOD_PARAMETER_RELAXING_ANNOTATION none
- FB.NP_METHOD_PARAMETER_TIGHTENS_ANNOTATION none
- FB.NP_METHOD_RETURN_RELAXING_ANNOTATION none
- FB.NP_NONNULL_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR none
- FB.NP_NONNULL_PARAM_VIOLATION none
- FB.NP_NONNULL_RETURN_VIOLATION none
- FB.NP_NULL_INSTANCEOF none
- FB.NP_NULL_ON_SOME_PATH none
- FB.NP_NULL_ON_SOME_PATH_EXCEPTION none
- FB.NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE none
- FB.NP_NULL_ON_SOME_PATH_MIGHT_BE_INFEASIBLE none
- FB.NP_NULL_PARAM_DEREF none
- FB.NP_NULL_PARAM_DEREF_ALL_TARGETS_DANGEROUS none
- FB.NP_NULL_PARAM_DEREF_NONVIRTUAL none
- FB.NP_OPTIONAL_RETURN_NULL none
- FB.NP_PARAMETER_MUST_BE_NONNULL_BUT_MARKED_AS_NULLABLE none
- FB.NP_STORE_INTO_NONNULL_FIELD none
- FB.NP_TOSTRING_COULD_RETURN_NULL none
- FB.NP_UNWRITTEN_FIELD none
- FB.NP_UNWRITTEN_PUBLIC_OR_PROTECTED_FIELD none
- FB.QBA_QUESTIONABLE_BOOLEAN_ASSIGNMENT none
- FB.RCN_REDUNDANT_COMPARISON_OF_NULL_AND_NONNULL_VALUE none
- FB.RCN_REDUNDANT_COMPARISON_TWO_NULL_VALUES none
- FB.RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE none
- FB.RCN_REDUNDANT_NULLCHECK_OF_NULL_VALUE none
- FB.RCN_REDUNDANT_NULLCHECK_WOULD_HAVE_BEEN_A_NPE none
- FB.REC_CATCH_EXCEPTION none
- FB.RU_INVOKE_RUN none
- FB.RV_RETURN_VALUE_IGNORED_BAD_PRACTICE none
- FB.SF_DEAD_STORE_DUE_TO_SWITCH_FALLTHROUGH none
- FB.SF_DEAD_STORE_DUE_TO_SWITCH_FALLTHROUGH_TO_THROW none
- FB.SF_SWITCH_FALLTHROUGH none
- FORWARD_NULL deref_constant_null
- FORWARD_NULL deref_constant_zero
- FORWARD_NULL needs_null_check
- FORWARD_NULL none
- GUARDED_BY_VIOLATION none
- GUARDED_BY_VIOLATION unlocked_read
- GUARDED_BY_VIOLATION unlocked_write
- INFINITE_LOOP no_escape
- INFINITE_LOOP none
- INVALIDATE_ITERATOR map_put
- INVALIDATE_ITERATOR none
- LOCK_EVASION none
- LOCK_INVERSION none
- MISSING_BREAK none
- MISSING_THROW none
- NON_STATIC_GUARDING_STATIC none
- NULL_RETURNS none
- NULL_RETURNS unimpl
- ORM_LOAD_NULL_CHECK none
- OVERFLOW_BEFORE_WIDEN none
- RESOURCE_LEAK exceptional_path
- RESOURCE_LEAK none
- RESOURCE_LEAK socket
- RESOURCE_LEAK stream
- REVERSE_INULL none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SERVLET_ATOMICITY attribute_init_race
- SERVLET_ATOMICITY none
- SERVLET_ATOMICITY violation_on_session_object
- SINGLETON_RACE none
- USE_AFTER_FREE none
- VERBOSE_ERROR_REPORTING exception_information
- VERBOSE_ERROR_REPORTING stack_trace
|
- CONFIG.JSONWEBTOKEN_NON_EXPIRING_TOKEN jwt_non_expiring_token
- CONFIG.MISSING_GLOBAL_EXCEPTION_HANDLER winston_exception_handling
- CONFIG.UNSAFE_SESSION_TIMEOUT client_sessions_unsafe_session_timeout
- CONFIG.UNSAFE_SESSION_TIMEOUT connect_mongo_session_timeout_too_long
- CONFIG.UNSAFE_SESSION_TIMEOUT connect_redis_session_timeout_too_long
- CONFIG.UNSAFE_SESSION_TIMEOUT google_cloud_connect_datastore_unsafe_session_timeout
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- CORS_MISCONFIGURATION_AUDIT cors_preflight_age_too_long
- EXPRESS_SESSION_UNSAFE_MEMORYSTORE express_session_unsafe_memorystore
- FORWARD_NULL bad_null_value_use
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_max_age
- INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_aws
- INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_google
- JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_exipration
- JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_not_before
- MISSING_BREAK none
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_count
- MULTER_MISCONFIGURATION multer_misconfiguration_of_limits
- NO_EFFECT self_assign
- NULL_RETURNS none
- REVERSE_INULL none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- TEMPORARY_CREDENTIALS_DURATION temporary_credentials_duration
|
- BAD_CERT_VERIFICATION bad_revocation_check
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
|
- ALLOC_FREE_MISMATCH none
- ARRAY_VS_SINGLETON none
- ATOMICITY none
- BAD_ALLOC_ARITHMETIC none
- BAD_ALLOC_STRLEN none
- BAD_COMPARE comparator_misuse
- BAD_COMPARE string_lit_comparison
- BAD_FREE address
- BAD_FREE alloca
- BAD_FREE array
- BAD_FREE first_field_address
- BAD_FREE function_pointer
- BAD_FREE none
- BAD_SIZEOF none
- BAD_SIZEOF sizeof_ptr_expr
- BUFFER_SIZE fixed_size_dest
- BUFFER_SIZE likely_overflow
- BUFFER_SIZE no_null_terminator
- BUFFER_SIZE no_null_terminator_warn
- BUFFER_SIZE none
- BUFFER_SIZE overflow
- BUFFER_SIZE overlapping_buffer
- CHAR_IO none
- CHECKED_RETURN library_function
- CHECKED_RETURN none
- CHECKED_RETURN short_read
- CHECKED_RETURN unchecked_arg
- CHECKED_RETURN user_required
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- CTOR_DTOR_LEAK none
- DELETE_ARRAY non_array_delete
- DELETE_ARRAY none
- DELETE_ARRAY object
- DELETE_ARRAY scalar
- DELETE_VOID none
- DIVIDE_BY_ZERO float_divisor
- DIVIDE_BY_ZERO none
- EVALUATION_ORDER none
- FORWARD_NULL deref_constant_null
- FORWARD_NULL dynamic_cast
- FORWARD_NULL none
- FORWARD_NULL throws_on_null
- INCOMPATIBLE_CAST endianness
- INCOMPATIBLE_CAST float_vs_integral
- INCOMPATIBLE_CAST none
- INCOMPATIBLE_CAST overrun
- INFINITE_LOOP no_escape
- INFINITE_LOOP none
- INTEGER_OVERFLOW array_index_read
- INTEGER_OVERFLOW array_index_write
- INTEGER_OVERFLOW const_overflow
- INTEGER_OVERFLOW critical_argument
- INTEGER_OVERFLOW none
- INTEGER_OVERFLOW pointer_deref_read
- INTEGER_OVERFLOW pointer_deref_write
- INTEGER_OVERFLOW return_value_error
- INVALIDATE_ITERATOR none
- LOCK double_lock
- LOCK missing_unlock
- LOCK none
- MISMATCHED_ITERATOR none
- MISMATCHED_ITERATOR splice_iterator_mismatch
- MISRA_CAST bitwise_op_bad_cast
- MISRA_CAST bitwise_op_no_cast
- MISRA_CAST float_complex_conversion
- MISRA_CAST float_narrowing_conversion
- MISRA_CAST float_non_constant_arg_conversion
- MISRA_CAST float_non_constant_conversion
- MISRA_CAST float_non_constant_rtn_conversion
- MISRA_CAST float_to_integer_cast
- MISRA_CAST float_to_integer_conversion
- MISRA_CAST float_widening_cast
- MISRA_CAST integer_complex_conversion
- MISRA_CAST integer_narrowing_conversion
- MISRA_CAST integer_non_constant_arg_conversion
- MISRA_CAST integer_non_constant_conversion
- MISRA_CAST integer_non_constant_rtn_conversion
- MISRA_CAST integer_signedness_changing_cast
- MISRA_CAST integer_signedness_changing_conversion
- MISRA_CAST integer_to_float_cast
- MISRA_CAST integer_to_float_conversion
- MISRA_CAST integer_widening_cast
- MISRA_CAST none
- MISSING_ASSIGN none
- MISSING_ASSIGN uncalled
- MISSING_BREAK none
- MISSING_COPY none
- MISSING_COPY uncalled
- MISSING_LOCK none
- NEGATIVE_RETURNS none
- NO_EFFECT bad_memset_fill_value
- NO_EFFECT bad_memset_truncated_fill
- NO_EFFECT bad_memset_zero_size
- NO_EFFECT extra_comma
- NO_EFFECT incomplete_delete
- NO_EFFECT no_effect_test
- NO_EFFECT self_assign
- NULL_RETURNS none
- NULL_RETURNS unimpl
- ORDER_REVERSAL none
- OVERFLOW_BEFORE_WIDEN none
- OVERRUN illegal_address
- OVERRUN none
- OVERRUN read
- OVERRUN strlen
- OVERRUN write
- READLINK none
- RESOURCE_LEAK exceptional_path
- RESOURCE_LEAK fds_handles
- RESOURCE_LEAK none
- RETURN_LOCAL escape_local_addr_to_fields_or_globals
- RETURN_LOCAL none
- REVERSE_INULL none
- REVERSE_NEGATIVE critical_argument
- REVERSE_NEGATIVE none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SIGN_EXTENSION none
- SIZECHECK ampersand_in_size
- SIZECHECK improper_new
- SIZECHECK incorrect_multiplication
- SIZECHECK likely_overflow
- SIZECHECK no_null_terminator
- SIZECHECK none
- SIZEOF_MISMATCH sizeof_punning
- SLEEP none
- STRING_NULL none
- STRING_OVERFLOW fixed_size_dest
- STRING_OVERFLOW likely_overflow
- STRING_OVERFLOW none
- STRING_SIZE none
- TAINTED_SCALAR allocation
- TAINTED_SCALAR array_index_read
- TAINTED_SCALAR array_index_write
- TAINTED_SCALAR critical_argument
- TAINTED_SCALAR divisor
- TAINTED_SCALAR loop_bound
- TAINTED_SCALAR none
- TAINTED_SCALAR pointer_deref_read
- TAINTED_SCALAR pointer_deref_write
- UNCAUGHT_EXCEPT none
- UNINIT array_index_read
- UNINIT array_index_write
- UNINIT none
- UNINIT pointer_deref_read
- UNINIT pointer_deref_write
- UNINIT_CTOR none
- UNINIT_CTOR pointer
- USE_AFTER_FREE deref_read_after_free
- USE_AFTER_FREE deref_write_after_free
- USE_AFTER_FREE double_close
- USE_AFTER_FREE double_free
- USE_AFTER_FREE none
- USE_AFTER_FREE use_after_close
- VIRTUAL_DTOR empty_dtor
- VIRTUAL_DTOR none
- WRAPPER_ESCAPE COM_deref_read_after_free
- WRAPPER_ESCAPE COM_deref_write_after_free
- WRAPPER_ESCAPE COM_use_after_free
- WRAPPER_ESCAPE deref_read_after_free
- WRAPPER_ESCAPE deref_write_after_free
- WRAPPER_ESCAPE none
|
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- FORWARD_NULL bad_null_value_use
- MISSING_BREAK none
- NO_EFFECT self_assign
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
|
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- FORWARD_NULL bad_null_value_use
- REVERSE_INULL none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
|
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- DIVIDE_BY_ZERO divide_by_zero_low
- DIVIDE_BY_ZERO divide_by_zero_med
- FORWARD_NULL bad_null_value_use
- NO_EFFECT self_assign
- RAILS_DEVISE_CONFIG devise_reset_timeout_hi
- RESOURCE_LEAK unsafe_symbol_creation_low
- REVERSE_INULL none
- SENSITIVE_DATA_LEAK detailed_exceptions_hi
- SENSITIVE_DATA_LEAK detailed_exceptions_med
- SQLI sql_injection_dynamic_finder_med
|
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- FORWARD_NULL deref_constant_null
- FORWARD_NULL none
- NO_EFFECT self_assign
- OVERFLOW_BEFORE_WIDEN none
- REVERSE_INULL none
|
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- FORWARD_NULL deref_constant_null
- FORWARD_NULL none
- REVERSE_INULL none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- UNEXPECTED_CONTROL_FLOW ignored_exception_to_optional
|
- CONFIG.JSONWEBTOKEN_NON_EXPIRING_TOKEN jwt_non_expiring_token
- CONFIG.MISSING_GLOBAL_EXCEPTION_HANDLER winston_exception_handling
- CONFIG.UNSAFE_SESSION_TIMEOUT client_sessions_unsafe_session_timeout
- CONFIG.UNSAFE_SESSION_TIMEOUT connect_mongo_session_timeout_too_long
- CONFIG.UNSAFE_SESSION_TIMEOUT connect_redis_session_timeout_too_long
- CONFIG.UNSAFE_SESSION_TIMEOUT google_cloud_connect_datastore_unsafe_session_timeout
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- CORS_MISCONFIGURATION_AUDIT cors_preflight_age_too_long
- EXPRESS_SESSION_UNSAFE_MEMORYSTORE express_session_unsafe_memorystore
- FORWARD_NULL bad_null_value_use
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_max_age
- INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_aws
- INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_google
- JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_exipration
- JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_not_before
- MISSING_BREAK none
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_count
- MULTER_MISCONFIGURATION multer_misconfiguration_of_limits
- NO_EFFECT self_assign
- NULL_RETURNS none
- REVERSE_INULL none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- TEMPORARY_CREDENTIALS_DURATION temporary_credentials_duration
|
- CONFIG.MISSING_CUSTOM_ERROR_PAGE none
- DIVIDE_BY_ZERO float_divisor
- DIVIDE_BY_ZERO none
- FORWARD_NULL deref_constant_null
- FORWARD_NULL deref_constant_zero
- FORWARD_NULL dynamic_cast
- FORWARD_NULL none
- FORWARD_NULL null_from_as
- FORWARD_NULL throws_on_null
- INFINITE_LOOP no_escape
- INFINITE_LOOP none
- LOCK_EVASION none
- NULL_RETURNS none
- RESOURCE_LEAK channel
- RESOURCE_LEAK database
- RESOURCE_LEAK exceptional_path
- RESOURCE_LEAK none
- RESOURCE_LEAK socket
- RESOURCE_LEAK stream
- REVERSE_INULL none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
|
| 1307 CISQ Quality Measures - Maintainability |
- BAD_EQ_TYPES none
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT missing_parentheses
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- DEADCODE dead_case_in_switch
- DEADCODE dead_default_in_switch
- DEADCODE effectively_constant
- DEADCODE none
- DEADCODE redundant_test
- IDENTICAL_BRANCHES case
- IDENTICAL_BRANCHES chain
- IDENTICAL_BRANCHES if
- IDENTICAL_BRANCHES ternary
- UNREACHABLE none
|
- BAD_COMPARE misuse_of_not
- BAD_COMPARE string_lit_comparison
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT missing_parentheses
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- DEADCODE dead_case_in_switch
- DEADCODE dead_default_in_switch
- DEADCODE effectively_constant
- DEADCODE none
- DEADCODE redundant_test
- IDENTICAL_BRANCHES case
- IDENTICAL_BRANCHES chain
- IDENTICAL_BRANCHES if
- IDENTICAL_BRANCHES ternary
- MISSING_BREAK none
- NO_EFFECT extra_comma
- NO_EFFECT no_effect_test
- NO_EFFECT unsigned_compare
- NO_EFFECT unsigned_compare_macros
- NO_EFFECT unsigned_enums
- PW.ASSIGN_WHERE_COMPARE_MEANT none
- PW.UNSIGNED_COMPARE_WITH_NEGATIVE none
- SIZEOF_MISMATCH missing_parentheses
- UNREACHABLE none
- VIRTUAL_DTOR empty_dtor
- VIRTUAL_DTOR none
|
- BAD_COMPARE misuse_of_not
- BAD_COMPARE string_lit_comparison
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT missing_parentheses
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- DEADCODE dead_case_in_switch
- DEADCODE dead_default_in_switch
- DEADCODE effectively_constant
- DEADCODE none
- DEADCODE redundant_test
- IDENTICAL_BRANCHES case
- IDENTICAL_BRANCHES chain
- IDENTICAL_BRANCHES if
- IDENTICAL_BRANCHES ternary
- MISSING_BREAK none
- NO_EFFECT extra_comma
- NO_EFFECT no_effect_test
- NO_EFFECT unsigned_compare
- NO_EFFECT unsigned_compare_macros
- NO_EFFECT unsigned_enums
- PW.ASSIGN_WHERE_COMPARE_MEANT none
- PW.UNSIGNED_COMPARE_WITH_NEGATIVE none
- SIZEOF_MISMATCH missing_parentheses
- UNREACHABLE none
- VIRTUAL_DTOR empty_dtor
- VIRTUAL_DTOR none
|
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT missing_parentheses
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- DEADCODE dead_case_in_switch
- DEADCODE dead_default_in_switch
- DEADCODE effectively_constant
- DEADCODE none
- DEADCODE redundant_test
- IDENTICAL_BRANCHES case
- IDENTICAL_BRANCHES chain
- IDENTICAL_BRANCHES if
- IDENTICAL_BRANCHES ternary
|
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT missing_parentheses
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- DEADCODE dead_case_in_switch
- DEADCODE dead_default_in_switch
- DEADCODE effectively_constant
- DEADCODE none
- DEADCODE redundant_test
- FB.BC_IMPOSSIBLE_CAST none
- FB.BC_IMPOSSIBLE_DOWNCAST none
- FB.BC_IMPOSSIBLE_DOWNCAST_OF_TOARRAY none
- FB.BC_IMPOSSIBLE_INSTANCEOF none
- FB.BC_VACUOUS_INSTANCEOF none
- FB.ES_COMPARING_PARAMETER_STRING_WITH_EQ none
- FB.ES_COMPARING_STRINGS_WITH_EQ none
- FB.QBA_QUESTIONABLE_BOOLEAN_ASSIGNMENT none
- FB.SF_DEAD_STORE_DUE_TO_SWITCH_FALLTHROUGH none
- FB.SF_DEAD_STORE_DUE_TO_SWITCH_FALLTHROUGH_TO_THROW none
- FB.SF_SWITCH_FALLTHROUGH none
- IDENTICAL_BRANCHES case
- IDENTICAL_BRANCHES chain
- IDENTICAL_BRANCHES if
- IDENTICAL_BRANCHES ternary
- MISSING_BREAK none
- UNREACHABLE none
|
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT missing_parentheses
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- DEADCODE none
- DEADCODE redundant_test
- IDENTICAL_BRANCHES case
- IDENTICAL_BRANCHES chain
- IDENTICAL_BRANCHES if
- IDENTICAL_BRANCHES ternary
- MISSING_BREAK none
- UNREACHABLE none
|
|
- BAD_COMPARE misuse_of_not
- BAD_COMPARE string_lit_comparison
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT missing_parentheses
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- DEADCODE dead_case_in_switch
- DEADCODE dead_default_in_switch
- DEADCODE effectively_constant
- DEADCODE none
- DEADCODE redundant_test
- IDENTICAL_BRANCHES case
- IDENTICAL_BRANCHES chain
- IDENTICAL_BRANCHES if
- IDENTICAL_BRANCHES ternary
- MISSING_BREAK none
- NO_EFFECT extra_comma
- NO_EFFECT no_effect_test
- NO_EFFECT unsigned_compare
- NO_EFFECT unsigned_compare_macros
- NO_EFFECT unsigned_enums
- SIZEOF_MISMATCH missing_parentheses
- UNREACHABLE none
- VIRTUAL_DTOR empty_dtor
- VIRTUAL_DTOR none
|
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT missing_parentheses
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- DEADCODE none
- DEADCODE redundant_test
- IDENTICAL_BRANCHES case
- IDENTICAL_BRANCHES chain
- IDENTICAL_BRANCHES if
- IDENTICAL_BRANCHES ternary
- MISSING_BREAK none
- UNREACHABLE none
|
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT missing_parentheses
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- DEADCODE none
- DEADCODE redundant_test
- IDENTICAL_BRANCHES chain
- IDENTICAL_BRANCHES if
- IDENTICAL_BRANCHES ternary
- UNREACHABLE none
|
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT missing_parentheses
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- DEADCODE none
- DEADCODE redundant_test
- IDENTICAL_BRANCHES chain
- IDENTICAL_BRANCHES if
- IDENTICAL_BRANCHES ternary
- UNREACHABLE none
|
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT missing_parentheses
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- DEADCODE dead_case_in_switch
- DEADCODE dead_default_in_switch
- DEADCODE effectively_constant
- DEADCODE none
- DEADCODE redundant_test
- IDENTICAL_BRANCHES case
- IDENTICAL_BRANCHES chain
- IDENTICAL_BRANCHES if
- IDENTICAL_BRANCHES ternary
- UNREACHABLE none
|
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- DEADCODE dead_case_in_switch
- DEADCODE dead_default_in_switch
- DEADCODE effectively_constant
- DEADCODE none
- DEADCODE redundant_test
- IDENTICAL_BRANCHES case
- IDENTICAL_BRANCHES chain
- IDENTICAL_BRANCHES if
- IDENTICAL_BRANCHES ternary
|
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT missing_parentheses
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- DEADCODE none
- DEADCODE redundant_test
- IDENTICAL_BRANCHES case
- IDENTICAL_BRANCHES chain
- IDENTICAL_BRANCHES if
- IDENTICAL_BRANCHES ternary
- MISSING_BREAK none
- UNREACHABLE none
|
- DEADCODE dead_case_in_switch
- DEADCODE dead_default_in_switch
- DEADCODE effectively_constant
- DEADCODE none
- DEADCODE redundant_test
- IDENTICAL_BRANCHES case
- IDENTICAL_BRANCHES chain
- IDENTICAL_BRANCHES if
- IDENTICAL_BRANCHES ternary
- UNREACHABLE none
|
| 1308 CISQ Quality Measures - Security |
- BAD_EQ_TYPES none
- BAD_LOCK_OBJECT boxed_lock
- BAD_LOCK_OBJECT interned_string_lock
- BAD_LOCK_OBJECT none
- BAD_LOCK_OBJECT single_thread_lock
- BAD_LOCK_OBJECT unsafe_assign_to_locked_field
- CONFIG.CONNECTION_STRING_PASSWORD none
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT missing_parentheses
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- DIVIDE_BY_ZERO float_divisor
- DIVIDE_BY_ZERO none
- GUARDED_BY_VIOLATION none
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HEADER_INJECTION none
- INFINITE_LOOP no_escape
- INFINITE_LOOP none
- INSECURE_COOKIE dotnet
- LDAP_INJECTION none
- LDAP_NOT_CONSTANT none
- LOCK_EVASION none
- LOCK_INVERSION none
- NON_STATIC_GUARDING_STATIC none
- OS_CMD_INJECTION command_argument
- OS_CMD_INJECTION executable_file
- OS_CMD_INJECTION none
- OVERFLOW_BEFORE_WIDEN none
- PATH_MANIPULATION none
- RESOURCE_LEAK channel
- RESOURCE_LEAK database
- RESOURCE_LEAK exceptional_path
- RESOURCE_LEAK none
- RESOURCE_LEAK socket
- RESOURCE_LEAK stream
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
- UNLOGGED_SECURITY_EXCEPTION unlogged_security_exception
- UNSAFE_DESERIALIZATION none
- XML_EXTERNAL_ENTITY external_entities
- XML_EXTERNAL_ENTITY unrestricted_dtds
- XML_INJECTION none
- XPATH_INJECTION none
- XSS none
- XSS stored_xss
|
- ALLOC_FREE_MISMATCH none
- ARRAY_VS_SINGLETON none
- ATOMICITY none
- BAD_ALLOC_ARITHMETIC none
- BAD_ALLOC_STRLEN none
- BAD_COMPARE misuse_of_not
- BAD_COMPARE string_lit_comparison
- BAD_FREE address
- BAD_FREE alloca
- BAD_FREE array
- BAD_FREE first_field_address
- BAD_FREE function_pointer
- BAD_FREE none
- BAD_SIZEOF none
- BAD_SIZEOF sizeof_ptr_expr
- BUFFER_SIZE fixed_size_dest
- BUFFER_SIZE likely_overflow
- BUFFER_SIZE none
- BUFFER_SIZE overflow
- BUFFER_SIZE overlapping_buffer
- CHAR_IO none
- CHECKED_RETURN library_function
- CHECKED_RETURN none
- CHECKED_RETURN returns_error_info
- CHECKED_RETURN short_read
- CHECKED_RETURN unchecked_arg
- CHECKED_RETURN user_required
- COM.ADDROF_LEAK none
- COM.BAD_FREE none
- COM.BSTR.ALLOC double_free
- COM.BSTR.ALLOC free_uninit
- COM.BSTR.ALLOC leak
- COM.BSTR.ALLOC none
- COM.BSTR.ALLOC use_after_free
- COM.BSTR.ALLOC use_uninit
- COM.BSTR.CONV none
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT missing_parentheses
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- CTOR_DTOR_LEAK none
- DELETE_ARRAY non_array_delete
- DELETE_ARRAY none
- DELETE_ARRAY object
- DELETE_ARRAY scalar
- DIVIDE_BY_ZERO float_divisor
- DIVIDE_BY_ZERO none
- FORMAT_STRING_INJECTION none
- FORMAT_STRING_INJECTION paranoid
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HEADER_INJECTION none
- INCOMPATIBLE_CAST overrun
- INFINITE_LOOP no_escape
- INFINITE_LOOP none
- INTEGER_OVERFLOW array_index_read
- INTEGER_OVERFLOW array_index_write
- INTEGER_OVERFLOW const_overflow
- INTEGER_OVERFLOW critical_argument
- INTEGER_OVERFLOW none
- INTEGER_OVERFLOW pointer_deref_read
- INTEGER_OVERFLOW pointer_deref_write
- INTEGER_OVERFLOW return_value_error
- INVALIDATE_ITERATOR none
- LOCK double_lock
- LOCK missing_unlock
- LOCK none
- MISMATCHED_ITERATOR none
- MISMATCHED_ITERATOR splice_iterator_mismatch
- MISRA_CAST bitwise_op_bad_cast
- MISRA_CAST bitwise_op_no_cast
- MISRA_CAST float_complex_conversion
- MISRA_CAST float_narrowing_conversion
- MISRA_CAST float_non_constant_arg_conversion
- MISRA_CAST float_non_constant_conversion
- MISRA_CAST float_non_constant_rtn_conversion
- MISRA_CAST float_to_integer_cast
- MISRA_CAST float_to_integer_conversion
- MISRA_CAST float_widening_cast
- MISRA_CAST integer_complex_conversion
- MISRA_CAST integer_narrowing_conversion
- MISRA_CAST integer_non_constant_arg_conversion
- MISRA_CAST integer_non_constant_conversion
- MISRA_CAST integer_non_constant_rtn_conversion
- MISRA_CAST integer_signedness_changing_cast
- MISRA_CAST integer_signedness_changing_conversion
- MISRA_CAST integer_to_float_cast
- MISRA_CAST integer_to_float_conversion
- MISRA_CAST integer_widening_cast
- MISRA_CAST none
- MISSING_ASSIGN none
- MISSING_ASSIGN uncalled
- MISSING_COPY none
- MISSING_COPY uncalled
- MISSING_LOCK none
- NEGATIVE_RETURNS array_index_read
- NEGATIVE_RETURNS array_index_write
- NEGATIVE_RETURNS loop_bound
- NO_EFFECT bad_memset_fill_value
- NO_EFFECT bad_memset_truncated_fill
- NO_EFFECT bad_memset_zero_size
- NO_EFFECT extra_comma
- NO_EFFECT incomplete_delete
- NO_EFFECT no_effect_test
- NO_EFFECT self_assign
- NO_EFFECT unsigned_compare
- NO_EFFECT unsigned_compare_macros
- NO_EFFECT unsigned_enums
- ORDER_REVERSAL none
- OS_CMD_INJECTION none
- OVERFLOW_BEFORE_WIDEN none
- OVERRUN illegal_address
- OVERRUN none
- OVERRUN read
- OVERRUN strlen
- OVERRUN write
- PATH_MANIPULATION none
- PW.ASSIGN_WHERE_COMPARE_MEANT none
- PW.BRANCH_PAST_INITIALIZATION none
- PW.DIVIDE_BY_ZERO none
- PW.INTEGER_OVERFLOW none
- PW.INTEGER_TOO_LARGE none
- PW.NON_CONST_PRINTF_FORMAT_STRING none
- PW.RETURN_PTR_TO_LOCAL_TEMP none
- PW.SHIFT_COUNT_TOO_LARGE none
- PW.UNSIGNED_COMPARE_WITH_NEGATIVE none
- RESOURCE_LEAK exceptional_path
- RESOURCE_LEAK fds_handles
- RESOURCE_LEAK none
- RETURN_LOCAL escape_local_addr_to_fields_or_globals
- RETURN_LOCAL none
- REVERSE_NEGATIVE array_index_read
- REVERSE_NEGATIVE array_index_write
- REVERSE_NEGATIVE critical_argument
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SIGN_EXTENSION none
- SIZECHECK ampersand_in_size
- SIZECHECK improper_new
- SIZECHECK incorrect_multiplication
- SIZECHECK likely_overflow
- SIZECHECK none
- SIZEOF_MISMATCH missing_parentheses
- SIZEOF_MISMATCH sizeof_punning
- SLEEP none
- SQLI none
- STRING_OVERFLOW fixed_size_dest
- STRING_OVERFLOW likely_overflow
- STRING_OVERFLOW none
- STRING_SIZE none
- TAINTED_SCALAR allocation
- TAINTED_SCALAR array_index_read
- TAINTED_SCALAR array_index_write
- TAINTED_SCALAR critical_argument
- TAINTED_SCALAR divisor
- TAINTED_SCALAR loop_bound
- TAINTED_SCALAR none
- TAINTED_SCALAR pointer_deref_read
- TAINTED_SCALAR pointer_deref_write
- UNINIT array_index_read
- UNINIT array_index_write
- UNINIT none
- UNINIT pointer_deref_read
- UNINIT pointer_deref_write
- UNINIT_CTOR none
- UNINIT_CTOR pointer
- URL_MANIPULATION none
- USE_AFTER_FREE deref_read_after_free
- USE_AFTER_FREE deref_write_after_free
- USE_AFTER_FREE double_close
- USE_AFTER_FREE double_free
- USE_AFTER_FREE none
- USE_AFTER_FREE use_after_close
- VIRTUAL_DTOR empty_dtor
- VIRTUAL_DTOR none
- WRAPPER_ESCAPE COM_deref_read_after_free
- WRAPPER_ESCAPE COM_deref_write_after_free
- WRAPPER_ESCAPE COM_use_after_free
- WRAPPER_ESCAPE deref_read_after_free
- WRAPPER_ESCAPE deref_write_after_free
- WRAPPER_ESCAPE none
- XPATH_INJECTION none
- Y2K38_SAFETY declaration_with_small_time_t
- Y2K38_SAFETY truncation_of_time_t
|
- ALLOC_FREE_MISMATCH none
- ARRAY_VS_SINGLETON none
- ATOMICITY none
- BAD_ALLOC_ARITHMETIC none
- BAD_ALLOC_STRLEN none
- BAD_COMPARE misuse_of_not
- BAD_COMPARE string_lit_comparison
- BAD_FREE address
- BAD_FREE alloca
- BAD_FREE array
- BAD_FREE first_field_address
- BAD_FREE function_pointer
- BAD_FREE none
- BAD_SIZEOF none
- BAD_SIZEOF sizeof_ptr_expr
- BUFFER_SIZE fixed_size_dest
- BUFFER_SIZE likely_overflow
- BUFFER_SIZE none
- BUFFER_SIZE overflow
- BUFFER_SIZE overlapping_buffer
- CHAR_IO none
- CHECKED_RETURN library_function
- CHECKED_RETURN none
- CHECKED_RETURN returns_error_info
- CHECKED_RETURN short_read
- CHECKED_RETURN unchecked_arg
- CHECKED_RETURN user_required
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT missing_parentheses
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- CTOR_DTOR_LEAK none
- DELETE_ARRAY non_array_delete
- DELETE_ARRAY none
- DELETE_ARRAY object
- DELETE_ARRAY scalar
- DIVIDE_BY_ZERO float_divisor
- DIVIDE_BY_ZERO none
- FORMAT_STRING_INJECTION none
- FORMAT_STRING_INJECTION paranoid
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HEADER_INJECTION none
- INCOMPATIBLE_CAST overrun
- INFINITE_LOOP no_escape
- INFINITE_LOOP none
- INTEGER_OVERFLOW array_index_read
- INTEGER_OVERFLOW array_index_write
- INTEGER_OVERFLOW const_overflow
- INTEGER_OVERFLOW critical_argument
- INTEGER_OVERFLOW none
- INTEGER_OVERFLOW pointer_deref_read
- INTEGER_OVERFLOW pointer_deref_write
- INTEGER_OVERFLOW return_value_error
- INVALIDATE_ITERATOR none
- LOCK double_lock
- LOCK missing_unlock
- LOCK none
- MISMATCHED_ITERATOR none
- MISMATCHED_ITERATOR splice_iterator_mismatch
- MISRA_CAST bitwise_op_bad_cast
- MISRA_CAST bitwise_op_no_cast
- MISRA_CAST float_complex_conversion
- MISRA_CAST float_narrowing_conversion
- MISRA_CAST float_non_constant_arg_conversion
- MISRA_CAST float_non_constant_conversion
- MISRA_CAST float_non_constant_rtn_conversion
- MISRA_CAST float_to_integer_cast
- MISRA_CAST float_to_integer_conversion
- MISRA_CAST float_widening_cast
- MISRA_CAST integer_complex_conversion
- MISRA_CAST integer_narrowing_conversion
- MISRA_CAST integer_non_constant_arg_conversion
- MISRA_CAST integer_non_constant_conversion
- MISRA_CAST integer_non_constant_rtn_conversion
- MISRA_CAST integer_signedness_changing_cast
- MISRA_CAST integer_signedness_changing_conversion
- MISRA_CAST integer_to_float_cast
- MISRA_CAST integer_to_float_conversion
- MISRA_CAST integer_widening_cast
- MISRA_CAST none
- MISSING_ASSIGN none
- MISSING_ASSIGN uncalled
- MISSING_COPY none
- MISSING_COPY uncalled
- MISSING_LOCK none
- NEGATIVE_RETURNS array_index_read
- NEGATIVE_RETURNS array_index_write
- NEGATIVE_RETURNS loop_bound
- NO_EFFECT bad_memset_fill_value
- NO_EFFECT bad_memset_truncated_fill
- NO_EFFECT bad_memset_zero_size
- NO_EFFECT extra_comma
- NO_EFFECT incomplete_delete
- NO_EFFECT no_effect_test
- NO_EFFECT self_assign
- NO_EFFECT unsigned_compare
- NO_EFFECT unsigned_compare_macros
- NO_EFFECT unsigned_enums
- ORDER_REVERSAL none
- OS_CMD_INJECTION none
- OVERFLOW_BEFORE_WIDEN none
- OVERRUN illegal_address
- OVERRUN none
- OVERRUN read
- OVERRUN strlen
- OVERRUN write
- PATH_MANIPULATION none
- PW.ASSIGN_WHERE_COMPARE_MEANT none
- PW.BRANCH_PAST_INITIALIZATION none
- PW.DIVIDE_BY_ZERO none
- PW.INTEGER_OVERFLOW none
- PW.INTEGER_TOO_LARGE none
- PW.NON_CONST_PRINTF_FORMAT_STRING none
- PW.RETURN_PTR_TO_LOCAL_TEMP none
- PW.SHIFT_COUNT_TOO_LARGE none
- PW.UNSIGNED_COMPARE_WITH_NEGATIVE none
- RESOURCE_LEAK exceptional_path
- RESOURCE_LEAK fds_handles
- RESOURCE_LEAK none
- RETURN_LOCAL escape_local_addr_to_fields_or_globals
- RETURN_LOCAL none
- REVERSE_NEGATIVE array_index_read
- REVERSE_NEGATIVE array_index_write
- REVERSE_NEGATIVE critical_argument
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SIGN_EXTENSION none
- SIZECHECK ampersand_in_size
- SIZECHECK improper_new
- SIZECHECK incorrect_multiplication
- SIZECHECK likely_overflow
- SIZECHECK none
- SIZEOF_MISMATCH missing_parentheses
- SIZEOF_MISMATCH sizeof_punning
- SLEEP none
- SQLI none
- STRING_OVERFLOW fixed_size_dest
- STRING_OVERFLOW likely_overflow
- STRING_OVERFLOW none
- STRING_SIZE none
- TAINTED_SCALAR allocation
- TAINTED_SCALAR array_index_read
- TAINTED_SCALAR array_index_write
- TAINTED_SCALAR critical_argument
- TAINTED_SCALAR divisor
- TAINTED_SCALAR loop_bound
- TAINTED_SCALAR none
- TAINTED_SCALAR pointer_deref_read
- TAINTED_SCALAR pointer_deref_write
- UNINIT array_index_read
- UNINIT array_index_write
- UNINIT none
- UNINIT pointer_deref_read
- UNINIT pointer_deref_write
- UNINIT_CTOR none
- UNINIT_CTOR pointer
- URL_MANIPULATION none
- USE_AFTER_FREE deref_read_after_free
- USE_AFTER_FREE deref_write_after_free
- USE_AFTER_FREE double_close
- USE_AFTER_FREE double_free
- USE_AFTER_FREE none
- USE_AFTER_FREE use_after_close
- VIRTUAL_DTOR empty_dtor
- VIRTUAL_DTOR none
- WRAPPER_ESCAPE COM_deref_read_after_free
- WRAPPER_ESCAPE COM_deref_write_after_free
- WRAPPER_ESCAPE COM_use_after_free
- WRAPPER_ESCAPE deref_read_after_free
- WRAPPER_ESCAPE deref_write_after_free
- WRAPPER_ESCAPE none
- XPATH_INJECTION none
|
- ATOMICITY none
- CHECKED_RETURN none
- CHECKED_RETURN unchecked_arg
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT missing_parentheses
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- DISTRUSTED_DATA_DESERIALIZATION none
- DIVIDE_BY_ZERO float_divisor
- DIVIDE_BY_ZERO none
- GUARDED_BY_VIOLATION none
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HEADER_INJECTION none
- INFINITE_LOOP no_escape
- INFINITE_LOOP none
- INSUFFICIENT_LOGGING logging_obligation
- LOCK double_lock
- LOCK missing_unlock
- LOCK none
- LOCK_INVERSION none
- OS_CMD_INJECTION command_as_one_string
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SLEEP none
- SQLI none
- SQLI nosink
- SQLI sink
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
- URL_MANIPULATION none
- XML_EXTERNAL_ENTITY external_entities
- XSS none
|
- ATOMICITY none
- BAD_CERT_VERIFICATION bad_revocation_check
- BAD_LOCK_OBJECT boxed_lock
- BAD_LOCK_OBJECT interned_string_lock
- BAD_LOCK_OBJECT none
- BAD_LOCK_OBJECT single_thread_lock
- BAD_LOCK_OBJECT unsafe_assign_to_locked_field
- CALL_SUPER finalize
- CHECKED_RETURN library_function
- CHECKED_RETURN none
- CHECKED_RETURN short_read
- CHECKED_RETURN user_required
- CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
- CONFIG.MISSING_JSF2_SECURITY_CONSTRAINT none
- CONFIG.MYBATIS_MAPPER_SQLI none
- CONFIG.SPRING_SECURITY_DEPRECATED_XSS_HEADER deprecated_xss_header
- CONFIG.SPRING_SECURITY_HARDCODED_CREDENTIALS none
- CONFIG.SPRING_SECURITY_REMEMBER_ME_HARDCODED_KEY none
- CONFIG.UNSAFE_SESSION_TIMEOUT none
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT missing_parentheses
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- DC.DEADLOCK none
- DIVIDE_BY_ZERO float_divisor
- DIVIDE_BY_ZERO none
- EL_INJECTION none
- FB.BC_IMPOSSIBLE_CAST none
- FB.BC_IMPOSSIBLE_DOWNCAST none
- FB.BC_IMPOSSIBLE_DOWNCAST_OF_TOARRAY none
- FB.BC_IMPOSSIBLE_INSTANCEOF none
- FB.BC_VACUOUS_INSTANCEOF none
- FB.BX_BOXING_IMMEDIATELY_UNBOXED_TO_PERFORM_COERCION none
- FB.DC_DOUBLECHECK none
- FB.DC_PARTIALLY_CONSTRUCTED none
- FB.DMI_CONSTANT_DB_PASSWORD none
- FB.DMI_EMPTY_DB_PASSWORD none
- FB.ES_COMPARING_PARAMETER_STRING_WITH_EQ none
- FB.ES_COMPARING_STRINGS_WITH_EQ none
- FB.ICAST_BAD_SHIFT_AMOUNT none
- FB.ICAST_IDIV_CAST_TO_DOUBLE none
- FB.ICAST_INTEGER_MULTIPLY_CAST_TO_LONG none
- FB.ICAST_INT_2_LONG_AS_INSTANT none
- FB.ICAST_INT_CAST_TO_DOUBLE_PASSED_TO_CEIL none
- FB.ICAST_INT_CAST_TO_FLOAT_PASSED_TO_ROUND none
- FB.ICAST_QUESTIONABLE_UNSIGNED_RIGHT_SHIFT none
- FB.LI_LAZY_INIT_STATIC none
- FB.LI_LAZY_INIT_UPDATE_STATIC none
- FB.PT_ABSOLUTE_PATH_TRAVERSAL none
- FB.PT_RELATIVE_PATH_TRAVERSAL none
- FB.QBA_QUESTIONABLE_BOOLEAN_ASSIGNMENT none
- FB.RU_INVOKE_RUN none
- FB.SQL_NONCONSTANT_STRING_PASSED_TO_EXECUTE none
- FB.SQL_PREPARED_STATEMENT_GENERATED_FROM_NONCONSTANT_STRING none
- FB.XSS_REQUEST_PARAMETER_TO_JSP_WRITER none
- FB.XSS_REQUEST_PARAMETER_TO_SEND_ERROR none
- FB.XSS_REQUEST_PARAMETER_TO_SERVLET_WRITER none
- GUARDED_BY_VIOLATION none
- GUARDED_BY_VIOLATION unlocked_read
- GUARDED_BY_VIOLATION unlocked_write
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HEADER_INJECTION none
- INFINITE_LOOP no_escape
- INFINITE_LOOP none
- INVALIDATE_ITERATOR map_put
- INVALIDATE_ITERATOR none
- JSP_DYNAMIC_INCLUDE none
- JSP_SQL_INJECTION none
- LDAP_INJECTION none
- LDAP_NOT_CONSTANT none
- LOCK_EVASION none
- LOCK_INVERSION none
- MISSING_HEADER_VALIDATION missing_header_validation
- NON_STATIC_GUARDING_STATIC none
- OS_CMD_INJECTION command_as_array_of_args
- OS_CMD_INJECTION command_as_one_string
- OS_CMD_INJECTION none
- OVERFLOW_BEFORE_WIDEN none
- PATH_MANIPULATION none
- RESOURCE_LEAK exceptional_path
- RESOURCE_LEAK none
- RESOURCE_LEAK socket
- RESOURCE_LEAK stream
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SERVLET_ATOMICITY attribute_init_race
- SERVLET_ATOMICITY none
- SERVLET_ATOMICITY violation_on_session_object
- SINGLETON_RACE none
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
- UNLOGGED_SECURITY_EXCEPTION unlogged_security_exception
- UNSAFE_DESERIALIZATION none
- URL_MANIPULATION bad_content_uri
- URL_MANIPULATION bad_intent_uri
- URL_MANIPULATION bad_web_uri
- USE_AFTER_FREE none
- XML_EXTERNAL_ENTITY external_entities
- XML_EXTERNAL_ENTITY unrestricted_dtds
- XML_INJECTION none
- XPATH_INJECTION none
- XSS none
- XSS stored_xss
|
- ANGULAR_BYPASS_SECURITY none
- ANGULAR_ELEMENT_REFERENCE none
- ANGULAR_SCE_DISABLED angular_sce_disabled
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
- CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
- CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
- CONFIG.JSONWEBTOKEN_NON_EXPIRING_TOKEN jwt_non_expiring_token
- CONFIG.UNSAFE_SESSION_TIMEOUT client_sessions_unsafe_session_timeout
- CONFIG.UNSAFE_SESSION_TIMEOUT connect_mongo_session_timeout_too_long
- CONFIG.UNSAFE_SESSION_TIMEOUT connect_redis_session_timeout_too_long
- CONFIG.UNSAFE_SESSION_TIMEOUT google_cloud_connect_datastore_unsafe_session_timeout
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT missing_parentheses
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- CORS_MISCONFIGURATION_AUDIT cors_preflight_age_too_long
- DOM_XSS none
- EXPRESS_SESSION_UNSAFE_MEMORYSTORE express_session_unsafe_memorystore
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HEADER_INJECTION none
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_max_age
- INSECURE_ACL insecure_acl
- INSECURE_COOKIE client_sessions_express_session
- INSECURE_COOKIE hapi_server_session
- INSUFFICIENT_LOGGING logging_obligation
- INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_aws
- INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_google
- JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_exipration
- JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_not_before
- LOCALSTORAGE_MANIPULATION none
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_count
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
- MULTER_MISCONFIGURATION multer_misconfiguration_of_limits
- NO_EFFECT self_assign
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- REACT_DANGEROUS_INNERHTML react_set_unsafe_html
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SESSIONSTORAGE_MANIPULATION none
- SQLI none
- SQLI nosink
- SQLI sink
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
- TEMPORARY_CREDENTIALS_DURATION temporary_credentials_duration
- UNSAFE_DESERIALIZATION none
- URL_MANIPULATION none
- VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
- XML_EXTERNAL_ENTITY external_entities
- XSS none
|
- BAD_CERT_VERIFICATION bad_revocation_check
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HEADER_INJECTION none
- OS_CMD_INJECTION command_as_array_of_args
- OS_CMD_INJECTION command_as_one_string
- PATH_MANIPULATION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SQLI none
- SQLI nosink
- SQLI sink
- UNSAFE_DESERIALIZATION none
- URL_MANIPULATION bad_content_uri
- URL_MANIPULATION bad_intent_uri
- URL_MANIPULATION bad_web_uri
- XML_EXTERNAL_ENTITY external_entities
- XML_EXTERNAL_ENTITY unrestricted_dtds
|
- ALLOC_FREE_MISMATCH none
- ARRAY_VS_SINGLETON none
- ATOMICITY none
- BAD_ALLOC_ARITHMETIC none
- BAD_ALLOC_STRLEN none
- BAD_COMPARE misuse_of_not
- BAD_COMPARE string_lit_comparison
- BAD_FREE address
- BAD_FREE alloca
- BAD_FREE array
- BAD_FREE first_field_address
- BAD_FREE function_pointer
- BAD_FREE none
- BAD_SIZEOF none
- BAD_SIZEOF sizeof_ptr_expr
- BUFFER_SIZE fixed_size_dest
- BUFFER_SIZE likely_overflow
- BUFFER_SIZE none
- BUFFER_SIZE overflow
- BUFFER_SIZE overlapping_buffer
- CHAR_IO none
- CHECKED_RETURN library_function
- CHECKED_RETURN none
- CHECKED_RETURN short_read
- CHECKED_RETURN unchecked_arg
- CHECKED_RETURN user_required
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT missing_parentheses
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- CTOR_DTOR_LEAK none
- DELETE_ARRAY non_array_delete
- DELETE_ARRAY none
- DELETE_ARRAY object
- DELETE_ARRAY scalar
- DIVIDE_BY_ZERO float_divisor
- DIVIDE_BY_ZERO none
- FORMAT_STRING_INJECTION none
- FORMAT_STRING_INJECTION paranoid
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HEADER_INJECTION none
- INCOMPATIBLE_CAST overrun
- INFINITE_LOOP no_escape
- INFINITE_LOOP none
- INTEGER_OVERFLOW array_index_read
- INTEGER_OVERFLOW array_index_write
- INTEGER_OVERFLOW const_overflow
- INTEGER_OVERFLOW critical_argument
- INTEGER_OVERFLOW none
- INTEGER_OVERFLOW pointer_deref_read
- INTEGER_OVERFLOW pointer_deref_write
- INTEGER_OVERFLOW return_value_error
- INVALIDATE_ITERATOR none
- LOCK double_lock
- LOCK missing_unlock
- LOCK none
- MISMATCHED_ITERATOR none
- MISMATCHED_ITERATOR splice_iterator_mismatch
- MISRA_CAST bitwise_op_bad_cast
- MISRA_CAST bitwise_op_no_cast
- MISRA_CAST float_complex_conversion
- MISRA_CAST float_narrowing_conversion
- MISRA_CAST float_non_constant_arg_conversion
- MISRA_CAST float_non_constant_conversion
- MISRA_CAST float_non_constant_rtn_conversion
- MISRA_CAST float_to_integer_cast
- MISRA_CAST float_to_integer_conversion
- MISRA_CAST float_widening_cast
- MISRA_CAST integer_complex_conversion
- MISRA_CAST integer_narrowing_conversion
- MISRA_CAST integer_non_constant_arg_conversion
- MISRA_CAST integer_non_constant_conversion
- MISRA_CAST integer_non_constant_rtn_conversion
- MISRA_CAST integer_signedness_changing_cast
- MISRA_CAST integer_signedness_changing_conversion
- MISRA_CAST integer_to_float_cast
- MISRA_CAST integer_to_float_conversion
- MISRA_CAST integer_widening_cast
- MISRA_CAST none
- MISSING_ASSIGN none
- MISSING_ASSIGN uncalled
- MISSING_COPY none
- MISSING_COPY uncalled
- MISSING_LOCK none
- NEGATIVE_RETURNS array_index_read
- NEGATIVE_RETURNS array_index_write
- NEGATIVE_RETURNS loop_bound
- NO_EFFECT bad_memset_fill_value
- NO_EFFECT bad_memset_truncated_fill
- NO_EFFECT bad_memset_zero_size
- NO_EFFECT extra_comma
- NO_EFFECT incomplete_delete
- NO_EFFECT no_effect_test
- NO_EFFECT self_assign
- NO_EFFECT unsigned_compare
- NO_EFFECT unsigned_compare_macros
- NO_EFFECT unsigned_enums
- ORDER_REVERSAL none
- OS_CMD_INJECTION none
- OVERFLOW_BEFORE_WIDEN none
- OVERRUN illegal_address
- OVERRUN none
- OVERRUN read
- OVERRUN strlen
- OVERRUN write
- PATH_MANIPULATION none
- RESOURCE_LEAK exceptional_path
- RESOURCE_LEAK fds_handles
- RESOURCE_LEAK none
- RETURN_LOCAL escape_local_addr_to_fields_or_globals
- RETURN_LOCAL none
- REVERSE_NEGATIVE array_index_read
- REVERSE_NEGATIVE array_index_write
- REVERSE_NEGATIVE critical_argument
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SIGN_EXTENSION none
- SIZECHECK ampersand_in_size
- SIZECHECK improper_new
- SIZECHECK incorrect_multiplication
- SIZECHECK likely_overflow
- SIZECHECK none
- SIZEOF_MISMATCH missing_parentheses
- SIZEOF_MISMATCH sizeof_punning
- SLEEP none
- SQLI none
- STRING_OVERFLOW fixed_size_dest
- STRING_OVERFLOW likely_overflow
- STRING_OVERFLOW none
- STRING_SIZE none
- TAINTED_SCALAR allocation
- TAINTED_SCALAR array_index_read
- TAINTED_SCALAR array_index_write
- TAINTED_SCALAR critical_argument
- TAINTED_SCALAR divisor
- TAINTED_SCALAR loop_bound
- TAINTED_SCALAR none
- TAINTED_SCALAR pointer_deref_read
- TAINTED_SCALAR pointer_deref_write
- UNINIT array_index_read
- UNINIT array_index_write
- UNINIT none
- UNINIT pointer_deref_read
- UNINIT pointer_deref_write
- UNINIT_CTOR none
- UNINIT_CTOR pointer
- URL_MANIPULATION none
- USE_AFTER_FREE deref_read_after_free
- USE_AFTER_FREE deref_write_after_free
- USE_AFTER_FREE double_close
- USE_AFTER_FREE double_free
- USE_AFTER_FREE none
- USE_AFTER_FREE use_after_close
- VIRTUAL_DTOR empty_dtor
- VIRTUAL_DTOR none
- WRAPPER_ESCAPE COM_deref_read_after_free
- WRAPPER_ESCAPE COM_deref_write_after_free
- WRAPPER_ESCAPE COM_use_after_free
- WRAPPER_ESCAPE deref_read_after_free
- WRAPPER_ESCAPE deref_write_after_free
- WRAPPER_ESCAPE none
- XPATH_INJECTION none
|
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT missing_parentheses
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HEADER_INJECTION none
- NO_EFFECT self_assign
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SQLI none
- SQLI nosink
- SQLI sink
- UNSAFE_DESERIALIZATION none
- XML_EXTERNAL_ENTITY external_entities
- XSS none
|
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT missing_parentheses
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SQLI none
- SQLI nosink
- SQLI sink
- UNSAFE_DESERIALIZATION none
- XML_EXTERNAL_ENTITY external_entities
- XSS none
|
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT missing_parentheses
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- COOKIE_SERIALIZER_CONFIG unsafe_cookie_serialization_med
- DIVIDE_BY_ZERO divide_by_zero_low
- DIVIDE_BY_ZERO divide_by_zero_med
- DYNAMIC_OBJECT_ATTRIBUTES cve_2013_0276_hi
- HARDCODED_CREDENTIALS secret_in_source_med
- INSECURE_COOKIE missing_httponly_low
- NO_EFFECT self_assign
- OS_CMD_INJECTION command_injection_hi
- OS_CMD_INJECTION command_injection_med
- PATH_MANIPULATION dynamic_render_path_hi
- PATH_MANIPULATION dynamic_render_path_low
- PATH_MANIPULATION dynamic_render_path_med
- PATH_MANIPULATION dynamic_render_path_rce_hi
- PATH_MANIPULATION file_access_hi
- PATH_MANIPULATION file_access_low
- PATH_MANIPULATION file_access_med
- RAILS_DEVISE_CONFIG devise_reset_timeout_hi
- RESOURCE_LEAK unsafe_symbol_creation_low
- RUBY_VULNERABLE_LIBRARY cve_2010_3933_hi
- RUBY_VULNERABLE_LIBRARY cve_2011_2929_hi
- RUBY_VULNERABLE_LIBRARY cve_2011_2930_med
- RUBY_VULNERABLE_LIBRARY cve_2011_2931_hi
- RUBY_VULNERABLE_LIBRARY cve_2011_2932_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_2660_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_2661_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_2695_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_3463_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_3465_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_5664_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_0155_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_0156_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_0269_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_0269_low
- RUBY_VULNERABLE_LIBRARY cve_2013_0269_med
- RUBY_VULNERABLE_LIBRARY cve_2013_0277_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_0277_med
- RUBY_VULNERABLE_LIBRARY cve_2013_0333_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_1855_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_1857_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_4491_med
- RUBY_VULNERABLE_LIBRARY cve_2013_6416_call_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_6416_med
- RUBY_VULNERABLE_LIBRARY cve_2013_6417_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_0080_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_0081_call_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_0081_med
- RUBY_VULNERABLE_LIBRARY cve_2014_3482_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_3483_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_low
- RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_med
- RUBY_VULNERABLE_LIBRARY cve_2014_3514_med
- RUBY_VULNERABLE_LIBRARY cve_2015_3226_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_3226_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7577_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7578_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_7578_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7579_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_7579_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7580_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_7580_med
- RUBY_VULNERABLE_LIBRARY cve_2016_6317_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_3741_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_3741_med
- RUBY_VULNERABLE_LIBRARY cve_2018_3760_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_3760_low
- RUBY_VULNERABLE_LIBRARY cve_2018_8048_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_8048_med
- RUBY_VULNERABLE_LIBRARY safe_buffer_vuln_med
- RUBY_VULNERABLE_LIBRARY select_options_vuln_low
- RUBY_VULNERABLE_LIBRARY select_options_vuln_med
- RUBY_VULNERABLE_LIBRARY translate_vuln_hi
- RUBY_VULNERABLE_LIBRARY translate_vuln_med
- SQLI sql_injection_calculate_hi
- SQLI sql_injection_calculate_low
- SQLI sql_injection_calculate_med
- SQLI sql_injection_connection_hi
- SQLI sql_injection_connection_low
- SQLI sql_injection_connection_med
- SQLI sql_injection_delete_hi
- SQLI sql_injection_delete_low
- SQLI sql_injection_delete_med
- SQLI sql_injection_dynamic_finder_med
- SQLI sql_injection_exists_hi
- SQLI sql_injection_find_by_hi
- SQLI sql_injection_find_hi
- SQLI sql_injection_find_low
- SQLI sql_injection_find_med
- SQLI sql_injection_from_hi
- SQLI sql_injection_from_low
- SQLI sql_injection_from_med
- SQLI sql_injection_group_low
- SQLI sql_injection_group_med
- SQLI sql_injection_having_low
- SQLI sql_injection_having_med
- SQLI sql_injection_hi
- SQLI sql_injection_interp_hi
- SQLI sql_injection_interp_low
- SQLI sql_injection_interp_med
- SQLI sql_injection_joins_hi
- SQLI sql_injection_joins_low
- SQLI sql_injection_joins_med
- SQLI sql_injection_limit_offset_hi
- SQLI sql_injection_limit_offset_low
- SQLI sql_injection_low
- SQLI sql_injection_med
- SQLI sql_injection_not_low
- SQLI sql_injection_order_hi
- SQLI sql_injection_order_low
- SQLI sql_injection_order_med
- SQLI sql_injection_pluck_hi
- SQLI sql_injection_pluck_low
- SQLI sql_injection_pluck_med
- SQLI sql_injection_reorder_hi
- SQLI sql_injection_reorder_low
- SQLI sql_injection_reorder_med
- SQLI sql_injection_select_hi
- SQLI sql_injection_select_med
- SQLI sql_injection_where_hi
- SQLI sql_injection_where_low
- SQLI sql_injection_where_med
- UNESCAPED_HTML unescaped_output_low
- UNSAFE_BASIC_AUTH basic_auth_password_hi
- UNSAFE_DESERIALIZATION unsafe_deserialize_hi
- UNSAFE_DESERIALIZATION unsafe_deserialize_med
- UNSAFE_SESSION_SETTING http_cookies_hi
- UNSAFE_SESSION_SETTING session_secret_hi
- XSS cross_site_scripting_hi
- XSS cross_site_scripting_inline_hi
- XSS cross_site_scripting_inline_med
- XSS cross_site_scripting_low
- XSS cross_site_scripting_med
- XSS cve_2011_0446_hi
- XSS cve_2012_3464_med
- XSS cve_2016_6316_hi
- XSS cve_2016_6316_med
- XSS unquoted_attribute_hi
- XSS unquoted_attribute_low
- XSS unquoted_attribute_med
- XSS xss_content_tag_hi
- XSS xss_content_tag_med
- XSS xss_link_to_hi
- XSS xss_link_to_href_hi
- XSS xss_link_to_href_low
- XSS xss_link_to_med
- XSS xss_to_json_hi
- XSS xss_to_json_med
|
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT missing_parentheses
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- NO_EFFECT self_assign
- OVERFLOW_BEFORE_WIDEN none
|
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- PATH_MANIPULATION none
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SQLI none
- SQLI nosink
- SQLI sink
- XML_EXTERNAL_ENTITY external_entities
- XPATH_INJECTION none
|
- ANGULAR_BYPASS_SECURITY none
- ANGULAR_ELEMENT_REFERENCE none
- ANGULAR_SCE_DISABLED angular_sce_disabled
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
- CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
- CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
- CONFIG.JSONWEBTOKEN_NON_EXPIRING_TOKEN jwt_non_expiring_token
- CONFIG.UNSAFE_SESSION_TIMEOUT client_sessions_unsafe_session_timeout
- CONFIG.UNSAFE_SESSION_TIMEOUT connect_mongo_session_timeout_too_long
- CONFIG.UNSAFE_SESSION_TIMEOUT connect_redis_session_timeout_too_long
- CONFIG.UNSAFE_SESSION_TIMEOUT google_cloud_connect_datastore_unsafe_session_timeout
- CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
- CONSTANT_EXPRESSION_RESULT missing_parentheses
- CONSTANT_EXPRESSION_RESULT operator_confusion
- CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
- CORS_MISCONFIGURATION_AUDIT cors_preflight_age_too_long
- DOM_XSS none
- EXPRESS_SESSION_UNSAFE_MEMORYSTORE express_session_unsafe_memorystore
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HEADER_INJECTION none
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_max_age
- INSECURE_ACL insecure_acl
- INSECURE_COOKIE client_sessions_express_session
- INSECURE_COOKIE hapi_server_session
- INSUFFICIENT_LOGGING logging_obligation
- INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_aws
- INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_google
- JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_exipration
- JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_not_before
- LOCALSTORAGE_MANIPULATION none
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_count
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
- MULTER_MISCONFIGURATION multer_misconfiguration_of_limits
- NO_EFFECT self_assign
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- REACT_DANGEROUS_INNERHTML react_set_unsafe_html
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SESSIONSTORAGE_MANIPULATION none
- SQLI none
- SQLI nosink
- SQLI sink
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
- TEMPORARY_CREDENTIALS_DURATION temporary_credentials_duration
- UNSAFE_DESERIALIZATION none
- URL_MANIPULATION none
- VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
- XML_EXTERNAL_ENTITY external_entities
- XSS none
|
- DIVIDE_BY_ZERO float_divisor
- DIVIDE_BY_ZERO none
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HEADER_INJECTION none
- INFINITE_LOOP no_escape
- INFINITE_LOOP none
- LDAP_INJECTION none
- LDAP_NOT_CONSTANT none
- LOCK_EVASION none
- OS_CMD_INJECTION command_argument
- OS_CMD_INJECTION executable_file
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- RESOURCE_LEAK channel
- RESOURCE_LEAK database
- RESOURCE_LEAK exceptional_path
- RESOURCE_LEAK none
- RESOURCE_LEAK socket
- RESOURCE_LEAK stream
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
- UNLOGGED_SECURITY_EXCEPTION unlogged_security_exception
- UNSAFE_DESERIALIZATION none
- XML_EXTERNAL_ENTITY external_entities
- XML_EXTERNAL_ENTITY unrestricted_dtds
- XML_INJECTION none
- XPATH_INJECTION none
- XSS none
- XSS stored_xss
|
| 1309 CISQ Quality Measures - Efficiency |
- RESOURCE_LEAK channel
- RESOURCE_LEAK database
- RESOURCE_LEAK exceptional_path
- RESOURCE_LEAK none
- RESOURCE_LEAK socket
- RESOURCE_LEAK stream
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
|
- ALLOC_FREE_MISMATCH none
- BAD_FREE address
- BAD_FREE alloca
- BAD_FREE array
- BAD_FREE first_field_address
- BAD_FREE function_pointer
- BAD_FREE none
- COM.ADDROF_LEAK none
- COM.BAD_FREE none
- COM.BSTR.ALLOC leak
- CTOR_DTOR_LEAK none
- DELETE_ARRAY non_array_delete
- DELETE_ARRAY none
- DELETE_ARRAY object
- DELETE_ARRAY scalar
- NO_EFFECT incomplete_delete
- RESOURCE_LEAK exceptional_path
- RESOURCE_LEAK fds_handles
- RESOURCE_LEAK none
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- VIRTUAL_DTOR empty_dtor
- VIRTUAL_DTOR none
|
- ALLOC_FREE_MISMATCH none
- BAD_FREE address
- BAD_FREE alloca
- BAD_FREE array
- BAD_FREE first_field_address
- BAD_FREE function_pointer
- BAD_FREE none
- CTOR_DTOR_LEAK none
- DELETE_ARRAY non_array_delete
- DELETE_ARRAY none
- DELETE_ARRAY object
- DELETE_ARRAY scalar
- NO_EFFECT incomplete_delete
- RESOURCE_LEAK exceptional_path
- RESOURCE_LEAK fds_handles
- RESOURCE_LEAK none
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- VIRTUAL_DTOR empty_dtor
- VIRTUAL_DTOR none
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
|
- BAD_CERT_VERIFICATION bad_revocation_check
- CALL_SUPER finalize
- CONFIG.MISSING_JSF2_SECURITY_CONSTRAINT none
- RESOURCE_LEAK exceptional_path
- RESOURCE_LEAK none
- RESOURCE_LEAK socket
- RESOURCE_LEAK stream
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
|
- BAD_CERT_VERIFICATION bad_revocation_check
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
|
- ALLOC_FREE_MISMATCH none
- BAD_FREE address
- BAD_FREE alloca
- BAD_FREE array
- BAD_FREE first_field_address
- BAD_FREE function_pointer
- BAD_FREE none
- CTOR_DTOR_LEAK none
- DELETE_ARRAY non_array_delete
- DELETE_ARRAY none
- DELETE_ARRAY object
- DELETE_ARRAY scalar
- NO_EFFECT incomplete_delete
- RESOURCE_LEAK exceptional_path
- RESOURCE_LEAK fds_handles
- RESOURCE_LEAK none
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- VIRTUAL_DTOR empty_dtor
- VIRTUAL_DTOR none
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
|
- RAILS_DEVISE_CONFIG devise_reset_timeout_hi
- RESOURCE_LEAK unsafe_symbol_creation_low
|
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
|
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
|
- RESOURCE_LEAK channel
- RESOURCE_LEAK database
- RESOURCE_LEAK exceptional_path
- RESOURCE_LEAK none
- RESOURCE_LEAK socket
- RESOURCE_LEAK stream
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
|
| 1350 Weaknesses in the 2020 CWE Top 25 Most Dangerous Software Weaknesses |
- ASPNET_MVC_VERSION_HEADER none
- CONFIG.ASPNET_VERSION_HEADER none
- CONFIG.CONNECTION_STRING_PASSWORD none
- CONFIG.COOKIES_MISSING_HTTPONLY none
- CONFIG.DYNAMIC_DATA_HTML_COMMENT none
- CONFIG.ENABLED_DEBUG_MODE none
- CONFIG.ENABLED_TRACE_MODE none
- CSRF database_update
- CSRF filesystem_modification
- CSRF none
- FORWARD_NULL deref_constant_null
- FORWARD_NULL deref_constant_zero
- FORWARD_NULL dynamic_cast
- FORWARD_NULL none
- FORWARD_NULL null_from_as
- FORWARD_NULL throws_on_null
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HEADER_INJECTION none
- INSECURE_COOKIE dotnet
- LDAP_INJECTION none
- LDAP_NOT_CONSTANT none
- LOG_INJECTION none
- MISSING_AUTHZ none
- NOSQL_QUERY_INJECTION none
- NULL_RETURNS none
- NULL_RETURNS unimpl
- OPEN_REDIRECT none
- OS_CMD_INJECTION command_argument
- OS_CMD_INJECTION executable_file
- OS_CMD_INJECTION none
- OVERFLOW_BEFORE_WIDEN none
- PATH_MANIPULATION none
- REGEX_INJECTION none
- REVERSE_INULL none
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- UNKNOWN_LANGUAGE_INJECTION none
- UNRESTRICTED_DISPATCH none
- UNSAFE_DESERIALIZATION none
- UNSAFE_NAMED_QUERY none
- XML_EXTERNAL_ENTITY external_entities
- XML_EXTERNAL_ENTITY unrestricted_dtds
- XML_INJECTION none
- XPATH_INJECTION none
- XSS none
- XSS stored_xss
|
- ARRAY_VS_SINGLETON none
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK nested_memory_access
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK sensitive_data_comparison
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_execution_data_leak
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_uninitialized_use
- AUTOSAR C++14 A15-3-3 none
- BAD_ALLOC_ARITHMETIC none
- BUFFER_SIZE fixed_size_dest
- BUFFER_SIZE likely_overflow
- BUFFER_SIZE no_null_terminator
- BUFFER_SIZE no_null_terminator_warn
- BUFFER_SIZE none
- BUFFER_SIZE overflow
- BUFFER_SIZE overlapping_buffer
- COM.ADDROF_LEAK none
- COM.BAD_FREE none
- COM.BSTR.ALLOC double_free
- COM.BSTR.ALLOC free_uninit
- COM.BSTR.ALLOC leak
- COM.BSTR.ALLOC none
- COM.BSTR.ALLOC use_after_free
- COM.BSTR.ALLOC use_uninit
- COM.BSTR.CONV none
- CTOR_DTOR_LEAK none
- FORMAT_STRING_INJECTION none
- FORMAT_STRING_INJECTION paranoid
- FORWARD_NULL deref_constant_null
- FORWARD_NULL dynamic_cast
- FORWARD_NULL none
- FORWARD_NULL throws_on_null
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HEADER_INJECTION none
- INCOMPATIBLE_CAST overrun
- INTEGER_OVERFLOW array_index_read
- INTEGER_OVERFLOW array_index_write
- INTEGER_OVERFLOW const_overflow
- INTEGER_OVERFLOW critical_argument
- INTEGER_OVERFLOW none
- INTEGER_OVERFLOW pointer_deref_read
- INTEGER_OVERFLOW pointer_deref_write
- INTEGER_OVERFLOW return_value_error
- INVALIDATE_ITERATOR none
- MISMATCHED_ITERATOR none
- MISMATCHED_ITERATOR splice_iterator_mismatch
- MISRA C++-2008 Rule 15-3-2 none
- MISSING_ASSIGN none
- MISSING_ASSIGN uncalled
- MISSING_COPY none
- MISSING_COPY uncalled
- NEGATIVE_RETURNS array_index_read
- NEGATIVE_RETURNS array_index_write
- NEGATIVE_RETURNS loop_bound
- NO_EFFECT incomplete_delete
- NULL_RETURNS none
- NULL_RETURNS unimpl
- OS_CMD_INJECTION none
- OVERFLOW_BEFORE_WIDEN none
- OVERRUN illegal_address
- OVERRUN none
- OVERRUN read
- OVERRUN strlen
- OVERRUN write
- PATH_MANIPULATION none
- PW.INTEGER_OVERFLOW none
- PW.INTEGER_TOO_LARGE none
- PW.NON_CONST_PRINTF_FORMAT_STRING none
- PW.SHIFT_COUNT_TOO_LARGE none
- READLINK none
- RESOURCE_LEAK fds_handles
- REVERSE_INULL none
- REVERSE_NEGATIVE array_index_read
- REVERSE_NEGATIVE array_index_write
- REVERSE_NEGATIVE critical_argument
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SIZECHECK likely_overflow
- SIZECHECK no_null_terminator
- SQLI none
- STACK_USE none
- STRING_NULL none
- STRING_OVERFLOW fixed_size_dest
- STRING_OVERFLOW likely_overflow
- STRING_OVERFLOW none
- STRING_SIZE none
- TAINTED_SCALAR allocation
- TAINTED_SCALAR array_index_read
- TAINTED_SCALAR array_index_write
- TAINTED_SCALAR critical_argument
- TAINTED_SCALAR divisor
- TAINTED_SCALAR loop_bound
- TAINTED_SCALAR none
- TAINTED_SCALAR pointer_deref_read
- TAINTED_SCALAR pointer_deref_write
- TAINTED_STRING none
- UNCAUGHT_EXCEPT none
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- URL_MANIPULATION none
- USER_POINTER none
- USE_AFTER_FREE deref_read_after_free
- USE_AFTER_FREE deref_write_after_free
- USE_AFTER_FREE double_free
- USE_AFTER_FREE none
- VIRTUAL_DTOR empty_dtor
- VIRTUAL_DTOR none
- WEAK_GUARD dns
- WEAK_GUARD dns_sensitive_op
- WEAK_GUARD http_referer
- WEAK_GUARD http_referer_sensitive_op
- WEAK_GUARD ip_address
- WEAK_GUARD ip_address_sensitive_op
- WEAK_GUARD none
- WEAK_GUARD os_login
- WEAK_GUARD os_login_sensitive_op
- WEAK_GUARD principal_name
- WEAK_GUARD principal_name_sensitive_op
- WRAPPER_ESCAPE COM_deref_read_after_free
- WRAPPER_ESCAPE COM_deref_write_after_free
- WRAPPER_ESCAPE COM_use_after_free
- WRAPPER_ESCAPE deref_read_after_free
- WRAPPER_ESCAPE deref_write_after_free
- WRAPPER_ESCAPE none
- XPATH_INJECTION none
|
- ARRAY_VS_SINGLETON none
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK nested_memory_access
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK sensitive_data_comparison
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_execution_data_leak
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_uninitialized_use
- AUTOSAR C++14 A15-3-3 none
- BAD_ALLOC_ARITHMETIC none
- BUFFER_SIZE fixed_size_dest
- BUFFER_SIZE likely_overflow
- BUFFER_SIZE no_null_terminator
- BUFFER_SIZE no_null_terminator_warn
- BUFFER_SIZE none
- BUFFER_SIZE overflow
- BUFFER_SIZE overlapping_buffer
- CTOR_DTOR_LEAK none
- FORMAT_STRING_INJECTION none
- FORMAT_STRING_INJECTION paranoid
- FORWARD_NULL deref_constant_null
- FORWARD_NULL dynamic_cast
- FORWARD_NULL none
- FORWARD_NULL throws_on_null
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HEADER_INJECTION none
- INCOMPATIBLE_CAST overrun
- INTEGER_OVERFLOW array_index_read
- INTEGER_OVERFLOW array_index_write
- INTEGER_OVERFLOW const_overflow
- INTEGER_OVERFLOW critical_argument
- INTEGER_OVERFLOW none
- INTEGER_OVERFLOW pointer_deref_read
- INTEGER_OVERFLOW pointer_deref_write
- INTEGER_OVERFLOW return_value_error
- INVALIDATE_ITERATOR none
- MISMATCHED_ITERATOR none
- MISMATCHED_ITERATOR splice_iterator_mismatch
- MISRA C++-2008 Rule 15-3-2 none
- MISSING_ASSIGN none
- MISSING_ASSIGN uncalled
- MISSING_COPY none
- MISSING_COPY uncalled
- NEGATIVE_RETURNS array_index_read
- NEGATIVE_RETURNS array_index_write
- NEGATIVE_RETURNS loop_bound
- NO_EFFECT incomplete_delete
- NULL_RETURNS none
- NULL_RETURNS unimpl
- OS_CMD_INJECTION none
- OVERFLOW_BEFORE_WIDEN none
- OVERRUN illegal_address
- OVERRUN none
- OVERRUN read
- OVERRUN strlen
- OVERRUN write
- PATH_MANIPULATION none
- PW.INTEGER_OVERFLOW none
- PW.INTEGER_TOO_LARGE none
- PW.NON_CONST_PRINTF_FORMAT_STRING none
- PW.SHIFT_COUNT_TOO_LARGE none
- READLINK none
- RESOURCE_LEAK fds_handles
- REVERSE_INULL none
- REVERSE_NEGATIVE array_index_read
- REVERSE_NEGATIVE array_index_write
- REVERSE_NEGATIVE critical_argument
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SIZECHECK likely_overflow
- SIZECHECK no_null_terminator
- SQLI none
- STACK_USE none
- STRING_NULL none
- STRING_OVERFLOW fixed_size_dest
- STRING_OVERFLOW likely_overflow
- STRING_OVERFLOW none
- STRING_SIZE none
- TAINTED_SCALAR allocation
- TAINTED_SCALAR array_index_read
- TAINTED_SCALAR array_index_write
- TAINTED_SCALAR critical_argument
- TAINTED_SCALAR divisor
- TAINTED_SCALAR loop_bound
- TAINTED_SCALAR none
- TAINTED_SCALAR pointer_deref_read
- TAINTED_SCALAR pointer_deref_write
- TAINTED_STRING none
- UNCAUGHT_EXCEPT none
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- URL_MANIPULATION none
- USER_POINTER none
- USE_AFTER_FREE deref_read_after_free
- USE_AFTER_FREE deref_write_after_free
- USE_AFTER_FREE double_free
- USE_AFTER_FREE none
- VIRTUAL_DTOR empty_dtor
- VIRTUAL_DTOR none
- WEAK_GUARD dns
- WEAK_GUARD dns_sensitive_op
- WEAK_GUARD http_referer
- WEAK_GUARD http_referer_sensitive_op
- WEAK_GUARD ip_address
- WEAK_GUARD ip_address_sensitive_op
- WEAK_GUARD none
- WEAK_GUARD os_login
- WEAK_GUARD os_login_sensitive_op
- WEAK_GUARD principal_name
- WEAK_GUARD principal_name_sensitive_op
- WRAPPER_ESCAPE COM_deref_read_after_free
- WRAPPER_ESCAPE COM_deref_write_after_free
- WRAPPER_ESCAPE COM_use_after_free
- WRAPPER_ESCAPE deref_read_after_free
- WRAPPER_ESCAPE deref_write_after_free
- WRAPPER_ESCAPE none
- XPATH_INJECTION none
|
- DISTRUSTED_DATA_DESERIALIZATION none
- FORWARD_NULL deref_constant_null
- FORWARD_NULL none
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HEADER_INJECTION none
- NOSQL_QUERY_INJECTION none
- NULL_RETURNS none
- NULL_RETURNS unimpl
- OPEN_REDIRECT none
- OS_CMD_INJECTION command_as_one_string
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- REVERSE_INULL none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
- TEMPLATE_INJECTION none
- URL_MANIPULATION none
- XML_EXTERNAL_ENTITY external_entities
- XSS none
|
- ANDROID_DEBUG_MODE none
- CONFIG.ANDROID_BACKUPS_ALLOWED android
- CONFIG.DWR_DEBUG_MODE none
- CONFIG.DYNAMIC_DATA_HTML_COMMENT none
- CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
- CONFIG.JAVAEE_MISSING_HTTPONLY none
- CONFIG.JAVAEE_MISSING_SERVLET_MAPPING javaee
- CONFIG.MISSING_JSF2_SECURITY_CONSTRAINT none
- CONFIG.MYBATIS_MAPPER_SQLI none
- CONFIG.SPRING_BOOT_SENSITIVE_LOGGING spring_boot_logging
- CONFIG.SPRING_BOOT_SSL_DISABLED spring_boot_certificate_validation_skipped
- CONFIG.SPRING_BOOT_SSL_DISABLED spring_boot_ssl_disabled
- CONFIG.SPRING_SECURITY_CSRF_PROTECTION_DISABLED spring_security
- CONFIG.SPRING_SECURITY_DEBUG_MODE spring_debug_mode_enabled
- CONFIG.SPRING_SECURITY_DEPRECATED_XSS_HEADER deprecated_xss_header
- CONFIG.SPRING_SECURITY_DISABLE_AUTH_TAGS none
- CONFIG.SPRING_SECURITY_EXPOSED_SESSIONID session_id_in_url
- CONFIG.SPRING_SECURITY_HARDCODED_CREDENTIALS none
- CONFIG.SPRING_SECURITY_LOGIN_OVER_HTTP spring_security_login_over_http
- CONFIG.SPRING_SECURITY_REMEMBER_ME_HARDCODED_KEY none
- CONFIG.SPRING_SECURITY_SESSION_FIXATION none
- CONFIG.SPRING_SECURITY_SESSION_FIXATION spring_security_source_code
- CONFIG.SPRING_SECURITY_UNSAFE_AUTHENTICATION_FILTER authentication_filter
- CONFIG.SPRING_SECURITY_WEAK_PASSWORD_HASH weak_encoding_for_password
- CONFIG.STRUTS2_CONFIG_BROWSER_PLUGIN none
- CONFIG.STRUTS2_DYNAMIC_METHOD_INVOCATION none
- CONFIG.STRUTS2_ENABLED_DEV_MODE none
- CORS_MISCONFIGURATION cors_with_credentials_null_origin
- CORS_MISCONFIGURATION_AUDIT cors_expose_sensitive_header
- CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
- CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
- CSRF database_update
- CSRF filesystem_modification
- CSRF none
- DISABLED_ENCRYPTION text_encryptor
- EL_INJECTION none
- EXPOSED_PREFERENCES none
- FB.BC_NULL_INSTANCEOF none
- FB.DMI_CONSTANT_DB_PASSWORD none
- FB.DMI_EMPTY_DB_PASSWORD none
- FB.HRS_REQUEST_PARAMETER_TO_COOKIE none
- FB.HRS_REQUEST_PARAMETER_TO_HTTP_HEADER none
- FB.NP_ALWAYS_NULL none
- FB.NP_ALWAYS_NULL_EXCEPTION none
- FB.NP_ARGUMENT_MIGHT_BE_NULL none
- FB.NP_BOOLEAN_RETURN_NULL none
- FB.NP_CLONE_COULD_RETURN_NULL none
- FB.NP_CLOSING_NULL none
- FB.NP_DEREFERENCE_OF_READLINE_VALUE none
- FB.NP_DOES_NOT_HANDLE_NULL none
- FB.NP_EQUALS_SHOULD_HANDLE_NULL_ARGUMENT none
- FB.NP_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR none
- FB.NP_GUARANTEED_DEREF none
- FB.NP_GUARANTEED_DEREF_ON_EXCEPTION_PATH none
- FB.NP_IMMEDIATE_DEREFERENCE_OF_READLINE none
- FB.NP_LOAD_OF_KNOWN_NULL_VALUE none
- FB.NP_METHOD_PARAMETER_RELAXING_ANNOTATION none
- FB.NP_METHOD_PARAMETER_TIGHTENS_ANNOTATION none
- FB.NP_METHOD_RETURN_RELAXING_ANNOTATION none
- FB.NP_NONNULL_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR none
- FB.NP_NONNULL_PARAM_VIOLATION none
- FB.NP_NONNULL_RETURN_VIOLATION none
- FB.NP_NULL_INSTANCEOF none
- FB.NP_NULL_ON_SOME_PATH none
- FB.NP_NULL_ON_SOME_PATH_EXCEPTION none
- FB.NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE none
- FB.NP_NULL_ON_SOME_PATH_MIGHT_BE_INFEASIBLE none
- FB.NP_NULL_PARAM_DEREF none
- FB.NP_NULL_PARAM_DEREF_ALL_TARGETS_DANGEROUS none
- FB.NP_NULL_PARAM_DEREF_NONVIRTUAL none
- FB.NP_OPTIONAL_RETURN_NULL none
- FB.NP_PARAMETER_MUST_BE_NONNULL_BUT_MARKED_AS_NULLABLE none
- FB.NP_STORE_INTO_NONNULL_FIELD none
- FB.NP_TOSTRING_COULD_RETURN_NULL none
- FB.NP_UNWRITTEN_FIELD none
- FB.NP_UNWRITTEN_PUBLIC_OR_PROTECTED_FIELD none
- FB.PT_ABSOLUTE_PATH_TRAVERSAL none
- FB.PT_RELATIVE_PATH_TRAVERSAL none
- FB.RCN_REDUNDANT_COMPARISON_OF_NULL_AND_NONNULL_VALUE none
- FB.RCN_REDUNDANT_COMPARISON_TWO_NULL_VALUES none
- FB.RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE none
- FB.RCN_REDUNDANT_NULLCHECK_OF_NULL_VALUE none
- FB.RCN_REDUNDANT_NULLCHECK_WOULD_HAVE_BEEN_A_NPE none
- FB.SQL_NONCONSTANT_STRING_PASSED_TO_EXECUTE none
- FB.SQL_PREPARED_STATEMENT_GENERATED_FROM_NONCONSTANT_STRING none
- FB.XSS_REQUEST_PARAMETER_TO_JSP_WRITER none
- FB.XSS_REQUEST_PARAMETER_TO_SEND_ERROR none
- FB.XSS_REQUEST_PARAMETER_TO_SERVLET_WRITER none
- FORWARD_NULL deref_constant_null
- FORWARD_NULL deref_constant_zero
- FORWARD_NULL needs_null_check
- FORWARD_NULL none
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HEADER_INJECTION none
- INSECURE_COMMUNICATION insecure_communication
- INSECURE_COMMUNICATION none
- INSECURE_COMMUNICATION unencrypted_connection
- INVALIDATE_ITERATOR map_put
- INVALIDATE_ITERATOR none
- JAVA_CODE_INJECTION none
- JCR_INJECTION none
- JSP_DYNAMIC_INCLUDE none
- JSP_SQL_INJECTION none
- LDAP_INJECTION none
- LDAP_NOT_CONSTANT none
- LOG_INJECTION none
- MISSING_AUTHZ none
- MISSING_HEADER_VALIDATION missing_header_validation
- NOSQL_QUERY_INJECTION none
- NULL_RETURNS none
- NULL_RETURNS unimpl
- OGNL_INJECTION none
- OPEN_REDIRECT none
- OS_CMD_INJECTION command_as_array_of_args
- OS_CMD_INJECTION command_as_one_string
- OS_CMD_INJECTION none
- OVERFLOW_BEFORE_WIDEN none
- PATH_MANIPULATION none
- REGEX_INJECTION none
- REVERSE_INULL none
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_clipboard
- SENSITIVE_DATA_LEAK cleartext_storage_in_content_provider
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_intent
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SESSION_FIXATION none
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- UNKNOWN_LANGUAGE_INJECTION none
- UNLIMITED_CONCURRENT_SESSIONS unlimited_concurrent_sessions
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_access
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_read
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_write
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_access
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_read
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_write
- UNRESTRICTED_DISPATCH none
- UNSAFE_DESERIALIZATION none
- UNSAFE_JNI none
- UNSAFE_NAMED_QUERY none
- UNSAFE_REFLECTION none
- URL_MANIPULATION bad_content_uri
- URL_MANIPULATION bad_intent_uri
- URL_MANIPULATION bad_web_uri
- VERBOSE_ERROR_REPORTING exception_information
- VERBOSE_ERROR_REPORTING stack_trace
- WEAK_GUARD dns
- WEAK_GUARD dns_sensitive_op
- WEAK_GUARD http_referer
- WEAK_GUARD http_referer_sensitive_op
- WEAK_GUARD ip_address
- WEAK_GUARD ip_address_sensitive_op
- WEAK_GUARD none
- WEAK_GUARD os_login
- WEAK_GUARD os_login_sensitive_op
- WEAK_GUARD principal_name
- WEAK_GUARD principal_name_sensitive_op
- XML_EXTERNAL_ENTITY external_entities
- XML_EXTERNAL_ENTITY unrestricted_dtds
- XML_INJECTION none
- XPATH_INJECTION none
- XSS none
- XSS stored_xss
|
- ANGULAR_BYPASS_SECURITY none
- ANGULAR_ELEMENT_REFERENCE none
- ANGULAR_EXPRESSION_INJECTION none
- ANGULAR_SCE_DISABLED angular_sce_disabled
- AWS_SSL_DISABLED aws_ssl_disabled
- AWS_VALIDATION_DISABLED aws_credentials_validation
- AWS_VALIDATION_DISABLED aws_parameters_validation
- BAD_CERT_VERIFICATION bad_cert_verification
- BAD_CERT_VERIFICATION certificate_validation_disabled
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_fields
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_filesize
- CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
- CONFIG.CORDOVA_EXCESSIVE_LOGGING cordova
- CONFIG.CSURF_IGNORE_METHODS csurf_ignore_methods
- CONFIG.ENABLED_DEBUG_MODE debug_mode_enabled
- CONFIG.HANA_XS_PREVENT_XSRF_DISABLED none
- CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
- CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
- CONFIG.MYSQL_SSL_VERIFY_DISABLED mysql_ssl_verify_disabled
- CONFIG.SEQUELIZE_ENABLED_LOGGING sequelize_logging_enabled
- CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
- CONFIG.SOCKETIO_MAXHTTPBUFFERSIZE_SET_TOO_LARGE socketio_max_buffer_size
- CONFIG.SOCKETIO_ORIGINS_ACCEPT_ALL socketio_all_origins
- CONFIG.VUE_ROUTER_PARAMS_EXPOSED_TO_PROPS vuerouter_exposed_params
- COOKIE_INJECTION none
- CORS_MISCONFIGURATION cors_configured_globally
- CORS_MISCONFIGURATION cors_origin_string
- CORS_MISCONFIGURATION cors_with_credentials_all_origin
- CORS_MISCONFIGURATION cors_with_credentials_null_origin
- CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
- CORS_MISCONFIGURATION_AUDIT cors_expose_sensitive_header
- CORS_MISCONFIGURATION_AUDIT cors_headers_allowed
- CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
- CORS_MISCONFIGURATION_AUDIT cors_origin_string
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_all_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_null_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
- CSRF database_update
- CSRF filesystem_modification
- CSRF none
- CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_cookie_name
- CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_no_validation
- CSRF_MISCONFIGURATION_HAPI_CRUMB insecure_cookie
- CSRF_MISCONFIGURATION_HAPI_CRUMB insufficient_token_entropy
- CSS_INJECTION none
- DNS_PREFETCHING helmet_dns_prefetching
- DOM_XSS none
- EXPRESS_SESSION_UNSAFE_MEMORYSTORE express_session_unsafe_memorystore
- EXPRESS_WINSTON_SENSITIVE_LOGGING error_logger
- EXPRESS_WINSTON_SENSITIVE_LOGGING meta_data
- EXPRESS_WINSTON_SENSITIVE_LOGGING request_logger
- EXPRESS_X_POWERED_BY_ENABLED x_powered_by_http_header
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_fields
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_filesize
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_use_temp_files
- FORWARD_NULL bad_null_value_use
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HEADER_INJECTION none
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_report_uri
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_set_if
- INSECURE_ACL insecure_acl
- INSECURE_COMMUNICATION insecure_connection
- INSECURE_COOKIE client_sessions_express_session
- INSECURE_COOKIE hapi_server_session
- INSECURE_REFERRER_POLICY insecure_referrer_policy
- LOCALSTORAGE_MANIPULATION none
- MISSING_AUTHZ none
- MULTER_MISCONFIGURATION multer_applied_globally
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_count
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
- MULTER_MISCONFIGURATION multer_misconfiguration_of_limits
- MULTER_MISCONFIGURATION multer_misconfiguration_of_storage
- NOSQL_QUERY_INJECTION none
- NULL_RETURNS none
- OPEN_REDIRECT none
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- REACT_DANGEROUS_INNERHTML react_set_unsafe_html
- REGEX_INJECTION none
- REVERSE_INULL none
- REVERSE_TABNABBING react_target_blank
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SESSIONSTORAGE_MANIPULATION none
- SQLI none
- SQLI nosink
- SQLI sink
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
- TEMPLATE_INJECTION none
- UNLESS_CASE_SENSITIVE_ROUTE_MATCHING express_unless_case_sensitive_route_matching
- UNSAFE_BUFFER_METHOD unsafe_buffer_method
- UNSAFE_DESERIALIZATION none
- URL_MANIPULATION none
- VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
- WEAK_URL_SANITIZATION hostname_regular_expression
- WEAK_URL_SANITIZATION regular_expression_anchor
- WEAK_URL_SANITIZATION url_substring
- XML_EXTERNAL_ENTITY external_entities
- XSS none
|
- ANDROID_DEBUG_MODE none
- CONFIG.ANDROID_BACKUPS_ALLOWED android
- EXPOSED_PREFERENCES none
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HEADER_INJECTION none
- INSECURE_COMMUNICATION none
- OS_CMD_INJECTION command_as_array_of_args
- OS_CMD_INJECTION command_as_one_string
- PATH_MANIPULATION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_clipboard
- SENSITIVE_DATA_LEAK cleartext_storage_in_content_provider
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_intent
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_access
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_read
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_write
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_access
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_read
- UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_write
- UNSAFE_DESERIALIZATION none
- URL_MANIPULATION bad_content_uri
- URL_MANIPULATION bad_intent_uri
- URL_MANIPULATION bad_web_uri
- XML_EXTERNAL_ENTITY external_entities
- XML_EXTERNAL_ENTITY unrestricted_dtds
|
- ARRAY_VS_SINGLETON none
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK nested_memory_access
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK sensitive_data_comparison
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_execution_data_leak
- AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_uninitialized_use
- BAD_ALLOC_ARITHMETIC none
- BUFFER_SIZE fixed_size_dest
- BUFFER_SIZE likely_overflow
- BUFFER_SIZE no_null_terminator
- BUFFER_SIZE no_null_terminator_warn
- BUFFER_SIZE none
- BUFFER_SIZE overflow
- BUFFER_SIZE overlapping_buffer
- CTOR_DTOR_LEAK none
- FORMAT_STRING_INJECTION none
- FORMAT_STRING_INJECTION paranoid
- FORWARD_NULL deref_constant_null
- FORWARD_NULL dynamic_cast
- FORWARD_NULL none
- FORWARD_NULL throws_on_null
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HEADER_INJECTION none
- INCOMPATIBLE_CAST overrun
- INTEGER_OVERFLOW array_index_read
- INTEGER_OVERFLOW array_index_write
- INTEGER_OVERFLOW const_overflow
- INTEGER_OVERFLOW critical_argument
- INTEGER_OVERFLOW none
- INTEGER_OVERFLOW pointer_deref_read
- INTEGER_OVERFLOW pointer_deref_write
- INTEGER_OVERFLOW return_value_error
- INVALIDATE_ITERATOR none
- MISMATCHED_ITERATOR none
- MISMATCHED_ITERATOR splice_iterator_mismatch
- MISSING_ASSIGN none
- MISSING_ASSIGN uncalled
- MISSING_COPY none
- MISSING_COPY uncalled
- NEGATIVE_RETURNS array_index_read
- NEGATIVE_RETURNS array_index_write
- NEGATIVE_RETURNS loop_bound
- NO_EFFECT incomplete_delete
- NULL_RETURNS none
- NULL_RETURNS unimpl
- OS_CMD_INJECTION none
- OVERFLOW_BEFORE_WIDEN none
- OVERRUN illegal_address
- OVERRUN none
- OVERRUN read
- OVERRUN strlen
- OVERRUN write
- PATH_MANIPULATION none
- READLINK none
- RESOURCE_LEAK fds_handles
- REVERSE_INULL none
- REVERSE_NEGATIVE array_index_read
- REVERSE_NEGATIVE array_index_write
- REVERSE_NEGATIVE critical_argument
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SIZECHECK likely_overflow
- SIZECHECK no_null_terminator
- SQLI none
- STACK_USE none
- STRING_NULL none
- STRING_OVERFLOW fixed_size_dest
- STRING_OVERFLOW likely_overflow
- STRING_OVERFLOW none
- STRING_SIZE none
- TAINTED_SCALAR allocation
- TAINTED_SCALAR array_index_read
- TAINTED_SCALAR array_index_write
- TAINTED_SCALAR critical_argument
- TAINTED_SCALAR divisor
- TAINTED_SCALAR loop_bound
- TAINTED_SCALAR none
- TAINTED_SCALAR pointer_deref_read
- TAINTED_SCALAR pointer_deref_write
- TAINTED_STRING none
- UNCAUGHT_EXCEPT none
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- URL_MANIPULATION none
- USER_POINTER none
- USE_AFTER_FREE deref_read_after_free
- USE_AFTER_FREE deref_write_after_free
- USE_AFTER_FREE double_free
- USE_AFTER_FREE none
- VIRTUAL_DTOR empty_dtor
- VIRTUAL_DTOR none
- WEAK_GUARD dns
- WEAK_GUARD dns_sensitive_op
- WEAK_GUARD http_referer
- WEAK_GUARD http_referer_sensitive_op
- WEAK_GUARD ip_address
- WEAK_GUARD ip_address_sensitive_op
- WEAK_GUARD none
- WEAK_GUARD os_login
- WEAK_GUARD os_login_sensitive_op
- WEAK_GUARD principal_name
- WEAK_GUARD principal_name_sensitive_op
- WRAPPER_ESCAPE COM_deref_read_after_free
- WRAPPER_ESCAPE COM_deref_write_after_free
- WRAPPER_ESCAPE COM_use_after_free
- WRAPPER_ESCAPE deref_read_after_free
- WRAPPER_ESCAPE deref_write_after_free
- WRAPPER_ESCAPE none
- XPATH_INJECTION none
|
- CONFIG.SYMFONY_CSRF_PROTECTION_DISABLED none
- FORWARD_NULL bad_null_value_use
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HEADER_INJECTION none
- MISSING_AUTHZ none
- NOSQL_QUERY_INJECTION none
- OPEN_REDIRECT none
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- SYMFONY_EL_INJECTION none
- UNSAFE_DESERIALIZATION none
- UNSAFE_REFLECTION none
- XML_EXTERNAL_ENTITY external_entities
- XSS none
|
- CSRF database_update
- CSRF none
- FORWARD_NULL bad_null_value_use
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- MISSING_AUTHZ none
- NOSQL_QUERY_INJECTION none
- OPEN_REDIRECT none
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- REVERSE_INULL none
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- UNSAFE_DESERIALIZATION none
- XML_EXTERNAL_ENTITY external_entities
- XSS none
|
- COOKIE_SERIALIZER_CONFIG unsafe_cookie_serialization_med
- CSRF csrf_not_protected_by_raising_exception_med
- CSRF csrf_protection_disabled_hi
- CSRF csrf_protection_missing_hi
- CSRF cve_2011_0447_hi
- DYNAMIC_OBJECT_ATTRIBUTES cve_2013_0276_hi
- FORWARD_NULL bad_null_value_use
- HARDCODED_CREDENTIALS secret_in_source_med
- INSECURE_COOKIE missing_httponly_low
- INSECURE_DIRECT_OBJECT_REFERENCE unscoped_find_low
- OPEN_REDIRECT open_redirect_hi
- OPEN_REDIRECT open_redirect_low
- OS_CMD_INJECTION command_injection_hi
- OS_CMD_INJECTION command_injection_med
- PATH_MANIPULATION dynamic_render_path_hi
- PATH_MANIPULATION dynamic_render_path_low
- PATH_MANIPULATION dynamic_render_path_med
- PATH_MANIPULATION dynamic_render_path_rce_hi
- PATH_MANIPULATION file_access_hi
- PATH_MANIPULATION file_access_low
- PATH_MANIPULATION file_access_med
- RAILS_DEFAULT_ROUTES all_default_routes_hi
- RAILS_DEFAULT_ROUTES controller_default_routes_med
- RAILS_DEFAULT_ROUTES cve_2014_0130_hi
- RAILS_DEFAULT_ROUTES cve_2014_0130_med
- RAILS_DEVISE_CONFIG devise_lock_strategy_low
- RAILS_DEVISE_CONFIG devise_password_length_max_low
- RAILS_DEVISE_CONFIG devise_password_length_max_med
- RAILS_DEVISE_CONFIG devise_password_length_min_low
- RAILS_DEVISE_CONFIG devise_password_length_min_med
- RAILS_DEVISE_CONFIG devise_reset_timeout_hi
- RAILS_MISSING_FILTER_ACTION missing_action_filter_low
- REGEX_INJECTION regex_dos_hi
- REGEX_INJECTION regex_dos_low
- REGEX_INJECTION regex_dos_med
- RESOURCE_LEAK unsafe_symbol_creation_low
- REVERSE_INULL none
- REVERSE_TABNABBING reverse_tabnabbing_low
- RUBY_VULNERABLE_LIBRARY cve_2010_3933_hi
- RUBY_VULNERABLE_LIBRARY cve_2011_2929_hi
- RUBY_VULNERABLE_LIBRARY cve_2011_2930_med
- RUBY_VULNERABLE_LIBRARY cve_2011_2931_hi
- RUBY_VULNERABLE_LIBRARY cve_2011_2932_hi
- RUBY_VULNERABLE_LIBRARY cve_2011_3186_med
- RUBY_VULNERABLE_LIBRARY cve_2012_2660_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_2661_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_2695_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_3424_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_3424_low
- RUBY_VULNERABLE_LIBRARY cve_2012_3463_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_3465_hi
- RUBY_VULNERABLE_LIBRARY cve_2012_5664_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_0155_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_0156_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_0269_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_0269_low
- RUBY_VULNERABLE_LIBRARY cve_2013_0269_med
- RUBY_VULNERABLE_LIBRARY cve_2013_0277_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_0277_med
- RUBY_VULNERABLE_LIBRARY cve_2013_0333_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_1854_med
- RUBY_VULNERABLE_LIBRARY cve_2013_1855_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_1857_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_4491_med
- RUBY_VULNERABLE_LIBRARY cve_2013_6414_med
- RUBY_VULNERABLE_LIBRARY cve_2013_6416_call_hi
- RUBY_VULNERABLE_LIBRARY cve_2013_6416_med
- RUBY_VULNERABLE_LIBRARY cve_2013_6417_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_0080_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_0081_call_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_0081_med
- RUBY_VULNERABLE_LIBRARY cve_2014_0082_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_3482_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_3483_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_hi
- RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_low
- RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_med
- RUBY_VULNERABLE_LIBRARY cve_2014_3514_med
- RUBY_VULNERABLE_LIBRARY cve_2014_7829_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_3226_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_3226_med
- RUBY_VULNERABLE_LIBRARY cve_2015_3227_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7576_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_7577_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7578_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_7578_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7579_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_7579_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7580_hi
- RUBY_VULNERABLE_LIBRARY cve_2015_7580_med
- RUBY_VULNERABLE_LIBRARY cve_2015_7581_med
- RUBY_VULNERABLE_LIBRARY cve_2016_0751_med
- RUBY_VULNERABLE_LIBRARY cve_2016_6317_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_3741_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_3741_med
- RUBY_VULNERABLE_LIBRARY cve_2018_3760_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_3760_low
- RUBY_VULNERABLE_LIBRARY cve_2018_8048_hi
- RUBY_VULNERABLE_LIBRARY cve_2018_8048_med
- RUBY_VULNERABLE_LIBRARY safe_buffer_vuln_med
- RUBY_VULNERABLE_LIBRARY select_options_vuln_low
- RUBY_VULNERABLE_LIBRARY select_options_vuln_med
- RUBY_VULNERABLE_LIBRARY translate_vuln_hi
- RUBY_VULNERABLE_LIBRARY translate_vuln_med
- SCRIPT_CODE_INJECTION code_eval_hi
- SCRIPT_CODE_INJECTION code_eval_low
- SENSITIVE_DATA_LEAK detailed_exceptions_hi
- SENSITIVE_DATA_LEAK detailed_exceptions_med
- SENSITIVE_DATA_LEAK local_request_config_hi
- SQLI sql_injection_calculate_hi
- SQLI sql_injection_calculate_low
- SQLI sql_injection_calculate_med
- SQLI sql_injection_connection_hi
- SQLI sql_injection_connection_low
- SQLI sql_injection_connection_med
- SQLI sql_injection_delete_hi
- SQLI sql_injection_delete_low
- SQLI sql_injection_delete_med
- SQLI sql_injection_dynamic_finder_med
- SQLI sql_injection_exists_hi
- SQLI sql_injection_find_by_hi
- SQLI sql_injection_find_hi
- SQLI sql_injection_find_low
- SQLI sql_injection_find_med
- SQLI sql_injection_from_hi
- SQLI sql_injection_from_low
- SQLI sql_injection_from_med
- SQLI sql_injection_group_low
- SQLI sql_injection_group_med
- SQLI sql_injection_having_low
- SQLI sql_injection_having_med
- SQLI sql_injection_hi
- SQLI sql_injection_interp_hi
- SQLI sql_injection_interp_low
- SQLI sql_injection_interp_med
- SQLI sql_injection_joins_hi
- SQLI sql_injection_joins_low
- SQLI sql_injection_joins_med
- SQLI sql_injection_limit_offset_hi
- SQLI sql_injection_limit_offset_low
- SQLI sql_injection_low
- SQLI sql_injection_med
- SQLI sql_injection_not_low
- SQLI sql_injection_order_hi
- SQLI sql_injection_order_low
- SQLI sql_injection_order_med
- SQLI sql_injection_pluck_hi
- SQLI sql_injection_pluck_low
- SQLI sql_injection_pluck_med
- SQLI sql_injection_reorder_hi
- SQLI sql_injection_reorder_low
- SQLI sql_injection_reorder_med
- SQLI sql_injection_select_hi
- SQLI sql_injection_select_med
- SQLI sql_injection_where_hi
- SQLI sql_injection_where_low
- SQLI sql_injection_where_med
- STRICT_TRANSPORT_SECURITY force_ssl_disabled_med
- UNESCAPED_HTML unescaped_output_low
- UNSAFE_BASIC_AUTH basic_auth_password_hi
- UNSAFE_BASIC_AUTH basic_auth_timing_attack_low
- UNSAFE_BASIC_AUTH basic_auth_usage_low
- UNSAFE_DESERIALIZATION unsafe_deserialize_hi
- UNSAFE_DESERIALIZATION unsafe_deserialize_med
- UNSAFE_REFLECTION dangerous_send_hi
- UNSAFE_REFLECTION unsafe_constantize_hi
- UNSAFE_REFLECTION unsafe_constantize_med
- UNSAFE_SESSION_SETTING http_cookies_hi
- UNSAFE_SESSION_SETTING session_secret_hi
- XSS cross_site_scripting_hi
- XSS cross_site_scripting_inline_hi
- XSS cross_site_scripting_inline_med
- XSS cross_site_scripting_low
- XSS cross_site_scripting_med
- XSS cve_2011_0446_hi
- XSS cve_2012_3464_med
- XSS cve_2016_6316_hi
- XSS cve_2016_6316_med
- XSS unquoted_attribute_hi
- XSS unquoted_attribute_low
- XSS unquoted_attribute_med
- XSS xss_content_tag_hi
- XSS xss_content_tag_med
- XSS xss_link_to_hi
- XSS xss_link_to_href_hi
- XSS xss_link_to_href_low
- XSS xss_link_to_med
- XSS xss_to_json_hi
- XSS xss_to_json_med
|
- FORWARD_NULL deref_constant_null
- FORWARD_NULL none
- OVERFLOW_BEFORE_WIDEN none
- REVERSE_INULL none
|
- CONFIG.ATS_INSECURE none
- FORWARD_NULL deref_constant_null
- FORWARD_NULL none
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- INSECURE_COMMUNICATION none
- INSECURE_MULTIPEER_CONNECTION none
- PATH_MANIPULATION none
- REGEX_INJECTION none
- REVERSE_INULL none
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
- UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
- UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
- WEAK_BIOMETRIC_AUTH none
- XML_EXTERNAL_ENTITY external_entities
- XPATH_INJECTION none
|
- ANGULAR_BYPASS_SECURITY none
- ANGULAR_ELEMENT_REFERENCE none
- ANGULAR_EXPRESSION_INJECTION none
- ANGULAR_SCE_DISABLED angular_sce_disabled
- AWS_SSL_DISABLED aws_ssl_disabled
- AWS_VALIDATION_DISABLED aws_credentials_validation
- AWS_VALIDATION_DISABLED aws_parameters_validation
- BAD_CERT_VERIFICATION bad_cert_verification
- BAD_CERT_VERIFICATION certificate_validation_disabled
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_fields
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
- BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_filesize
- CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
- CONFIG.CORDOVA_EXCESSIVE_LOGGING cordova
- CONFIG.CSURF_IGNORE_METHODS csurf_ignore_methods
- CONFIG.ENABLED_DEBUG_MODE debug_mode_enabled
- CONFIG.HANA_XS_PREVENT_XSRF_DISABLED none
- CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
- CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
- CONFIG.MYSQL_SSL_VERIFY_DISABLED mysql_ssl_verify_disabled
- CONFIG.SEQUELIZE_ENABLED_LOGGING sequelize_logging_enabled
- CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
- CONFIG.SOCKETIO_MAXHTTPBUFFERSIZE_SET_TOO_LARGE socketio_max_buffer_size
- CONFIG.SOCKETIO_ORIGINS_ACCEPT_ALL socketio_all_origins
- CONFIG.VUE_ROUTER_PARAMS_EXPOSED_TO_PROPS vuerouter_exposed_params
- COOKIE_INJECTION none
- CORS_MISCONFIGURATION cors_configured_globally
- CORS_MISCONFIGURATION cors_origin_string
- CORS_MISCONFIGURATION cors_with_credentials_all_origin
- CORS_MISCONFIGURATION cors_with_credentials_null_origin
- CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
- CORS_MISCONFIGURATION_AUDIT cors_expose_sensitive_header
- CORS_MISCONFIGURATION_AUDIT cors_headers_allowed
- CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
- CORS_MISCONFIGURATION_AUDIT cors_origin_string
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_all_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_null_origin
- CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
- CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
- CSRF database_update
- CSRF filesystem_modification
- CSRF none
- CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_cookie_name
- CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_no_validation
- CSRF_MISCONFIGURATION_HAPI_CRUMB insecure_cookie
- CSRF_MISCONFIGURATION_HAPI_CRUMB insufficient_token_entropy
- CSS_INJECTION none
- DNS_PREFETCHING helmet_dns_prefetching
- DOM_XSS none
- EXPRESS_SESSION_UNSAFE_MEMORYSTORE express_session_unsafe_memorystore
- EXPRESS_WINSTON_SENSITIVE_LOGGING error_logger
- EXPRESS_WINSTON_SENSITIVE_LOGGING meta_data
- EXPRESS_WINSTON_SENSITIVE_LOGGING request_logger
- EXPRESS_X_POWERED_BY_ENABLED x_powered_by_http_header
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_fields
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_filesize
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
- FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_use_temp_files
- FORWARD_NULL bad_null_value_use
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HEADER_INJECTION none
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_report_uri
- HPKP_MISCONFIGURATION hpkp_misconfiguration_of_set_if
- INSECURE_ACL insecure_acl
- INSECURE_COMMUNICATION insecure_connection
- INSECURE_COOKIE client_sessions_express_session
- INSECURE_COOKIE hapi_server_session
- INSECURE_REFERRER_POLICY insecure_referrer_policy
- LOCALSTORAGE_MANIPULATION none
- MISSING_AUTHZ none
- MULTER_MISCONFIGURATION multer_applied_globally
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_count
- MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
- MULTER_MISCONFIGURATION multer_misconfiguration_of_limits
- MULTER_MISCONFIGURATION multer_misconfiguration_of_storage
- NOSQL_QUERY_INJECTION none
- NULL_RETURNS none
- OPEN_REDIRECT none
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- REACT_DANGEROUS_INNERHTML react_set_unsafe_html
- REGEX_INJECTION none
- REVERSE_INULL none
- REVERSE_TABNABBING react_target_blank
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SESSIONSTORAGE_MANIPULATION none
- SQLI none
- SQLI nosink
- SQLI sink
- TAINTED_ENVIRONMENT_WITH_EXECUTION none
- TEMPLATE_INJECTION none
- UNLESS_CASE_SENSITIVE_ROUTE_MATCHING express_unless_case_sensitive_route_matching
- UNSAFE_BUFFER_METHOD unsafe_buffer_method
- UNSAFE_DESERIALIZATION none
- URL_MANIPULATION none
- VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
- WEAK_URL_SANITIZATION hostname_regular_expression
- WEAK_URL_SANITIZATION regular_expression_anchor
- WEAK_URL_SANITIZATION url_substring
- XML_EXTERNAL_ENTITY external_entities
- XSS none
|
- ASPNET_MVC_VERSION_HEADER none
- CONFIG.DYNAMIC_DATA_HTML_COMMENT none
- CSRF database_update
- CSRF filesystem_modification
- CSRF none
- FORWARD_NULL deref_constant_null
- FORWARD_NULL deref_constant_zero
- FORWARD_NULL dynamic_cast
- FORWARD_NULL none
- FORWARD_NULL null_from_as
- FORWARD_NULL throws_on_null
- HARDCODED_CREDENTIALS hardcoded_credential_connection_string
- HARDCODED_CREDENTIALS hardcoded_credential_crypto
- HARDCODED_CREDENTIALS hardcoded_credential_passwd
- HARDCODED_CREDENTIALS hardcoded_credential_token
- HARDCODED_CREDENTIALS none
- HARDCODED_CREDENTIALS uri
- HEADER_INJECTION none
- LDAP_INJECTION none
- LDAP_NOT_CONSTANT none
- LOG_INJECTION none
- MISSING_AUTHZ none
- NULL_RETURNS none
- OPEN_REDIRECT none
- OS_CMD_INJECTION command_argument
- OS_CMD_INJECTION executable_file
- OS_CMD_INJECTION none
- PATH_MANIPULATION none
- REGEX_INJECTION none
- REVERSE_INULL none
- SCRIPT_CODE_INJECTION none
- SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
- SENSITIVE_DATA_LEAK cleartext_storage_in_database
- SENSITIVE_DATA_LEAK cleartext_storage_in_file
- SENSITIVE_DATA_LEAK cleartext_storage_in_gui
- SENSITIVE_DATA_LEAK cleartext_storage_in_log
- SENSITIVE_DATA_LEAK cleartext_storage_in_registry
- SENSITIVE_DATA_LEAK cleartext_transmission
- SQLI none
- SQLI nosink
- SQLI sink
- SQL_NOT_CONSTANT concat
- SQL_NOT_CONSTANT sink
- UNRESTRICTED_DISPATCH none
- UNSAFE_DESERIALIZATION none
- UNSAFE_NAMED_QUERY none
- XML_EXTERNAL_ENTITY external_entities
- XML_EXTERNAL_ENTITY unrestricted_dtds
- XML_INJECTION none
- XPATH_INJECTION none
- XSS none
- XSS stored_xss
|
| 2000 Comprehensive CWE Dictionary |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| language | count of Taxa | Taxa |
| c# | 429 | 2,4,5,10,11,12,13,16,17,18,19,20,21,22,23,36,73,74,77,78,79,80,82,83,85,86,87,88,89,90,91,94,95,116,117,137,138,140,141,142,143,146,149,150,157,171,189,190,199,200,201,209,210,211,215,221,223,226,227,249,254,255,256,257,259,260,264,265,275,284,285,287,300,306,310,311,312,313,314,315,317,318,319,320,321,326,327,328,330,338,344,345,352,355,359,361,362,366,369,371,380,381,388,389,390,398,399,402,403,404,405,409,411,435,436,438,442,452,459,465,470,476,480,483,485,497,502,505,519,522,523,532,536,538,539,540,543,550,552,557,559,561,563,566,567,569,570,573,595,601,610,611,614,615,628,629,632,633,634,635,639,642,643,657,662,664,667,668,669,670,671,674,682,683,691,692,693,697,699,700,703,706,707,710,711,712,713,714,715,716,717,718,719,720,721,722,723,724,725,727,728,729,730,731,732,734,736,737,738,739,741,742,743,744,745,746,747,748,750,751,752,753,755,756,759,760,776,778,783,798,800,801,802,803,808,809,810,811,812,813,814,815,816,817,818,819,820,827,829,833,834,835,840,844,845,847,848,850,851,852,853,855,857,858,859,860,861,862,863,864,865,866,867,868,871,872,873,875,876,877,878,879,880,881,882,883,884,885,886,887,888,889,890,892,893,894,895,896,898,899,900,902,903,905,906,907,913,916,922,923,928,929,930,931,932,933,934,935,936,938,943,944,945,946,947,949,950,952,956,957,958,959,961,962,963,966,971,975,977,978,980,981,982,984,985,986,988,990,991,992,994,997,998,1000,1001,1003,1004,1005,1006,1008,1009,1010,1011,1012,1013,1014,1015,1016,1019,1020,1026,1027,1028,1029,1030,1031,1032,1033,1034,1036,1041,1078,1114,1128,1129,1130,1131,1133,1134,1136,1137,1140,1141,1142,1143,1145,1147,1148,1149,1150,1152,1154,1157,1158,1159,1162,1163,1164,1165,1166,1169,1170,1171,1172,1194,1200,1202,1210,1211,1212,1213,1214,1219,1305,1306,1307,1308,1309,1350 |
| c/c++ | 473 | 2,4,5,16,17,18,19,20,21,22,23,36,74,77,78,88,89,91,93,94,99,113,116,117,118,119,120,121,122,123,124,125,126,127,128,129,130,131,133,134,135,136,137,138,140,141,142,143,146,149,150,157,169,170,171,188,189,190,194,195,197,199,200,201,209,210,211,226,227,228,237,240,243,247,248,249,252,253,254,255,256,257,259,264,265,284,285,287,290,291,293,300,310,311,312,313,314,315,317,318,319,320,321,326,327,328,330,344,350,355,359,361,362,366,367,369,376,377,388,389,394,398,399,400,401,404,411,415,416,435,438,441,442,452,456,457,459,465,467,471,475,476,480,481,482,483,484,485,497,505,522,523,532,535,536,538,539,550,552,557,559,561,562,563,566,567,569,570,573,590,592,595,597,606,610,617,628,629,632,633,634,635,639,643,657,662,664,665,666,667,668,669,670,671,672,675,676,681,682,683,685,686,687,691,693,697,699,700,703,704,705,706,707,710,711,713,714,715,717,718,719,720,721,722,723,724,726,727,728,729,730,731,734,736,737,738,739,740,741,742,743,744,745,746,747,748,750,751,752,753,754,755,758,759,760,762,763,764,769,770,772,775,783,786,787,788,798,800,801,802,803,807,808,809,810,812,813,815,816,817,818,820,825,833,834,835,840,844,845,846,847,848,850,851,852,853,854,857,858,859,861,862,864,865,866,867,868,871,872,873,874,875,876,877,878,879,880,881,882,883,884,885,886,887,888,889,890,891,892,893,894,895,896,898,899,900,902,903,905,907,909,913,916,918,922,923,928,929,930,932,933,934,935,943,944,945,947,949,950,956,957,958,959,961,962,963,964,966,969,970,971,973,974,975,977,978,979,980,981,982,983,984,985,986,987,988,990,991,992,993,994,998,1000,1001,1003,1005,1006,1008,1009,1010,1011,1012,1013,1014,1015,1016,1019,1020,1026,1027,1028,1029,1031,1032,1041,1045,1077,1078,1079,1114,1126,1128,1129,1130,1131,1133,1134,1135,1136,1137,1140,1141,1142,1143,1147,1148,1152,1154,1156,1157,1158,1159,1160,1161,1162,1163,1164,1165,1166,1167,1169,1170,1171,1172,1194,1198,1200,1202,1210,1211,1212,1215,1218,1219,1228,1237,1238,1305,1306,1307,1308,1309,1350 |
| cuda | 471 | 2,4,5,16,17,18,19,20,21,22,23,36,74,77,78,88,89,91,93,94,99,113,116,117,118,119,120,121,122,123,124,125,126,127,128,129,130,131,133,134,136,137,138,140,141,142,143,146,149,150,157,169,170,171,188,189,190,194,195,197,199,200,201,209,210,211,226,227,228,237,240,243,247,248,249,252,253,254,255,256,257,259,264,265,284,285,287,290,291,293,300,310,311,312,313,314,315,317,318,319,320,321,326,327,328,330,344,350,355,359,361,362,366,367,369,376,377,388,389,394,398,399,400,401,404,411,415,416,435,438,441,442,452,456,457,459,465,467,471,475,476,480,481,482,483,484,485,497,505,522,523,532,535,536,538,539,550,552,557,559,561,562,563,566,567,569,570,573,590,592,595,597,606,610,617,628,629,632,633,634,635,639,643,657,662,664,665,666,667,668,669,670,671,672,675,676,681,682,683,685,686,687,691,693,697,699,700,703,704,705,706,707,710,711,713,714,715,717,718,719,720,721,722,723,724,726,727,728,729,730,731,734,736,737,738,739,740,741,742,743,744,745,746,747,748,750,751,752,753,754,755,758,759,760,762,763,764,769,770,772,775,783,786,787,788,798,800,801,802,803,807,808,809,810,812,813,815,816,817,818,820,825,833,834,835,840,844,845,846,847,848,850,851,852,853,854,857,858,859,861,862,864,865,866,867,868,871,872,873,874,875,876,877,878,879,880,881,882,883,884,885,886,887,888,889,890,891,892,893,894,895,896,898,899,900,902,903,905,907,909,913,916,918,922,923,928,929,930,932,933,934,935,943,944,945,947,949,950,956,957,958,959,961,962,963,964,966,969,970,971,973,974,975,977,978,979,980,981,982,983,984,985,986,987,988,990,991,992,993,994,998,1000,1001,1003,1005,1006,1008,1009,1010,1011,1012,1013,1014,1015,1016,1019,1020,1026,1027,1028,1029,1031,1032,1041,1045,1078,1079,1114,1126,1128,1129,1130,1131,1133,1134,1135,1136,1137,1140,1141,1142,1143,1147,1148,1152,1154,1156,1157,1158,1159,1160,1161,1162,1163,1164,1165,1166,1167,1169,1170,1171,1172,1194,1198,1200,1202,1210,1211,1212,1215,1218,1219,1228,1237,1238,1305,1306,1307,1308,1309,1350 |
| go | 381 | 2,4,5,16,17,18,19,20,21,22,23,36,74,77,78,79,80,82,83,85,86,87,88,89,93,94,99,113,116,117,137,138,140,141,142,143,146,149,150,157,171,189,199,200,201,209,210,211,221,223,226,227,249,252,253,254,255,256,257,259,264,265,284,285,287,300,310,311,312,313,314,315,317,318,319,320,321,326,327,328,330,344,355,359,361,362,366,369,388,389,398,399,404,405,409,411,435,436,438,441,442,452,459,465,476,480,485,497,502,505,522,523,532,536,538,539,550,552,557,561,563,566,567,569,573,601,610,611,617,629,632,633,634,635,639,657,662,664,667,668,670,671,674,675,682,691,692,693,699,700,703,706,707,710,711,712,713,714,715,717,718,719,720,721,722,723,724,725,727,728,729,730,731,734,737,738,739,741,742,743,744,745,746,747,748,750,751,752,753,754,755,764,776,778,783,798,800,801,802,803,808,809,810,811,812,813,815,816,817,818,819,820,833,834,835,840,844,845,847,848,850,851,852,853,855,857,858,859,861,862,864,865,866,867,868,871,872,873,875,876,877,878,879,880,881,882,883,884,885,886,887,888,889,890,892,893,894,895,896,898,899,900,902,903,905,906,907,913,918,922,923,928,929,930,931,932,933,934,935,938,943,944,945,947,950,956,957,958,959,961,962,963,966,971,975,977,978,980,981,982,984,985,986,987,988,990,991,992,994,997,998,1000,1001,1003,1005,1006,1008,1009,1010,1011,1012,1013,1014,1015,1016,1019,1020,1026,1027,1028,1029,1030,1031,1032,1033,1034,1036,1041,1128,1129,1130,1131,1133,1134,1136,1137,1140,1141,1142,1143,1145,1147,1148,1152,1154,1157,1158,1159,1162,1163,1164,1165,1166,1167,1169,1170,1171,1172,1194,1198,1200,1202,1210,1212,1219,1305,1306,1307,1308,1309,1350 |
| java | 538 | 2,4,5,7,16,17,18,19,20,21,22,23,36,73,74,77,78,79,80,81,82,83,85,86,87,88,89,90,91,93,94,95,96,97,99,100,101,113,116,117,118,119,133,136,137,138,140,141,142,143,146,149,150,157,171,183,185,189,190,192,199,200,201,209,210,211,213,215,216,218,221,223,226,227,242,247,249,252,253,254,255,256,257,259,260,261,264,265,284,285,287,288,290,291,293,295,296,297,299,300,306,310,311,312,313,314,315,317,318,319,320,321,326,327,328,330,335,336,337,338,344,345,346,350,352,355,359,361,362,366,369,371,374,380,381,382,384,388,389,390,391,396,398,399,400,402,403,404,405,409,411,417,424,425,427,435,436,438,440,441,442,452,459,465,470,471,476,480,481,483,484,485,489,490,493,495,497,500,501,502,505,522,523,530,532,536,537,538,539,540,543,550,552,557,559,561,563,564,566,567,568,569,570,571,572,573,579,580,583,585,586,592,595,596,597,598,601,609,610,611,613,614,615,628,629,632,633,634,635,638,639,642,643,650,657,662,664,666,667,668,669,670,671,672,674,676,681,682,683,684,691,692,693,697,699,700,703,704,705,706,707,710,711,712,713,714,715,716,717,718,719,720,721,722,723,724,725,726,727,728,729,730,731,734,735,736,737,738,739,740,741,742,743,744,745,746,747,748,750,751,752,753,754,755,756,759,760,776,778,783,798,800,801,802,803,807,808,809,810,811,812,813,814,815,816,817,818,819,820,821,827,829,833,834,835,840,844,845,847,848,849,850,851,852,853,854,855,857,858,859,861,862,863,864,865,866,867,868,871,872,873,874,875,876,877,878,879,880,881,882,883,884,885,886,887,888,889,890,892,893,894,895,896,897,898,899,900,902,903,905,906,907,913,916,917,918,921,922,923,926,927,928,929,930,931,932,933,934,935,936,938,942,943,944,945,947,948,949,950,951,952,953,956,957,958,959,960,961,962,963,966,970,971,975,977,978,980,981,982,983,984,985,986,987,988,990,991,992,994,997,998,1000,1001,1002,1003,1005,1006,1008,1009,1010,1011,1012,1013,1014,1015,1016,1018,1019,1020,1023,1026,1027,1028,1029,1030,1031,1032,1033,1034,1035,1036,1041,1078,1114,1128,1129,1130,1131,1133,1134,1136,1137,1139,1140,1141,1142,1143,1144,1145,1147,1148,1152,1154,1157,1158,1159,1160,1161,1162,1163,1164,1165,1166,1167,1169,1170,1171,1172,1194,1198,1200,1202,1208,1210,1211,1212,1213,1214,1215,1217,1219,1228,1305,1306,1307,1308,1309,1350 |
| javascript | 415 | 2,4,5,7,16,17,18,19,20,21,22,23,36,73,74,77,78,79,80,82,83,85,86,87,88,89,93,94,95,99,113,116,117,137,138,140,141,142,143,146,149,150,157,171,183,185,199,200,201,209,210,211,213,215,216,219,221,223,226,227,249,254,255,256,257,260,264,265,275,284,285,287,288,289,290,295,300,306,310,311,312,313,314,315,317,319,326,327,328,330,338,344,345,346,352,355,359,361,371,388,389,398,399,400,404,405,409,417,435,436,438,441,442,452,459,465,476,480,483,484,485,489,497,502,505,522,523,532,536,538,539,550,552,559,561,565,566,569,573,592,601,602,610,611,613,614,625,628,629,632,633,634,635,639,642,646,657,664,665,666,668,669,670,671,672,674,688,691,692,693,697,699,700,703,706,707,710,711,712,713,714,715,716,717,718,719,720,721,722,723,724,725,727,728,729,730,731,732,734,736,737,738,740,741,742,743,744,746,747,750,751,752,753,755,756,760,770,776,778,779,783,798,800,801,802,803,807,808,809,810,811,812,813,814,815,816,817,818,819,829,834,840,844,845,846,850,851,855,857,858,859,860,861,862,864,865,866,867,868,871,872,874,875,876,877,878,880,881,882,883,884,885,886,887,888,889,890,892,893,895,896,897,898,899,900,902,903,905,906,907,913,916,918,922,923,928,929,930,931,932,933,934,935,936,938,942,943,944,945,946,947,949,951,952,956,957,958,959,961,962,963,966,971,975,977,978,980,981,982,983,984,985,990,991,992,994,997,998,1000,1001,1002,1003,1004,1005,1006,1008,1009,1010,1011,1012,1013,1014,1015,1016,1018,1019,1020,1022,1026,1027,1028,1029,1030,1031,1032,1033,1034,1036,1041,1078,1114,1128,1129,1130,1131,1133,1134,1135,1136,1140,1141,1145,1147,1148,1149,1150,1152,1154,1157,1162,1163,1164,1165,1169,1170,1172,1187,1194,1198,1200,1202,1210,1211,1212,1213,1214,1215,1217,1219,1305,1306,1307,1308,1309,1350 |
| kotlin | 315 | 2,4,5,16,17,18,19,20,21,22,23,36,74,77,78,88,89,99,116,117,137,138,140,141,142,143,146,149,150,157,171,199,200,201,209,210,211,215,226,227,249,254,255,256,257,259,264,265,284,285,287,295,296,297,299,300,310,311,312,313,314,315,317,318,319,320,321,326,327,328,330,335,336,337,338,344,355,359,361,388,389,398,399,404,405,409,438,441,442,452,459,485,497,502,505,522,523,530,532,536,538,539,550,552,566,573,610,611,629,632,633,634,635,639,657,664,668,669,671,674,691,693,699,700,703,706,707,710,711,713,714,715,717,718,719,720,721,722,723,724,727,728,729,730,731,734,738,741,742,743,744,746,747,750,751,752,753,755,759,760,776,798,800,801,802,803,808,809,810,812,813,815,816,817,818,827,829,834,840,844,845,850,851,855,857,858,859,861,862,864,865,866,867,868,872,875,876,877,878,880,881,882,883,884,887,888,889,892,893,895,896,898,899,900,902,903,905,907,913,916,918,921,922,923,926,927,928,929,930,932,933,934,935,943,944,945,947,948,950,956,958,959,961,962,963,966,975,977,978,980,981,982,984,985,990,992,994,1000,1001,1003,1005,1006,1008,1009,1010,1011,1012,1013,1014,1015,1016,1019,1020,1026,1027,1028,1029,1030,1031,1032,1034,1035,1128,1129,1131,1133,1134,1140,1141,1145,1147,1148,1152,1154,1162,1163,1165,1169,1170,1172,1194,1198,1200,1202,1210,1211,1212,1213,1214,1219,1305,1306,1308,1309,1350 |
| objective-c | 465 | 2,4,5,16,17,18,19,20,21,22,23,36,74,77,78,88,89,91,93,94,99,113,116,117,118,119,120,121,122,123,124,125,126,127,128,129,130,131,133,134,136,137,138,140,141,142,143,146,149,150,157,169,170,171,188,189,190,194,195,197,199,200,201,209,210,211,226,227,228,237,240,243,247,248,249,252,253,254,255,256,257,259,264,265,284,285,287,290,291,293,300,310,311,312,313,314,315,317,318,319,320,321,326,327,328,330,344,350,355,359,361,362,366,367,369,388,389,394,398,399,400,401,404,411,415,416,435,438,441,442,452,456,457,459,465,467,471,475,476,480,482,483,484,485,497,505,522,523,532,536,538,539,550,552,557,559,561,562,563,566,567,569,570,573,590,592,595,597,606,610,617,628,629,632,633,634,635,639,643,657,662,664,665,666,667,668,669,670,671,672,675,676,681,682,683,685,686,687,691,693,697,699,700,703,704,705,706,707,710,711,713,714,715,717,718,719,720,721,722,723,724,726,727,728,729,730,731,734,736,737,738,739,740,741,742,743,744,745,746,747,748,750,751,752,753,754,755,758,759,760,762,763,764,769,770,772,775,783,786,787,788,798,800,801,802,803,807,808,809,810,812,813,815,816,817,818,820,825,833,834,835,840,844,845,846,847,848,850,851,852,853,854,857,858,859,861,862,864,865,866,867,868,871,872,873,874,875,876,877,878,879,880,881,882,883,884,885,886,887,888,889,890,891,892,893,894,895,896,898,899,900,902,903,905,907,909,913,916,918,922,923,928,929,930,932,933,934,935,943,944,945,947,949,950,956,957,958,959,961,962,963,966,969,970,971,973,974,975,977,978,979,980,981,982,983,984,985,986,987,988,990,991,992,993,994,998,1000,1001,1003,1005,1006,1008,1009,1010,1011,1012,1013,1014,1015,1016,1019,1020,1026,1027,1028,1029,1031,1032,1041,1045,1078,1079,1114,1128,1129,1130,1131,1133,1134,1135,1136,1137,1140,1141,1142,1143,1147,1148,1152,1154,1156,1157,1158,1159,1160,1161,1162,1163,1164,1165,1166,1167,1169,1170,1171,1172,1194,1198,1200,1202,1210,1211,1212,1215,1218,1219,1228,1237,1238,1305,1306,1307,1308,1309,1350 |
| php | 329 | 2,4,5,16,17,18,19,20,21,22,23,36,74,77,78,79,80,82,83,85,86,87,88,89,94,95,116,117,137,138,140,141,142,143,146,149,150,157,171,199,200,201,209,210,211,226,227,249,254,255,256,257,264,265,284,285,287,306,310,311,312,313,314,315,317,319,330,344,345,352,355,359,361,388,389,398,399,404,435,436,438,442,452,459,465,470,476,480,483,484,485,497,502,505,522,523,532,536,538,539,550,552,559,561,566,569,573,601,610,611,628,629,632,633,634,635,639,657,664,665,668,670,671,688,691,692,693,699,700,703,706,707,710,711,712,713,714,715,716,717,718,719,720,721,722,723,724,725,727,728,729,730,731,734,736,737,738,740,741,742,743,744,746,747,750,751,752,753,755,783,798,800,801,802,803,808,809,810,811,812,813,814,815,816,817,818,819,840,844,845,846,850,851,857,858,859,861,862,864,865,866,867,868,871,872,874,875,876,877,878,880,881,882,883,884,885,886,887,888,889,890,892,893,895,896,898,899,900,902,905,907,913,922,928,929,930,931,932,933,934,935,936,938,943,944,945,947,949,952,957,961,962,963,966,971,975,977,978,980,981,982,984,990,991,992,994,998,1000,1001,1003,1005,1006,1008,1009,1010,1011,1012,1013,1014,1015,1016,1019,1020,1026,1027,1028,1029,1030,1031,1032,1033,1034,1041,1078,1114,1128,1130,1131,1133,1134,1135,1136,1140,1141,1147,1148,1152,1154,1157,1162,1163,1164,1165,1169,1170,1172,1194,1200,1202,1210,1211,1212,1219,1305,1306,1307,1308,1309,1350 |
| python | 319 | 2,4,5,16,17,18,19,20,21,22,23,36,74,77,78,79,80,82,83,85,86,87,88,89,94,95,116,117,137,138,140,141,142,143,146,149,150,157,171,199,200,201,209,210,211,226,227,249,254,255,256,257,264,265,284,285,287,306,310,311,312,313,314,315,317,319,330,344,345,352,355,359,361,388,389,398,399,404,435,436,438,442,452,459,465,476,480,485,497,502,505,522,523,532,536,538,539,550,552,559,561,566,569,573,601,610,611,628,629,632,633,634,635,639,657,664,668,670,671,688,691,692,693,699,700,703,706,707,710,711,712,713,714,715,716,717,718,719,720,721,722,723,724,725,727,728,729,730,731,734,736,737,738,741,742,743,744,746,747,750,751,752,753,755,783,798,800,801,802,803,808,809,810,811,812,813,814,815,816,817,818,819,840,844,845,850,851,857,858,859,861,862,864,865,866,867,868,871,872,875,876,877,878,880,881,882,883,884,885,886,887,888,889,890,892,893,895,896,898,899,900,902,905,907,913,922,928,929,930,931,932,933,934,935,936,938,943,944,945,947,949,952,957,961,962,963,966,971,975,977,978,980,981,982,984,990,991,992,994,998,1000,1001,1003,1005,1006,1008,1009,1010,1011,1012,1013,1014,1015,1016,1019,1020,1026,1027,1028,1029,1030,1031,1032,1033,1034,1041,1128,1130,1131,1133,1134,1136,1140,1141,1147,1148,1152,1154,1157,1162,1163,1164,1165,1169,1170,1172,1194,1200,1202,1210,1211,1212,1219,1305,1306,1307,1308,1309,1350 |
| ruby | 353 | 2,17,18,19,20,21,22,23,36,73,74,77,78,79,80,82,83,85,86,87,88,89,93,94,95,113,116,136,137,138,140,141,142,146,149,150,157,171,183,184,185,189,199,200,209,212,215,227,249,254,255,259,263,264,265,275,284,285,287,289,295,300,307,310,311,312,318,319,320,321,327,330,344,345,352,359,361,369,371,388,389,398,399,400,404,435,436,438,442,452,465,470,476,480,502,505,521,522,523,559,561,569,573,592,599,601,610,614,625,628,629,632,634,635,639,642,657,661,664,665,668,669,670,671,682,688,691,692,693,697,699,700,703,704,706,707,710,711,712,713,714,715,716,717,718,719,720,721,722,723,724,725,727,728,729,730,731,732,734,736,737,738,739,740,741,742,743,744,746,747,750,751,752,753,755,777,783,798,799,800,801,802,803,808,809,810,811,812,813,814,815,816,817,818,819,840,844,845,846,848,850,851,857,858,859,860,861,862,864,865,866,867,868,871,872,873,874,875,876,877,878,880,882,883,884,885,886,887,888,889,890,892,893,895,896,898,899,900,902,903,905,907,913,915,916,922,923,928,929,930,931,932,933,934,935,936,937,938,943,944,945,946,947,948,949,950,951,955,956,957,958,961,962,963,966,971,975,977,978,980,981,982,984,985,990,991,992,994,998,1000,1001,1003,1004,1005,1006,1008,1010,1011,1012,1013,1014,1015,1019,1020,1026,1027,1028,1029,1031,1032,1033,1034,1035,1041,1128,1129,1130,1131,1133,1134,1135,1136,1137,1140,1141,1147,1148,1149,1150,1152,1154,1157,1158,1159,1161,1162,1163,1164,1165,1169,1170,1172,1200,1211,1212,1215,1219,1305,1306,1307,1308,1309,1350 |
| scala | 102 | 17,18,19,20,189,190,254,361,398,438,452,465,476,480,483,561,569,635,664,665,670,682,691,693,699,700,710,711,722,730,734,737,738,739,740,742,746,747,750,751,752,783,800,802,808,844,846,865,867,868,871,872,873,874,876,883,884,885,886,888,889,890,892,896,900,907,962,971,975,977,978,984,994,998,1000,1003,1005,1006,1008,1019,1041,1078,1114,1128,1130,1133,1135,1136,1137,1154,1157,1158,1159,1162,1163,1164,1200,1305,1306,1307,1308,1350 |
| swift | 297 | 2,4,5,16,17,18,19,20,21,22,23,36,74,89,91,94,95,116,117,137,138,140,141,142,143,146,149,150,157,171,199,200,201,209,210,211,226,227,249,254,255,256,257,264,265,284,285,287,295,296,300,310,311,312,313,314,315,317,319,326,327,328,330,344,355,359,361,388,389,391,398,399,404,438,442,452,459,465,476,480,485,497,505,522,523,532,536,538,539,550,552,561,566,569,573,610,611,629,632,633,635,639,643,657,664,668,669,670,671,691,693,699,700,703,706,707,710,711,713,714,715,717,718,719,720,721,722,723,724,727,728,729,730,731,734,737,738,742,743,746,747,750,751,752,753,755,798,800,801,802,803,808,809,810,812,813,815,816,817,818,829,840,844,845,850,851,857,858,859,861,862,864,865,866,867,868,871,872,876,877,880,881,882,883,884,885,886,887,888,889,890,892,893,895,896,898,899,900,902,903,905,907,913,922,923,928,929,930,932,933,934,935,943,944,945,947,948,956,958,959,961,962,963,966,971,975,977,978,980,981,982,984,990,991,992,994,998,1000,1001,1003,1005,1006,1008,1009,1010,1011,1012,1013,1014,1015,1016,1019,1020,1026,1027,1028,1029,1030,1031,1032,1041,1128,1130,1131,1133,1134,1136,1140,1141,1147,1148,1152,1154,1157,1159,1162,1163,1164,1167,1169,1170,1171,1172,1194,1200,1202,1210,1211,1212,1214,1219,1305,1306,1307,1308,1309,1350 |
| typescript | 415 | 2,4,5,7,16,17,18,19,20,21,22,23,36,73,74,77,78,79,80,82,83,85,86,87,88,89,93,94,95,99,113,116,117,137,138,140,141,142,143,146,149,150,157,171,183,185,199,200,201,209,210,211,213,215,216,219,221,223,226,227,249,254,255,256,257,260,264,265,275,284,285,287,288,289,290,295,300,306,310,311,312,313,314,315,317,319,326,327,328,330,338,344,345,346,352,355,359,361,371,388,389,398,399,400,404,405,409,417,435,436,438,441,442,452,459,465,476,480,483,484,485,489,497,502,505,522,523,532,536,538,539,550,552,559,561,565,566,569,573,592,601,602,610,611,613,614,625,628,629,632,633,634,635,639,642,646,657,664,665,666,668,669,670,671,672,674,688,691,692,693,697,699,700,703,706,707,710,711,712,713,714,715,716,717,718,719,720,721,722,723,724,725,727,728,729,730,731,732,734,736,737,738,740,741,742,743,744,746,747,750,751,752,753,755,756,760,770,776,778,779,783,798,800,801,802,803,807,808,809,810,811,812,813,814,815,816,817,818,819,829,834,840,844,845,846,850,851,855,857,858,859,860,861,862,864,865,866,867,868,871,872,874,875,876,877,878,880,881,882,883,884,885,886,887,888,889,890,892,893,895,896,897,898,899,900,902,903,905,906,907,913,916,918,922,923,928,929,930,931,932,933,934,935,936,938,942,943,944,945,946,947,949,951,952,956,957,958,959,961,962,963,966,971,975,977,978,980,981,982,983,984,985,990,991,992,994,997,998,1000,1001,1002,1003,1004,1005,1006,1008,1009,1010,1011,1012,1013,1014,1015,1016,1018,1019,1020,1022,1026,1027,1028,1029,1030,1031,1032,1033,1034,1036,1041,1078,1114,1128,1129,1130,1131,1133,1134,1135,1136,1140,1141,1145,1147,1148,1149,1150,1152,1154,1157,1162,1163,1164,1165,1169,1170,1172,1187,1194,1198,1200,1202,1210,1211,1212,1213,1214,1215,1217,1219,1305,1306,1307,1308,1309,1350 |
| vb.net | 393 | 2,4,5,10,12,16,17,18,19,20,21,22,23,36,73,74,77,78,79,80,82,83,85,86,87,88,89,90,91,94,95,116,117,137,138,140,141,142,143,146,149,150,157,171,189,199,200,201,209,210,211,221,223,226,227,249,254,255,256,257,259,264,265,284,285,287,300,306,310,311,312,313,314,315,317,318,319,320,321,326,327,328,330,338,344,345,352,355,359,361,369,371,380,381,388,389,398,399,402,403,404,405,409,435,436,438,442,452,459,465,470,476,485,497,502,505,519,522,523,532,536,538,539,540,543,550,552,557,559,561,566,573,601,610,611,615,628,629,632,633,634,635,639,642,643,657,662,664,668,669,671,674,682,683,691,692,693,699,700,703,706,707,710,711,712,713,714,715,716,717,718,719,720,721,722,723,724,725,727,728,729,730,731,734,736,737,738,739,741,742,743,744,745,746,747,750,751,752,75 |